Spelling suggestions: "subject:"forminformation security management system"" "subject:"informationation security management system""
1 |
Návrh zavedení bezpečnostních opatření na základě ISMS pro malý podnik / Design of security countermeasures implementation based on ISMS for small companyTomko, Michal January 2019 (has links)
The master`s thesis deals with implementation of security countermeasures in accordance with information security management system for small company. Main concern of the master`s thesis will be design of security countermeasures in company. Solution of the design comes from the analysis of current state of the company including all important parts and assist evaluation which has been processed along with responsible persons.
|
2 |
An Automated Tool For Information Security Management SystemErkan, Ahmet 01 September 2006 (has links) (PDF)
This thesis focuses on automation of processes of Information Security
Management System. In accordance with two International Standards, ISO/IEC
27001:2005 and ISO/IEC 17799:2005, to automate the activities required for a
documented ISMS as much as possible helps organizations. Some of the well
known tools in this scope are analyzed and a comparative study on them including
&ldquo / InfoSec Toolkit&rdquo / , which is developed for this purpose in the thesis scope, is given.
&ldquo / InfoSec Toolkit&rdquo / is based on ISO/IEC 27001:2005 and ISO 17799:2005. Five
basic integrated modules constituting the &ldquo / InfoSec Toolkit&rdquo / are &ldquo / Gap Analysis
Module&rdquo / , &ldquo / Risk Module&rdquo / , &ldquo / Policy Management Module&rdquo / , &ldquo / Monitoring Module&rdquo / and &ldquo / Query and Reporting Module&rdquo / . In addition a research framework is proposed
in order to assess the public and private organizations&rsquo / information security
situation in Turkey.
|
3 |
A Study of the Implementation, Maintenance and Continual Improvement of an Information Security Management System / En studie av implementering, underhåll och kontinuerlig förbättring av ledningssystemför informationssäkerhetÖBERG, MIKAELA January 2016 (has links)
The high adoption rate of cloud computing technology is changing the strategic, operational and functional aspects of businesses. Though, as cloud computing is seeing massive global investment, the vast concentration of resources and information argues for new sources of vulnerabilities and challenges for the cloud computing adopters. Hence, the cloud computing technology is argued to see its full potential once solid information security is established. There has been a palpable development of theories, guidelines and standards of how to implement, maintain and continually improve a security information management system. The outcome has resulted in recognized standards. However, the comprehensiveness and the complexity to implement, maintain and continually improve a security information management system remain. Therefore, this study aimed to investigate how cloud computing oriented firms succeed with the realization of an information security management system. This was done by identifying frameworks and processes used by cloud computing oriented organizations.
|
4 |
A Security Solution on Availability for Next Generation Telecommunication Networks Management Information SystemsWu, Ming-Yi 04 September 2009 (has links)
With the development of the internet protocol (IP) and digitization for the global telecommunication industry, the convergence rate of communications and broadcasting has been improved. According to these motives, the domestic telecommunication industry modify present commercial operation managements and combine with the communication networks, the fixed-mobile communication (FMC) networks, and the mobile communication networks into the all-internet protocol (all-IP) communication network structure based on the extended upgrade communication network system. The domestic telecommunication industry expect that the integrated heterogeneous network, including the speech data, the video data, and the communication services, which can provide the omnipresent customizable mobile communication network services and obtain the advance business opportunities in terms of the future development of digital convergence.
Hence, the domestic telecommunication industry not only build the next generation network structure to satisfy their demands, but also develop the management information system (MIS) to monitor the operation of telecommunication networks for ensure the quality of communication services and achieve the development of next generation networks. A primary consideration is to assure the usability of MIS for the telecommunication industry and the customers based on the profit rates and the omnipresent mobile network services, respectively¡C
However, the current status of the telecommunication industry that meet the many difficult challenges and problems to construct the next generation MIS. For examples, the all-IP-based open network structure will be used instead of the close network structure, the different generation telecommunication systems combine with the operation and maintenance information system, the information security incident, and so on. It is must to consider highly of these situations between the major links above. Otherwise, the service usability of MIS will be destroyed.
