Information is a valuable asset for organizations and a source of competitive advantage nowadays. Therefore it is necessary to retain information security characteristics of processes and systems in required limits and continuously evaluate the state using measurement. The problem in measurement shows to be in the selection of suitable characteristics and measures of the processes or the products, which are subject to measurement.The main aim of the dissertation thesis is to design methodic for evaluating information security in information systems and formulate conclusions and recommendations for its use in practice. The situation in The Czech Republic was obtained based on a quantitative survey in which data was collected by means of a questionnaire survey (N=785; n=101) and qualitative research was conducted in the 3 organizations from financial sector in the Czech Republic. Results showed that at present an absolute majority of surveyed organizations evaluate information systems from the perspective of risk to valuable information (58.49%). Organizations evaluating information security are most often to identify weaknesses and emerging issues (41.5%). Only a 17.6% of them measure. The designed methodic identifies behavioral model of the organization, defines measurable characteristics of the system and the organization based on extended security model, defines process of development of the measures based on GQM tool, engages measurement process compatible with ISO 27004 and presents evaluation procedure using measured values. The proposed procedures and constructs focused on improvement of field detected by the survey, the "information classification" and "difference between perception of information value between owner and processor". The procedures were validated on two anonymous organizations and are presented in form of case studies. One of the conclusions is, that proposed methodic is applicable mostly in organizations with strong technical and financial base, where it is possible to overcome requirements of measures development processes and measurement application. Also the methodic of evaluation has its own limits of applicability.
| Identifer | oai:union.ndltd.org:nusl.cz/oai:invenio.nusl.cz:259604 |
| Date | January 2015 |
| Creators | Urbanec, Jiří |
| Contributors | Toman, Prokop, Vlasta , Vlasta |
| Publisher | Česká zemědělská univerzita v Praze |
| Source Sets | Czech ETDs |
| Language | Czech |
| Detected Language | English |
| Type | info:eu-repo/semantics/doctoralThesis |
| Rights | info:eu-repo/semantics/restrictedAccess |
Page generated in 0.0023 seconds