Your search keyword '"ISO/IEC 27000"' showing total 202 results

1. Vulnerability Analysis - Business Case

Author

Doucek, Petr, Maryska, Milos, Nedomova, Lea, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Rocha, Álvaro, editor, Ferrás, Carlos, editor, Hochstetter Diez, Jorge, editor, and Diéguez Rebolledo, Mauricio, editor

Published

2024

2. An Analysis of IT Assessment Security Maturity in Higher Education Institution

Author

Suwito, Misni Harjo, Matsumoto, Shinchi, Kawamoto, Junpei, Gollmann, Dieter, Sakurai, Kouichi, Kim, Kuinam J., editor, and Joukov, Nikolai, editor

Published

2016

3. Improvement the Competences of the Specialists Engaged with the Cultural and Scientific Heritage Digitization in the Information Security and Risk Management Systems: ISTRA Approach

Author

Yanislav Zhelev

Subjects

ISO/IEC 27000, ISO 31000, standardization, VET, C-VET, digitalization, Information technology, T58.5-58.64

Abstract

The standards are crucial part of any activity on nowadays life. The necessity of education about standardization is already recognized at European level. As the culture sector evolves and changes, so do the skills required of individuals active in the sector. These changes can only be met by relevant and demand sensitive vocational and continuous vocational education and training (VET and C-VET). Application of the standards for information security and risk management systems in the digitization of cultural and scientific heritage and its preservation and relevant presentation is an issue of key importance. The current paper presents the main outcomes and results achieved so far in the framework of the Erasmus+ Project “International Standards training in VET for promotion of market relevant education” – ISTRA No 2016-1-BG01-KA202-023738 aiming at the development and piloting of innovative training approaches and contents for VET and C-VET training on two widely applicable series of standards - ISO/IEC 27000 and ISO 31000.

Published

2018

4. An ISO/IEC 15504 Security Extension

Author

Mesquida, Antoni Lluís, Mas, Antònia, Amengual, Esperança, O’Connor, Rory V., editor, Rout, Terry, editor, McCaffery, Fergal, editor, and Dorling, Alec, editor

Published

2011

5. Una propuesta de gestión de la seguridad de la información aplicado a una entidad pública colombiana.

Author

Carvajal, D. L., Cardona, A., and Valencia, F. J.

Subjects

*INFORMATION resources management, *PUBLIC administration, *INFORMATION technology security, *SECURITY management, *INFORMATION organization

Abstract

Information is considered today one of the most important resources in organizations, not only as fundamental input of processes, but as a resource to properly run allows to define organizational strategies, what has not been outside in the public sector, especially in what it has to do with its protection. This article aims to present a case for the application of the management of information security in a public entity, using, prior review of the literature, four international information security standards) ISO/IEC 27001:2013, ISO/IEC 27002:2013, ISO/IEC 27003:2010 and ISO/IEC 27005:2008) and their contextualization in Colombia, from the guidelines laid down by the Ministry of information technologies. Resulted in the development of a methodology adjusted to the needs of the public entity with management of risk and controls relevant indicators and parameters to reduce the uncertainty in the management of information. The contributions made by this work is related to the integration of international standards of security of the information and their contextualization in a Government area, responding to regulatory requirements and allowing once After implementation, having a relevant methodological development that allows the public organization develop information security management processes continuously. [ABSTRACT FROM AUTHOR]

Published

2019

6. Prácticas de seguridad por diseño para la gestión de proyectos TI en PYMEs.

Author

des de la Cámara, Merce, Sáenz-Marcilla, Javier, Arcilla-Cobián, Magdalena, and Calvo-Manzano, Jose A.

