Quality security of sensitive data and key assets becomes now a question of absolute necessity for a company of any size and orientation. History of evolution of information security began particularly in environment of large organizations, that processed a large amount of data. It is logical that it was larger and richer companies which often have sufficient resources to invest in the security of their assets. Moreover, relatively large percentage of small and medium-sized businesses have about the security of its information somehow faulty ideas. More and more attackers are focusing on mid-sized organizations, which are insufficiently protected and they find it much easier to get to their sensitive data. Small and medium-sized companies are often preventing the implementation of certified standards. The reason is the fear of heavy formal administration, which is often required for certification, but is mainly for small businesses unnecessary and burdensome. For medium-sized organizations (50-250 employees), the certain administration associated with information security is a necessity. Employees, as in small businesses, are familiar with each other, but already there is a certain degree of anonymity, which may trigger the fact that some employees will not respect security procedures, especially if they are not precisely defined, and compliance will not be regularly checked. It depends on several circumstances, whether the certification is appropriate for the organization or the establishment of their internal methodology for information security. Methodology of balanced information security, which is the subject of this article is primarily proposed for small and medium-sized businesses. Its aim is to define the most important and absolutely necessary criteria for information security so that the system meets the requirements of a comprehensive solution of the issue. On the other hand, it seeks how to minimize the administrative burden for these organizations, which is, as mentioned above, one of the main reasons, why companies hold a negative attitude to the most widespread certifications. The methodology identifies four main areas of information security management system in a company. It includes an audit which specifies the quality level of particular areas of information security in the organization. If any of the studied areas is found insufficiently protected, effecitve measures are offered to improve the situation. The ultimate solution is a condition of a system where all the key areas of information security management of the organization are at the appropriate level and the system can be considered balanced.
| Identifer | oai:union.ndltd.org:nusl.cz/oai:invenio.nusl.cz:233734 |
| Date | January 2010 |
| Creators | Král, David |
| Contributors | Koch, Miloš |
| Publisher | Vysoké učení technické v Brně. Fakulta podnikatelská |
| Source Sets | Czech ETDs |
| Language | Czech |
| Detected Language | English |
| Type | info:eu-repo/semantics/doctoralThesis |
| Rights | info:eu-repo/semantics/restrictedAccess |
Page generated in 0.0022 seconds