Spelling suggestions: "subject:"ism"" "subject:"iss""
51 |
Zavádění bezpečnostních opatření dle ISMS do malé společnosti / Small Company Security Measures Implementation According to ISMSKohoutek, Josef January 2016 (has links)
In my master´s thesis I focus on the design of information security management system for the company INNC s.r.o., which specializes in the design and implementation of computer networks. The thesis is divided into two parts. The first part provides theoretical knowledge of the issue. Second part is the analysis and proposal of security measures.
|
52 |
Management informační bezpečnosti v podniku / The Information Security Management in CompanyKalabis, Petr January 2016 (has links)
This master thesis is focused on the design of implementation the information security management system in the company according to standards ISO/IEC 27000. First of all, it was described the theory of information security management system and it was explained the relevant terms and other requirements in the context of this issue. This assignment involves analysis of the current situation of the company and suggestions that lead to reducing discovered risks and bring improvement of the general information security.
|
53 |
A simplified ISMS : Investigating how an ISMS for a smaller organization can be implementedAsp Sandin, Agnes January 2021 (has links)
Over the past year, cyber threats have been growing tremendously, which has led to an essential need to strengthen the organization's security. One way of strengthening security is to implement an information security management system (ISMS). Although an ISMS will help improve the information security work within the business, organizations struggle with its implementation, and significantly smaller organizations. That results in smaller organization's information being potentially less protected.This thesis investigates how an ISMS based on MSB can be simplified to make it suitable for a small organization to implement. This thesis aims to open for further research about how it can be simplified and if it has a value of doing it.The study is based on a qualitative approach where semi-structured interviews with experts were conducted. This thesis concludes that it is possible to simplify an ISMS based on MSB for a small organization by removing external analysis, information classification, information classification model, continuity management for information assets, and incident management. In addition, the study provides tips on what a small organization should think about before and during implementation.
|
54 |
Informationssäkerhet i organisationer - Utvärdering av Folktandvårdens informationssäkerhet inom Region Jönköpings län / Information security in organizations- Evaluation of Folktandvården's information security within Region Jönköping CountyAl-Botani, Nidaa January 2015 (has links)
Information är idag en värdefull resurs i organisationer som blir mer och mer beroende av sina informationssystem. Information utsätts för olika hot och den behöver skyddas för att organisationer effektivt ska kunna driva sin verksamhet. Ett systematiskt informationssäkerhetsarbete hjälper organisationer att uppnå och upprätthålla en tillräcklig nivå av informationssäkerhet. Studiens syfte är att undersöka hur informationssäkerhet hanteras inom organisationer i allmänhet i nuläget. En fallstudie har genomförts på Folktandvården, Region Jönköpings län för att undersöka hur Folktandvårdens medarbetare hanterar informationssäkerheten. Dessutom syftar studien till att utvärdera medvetenhet om informationssäkerhet hos medarbetarna på Folktandvården och att presentera förslag på hur hanteringen av personuppgifter kan förbättras i organisationer. Blandade tekniker har använts för att samla information. Litteraturstudier inom området informationssäkerhet har genomförts. Empirisk data har samlats in genom en enkätundersökning, intervjuer och skriftliga frågor som har skickats via e-post till utvalda ansvariga som jobbar specifikt med frågor som berör informationssäkerhet inom Folktandvården. Denna studie använder de svenska standarderna SS-ISO/IEC 27001:2014 och SS-ISO/IEC 27002:2014 för att utvärdera informationssäkerhet på Folktandvården, Region Jönköpings län samt att få en bild av hur informationssäkerhet hanteras inom organisationer. Organisationer kan upprätthålla