The aim of the thesis is to apply the methodology of qualitative risk analysis according to ISO/EC/27005:2011 and to increase awareness of existing threats and impacts on information assets and to create possible security precautions to minimize identified threats in a particular company. The thesis is divided into five chapters. Introductory chapter explains the basic concepts of information security and risk management in the organization that are necessary for understanding of the principles and the importance of information security. The second chapter deals with the international standards aimed at information security and briefly describes ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27005. The following two chapters form a smooth transition from the theoretical to the practical part. The third chapter characterizes selected company and describes the current state of information security in the company. The fourth chapter forms the methodological apparatus of qualitative risk analysis, compiled in accordance with ISO/IEC 27005:2011. It also contains a list of relevant threats, to which an asset of the company is exposed. The last chapter is conducted to qualitative risk analysis, together with the draft of the precautions to minimize the risks. The practical section shows that by the implementing the proposed action the company will reduce existing risks to acceptable levels and will significantly improve the protection of information assets.
Identifer | oai:union.ndltd.org:nusl.cz/oai:invenio.nusl.cz:194712 |
Date | January 2012 |
Creators | Slávková, Daniela |
Contributors | Hykš, Ondřej, Plášková, Alena |
Publisher | Vysoká škola ekonomická v Praze |
Source Sets | Czech ETDs |
Language | Slovak |
Detected Language | English |
Type | info:eu-repo/semantics/masterThesis |
Rights | info:eu-repo/semantics/restrictedAccess |
Page generated in 0.0019 seconds