The aim of the thesis is to evaluate the preparedness of an information security management system (ISMS) in a logistic company JASA s.r.o. for a certification by standard ISO/IEC 27001:2013. This enterprise oscillates between small and medium enterprise. It has already implemented the certificate on quality management ISO 9001:2008. For this reason, in the thesis there are presented advantages for a company that already has implemented one of ISO standards and decides to implement another. First of all, the present state of information security management system in Jasa s.r.o was compared to other businesses functioning in the Czech and European market. Then the company control environment was evaluated accordingly to the requirements of standard ISO/IEC 27001:2013. Furthermore, a scheme was created in order to evaluate specific controls based on the impact risk that could arise in case of ignoring the suggested recommendations. In the last part, the controls were evaluated accordingly to difficulty, so that the company can find cheap and fast solutions with adequate impact. The main contribution of the thesis is the evaluation of the approach to solve information security in one of many enterprises that are afraid or are starting to notice the increasing amount of security threats. This approach may be chosen by other companies that decide to go the similar way.
Identifer | oai:union.ndltd.org:nusl.cz/oai:invenio.nusl.cz:203907 |
Date | January 2016 |
Creators | Zrcek, Tomáš |
Contributors | Čermák, Igor, Šašek, Jaroslav |
Publisher | Vysoká škola ekonomická v Praze |
Source Sets | Czech ETDs |
Language | Czech |
Detected Language | English |
Type | info:eu-repo/semantics/masterThesis |
Rights | info:eu-repo/semantics/restrictedAccess |
Page generated in 0.0024 seconds