Abstract

Copyright of CISTI (Iberian Conference on Information Systems & Technologies / Conferência Ibérica de Sistemas e Tecnologias de Informação) Proceedings is the property of Conferencia Iberica de Sistemas Tecnologia de Informacao and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2016

7. Factores de seguridad por diseño para el desarrollo y evaluación de software seguro.

Author

de la Cámara, Mercedes, Sáenz, Javier, Calvo-Manzano, Jose Antonio, and Arcilla, Magdalena

Abstract

Copyright of CISTI (Iberian Conference on Information Systems & Technologies / Conferência Ibérica de Sistemas e Tecnologias de Informação) Proceedings is the property of Conferencia Iberica de Sistemas Tecnologia de Informacao and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2015

8. Desarrollo de un SGSI para un grupo empresarial

Author

Berna-Martinez, Jose Vicente, Universidad de Alicante. Departamento de Tecnología Informática y Computación, Piera Cebrián, Ignacio, Berna-Martinez, Jose Vicente, Universidad de Alicante. Departamento de Tecnología Informática y Computación, and Piera Cebrián, Ignacio

Abstract

Por mi experiencia profesional, la mayoría de las empresas pequeñas o medianas carecen de cualquier tipo de formalismo o plan de seguridad. En este proyecto se plantea formalizar el SGSI para un grupo empresarial donde convergen varios tipos de empresas diferentes, con necesidades diferentes, de un tamaño considerable en conjunto, pero que son administradas desde un servicio de TI unificado. Esta estructura empresarial particular requiere de un análisis y planificación concreta que se materializará en un Plan Director de Seguridad Empresarial. Este Plan Director de la Seguridad Empresarial, abordará el estudio del contexto de la empresa, la evaluación de los niveles actuales de seguridad informática, comprobaran los puntos fuertes y los puntos débiles, para finalmente ofrecer un documento con propuestas y planes que puedan servir de ayuda a reforzar los mecanismos de seguridad informática del grupo empresarial. Para ello se emplearan la familia de normativas ISO 27K, la Metodología Magerit v3 desarrollada por la Administración Electrónica del Gobierno de España y los planes de contingencia y continuidad de negocio desarrollados por el INCIBE.

Published

2021

9. A simplified ISMS : Investigating how an ISMS for a smaller organization can be implemented

Author

Asp Sandin, Agnes and Asp Sandin, Agnes

Abstract

Over the past year, cyber threats have been growing tremendously, which has led to an essential need to strengthen the organization's security. One way of strengthening security is to implement an information security management system (ISMS). Although an ISMS will help improve the information security work within the business, organizations struggle with its implementation, and significantly smaller organizations. That results in smaller organization's information being potentially less protected.This thesis investigates how an ISMS based on MSB can be simplified to make it suitable for a small organization to implement. This thesis aims to open for further research about how it can be simplified and if it has a value of doing it.The study is based on a qualitative approach where semi-structured interviews with experts were conducted. This thesis concludes that it is possible to simplify an ISMS based on MSB for a small organization by removing external analysis, information classification, information classification model, continuity management for information assets, and incident management. In addition, the study provides tips on what a small organization should think about before and during implementation.

Published

2021

10. Управління інформаційною безпекою. Конспект лекцій

Subjects

інформаційна безпека, захист інформації, ISO/IEC 27000

Abstract

Конспект лекцій з дисципліни «Управління інформаційною безпекою» знайомить студентів з загальними принципами управління інформаційною безпекою, основними поняттями управління інформаційною безпекою підприємства на базі міжнародних стандартів серії ISO/IEC серії 27000. Значна увага приділяється засвоєнню принципів, завдань системи управління інформаційною безпекою, вивченню нормативної та правової бази з питань організації та проведення аудиту інформаційної безпеки, методик оцінки інформаційних ризиків, здійсненню комплексу заходів, спрямованих на розроблення і впровадження інформаційних технологій, які забезпечують обробку інформації в інформаційно-телекомунікаційних системах згідно з вимогами, встановленими нормативно-правовими актами та нормативними документами у сфері захисту інформації.