säkerhet i sin informationshantering genom att tillämpa ett ledningssystem för informationssäkerhet (LIS) som bevarar konfidentialitet, riktighet (integritet) och tillgänglighet av information. Informationssäkerhetsarbetet och införandet av LIS skiljer sig mellan organisationer eftersom de kan påverkas av organisationens behov och mål, storlek och struktur. Fallstudiens resultat visar att Folktandvården, Region Jönköpings län genomför en aktiv hantering av informationssäkerhet. Folktandvården klarar de flesta kraven som ställdes i standarderna. Däremot föreslås det i studien att fler utbildningsprogram ordnas för att öka medvetenheten kring informationssäkerhet. Dessa utbildningsprogram bör uppdateras regelbundet för att det fortsätter att vara i linje med organisatoriska policy och rutiner. Det rekommenderas även att organisationen utför informationsklassning fullt ut enligt den modellen som Folktandvården har. Dessutom rekommenderas att utveckla planeringen av kontinuitet för informationssäkerhet. Resultatet från enkätundersökningen visar att medarbetarna är medvetna om hur de hanterar informationssäkerhetsincidenter och upplever att systemen är tillgängliga för de behöriga. Flera av de förslag som presenterades av denna studie har hörsammats och kommer att leda till vidare arbete inom Folktandvården. Organisationers personuppgifter bör skyddas genom att tillämpa regler enligt gällande författningar. En ansvarig person i organisationen bör ge vägledning till de anställda om sitt ansvar för hantering av personuppgifter. / Information today is a valuable resource for organizations which become more and more dependent on their information systems. Information subject to various threats and the need to be protected in order that organizations can effectively run their business. A systematic information security helps organizations to achieve and maintain a sufficient level of information security. The study aims to investigate how information is managed within organizations in general. A case study has been performed in Folktandvården (the Public Dental Service), Region Jönköping County to investigate how the organization handle information security. In addition, the study aims to evaluate awareness of information security among employees at the business and to present proposals on how to improve handling of personal data. Mixed techniques have been used to gather information. Literature studies in the field of information security has been implemented. The empirical data collected through a questionnaire, interviews and written questions sent by e-mail to managers in Folktandvården. This study uses the standards SS-ISO / IEC 27001:2014 and SS-ISO / IEC 27002:2014 to evaluate the information in Folktandvården, Region Jönköping County and to get a picture of how information is managed within organizations. Organizations can maintain the security of their information by implementing an information security management system (ISMS) that preserves the confidentiality, integrity and availability of information. Information security and ISMS application differs between organizations, which could be affected by the organization's needs and goals, size and structure. Case study results show that Folktandvården, Region Jönköping County implements an active management of information. The organization manages most of the specifications in the standards. However this study proposes to organize more training programs for information security awareness. These programs should be updated regularly in order to continue to be in line with organizational policies and procedures. It is recommended that the organization performs information classification fully in accordance with the model it has. Additionally, it is recommended to develop the planning of continuity for information. The results from the questionnaire show that the employees are aware of how they handle information security incidents and they think that the systems are available for authorized access. Several of the proposals presented by this study have been heeded and will lead to further work in Folktandvården. Organizations' personal information should be protected by applying the rules in accordance with applicable regulations. A responsible person in the organization should provide guidance to employees about their responsibility for the handling of personal data.
