- About
-
The Global ETD Search service is a free service for researchers
to find electronic theses and dissertations. This service is
provided by the
Networked Digital Library of Theses and Dissertations.
Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
Search results
Showing 1 to 6 of 6 (0.051 seconds)Spelling suggestions: "subject:"iso27002"" "subject:"2727002""
| 1 |
Controles internos de segurança em banco de dados para certificação da Lei SOXSILVEIRA, Kamilla Dória da 13 November 2015 (has links)
Submitted by Irene Nascimento (irene.kessia@ufpe.br) on 2016-09-19T18:40:20Z
No. of bitstreams: 2
license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5)
Dissertação_Kamilla_Doria_v3 CD.pdf: 2299055 bytes, checksum: 917d4a23b010d4a6fcc6d29a00151c78 (MD5) / Made available in DSpace on 2016-09-19T18:40:20Z (GMT). No. of bitstreams: 2
license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5)
Dissertação_Kamilla_Doria_v3 CD.pdf: 2299055 bytes, checksum: 917d4a23b010d4a6fcc6d29a00151c78 (MD5)
Previous issue date: 2015-11-13 / Em resposta a uma série de escândalos por fraudes contábeis, o governo dos Estados Unidos criou a Lei Sarbanes-Oxley (SOX), em 30 de Julho de 2002. Esta lei visa responsabilizar os dirigentes de empresas em relação à eficácia de seus controles internos de TI e de negócio sobre a segurança e confiabilidade de seus dados contábeis. A avaliação desses controles é feita por meio de uma auditoria externa e do órgão regulador americano chamado SEC, o qual recomenda o uso do framework COSO para a implementação desses controles. No entanto, o COSO é um framework estratégico, ou seja, não oferece orientações para a implementação tática e operacional de controles, e principalmente não é comumente aplicado na área de TI, sendo normalmente aplicado na área de negócios. Tendo como escopo a área de segurança em banco de dados, e dado que o COSO não oferece detalhamento operacional para garantir o cumprimento da lei SOX nesta área, este trabalho propõe um guia de controles internos para este fim. O guia proposto baseia-se no COBIT 5 e na norma ISO 27002. Como prova de conceito do guia proposto, este foi utilizado como base para desenvolver a ferramenta SOXSecurity4DB, a qual foi usada em uma empresa multinacional do ramo de varejo, que havia contratado um projeto para garantir o cumprimento com a Lei SOX. Como resultado da aplicação da ferramenta, foi observado que alguns controles precisavam de ajuste, pois ainda haviam problemas para serem resolvidos. / Responding to a series of accounting fraud scandals, the American government created SOX Act, on July 30, 2002. This law aims at empowering business leaders regarding the effectiveness of their internal IT controls and business on the safety and reliability of its accounting data. The evaluation of these controls is done by an external audit and the American regulatory body called SEC which recommends using the COSO framework for the implementation of these controls. Considering the database security scope, and that in this scope, COSO does not provide operational details to ensure compliance with the SOX law, this paper proposes a guide of internal controls for this purpose. The proposed guide is based on the COBIT 5 and ISO 27002. As the proposed standard guide proof of concept, this was used as a basis to develop SOXSecurity4DB tool, which was used in a multinational company in the retail business, which had hired a project to ensure compliance with the SOX Act. As a result of application of the tool, it was observed that some controls needed adjustment, because there were still problems to be solved.
|
| 2 |
Fysisk säkerhet : Skydd av IT-utrustning och informationDanielsson, Jenny January 2012 (has links)
Informationssäkerhet handlar om att skydda sin information och bevara informationens tillgänglighet, riktighet, konfidentialitet samt spårbarhet. Fysisk säkerhet inom informationssäkerhet innebär att skydda sina informationstillgångar mot fysiska hot. Fysiska hot kan orsakas av exempelvis strömförsörjning, naturkatastrofer och mänsklig åverkan. Problemet med fysisk säkerhet är att den oftast är förbisedd och att den inte anses lika viktig. Det finns flera standarder och riktlinjer med rekommendationer om vad som bör ses över inom informationssäkerhet och däribland just fysisk säkerhet. Denna rapport visar hur väl förberedda verksamheter inom den offentliga sektorn är för de rekommendationer som finns angivna av ISO-standarden 27002 rörande fysisk och miljörelaterad säkerhet inom informationssäkerhet. En intervjuundersökning har genomförts för att få svar på detta.
