Správa hrozeb pro CERT/CSIRT týmy / Threat management for CERT/CSIRT teams

Machálek, Jiří

January 2012

The increasing importance of the Internet as an integral part of contemporary society has stressed the need to formalize the process of response to security incidents that accompany it inseparably. Security teams of the CERT/CSIRT type are established at different levels for this purpose. These teams respond to reports from their constituency and cooperate with other teams. This thesis introduces the reader to the issues these teams deal with and analyzes their needs in resolving threats and problems related to DNS and its domains. Part of the work is an overview of the basic existing tools to support the work of CERT/CSIRT teams to solve problems with domains, the design of a tool Malicious Domain Manager and description of its implementation. The results of test run of this tool by CZ.NIC-CSIRT team show its contribution to security of DNS.

Bezpečnost při vývoji softwaru / Security during the application development

Lapáček, Vladimír

January 2010

The topic of the thesis is issue of security during the application development. The main emphasis is being placed on web applications. The goal is to define a framework for managing the life cycle of applications to meet the security minimum. The objectives of the work are achieved by study of available resources and their subsequent analysis. The target audiences are software developers interested in learning more about how to create secure applications. The work describes the areas that are crucial for security of applications. Work contains security standards which we can use for defining security requirements of applications. Furthermore, there are mentioned the most serious security vulnerabilities and ways how to avoid them. It describes issue of security testing as an important tool for verifying security. The main part of work is the chapter dealing with the way how to include the issue of security throughout the application life cycle.

Návrh bezpečnostní politiky české pobočky nadnárodní společnosti / The Proposal of a Safety Policy in the Czech Branch of an International Compan

Filip, Tomáš

January 2009

Safety policy deals with processes of security in company to protect assets regardless of a branch office size. Nowadays is the company exposed to a lot of threats and risks, which the company has to face to prevent work threats. This risks and threats don't have to be caused by competition, they can caused randomly, sporadically and someone can't be avoided or its protection is too expensive, whereas protection against some hazards can be easy or cheap. Analysis and appropriate safety actions are made for correct examination. This thesis put mind to create complete suggestion of safety policy for a small Czech branch of an international company. It contains required analyses, tips, theoretical solutions, policy for personal management and changes for easier suggestion of necessary safety documents. I made use of up-to-date information from the domain of security during the process, but special care has been made while writing the concepts, so that the document's contents wouldn't age so quickly.

Čína, Indie a potenciál ozbrojeného konfliktu v jihovýchodní Asii / China, India and the potential for armed conflict in South East Asia

Blažek, Zdeněk

January 2013

Master's thesis China, India and the armed conflict potential in South East Asia is concerned with the current relations of mentioned countries and is trying to figure out, if an outburst of a military conflict between them could occur or whether they will rather cooperate. The thesis is based on the notion that these two world giants in the terms of number of inhabitants, area and even a GDP volume have an unresolved border dispute, ever since the India reached independence. Their mutual border has never been officially demarcated. The small skirmishes between the border patrols of both states are uncountable. In addition, in 1962 they waged a war against each other, which China won in very decisive manner. Both states have been disputing which side caused this conflict till today. Rising economic power of both states currently, together with supposed arming, development of military rocket and submarine technology capable to carry nuclear warheads and establishment of naval bases by China in the proximity of India could create a really effervescent atmosphere in the area. The thesis is divided into six chapters. First chapter introduces the topic. Second chapter establishes the theoretic framework, which is underpinning the research. The other chapters are empirical. The main areas of the analysis...

Čínsko-japonské bezpečnostní vztahy: existuje hrozba vojenského konfliktu? / Sino-Japanese security relations: does a threat of military conflict exist?