Published

2021

11. Desarrollo de un SGSI para un grupo empresarial

Author

Piera Cebrián, Ignacio, Berna-Martinez, Jose Vicente, and Universidad de Alicante. Departamento de Tecnología Informática y Computación

Subjects

Ciberseguridad, Plan de contingencia, Grupo empresarial, Plan director de la seguridad informática, ISO/IEC 27000, Plan de continuidad de negocio, Planes de seguridad, Estudio del contexto, Arquitectura y Tecnología de Computadores, ISO/IEC 27001, Magerit v3, ISO/IEC 27002, Sistemas de gestión de la seguridad informática

Abstract

Por mi experiencia profesional, la mayoría de las empresas pequeñas o medianas carecen de cualquier tipo de formalismo o plan de seguridad. En este proyecto se plantea formalizar el SGSI para un grupo empresarial donde convergen varios tipos de empresas diferentes, con necesidades diferentes, de un tamaño considerable en conjunto, pero que son administradas desde un servicio de TI unificado. Esta estructura empresarial particular requiere de un análisis y planificación concreta que se materializará en un Plan Director de Seguridad Empresarial. Este Plan Director de la Seguridad Empresarial, abordará el estudio del contexto de la empresa, la evaluación de los niveles actuales de seguridad informática, comprobaran los puntos fuertes y los puntos débiles, para finalmente ofrecer un documento con propuestas y planes que puedan servir de ayuda a reforzar los mecanismos de seguridad informática del grupo empresarial. Para ello se emplearan la familia de normativas ISO 27K, la Metodología Magerit v3 desarrollada por la Administración Electrónica del Gobierno de España y los planes de contingencia y continuidad de negocio desarrollados por el INCIBE.

Published

2021

12. Integración de Estándares de Gestión de TI mediante MIN-ITs.

Author

Lluís Mesquida, Antoni, Mas, Antonia, San Feliu, Tomás, and Arcilla, Magdalena

Subjects

INFORMATION technology management standards, COMPUTER software industry, COMPUTER software development, DATA security, CUSTOMER satisfaction, COMPUTER software quality control

Abstract

Copyright of RISTI: Iberian Journal on Information Systems & Technologies / Revista Ibérica de Sistemas e Tecnologias de Informação is the property of Associacao Iberica de Sistemas e Tecnologias de Informacao (AISTI) and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2014

13. An enterprise risk management framework for evaluation of eMaintenance.

Author

Söderholm, Peter and Karim, Ramin

Abstract

Maintenance is one approach to managing risk by a reduction of the probability of failure of technical systems and/or the consequences of their failure. However, history has shown that erroneous maintenance also can lead to reduced quality, incidents and accidents with extensive losses. Today, eMaintenance promises great opportunities for a paradigm shift from a rather narrow, condition-based maintenance approach with focus on a technical system's health to a true risk-based maintenance approach that also considers organizational excellence. This is achieved by proper information logistic solutions that address the needs of all stakeholders of the maintenance process, which are possible due to new and innovative information and communication technology (ICT). However, all opportunities are also linked with some threats, which are seldom highlighted in the case of eMaintenance. In this article, a risk management framework for evaluation of eMaintenance solutions is proposed. The framework is based on a combination of international standards (e.g. ISO 31000, ISO/IEC 27000, and IEC (2004) 60300-3-14) to achieve integrated Enterprise Risk Management (ERM) and enable a linkage of eMaintenance to the strategic goals of an organization. The framework is illustrated in the railway context of Trafikverket (2010b) (the Swedish Transport Administration). [ABSTRACT FROM AUTHOR]

Published

2010

14. Skenovací nástroje pro síťovou zranitelnost

Author

Neradová, Soňa, Zitta, Stanislav, Danielka, Jiří, Neradová, Soňa, Zitta, Stanislav, and Danielka, Jiří