In this thesis, we adopt the case study approach to analyze the MIS construction process of the domestic telecommunication operator. During the build process, the MIS construction of next generation telecommunication networks must to suffice for the flexibility, the safety, and the stabilization and need to make sure the critical mission on stable operation condition, the lower service interruption, the higher usability. The implementation of the next generation MIS, which will help support the crucial operation procedure of the conglomerate and cope with the fast variation of the market demands.
|
5 |
Enhancing information security in organisations in QatarAl-Hamar, Aisha January 2018 (has links)
Due to the universal use of technology and its pervasive connection to the world, organisations have become more exposed to frequent and various threats. Therefore, organisations today are giving more attention to information security as it has become a vital and challenging issue. Many researchers have noted that the significance of information security, particularly information security policies and awareness, is growing due to increasing use of IT and computerization. In the last 15 years, the State of Qatar has witnessed remarkable growth and development of its civilization, having embraced information technology as a base for innovation and success. The country has undergone tremendous improvements in the health care, education and transport sectors. Information technology plays a strategic role in building the country's knowledge-based economy. Due to Qatar s increasing use of the internet and connection to the global environment, it needs to adequately address the global threats arising online. As a result, the scope of this research is to investigate information security in Qatar and in particular the National Information Assurance (NIA) policy. There are many solutions for information security some technical and some non-technical such as policies and making users aware of the dangers. This research focusses on enhancing information security through non-technical solutions. The aim of this research is to improve Qatari organisations information security processes by developing a comprehensive Information Security Management framework that is applicable for implementation of the NIA policy, taking into account Qatar's culture and environment. To achieve the aim of this research, different research methodologies, strategies and data collection methods will be used, such as a literature review, surveys, interviews and case studies. The main findings of this research are that there is insufficient information security awareness in organisations in Qatar and a lack of a security culture, and that the current NIA policy has many barriers that need to be addressed. The barriers include a lack of information security awareness, a lack of dedicated information security staff, and a lack of a security culture. These barriers are addressed by the proposed information security management framework, which is based on four strategic goals: empowering Qataris in the field of information security, enhancing information security awareness and culture, activating the Qatar National Information Assurance policy in real life, and enabling Qatar to become a regional leader in information security. The research also provides an information security awareness programme for employees and university students. At the time of writing this thesis, there are already indications that the research will have a positive impact on information security in Qatar. A significant example is that the information security awareness programme for employees has been approved for implementation at the Ministry of Administrative Development Labour and Social Affairs (ADLSA) in Qatar. In addition, the recommendations proposed have been communicated to the responsible organisations in Qatar, and the author has been informed that each organisation has decided to act upon the recommendations made.
|
6 |
Návrh průmyslového řešení ISMS / Design of Industrial Solutions ISMSHavlík, Michal January 2017 (has links)
Thesis deals with industrial solutions of ISMS mainly network infrastructure. First introduction into theoretical background of the thesis. Further analysis of the current situation in the company and its evaluation. Consequently, the design of solution done to meet the standards of ISO / IEC 27000.
|
7 |
Návrh zavedení řízení bezpečnosti informací s důrazem na budování bezpečnostního povědomí v příspěvkové organizaci / Proposal to introduce information security management with emphasis on building security awareness in a contributory organisationChudoba, David January 2019 (has links)
The thesis deals with the information security management system in the organization together with building of security awareness among employees. The theme is focused on the custom made proposal for a contributory organization in which personal and sensitive data are being processed. In the process of controlled change, the individual steps of the design will be gradually implemented in order to increase the security and bring the ongoing processes in the organization into line with the requirements of the GDPR.
|
8 |
Návrh metodiky pro zavedení ISMS / Design of Methodology for Implementation of ISMSDokoupil, Ondřej January 2016 (has links)
This master’s thesis deals with the design of methodology for implementation of ISMS (Information Security Management System). The theoretical part describes the basic principles and procedures for processing of this domain, including normative and legal - legislative aspects. The next section is an analysis of the current state of the organization. On its basis the practical part is drafted, including an economic evaluation of the project and possible benefits of implementation.