|
55 |
ISMS與PIMS整合導入之研究 -以國防部全球資訊網站系統為例 / Research on Importing and Integration of ISMS and PIMS – A Case Study of the World Wide Web for Military of National Defense, Taiwan, R.O.C孫天貴, Sun, Tien Kuei Unknown Date (has links)
隨著資訊科技的蓬勃發展,資訊技術可以提昇組織效率與競爭力,資訊系統或網站亦是組織營運重要命脈。而在近年來全球資訊安全事件不斷發生,資訊犯罪手法不斷翻新,所肇生的系統損害、資料毀損、個資外洩、財務詐騙事件近來更是層出不窮,對單位或公司而言風險不斷提高,傷害亦相對嚴重,甚至導致公司信譽破產,面臨倒閉威脅,為保護組織內部資訊相關資產與個人資料,並保持組織持續正常運作,資訊安全管理系統(ISMS)與個人資訊管理系統 (PIMS)便是一套可有效控制管理之方法;ISMS與PIMS分兩次來導入,造成組織增加工作負荷,有疊床架屋情形,成本有部分重複投資現象。本研究試著以資料的生命週期,資訊安全的機密性、完整性、可用性,PDCA運作模型...等角度進行本質上探討,來進行整合ISMS與PIMS的整合工作。
經文獻探討與專家學者建議,本研究突破各項盲點,從各角度分析進行多面向整合工作,並提出4點可有效整合具體作法:1. 清查作業流程須包含個人資料所延伸之流程。2. 進行作業流程上資訊資產及個資清查作業。3. 資訊資產及個人資料風險評鑑作業。4. 建立ISMS與PIMS四階文件,產出ISO27001適用性聲明須包含個資法。
本研究以國防部網站系統為例,運用整合結果進行實作,將實作經驗分享給未來有意導入ISMS與PIMS之IT人員,實作結果也證實本研究提出論點確實有效,更有效且更有邏輯性的面對各種資安與個資問題,以作業流程面來分析資安與個資,讓每個控制點更加明確,最後實作運用以各國均能接受的ISO標準(ISO 27001標準包含個資管理流程)來驗證本實作,也證明本研究整合後,在實施(Plan-Do-Check-Act)管理系統確實有效,均能符合相關標準與法規。
|
56 |
Informační bezpečnost jako jeden z ukazatelů hodnocení výkonnosti v energetické společnosti / Information security as one of the performance indicators in energy companyKubík, Lukáš January 2017 (has links)
Master thesis is concerned with assessing the state of information security and its use as an indicator of corporate performance in energy company. Chapter analysis of the problem and current situation presents findings on the state of information security and implementation stage of ISMS. The practical part is focused on risk analysis and assessment the maturity level of processes, which are submitted as the basis for the proposed security measures and recommendations. There are also designed metrics to measure level of information security.
|
57 |
Návrh přístupového systému jako součást řešení fyzické bezpečnosti / Design of Access System as a Part of Physical Security SolutionDohnal, Matěj January 2017 (has links)
This master’s thesis deals with design of an access system as a part of physical security solution for an energy company in the Czech Republic. The access system is designed to meet all legal requirements and conform to ISO 27001 certification. Implementation of the proposed access system is demonstrated on the selected company object, a representative example of connecting the critical infrastructure element and the company's common facility.
|
58 |
Návrh změn identity managementu v podniku / Company Identity Management Changes ProposalHruška, David January 2018 (has links)
This diploma thesis focuses on the proposal to implement changes of identity management into a particular company. In the theoretical part are the basic concepts and a detailed description of the identity management. There is also described an analysis of the current state of information security in the company, risk analysis and selection of measures to minimize the risks found. At the end of this thesis are proposed changes, their procedure and timetable for implementation of selected measures.
|
59 |
Návrh elektronického zabezpečovacího systému jako část fyzického zabezpečení energetických objektů kritické infrastruktury / Proposal of an electronic security system as part of the physical securing of critical infrastructure energetic objectsMihálik, Andrej January 2018 (has links)
This master's thesis deals with the design of an electronic security system as part of the physical security for the energy company in the Czech Republic. The electronic security system is designed to meet all legal requirements, internal directives and has also passed ISO 27001 certification. The Implementation of the security system is demonstrated on the selected object of the company that belongs to the elements of the critical infrastructure.
|
60 |
Návrh zavedení ISMS ve veřejné správě / The proposal of ISMS implementation in the public administrationŠtukhejl, Kamil January 2019 (has links)
This diploma thesis focuses on the implementation of information security management system in the public administration based on ISO/IEC 27000 series of standards. The thesis contains theoretical background, introduction of the organization, risk analysis and a proposal of appropriate measures for minimization of these identified risks. In the end, an implementation plan is proposed including an economic evaluation.
|
Page generated in 0.1293 seconds