Abstract

Diplomová práce se zaměřuje na popis norem ISO/IEC 27000 a ISO/IEC 27033-3, které se zabývají bezpečností v rámci počítačových sítí a systémů. Práce se dále zabývá hledáním softwarových nástrojů, které umožnují detekovat a vyhodnocovat nebezpečí, která se skrývají v počítačových sítích na jejich vnitřním nebo vnějším perimetru. Skenovací nástroje jsou v rámci práce nasazeny a následně porovnány dle zadaných kritérií, mezi které patří cena, kvalita detekce zranitelností nebo možnosti automatizace., The thesis focuses on the description of ISO / IEC 27000 and ISO / IEC 27033-3 standards, which are related to security in computer networks and systems. The work also deals with the search for software tools that allow to detect and evaluate risks that are hidden in computer networks on their internal or external perimeter. Scanning tools are deployed and then compared by specified criteria, including price, vulnerability detection quality, and automation capabilities., Fakulta elektrotechniky a informatiky, Cílem diplomové práce bylo představit normy zaměřené na bezpečnost síťové infrastruktury, najít a provést komparativní analýzu nástrojů analyzujících úroveň síťového zabezpečení. Autor vytvořil testovací scénáře a představil konkrétní postupy pro nasazení nástrojů pro skenování zranitelnosti. Testování bylo prováděno v laboratorním prostředí, kde byly účelově vytvořené zranitelnosti. Jednotlivé scannery byly postupně na tyto zranitelnosti nasazeny a následně vyhodnoceny jejich schopnosti detekce. Obsah diplomové práce je v souladu se zadáním., Dokončená práce s úspěšnou obhajobou

Published

2019

15. Сучасні аспекти оновлення міжнародних стандартів серії ISO/IEC 27000

Author

Yuliia Kozhedub, Standards, standardization, information technology, information technology security methods, information security management systems, and the technical committee.

Subjects

Marketing, Pharmacology, Organizational Behavior and Human Resource Management, Engineering, Series (mathematics), business.industry, Strategy and Management, Pharmaceutical Science, Стандарты, стандартизация, информационные технологии, методы безопасности информационных технологий, системы управления информационной безопасностью, технический комитет, Стандарти, стандартизація, інформаційні технології, методи безпеки інформаційних технологій, системи управління інформаційною безпекою, технічний комітет, Drug Discovery, Systems engineering, business, ISO/IEC 27000

Abstract

The paper presents and analyzes new information about the modern aspects of standardization of information technology security techniques, covered the work of experts of technical standardization committees for the creation and updating of international standards on information security management system, sets an example, experts talk about the standardizing technical proposals and methods for solving problems in information security with help of years of practice, implemented in a series of international standards, found that the root cause of hard work Standardization Technical Experts on updating ISO/IEC 27000 was to update ISO/IEC 9000. This work resulted in harmonizing the provisions of standards ISO/IEC 27000 series and the new work experts on information technology security techniques with the fundamentals of management systems, which principles are laid and announced by the latest standards. These principles are known and constitute the methodological basis of international standards on the management system, namely, the process approach, the PDCA cycle and thinking on the risk based. The provisions of the revised standards and the standards that will be published by the ISO in the future, lies in the fact that the process approach – is the systematic identification and management processes, as well as their interaction in order to achieve the desired results in accordance with established policies and strategic direction organization. Process control and system as a whole can be achieved using the PDCA cycle with the general emphasis thinking on the risk based, aimed at seizing opportunities and prevent unwanted results., В статье приведены и проанализированы новые сведения о современных аспектах стандартизации методов безопасности информационных технологий, освещена работа экспертов технических комитетов стандартизации по созданию и обновлению международных стандартов на системы управления информационной безопасностью, подано примеры, озвученные экспертами стандартизации о технических предложениях и методах решения проблем по информационной безопасности с помощью сводов практических правил, реализованных в серии международных стандартов. В статье установлено, что первопричиной кропотливой работы технических экспертов стандартизации над обновлением международных стандартов серии ISO/IEC 27000 было обновление основных стандартов серии ISO/IEC 9000. Результатом этой работы стало приведение в соответствие положений стандартов серии ISO/IEC 27000 и наработка специалистов по методам безопасности информационных технологий с фундаментальными основами систем управления, принципы которых заложены и озвучены новейшими стандартами., У статті наведено та проаналізовано нові відомості щодо сучасних аспектів стандартизації методів безпеки інформаційних технологій, висвітлено роботу експертів технічних комітетів стандартизації зі створення й оновлення міжнародних стандартів на системи управління інформаційною безпекою, подано приклади, озвучені експертами стандартизації стосовно технічних пропозицій та методів розв’язання проблем щодо інформаційної безпеки за допомогою зводів практичних правил, реалізованих у серії міжнародних стандартів. У статті з’ясовано, що першопричиною кропіткої роботи технічних експертів стандартизації над оновленням міжнародних стандартів серії ISO/IEC 27000 стало оновлення основоположних стандартів серії ISO/IEC 9000. Результатом цієї праці було приведення у відповідність положень стандартів серії ISO/IEC 27000 та напрацювання спеціалістів з методів безпеки інформаційних технологій до фундаментальних основ систем управління, принципи яких закладено й озвучено новітніми стандартами.