|
| 3 |
Integrace ISMS/ISO 27001/ISO 27002 do společnosti RWE / Integration of ISMS/ISO 27001/ISO 27002 to RWE companyPeroutka, Tomáš January 2011 (has links)
The main theme of this diploma thesis is Information Security Management System (ISMS) which is based on security standard ISO 27001 and ISO 27002. This thesis is one part of the project of integration ISMS to company RWE. First goal is analysis of actual documentation of RWE. Second goal is proposal of ideal structure of ISMS documentation. Third goal is assignment the parts of RWE documentation to ideal structure of ISMS documentation. Analysis of actual documentation used knowledge about RWE documentation to create overview table with all documents and their relations. Ideal structure of ISMS documentation was based on selected parts of ISO 27001 and multicriterial analysis. Third goal of this thesis was reached by assignment parts of RWE documentation to selected parts of ISO 27001 from the second goal. Contribution of this diploma thesis is the ideal structure of ISMS documentation and form of old RWE documentation assignment, because these goals are usual steps of PDCA cycle of ISMS but they are described briefly and sparsely in security standards and works related to ISMS.
|
| 4 |
Alinhamento estratégico entre objetivos de negócio e segurança da informação no contexto da governança de tecnologia da informação (TI): um estudo no setor de automaçãoKnorst, André Marcelo 2010 March 1926 (has links)
Made available in DSpace on 2015-03-05T18:41:00Z (GMT). No. of bitstreams: 0
Previous issue date: 26 / Nenhuma / A teoria traz como um problema e uma limitação dos modelos de gestão de TI presentes em grande parte das empresas a abordagem excessivamente operacional envolvendo o tema segurança da informação. Esta visão operacional não leva em consideração elementos estratégicos essenciais em busca das práticas mais adequadas no contexto do negócio. O objetivo desta dissertação é desenvolver e aplicar um framework para promover o alinhamento estratégico entre os objetivos de negócio, objetivos de TI e as práticas de segurança da informação. Estas práticas são avaliadas e analisadas no contexto da governança de TI e governança da segurança da informação. Para este fim, foi realizada a integração dos modelos do BSC x COBIT x ISO27002 com a aplicação prática em uma empresa de automação significativamente dependente de sistemas de informação. A integração destes modelos foi com base nos requisitos de segurança confidencialidade, integridade e disponibilidade resultando em um framework que possibilita abordar a segurança da i
|
| 5 |
Social engineering and the ISO/IEC 17799:2005 security standard: a study on effectivenessFrangopoulos, Evangelos D. 31 March 2007 (has links)
As Information Security (IS) standards do not always effectively cater for
Social Engineering (SE) attacks, the expected results of an Information
Security Management System (ISMS), based on such standards, can be
seriously undermined by uncontrolled SE vulnerabilities.
ISO/IEC 17799:2005 is the subject of the current analysis as it is the type of
standard not restricted to technical controls, while encompassing proposals
from other standards and generally-accepted sets of recommendations in the
field.
Following an analysis of key characteristics of SE and based on the study of
Psychological and Social aspects of SE and IS, a detailed examination of
ISO/IEC 17799:2005 is presented and an assessment of the efficiency of its
controls with respect to SE is provided. Furthermore, enhancements to
existing controls and inclusion of new controls aimed at strengthening the
defense against Social Engineering are suggested.
Measurement and quantification issues of IS with respect to SE are also dealt
with. A novel way of assessing the level of Information Assurance in a system
is proposed and sets the basis for future work on this subject. / Information Systems / M. Sc. (Information Systems)
|
| 6 |
Social engineering and the ISO/IEC 17799:2005 security standard: a study on effectivenessFrangopoulos, Evangelos D. 31 March 2007 (has links)
As Information Security (IS) standards do not always effectively cater for
Social Engineering (SE) attacks, the expected results of an Information
Security Management System (ISMS), based on such standards, can be
seriously undermined by uncontrolled SE vulnerabilities.
ISO/IEC 17799:2005 is the subject of the current analysis as it is the type of
standard not restricted to technical controls, while encompassing proposals
from other standards and generally-accepted sets of recommendations in the
field.
Following an analysis of key characteristics of SE and based on the study of
Psychological and Social aspects of SE and IS, a detailed examination of
ISO/IEC 17799:2005 is presented and an assessment of the efficiency of its
controls with respect to SE is provided. Furthermore, enhancements to
existing controls and inclusion of new controls aimed at strengthening the
defense against Social Engineering are suggested.
Measurement and quantification issues of IS with respect to SE are also dealt
with. A novel way of assessing the level of Information Assurance in a system
is proposed and sets the basis for future work on this subject. / Information Systems / M. Sc. (Information Systems)
|
Page generated in 0.0827 seconds