|
9 |
Diseño de un Sistema de Gestión de Seguridad de la Información basado en la norma ISO/IEC 27001:2013 para la Municipalidad Distrital de El Agustino / Design of an Information Security Management System based on the ISO/IEC 27001:2013 standard for the District Municipality of El AgustinoMonteza Mera, Lisbet Odelly 26 February 2019 (has links)
Este proyecto describe el diseño del Sistema de Gestión de Seguridad de la Información basado en la norma ISO/IEC 27001:2013 para proteger los activos de información asociados al proceso de recaudación y fiscalización tributaria de la Municipalidad Distrital de El Agustino. Tal como sugiere la norma ISO 27001 se siguió el ciclo de Deming o PDCA y consta de las siguientes etapas: en la primera se realizó el diagnóstico inicial de la entidad con respecto a la norma ISO/IEC 27001:2013; en la segunda se estableció el contexto de la organización, definiendo los procesos, el alcance, la política de seguridad y el comité de seguridad de la información; en la tercera se siguió la metodología de análisis y gestión de riesgo bajo la norma ISO/IEC 31000 donde se identificó, clasificó y valoró los activos de información, se identificaron las amenazas y vulnerabilidades, se realizó el cálculo del impacto y del riesgo para luego realizar el plan de tratamiento de riesgos identificando los controles de la norma ISO/IEC 27002:2013; en la cuarta etapa se elaboró la Declaración de Aplicabilidad y finalmente se elaboró el documento del Manual del SGSI. Dentro de este marco el trabajo nos permitió concluir en la importancia de protección de los activos de información garantizando la confidencialidad, integridad y disponibilidad de estos. / This project describes the design of the Information Security Management System based on ISO / IEC 27001: 2013 to protect the information assets associated with the tax collection and control process of the District Municipality of El Agustino. As the ISO 27001 standard suggests, the Deming or PDCA cycle was followed and consists of the following stages: in the first one the initial diagnosis of the entity was made with respect to the ISO / IEC 27001: 2013 standard; in the second, the context of the organization was established, defining the processes, scope, security policy and information security committee; in the third, the risk analysis and management methodology was followed under the ISO / IEC 31000 standard where information assets were identified, classified and valued, threats and vulnerabilities were identified, impact and risk calculation was performed and then carry out the risk treatment plan identifying the controls of ISO / IEC 27002: 2013; in the fourth stage the Declaration of Applicability was prepared and finally the document of the ISMS Manual was prepared. Within this framework, the work allowed us to conclude on the importance of protection of information assets, guaranteeing their confidentiality, integrity and availability. / Tesis
|
10 |
Diseño de un Sistema de Gestión de Seguridad de Información para la empresa Neointel SAC basado en la norma ISO/IEC 27001:2013 / Design of an Information Security Management System for Neointel SAC based on ISO / IEC 27001: 2013Vásquez Ojeda, Agustín Wilmer 16 April 2020 (has links)
El presente trabajo de tesis tiene como objetivo Diseñar un Sistema de Gestión de Seguridad de Información (SGSI), para mejorar la calidad en el servicio del Call Center de la empresa Neointel SAC.
En este sentido, en presente modelo se detalla la manera más efectiva de como el Call Center va tratar sus riesgos de seguridad información, en base al anexo A de la norma ISO/IEC 27001: 2013, que permita reducir y mitigar los riesgos de los activos de información. Asimismo, se podrá reducir las vulnerabilidades tecnológicas a las que se encuentra expuesta el Call Center.
Por otro lado, el diseño de este trabajo nos permite, clasificar los principales activos de información, así como determinar los principales riesgos de información a los que se encuentran expuestos y como se va a tratar los riesgos de seguridad de información alineados a los objetivos de negocio.
Por último, se define los roles y responsabilidades dentro de la estructura organizacional de un Sistema de Gestión de Seguridad de Información (SGSI) y se propone un plan de tratamiento de riesgos, sobre los activos de información, la misma que ha permitido establecer a la empresa sus propios procedimientos de seguridad, los cuales se podrán apreciar en las políticas que la conforman. / This thesis work aims to Design an Information Security Management System (ISMS), to improve the quality of the service of the Call Center of the company Neointel SAC.
In this sense, this model details the most effective way in which the Call Center will deal with its information security risks, based on Annex A of ISO / IEC 27001: 2013, which allows reducing and mitigating the risks of information assets. Likewise, the technological vulnerabilities to which the Call Center is exposed can be reduced.
On the other hand, the design of this work allows us to classify the main information assets, as well as to determine the main information risks to which they are exposed and how the information security risks aligned with the objectives of deal.
Finally, the roles and responsibilities within the organizational structure of an Information Security Management System (ISMS) are defined and a risk treatment plan on information assets is proposed, which has allowed the establishment of company its own security procedures, which can be seen in the policies that comprise it. / Tesis
|
Page generated in 0.1397 seconds