Návrh změn systému řízení identit ve firmě / Draft of Changes Identity Management System in a Firm

Vokálek, Vojtěch

January 2016

The subject of the Master thesis is to explore the integration of Identity Management System with the Information Security Management System based on theoretical knowledge and analysis of the current situation. Notify the company to gaps and make proposals for improvement.

Návrh metodiky pro zavedení ISMS / Design of Methodology for Implementation of ISMS

Dokoupil, Ondřej

January 2016

This master’s thesis deals with the design of methodology for implementation of ISMS (Information Security Management System). The theoretical part describes the basic principles and procedures for processing of this domain, including normative and legal - legislative aspects. The next section is an analysis of the current state of the organization. On its basis the practical part is drafted, including an economic evaluation of the project and possible benefits of implementation.

The challenges of evaluating and following up on information security within Swedish government agencies : A qualitative case study

Landelius, Birgitta

January 2023

The digitalisation of society is rapidly progressing, but along with digitalisation, there are threats. Cyber attacks are a rising concern, especially for the public sec-tor and government agencies. To resist attacks, it is crucial to establish a systematic information security work. Among activities within the systematic information security work, two of them are evaluation and follow-up. Those are activities important for the continuous improvement that should occur when working systematically. However, research has revealed that such activities are challenging to perform. Swedish government agencies have experienced difficulties for years with evaluating and following up on their information security work, although it is a requirement to fulfil. Therefore, this study aims at investigating how information security is evaluated and followed up within Swedish government agencies for civil preparedness by applying a qualitative case study. The study used two methods to collect data. Data was gathered from public documents and a qualitative content analysis was performed. A total of 152 documents were analysed, including appropriation directions and annual reports. In combination, ten semi-structured interviews were conducted with informants from government agencies responsible for civil preparedness and individuals with extensive work experience regarding information security in the public and private sectors. The interview data were analysed similarly to the public documents, hence content analysis and categorisation into themes. The results indicate that evaluation and follow-up of information security are performed, but they are burdensome for government agencies. It is mainly due to unclear requirements and weak governance. In addition, evaluation is a time-consuming and resource-intensive activity, which makes it challenging to motivate. The study enlightens these challenges, and its findings could be utilised in future research to aid the problem situation.

Information security

public sector

ISMS

evaluation

governance

Information Systems, Social aspects

Návrh metodiky bezpečnosti informací v podniku / Design of Information Security Methodology in the Company

Bartoš, Lukáš

January 2013

This thesis proposes a design of information security methodology in the company. After the theoretical bases of this thesis is introduced company for which is intended this work. Then is performed analysis of risks based on selected assets and potential threats. Followed by design of the measures to minimize the creation of possible risks in the company.

Ett anpassat ledningssystem för informationssäkerhet : - Hur gör en liten organisation med hög personalomsättning?

Magnus, Crafoord, Henrik, Sahlin

January 2014

This paper aims to find out how to implement an information security management (ISMS) system that is based on ISO/IEC 27001-standard into a small organization with high employee turnover. The standard employs the PDCA-method as a course of action for implementing the standard. The reason for implementing such a system is to introduce information security to the organization and to maintain it despite the changes in management. The paper based it’s survey on a case study of a student nation in Uppsala, Sweden. Data was gathered from documents, organization charts, direct observation and by studying physical artifacts. The result of this study showed that it is possible to base an ISMS on the ISO/IEC 27001-standard and that the PDCA-method of implementing the system works if careful adaptation of the two is applied during its establishment into the organization. This paper concludes that certain aspects has to be considered when using the standard and PDCA-method when working with these kinds of organizations. The leadership has to play an active role in maintaining the work related to information security in order to enable continuity in a high employee turnover-organization. Organization members working on a non-profit basis can enable a higher level of security policy compliance since the relationship between employee and the organization stems from a voluntary basis. Build the ISMS so that it focuses on the core operations of the organization. If the ISMS is made to comprehensive there is a risk of it becoming too big for the organization to manage. There should be no doubts regarding who is responsible for the ISMS. The continuity of the system depends on well-established means of knowledge transfer from the departing responsibility holder to his or her successor.

Implementing ISMS

PDCA-model

information security

small organization

high employee turnover

PDCA-modellen

informationssäkerhet

små organisationer

hög personalomsättning

Information Systems

Bezpečnost firemních telefonních sítí využívajících VoIP / Security of Enterprise VoIP Telephony Networks

Šolc, Jiří

January 2008

This thesis focuses on enterprise VoIP telephony network security. Introduces brief comparison of old analog and digital voice networks and IP telephone networks with special focus on VoIP system security. The goal of the thesis is to identify the risks of implementation and operation of VoIP technologies in enterprise environment and so thesis brings some conclusion how to minimalize or avoid these risks. First two chapters briefly introduce the development of telephony technologies with differentiation of enterprise telephone network from public telephone networks. Further it describes individual technologies, digitalization of voice, processing the signal and VoIP protocols and components. Third chapter focuses on infrastructure of telephony networks with special interest for architecture of IP telephony and ways of establishing call processing. It describes data flows for further security risk analysis, which this technology came with. Fifth chapter is about enterprise security standards in common and is trying to describe information security management system (ISMS) adopting VoIP technology. Individual security threats and risks are described in sixth chapter, along with known methods how to avoid them. Final parts of thesis concludes of two real situation studies of threats and risks of VoIP technologies implemented in environment of small commercial enterprise and medium size enterprise, in this example represented by University of economics. These chapters conclude theoretical problems shown on practical examples.

Zavádění řízení informační bezpečnosti ve zdravotnickém zařízení / The Implementation of Information Security in Healthcare Organization

Procingerová, Lucie

January 2017

This Master‘s thesis is based on knowledge of information security and its management. The thesis is divided into two parts. The first part provides the theoretical background, definitions and terminology according to the information security management and it is based on concepts from standard ISO 27000 series. The second part aims to analysis of a selected company. Following to this analysis proposal of implementation of information security management system and security guide is drawn up. This guide contains recommendations for ICT security management and advices in field of personal and physical security in company.

Fyzická bezpečnost v průmyslovém podniku / Physical Security in an Industrial Company

Konečný, Pavel

January 2017

The diploma thesis focuses on physical security solutions in an organization acting in a metallurgy segment. The analytical part identifies the weaknesses in individual areas of physical security according to ČSN/ISO 27 000 regulation. The practical part is divided into individual chapters bringing suggestions for corrections, modernization and modifications of the system. The theoretical part deals mainly with clarification of the terminology and proceses used in the practical part. I see the benefit of my work in the practical suggestions for the changes. If they are implemented correctly, the physical security of the organization will be of high quality.

Zavedení ISMS do podniku podporujícího kritickou infrastrukturu / Proposal for the ISMS Implementation in Company with CI Support

Šebrle, Petr

January 2017

This diploma thesis deals with the methodology of Management of Information Security in a medium size company supporting critical infrastructure. The first part is focused on the theoretical aspects of the topic. Practical part consists of analysis of the current state, risk analysis and correction arrangements according to the attachment A of standard ČSN ISO/IEC 27001:2014. Implementation of ISMS is divided into four phases. This thesis however covers the first two phases only

Návrh řízení informační bezpečnosti v průmyslovém prostředí / Design of information security management in the industrial environment

Kadlec, Miroslav

January 2018

The diploma thesis deals with the design of information security management in the industrial environment. In the first part of thesis is mentioned the theoretical background from the area of information security. The analysis of the default status is followed, and the risk analysis is also performed. Further, the thesis deals with the design of the industrial network infrastructure and its management.