Bartoň, Vojtěch

January 2014

The main goal of this master's degree thesis is research how possible is armed conflict between People's Republic of China and Japan. Both states which are important actors in Pacific region and also in the global scale, had a number of conflicts in history. Nowadays is visible sharp deterioration of relations due to territorial, political, military and economic disputes. The beginning of thesis is aimed to show historical background of the mutual relations that is a key for understanding nowadays disputes. The research is based on two theories - neorealistic balance of power theory and concept of commercial liberalism. The factors from these theories can measure relevance of threat and helps answer the question how possible is the emergence of armed conflict. According to the results of research maintaining of peace between China and Japan is more probable mainly due to interdependence of both countries. Powered by TCPDF (www.tcpdf.org)

Analýza protokolů pro komunikaci v energetických sítích / An Analysis of Smart Grid Communication Protocols

Sobotka, Lukáš

January 2019

This work deals security of SCADA industry systems which are used in energetic networks. It describes architecture of those systems and also analyze in details two communication protocols -- DNP3 and IEC 60870-5-104.  Next part is devoted to the analysis of anomaly and security threats which can be happen in SCADA systems. The main goal of this work is design and implementation of system which will be able to detect some of threats or anomalies. Also is necessary to propose simulation environment for testing.

Právní aspekty boje proti počítačové trestné činnosti / Legal Aspects of Fighting Cybercrime

Dostál, Otto

January 2020

The thesis deals with the topic of computer crime. Foremost, it demonstrates on an example of the operation of a medical image information processing system some selected aspects of this issue. It shows that it is always necessary to monitor the current state of the technical knowledge at the time, but also the need of addressing the issue within the corresponding legal limits. The thesis presents criminal law reality as a complex system. The links between different parts of the system are examined, and possible shortcomings are considered. The legal instruments and legal limits of the procedures that can be used against cybercrime are evaluated. The thesis focuses especially on the issue of obtaining evidence under the Czech Criminal Procedure Code. It presents a proposal on how to understand individual procedural legal institutes and for what purposes and how to use them. Consequently it suggests legal procedures for specific selected practical situations.

Hernoteoreticke modelovanie prostredia medzinarodnych vzt'ahov / Game Theoretic Modelling of the International Relations System

Halás, Matúš

January 2011

The thesis models interactions in the system of states. Fundamental research question asked what consequences for success of strategies and prospects of cooperative behavior have particular settings and properties of the system. Thesis includes two features peculiar to international relations that did not appear anywhere else before: (i) determination of interaction occurrence with help of distance and power; and (ii) emergence of (dis)trust out of the previous interactions. The model is based on three elements: agents, environment, and rules. Players interacted in the Hobbesian Prisoner's Dilemma environment as described by realists, but thanks to payoff shift representing emergence of (dis)trust I also formalized constructivist argument of different cultures of anarchy and of mutually constitutive agent-structure relationship. Multi-agent computer simulations set within the abductive reasoning framework were chosen because lack of heterogeneous enough data and impossibility of experiments made this data generating method a necessity. The source code is written in C#. I translated 62 Axelrod's behavioral rules and then added several others that seemed promising. Three new strategies mirroring usual behavior of states were proposed too. To secure robustness of the results, application was run...

Rámec pro řízení bezpečnostních rizik on-line služeb / Framework for on-line service security risk management

Mészáros, Jan

January 2010

This dissertation thesis is dedicated to on-line services security management from service provider's and service consumer's viewpoints. The main goal is to propose a framework for on-line services security risk management, to develop a supporting software tool prototype and to validate them through a case study performed in a real-world environment. The key components of the proposed framework are a threat model and a risk model. These models are designed to fit specific features of on-line services and the surrounding environment. A risk management process is an integral part of the framework. The process is suitable for frequent and recurrent risk assessments. The process comprises of eight steps, related roles and responsibilities are defined for each step. The process execution results in identification and execution of proper tasks which contribute to treatment of identified security risks and deficiencies. Documentation and reporting of an overall level of on-line services security over time is possible if the process is executed on a regular basis. The proposed framework was validated through a case study performed in a large enterprise environment.

Soudobý vývoj států Perského zálivu / Contemporary Development of the Persian Gulf States

Cimpová, Jitka

January 2012

This thesis analyses Persian Gulf states foreign policies development and a position of the region in international relations using a collective case study. At the theoretical level the thesis works on the elements of (neo) realism, (neo) liberalism and social constructivism. The analysis is focused on security context and examines both challenges to internal security (regime and government, Shia expansion, the so called Arab spring, media) and external security (the Israeli-Palestinian conflict, Syrian conflict, terrorism, globalization and oil market developments). In the regional security complex of the Gulf are involved interests of the three main world powers, U.S.A., Russia and China. Regional cooperation in the GCC organization and mutual relations of the Gulf States are important, too. Based on the findings it is possible to assert that the development of the region is dynamic and depends on the oil rents.