Global ETD Search

31	Návrh a nasazení systému řízení bezpečnosti informací ve výukovém středisku / Design and Deployment of Information Security Management System in Educational Center Křížová, Romana January 2014 (has links) This Master´s thesis is focused on the security of Educational center running a research aimed at chemical industry. In the first part the theoretical basis followed in the field are defined. The practical part is based on the security of a property considering the technical aspects as well as the suggestions of the trainings of managers and employees and sets respective permissions. A guide price calculation is also essential this project. The practical part evolves the existing analysis of the property.
32	Posouzení informačního systému firmy a návrh změn / Information System Assessment and Proposal for ICT Modification Lapuníková, Eva January 2015 (has links) Assessing the company’s information system, this thesis deals with an analysis and proposal to changes, that lead to improvement of a company‘s current situation. In the introductory part there is a theoretic explanation regarding the issue of information systems and also a description of some analytical tools. In the next part there is an acquaintance with a company and an analysis of a current state of IS/ICT using several methods. The results of this analytical part then serve as proposal to changes including benefits evaluation, which the company can use and therefore improve its current position on the market.
33	Posouzení informačního systému u vybrané firmy a návrh změn / Information System Assessment and Proposal for ICT Modification Sekanina, Čestmír Unknown Date (has links) Diploma thesis deals with the assessment of information system in Unicorn Systems a.s. and proposal for ICT modification. One part of this thesis, are theoretical assumptions that help better understand the issues of information systems. On the basis of the results of analyzes, appropriate measures will be proposed to improve of information system. The thesis includes economic evaluation for the implementation of modification proposal.
34	Management of security information in the security industry Govender, Doraval 06 1900 (has links) Incidents, threats and vulnerabilities have the potential to negatively affect an organisation’s assets. Information on these incidents, threats and vulnerabilities are important to security. It is therefore necessary for this security information to be effectively and efficiently managed, so that correct decisions may be made on the implementation of security risk control measures. This study explored the management of security information in the security industry by undertaking the following: • establishing the “status quo” of the collection and analysis of security information and the implementation of security risk control measures in practice; • identifying the nature and extent of problems experienced in the collection and analysis of security information and the implementation of security risk control measures; and the • discovery of a new Security Information Management Model (SIMM). Mixed methods research was used to study the management of security information in the security industry. The explorative research design was used for this purpose. Semi-structured and focus group interviews were conducted with senior security managers and operational security officers, respectively. The grounded theory research design was used to analyse the qualitative data in order to generate a substantive grounded theory. The theory is that security officers operate without a standardised framework to manage security information. The data from the semi-structured and the focus group interviews were used to design a questionnaire to conduct a survey using the quantitative approach. The non-experimental research design was used to conduct this self-administered questionnaire survey. The data from this questionnaire survey helped validate and confirm the substantive grounded theory. The study found that there was the need for a Security Information Management Model to manage security information in the security industry. Based on this finding the researcher recommended a new Security Information Management Model for the management of security information in the security industry. / Criminology / D. Litt. et Phil. (Criminology) Security industry Security information Threat Vulnerability Incident Information protection Sharing of information 352.3790968 Criminal investigation -- South Africa Crime analysis -- South Africa Evidence, Criminal -- South Africa
35	Optimization of cost-based threat response for Security Information and Event Management (SIEM) systems Gonzalez Granadillo, Gustavo Daniel 12 December 2013 (has links) (PDF) Current Security Information and Event Management systems (SIEMs) constitute the central platform of modern security operating centers. They gather events from various sensors (intrusion detection systems, anti-virus, firewalls, etc.), correlate these events, and deliver synthetic views for threat handling and security reporting. Research in SIEM technologies has traditionally focused on providing a comprehensive interpretation of threats, in particular to evaluate their importance and prioritize responses accordingly. However, in many cases, threat responses still require humans to carry out the analysis and decision tasks e.g., understanding the threats, defining the appropriate countermeasures and deploying them. This is a slow and costly process, requiring a high level of expertise, and remaining error-prone nonetheless. Thus, recent research in SIEM technology has focused on the ability to automate the process of selecting and deploying countermeasures. Several authors have proposed automatic response mechanisms, such as the adaptation of security policies, to overcome the limitations of static or manual response. Although these approaches improve the reaction process (making it faster and/or more efficient), they remain limited since these solutions do not analyze the impact of the countermeasures selected to mitigate the attacks. In this thesis, we propose a novel and systematic process to select the optimal countermeasure from a pool of candidates, by ranking them based on a trade-off between their efficiency in stopping the attack and their ability to preserve, at the same time, the best service to normal users. In addition, we propose a model to represent graphically attacks and countermeasures, so as to determine the volume of each element in a scenario of multiple attacks. The coordinates of each element are derived from a URI. This latter is mainly composed of three axes: user, channel, and resource. We use the CARVER methodology to give an appropriate weight to each element composing the axes in our coordinate system. This approach allows us to connect the volumes with the risks (i.e. big volumes are equivalent to high risk, whereas small volumes are equivalent to low risk). Two concepts are considered while comparing two or more risk volumes: Residual risk, which results when the risk volume is higher than the countermeasure volume; and Collateral damage, which results when the countermeasure volume is higher than the risk volume. As a result, we are able to evaluate countermeasures for single and multiple attack scenarios, making it possible to select the countermeasure or group of countermeasures that provides the highest benefit to the organization [INFO:INFO_OH] Computer Science/Other [INFO:INFO_OH] Informatique/Autre Countermeasure selection Multiple attacks Return on response investment (RORI) Attack volume Combined selection of countermeasures
