UM MODELO PARA PROTEÇÃO DE TRILHAS DE AUDITORIA EM SISTEMAS DE IDENTIFICAÇÃO ELETRÔNICA / A MANAGEMENT MODEL FOR AUDIT TRAILS IN IDENTIFICATION ELECTRONIC SYSTEMS

Liberali, Ernâni Teixeira

21 May 2012

Coordenação de Aperfeiçoamento de Pessoal de Nível Superior / With the continuing demand for services and information in multiple places in real time, companies are dealing with increasingly sensitive information for their business and many of them are not prepared to undertake the management of these information. In information systems, audit trails, also called audit logs, are records of activities from users and administrators. Audit trails help companies to keep a historical control of changes in information, but they do not safeguard the vulnerability of improper handling of these tracks nor eliminate traces of malicious changes, such as what might happen with the use of smart cards for micro-payments in educational institutions, which is a trend. This dissertation presents a model for protection of trails (logs) that can be used as a solution to problems on treatment and protection of audit trails. The model is based on data encryption and the sharing of responsibility in the care of registry keys, giving condition to guarantee the validity of information in systems of identification and payments. It was validated in the replica database to the payment system from the restaurant at Federal University of Santa Maria. / Com a contínua demanda por disponibilidade de serviços e de informações em diversos locais e em tempo real, as empresas estão tendo que lidar com informações cada vez mais sensíveis aos negócios, onde muitas delas não estão preparadas para realizar a gestão destas informações. Nos sistemas de informação, trilhas de auditoria, também chamadas de logs de auditoria, são registros das atividades de usuários e administradores. As trilhas de auditoria auxiliam as empresas a manterem um controle histórico sobre alterações nas informações, mas não eliminam a vulnerabilidade de manipulação indevida destas trilhas para eliminar rastros de modificações maliciosas, tal como o que pode acontecer no uso de smart cards para realização de micro pagamentos em instituições do setor educacional, o que é uma tendência. Este trabalho apresenta um modelo de proteção de trilhas (logs) que pode ser utilizado como solução para o problema do tratamento e proteção das trilhas de auditoria. O modelo é baseado em criptografia dos dados e em divisão de responsabilidades na guarda das chaves do registro, possibilitando condições de se garantir a legitimidade das informações em sistemas de identificação e pagamento, e foi validado junto ao banco de dados réplica ao sistema de pagamentos do Restaurante Universitário da Universidade Federal de Santa Maria.

Gestão de segurança da informação

Proteção de trilhas de auditoria

Distribuição de chaves

Smart Cards

Information security management

Audit trails protection

Key distribution

Smart Cards

Informačná bezpečnosť a riadenie rizík v konkrétnej spoločnosti / Information security and risk management in a particular company.

Slávková, Daniela

January 2012

The aim of the thesis is to apply the methodology of qualitative risk analysis according to ISO/EC/27005:2011 and to increase awareness of existing threats and impacts on information assets and to create possible security precautions to minimize identified threats in a particular company. The thesis is divided into five chapters. Introductory chapter explains the basic concepts of information security and risk management in the organization that are necessary for understanding of the principles and the importance of information security. The second chapter deals with the international standards aimed at information security and briefly describes ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27005. The following two chapters form a smooth transition from the theoretical to the practical part. The third chapter characterizes selected company and describes the current state of information security in the company. The fourth chapter forms the methodological apparatus of qualitative risk analysis, compiled in accordance with ISO/IEC 27005:2011. It also contains a list of relevant threats, to which an asset of the company is exposed. The last chapter is conducted to qualitative risk analysis, together with the draft of the precautions to minimize the risks. The practical section shows that by the implementing the proposed action the company will reduce existing risks to acceptable levels and will significantly improve the protection of information assets.

Zavedení ISMS do podniku podporujícího kritickou infrastrukturu / Proposal for the ISMS Implementation in Company with CI Support

Šebrle, Petr

January 2017

This diploma thesis deals with the methodology of Management of Information Security in a medium size company supporting critical infrastructure. The first part is focused on the theoretical aspects of the topic. Practical part consists of analysis of the current state, risk analysis and correction arrangements according to the attachment A of standard ČSN ISO/IEC 27001:2014. Implementation of ISMS is divided into four phases. This thesis however covers the first two phases only

Návrh řízení informační bezpečnosti v průmyslovém prostředí / Design of information security management in the industrial environment

Kadlec, Miroslav

January 2018

The diploma thesis deals with the design of information security management in the industrial environment. In the first part of thesis is mentioned the theoretical background from the area of information security. The analysis of the default status is followed, and the risk analysis is also performed. Further, the thesis deals with the design of the industrial network infrastructure and its management.

Návrh zavedení bezpečnostních opatření v souladu s ISMS pro obchodní společnost / Design of security countermeasures implementation in accordance with ISMS for business company

Dočekal, Petr

January 2018

The master’s thesis focuses on area of security countermeasures in accordance with information security management system. Presents basic theoretical background of information and cyber security and describes a current state in the company. The thesis’s output is the design of security countermeasures implementation which contribute to information security in the company.

Budování bezpečnostního povědomí na fakultě podnikatelské / Building security awareness at the Faculty of Business and Management

Volfová, Jana

January 2021

This diploma thesis is focused on Security Awareness Education at the Faculty of Business and Management. It consists of three main parts: theoretical, analytical and practical considerations. The theoretical part is the introduction to basic terms, processes and analysis to help understand the thesis. The analytical part includes an introduction to the chosen organization and the implementation of analysis, which were presented in the theoretical part. The practical part contains, among other things, the actual proposals for Security Awareness Education at the faculty and its benefits.

Návrh metodiky pro příručku ISMS a opatření aplikované na vybrané oblasti / Proposal of Methodics for ISMS Guide and Measures Applied to Selected Areas

Nemec, Tomáš

January 2013

Content of this thesis is a methodology for creating ISMS Security Manual. Implementation of the proposal is supported by theoretical knowledge in the introductory part of this work. Practical process design methodology is conditional on the structure of the international standard ISO/IEC 27001:2005.

Návrh a nasazení systému řízení bezpečnosti informací ve výukovém středisku / Design and Deployment of Information Security Management System in Educational Center

Křížová, Romana

January 2014

This Master´s thesis is focused on the security of Educational center running a research aimed at chemical industry. In the first part the theoretical basis followed in the field are defined. The practical part is based on the security of a property considering the technical aspects as well as the suggestions of the trainings of managers and employees and sets respective permissions. A guide price calculation is also essential this project. The practical part evolves the existing analysis of the property.

Zavedení ISMS v malém podniku / The Implementation of ISMS in Small Company

Palarczyk, Vít

January 2015

This master's thesis is focused on the design of the implementation of information security management system (ISMS) into a specific business. In the theoretical part, it provides basic concepts and detailed description of ISMS. There is also described the analysis of a current information security state of the company. In the practical part, it provides a risk analysis and selection of measures to minimize found risks. In the final part is designed a process and a schedule of an implementation of the selected measures.

Návrh zavedení ISMS ve firmě / Proposal for the ISMS Implementation in the Company

Trunkát, Jan

January 2015

The master´s thesis is aimed at Proposal for the information security management system implementation in the company. It introduces with basic concepts of information security and provides general procedures for information security management system. As part of the work was carried out a risk analysis company and proposed measures to reduce risk. Work is mainly drawn from the series of standards ISO/IEC 27000.