Published

2016

16. An Analysis of IT Assessment Security Maturity in Higher Education Institution

Author

Dieter Gollmann, Shinchi Matsumoto, Junpei Kawamoto, Misni Harjo Suwito, and Kouichi Sakurai

Subjects

Information management, business.industry, Computer science, 05 social sciences, Information technology, Service management, 020207 software engineering, 02 engineering and technology, Maturity (finance), Information Technology Infrastructure Library, Engineering management, 0502 economics and business, Information technology management, 0202 electrical engineering, electronic engineering, information engineering, Security management, business, ISO/IEC 27000, 050203 business & management

Abstract

The information technology (IT) has been applied widely in Indonesia Higher Education Institution for various services. Many organizations responsible for managing the IT infrastructure, however, rarely have a framework for assessing the security maturity level of their information management. The implementation of a framework is one of solutions, but has not been yet maximized. Therefore we suggest to combine several frameworks in hope that they can be complementary. The combination of different frameworks will be more effective to monitoring the security maturity level by using an assessment security maturity management. This assessment security maturity management is a combination of framework control objective from IT Governance COBIT(R) 4.1 (Control Objectives for Information and related Technology) with Management Service in ITIL v3 (Information Technology Infrastructure Library) and ISO/IEC 27001. Since assessment of security maturity management is measured using COBIT(R) 4.1 assessment framework, and before it was adjusted with the ISO 27001 framework applied maximal. This paper present the results of assessment maturity security management, mapping of combination framework providing an indicator of security maturity level at one of university in Jakarta. A case study conducted shows that combination of some frameworks to support assessment of security maturity management level becomes more effective and efficient.

Published

2016

17. Diseño del sistema de gestión de seguridad de la información basado en la familia de normas de la serie ISO/IEC 27000 para una entidad pública colombiana

Author

Cardona Londoño, Arturo, Carvajal Portilla, Diana Lizeth, and Valencia Duque, Francisco Javier

Subjects

ISO/IEC 27000, Seguridad Informática, IT Risks, SGSI, ISMS, Informatic security, Riesgos de TI

Abstract

Los activos de información han adquirido un gran valor para las organizaciones, lo cual ha generado una necesidad legal y organizacional para todas las empresas por medio de la confidencialidad, integridad y disponibilidad de la información. Para poder dar solución a estas necesidades en las entidades públicas, el Gobierno Colombiano ha creado la estrategia de Gobierno en Línea, con un componente de seguridad y privacidad de la información basado en la norma ISO/IEC 27001, que plantea como objetivos el diseño, ejecución, monitoreo y control de un sistema de gestión de seguridad de la información. Este proyecto plantea como resultado la propuesta del diseño del Sistema de Gestión de seguridad de la información de una entidad pública, basándose en la familia de normas de la ISO 27000 y complementándose con el Modelo de Seguridad y Privacidad de la información propuesto por MinTic. The information assets have acquired a great value for the organizations, which has generated that safeguarding the confidentiality, integrity and availability of the information is a legal and organizational necessity for all the companies, to be able to give solution to these needs in the public entities , the Colombian Government has created the Online Government strategy, with a security and information privacy component based on the ISO/IEC 27001 standard, which sets out as objectives the design, execution, monitoring and control of a management system of information security. This project has resulted in the proposal for the design of the Information Security Management System of a public entity, based on the family of ISO 27000 standards, complemented by the guidelines of the Security and Privacy Model of the information proposed by MinTic.