36	Zákon o kybernetické bezpečnosti a jeho dopady na povinné subjekty / The Cyber Security Act and its impacts on obliged entities Draganov, Vojtěch January 2016 (has links) The thesis looks into the act No. 181/2014 Coll. Cyber Security Act (hereinafter referred to as "CSA") and its impact on obliged entities with focus on the regional authorities of the Czech Republic. The thesis starts with introduction into the issue of the CSA and cybersecurity from the point of view of the state, subsequently it refocuses on the level of regulated organizations. The main pillar and contribution of the thesis is the CSA analysis with the aim to identify impact of the CSA in the obliged entities. Based on this analysis author designed the questionnaire survey of the CSA impact on the regional authorities. The survey relates to information security management system, kinds of burden stemmed from the CSA implementation, willingness to use funding from the European Regional Development Fund (ERDF) to implement the CSA, a possibility to outsource the cybersecurity and also opinions of the county council staff about the CSA. The survey shows that in spite of a pressure on standardization stemming from legal framework, county councils differs significantly in regard to information security management systems. On the other hand, respondents agreed on positive impact of the CSA on improvement of information and the cyber security although the CSA brings significant financial and organizational load to the organization. The survey also shows that some regional authorities only start to implement cybersecurity currently. The cybersecurity evolves in the researched organization quite dynamically and it would be beneficial to repeat the impact analyses again, after first wave of the CSA implementation will be finished.
37	Management of security information in the security industry Govender, Doraval 06 1900 (has links) Incidents, threats and vulnerabilities have the potential to negatively affect an organisation’s assets. Information on these incidents, threats and vulnerabilities are important to security. It is therefore necessary for this security information to be effectively and efficiently managed, so that correct decisions may be made on the implementation of security risk control measures. This study explored the management of security information in the security industry by undertaking the following: • establishing the “status quo” of the collection and analysis of security information and the implementation of security risk control measures in practice; • identifying the nature and extent of problems experienced in the collection and analysis of security information and the implementation of security risk control measures; and the • discovery of a new Security Information Management Model (SIMM). Mixed methods research was used to study the management of security information in the security industry. The explorative research design was used for this purpose. Semi-structured and focus group interviews were conducted with senior security managers and operational security officers, respectively. The grounded theory research design was used to analyse the qualitative data in order to generate a substantive grounded theory. The theory is that security officers operate without a standardised framework to manage security information. The data from the semi-structured and the focus group interviews were used to design a questionnaire to conduct a survey using the quantitative approach. The non-experimental research design was used to conduct this self-administered questionnaire survey. The data from this questionnaire survey helped validate and confirm the substantive grounded theory. The study found that there was the need for a Security Information Management Model to manage security information in the security industry. Based on this finding the researcher recommended a new Security Information Management Model for the management of security information in the security industry. / Criminology and Security Science / D. Litt. et Phil. (Criminology) Security industry Security information Threat Vulnerability Incident Information protection Sharing of information 352.3790968 Criminal investigation -- South Africa Crime analysis -- South Africa Evidence, Criminal -- South Africa
38	Kyberbezpečnost v průmyslu / Cybersecurity in the engineering industry Jemelíková, Kristýna January 2021 (has links) The master’s thesis deals with the management of cyber security in a manufacturing company. The theoretical part contains concepts and knowledge of cyber security and discusses the current requirements of legislation and standards of the ISO/IEC 27000 series. In practical part are proposed measures to increase cyber security and information security based on the theoretical background and analysis of current state in the selected company.
39	Informační bezpečnost jako jeden z ukazatelů hodnocení výkonnosti v energetické společnosti / Information security as one of the performance indicators in energy company Kubík, Lukáš January 2017 (has links) Master thesis is concerned with assessing the state of information security and its use as an indicator of corporate performance in energy company. Chapter analysis of the problem and current situation presents findings on the state of information security and implementation stage of ISMS. The practical part is focused on risk analysis and assessment the maturity level of processes, which are submitted as the basis for the proposed security measures and recommendations. There are also designed metrics to measure level of information security.
40	Návrh zavedení bezpečnostních opatření podle ISMS ve společnosti vyvíjející finanční aplikaci. / Proposal for the implementation security measures according to ISMS in the company developing financial application. Bukovský, Luděk January 2019 (has links) The goal of this Master Thesis is a proposal for the implementation security measures in the company developing financial software application focused primarily on the Swiss market. These measures are based on results from present state of security in the company. There are the proposal for the security measures on the risk analysis results which are recommendation of the series of standards ISO/IEC 27000 and should lead to the risk reduction affecting the company.

Search results