Published

2018

18. Metodología para la implementación de un Sistema de Gestión de Seguridad de la Información basado en la familia de normas ISO/IEC 27000

Author

Mauricio Orozco-Alzate and Francisco Javier Valencia-Duque

Subjects

General Computer Science, SEGURIDAD DE LA INFORMACIÓN, METODOLOGÍAS, 020207 software engineering, Context (language use), 02 engineering and technology, SGSI, IT RISKS, ISMS, ISO/IEC 27000, Political science, 0202 electrical engineering, electronic engineering, information engineering, METHODOLOGIES, 020201 artificial intelligence & image processing, RIESGOS DE TI, Humanities, INFORMATION SECURITY, Information security management system

Abstract

espanolSe propone una metodologia de implementacion de un Sistema de Gestion de Seguridad de la Informacion (SGSI) basado en la familia de normas de la ISO/IEC 27000, con enfasis en la interrelacion de cuatro normas fundamentales a traves de las cuales se desarrollan las actividades requeridas para cumplir con lo establecido en la ISO/IEC 27001, los controles de seguridad presentados en la ISO/IEC 27002, el esquema de riesgos de la ISO/IEC 27005 y los pasos recomendados en la ISO/IEC 27003. Se genera como resultado un proceso metodologico que da respuesta al como abordar un proyecto de este nivel de importancia en el contexto actual de las organizaciones y basado en estandares internacionales. Este proceso metodologico representa un aporte a los profesionales que emprenden esta labor, y que buscan un metodo para una implementacion exitosa de un SGSI. EnglishA methodology for the implementation of an Information Security Management System (ISMS) based on the ISO/IEC 27000 family of standards is proposed, with an emphasis on the interrelationship of four fundamental standards which break down the activities to be developed in order to comply with the requirements established in the ISO/IEC 27001, the safety controls presented in the ISO/IEC 27002, the ISO/IEC 27005 risk scheme and the steps recommended in the ISO/IEC 27003. The result is a methodological process that explains how to face a project of this level of importance in the current context of organizations and based on international standards. This methodological process represents a contribution to the professionals who undertake this work, and who are looking for a method to carry out a successful implementation of an ISMS.

Published

2017

19. A gap analysis of the ISO/IEC 27000 standard implementation in Namibia

Author

Fungai Bhunu Shava and Diana Jogbeth Tjirare

Subjects

021103 operations research, Process management, Standard of Good Practice, 05 social sciences, 0211 other engineering and technologies, 02 engineering and technology, Information security, Computer security, computer.software_genre, ITIL security management, Security service, Information security management, Information security standards, 0502 economics and business, Business, ISO/IEC 27000, computer, 050203 business & management, Information security management system

Abstract

To ensure that the information asset is protected and available to organisations, information security needs to be governed by security standards. The ISO/IEC 27000 family of standards is one such standard; it keeps information assets secure and provides an information security management best practises framework. Despite its importance, the usage and adoption of the ISO/IEC 27000 standards is missing in Namibian organisations. An exploratory pilot survey conducted in 2015 with the key stakeholders namely the Communications Regulatory Authority, Internet Service Providers and government departments revealed that these standards are not being implemented at all. Based on literature review and the preliminary surveys, this paper presents the extent to which the ISO/IEC 27000 implementation framework is adopted in Namibia. The study will focus on the implementation extent for ISO 27000, 27001, 27002, 27003 and 27004 as these are the critical standards to the security posture of any organisation. A qualitative case study research approach with security critical organisations in Namibia was used for this study. Surveys and interviews were used to collect data from purposefully identified key stakeholders. The stakeholders offered rich information about the phenomenon under study. The survey results were used to evaluate the extent of implementation and the factors contributing to the poor implementation. A theoretical framework was derived from the findings and is thus presented in this paper. The factors making up the theoretical framework will be used as a basis in designing a policy framework for the adoption of security standards by organisations in Namibia to secure its critical assets, manage risks more effectively, improve and maintain customer confidence, demonstrate conformance to international best practice, avoid brand damage and change its information security posture as the technology is evolving.

Published

2017

20. Zertifizierungsmöglichkeiten nach ISO/IEC 27000

Author

Nils gentschen Felde, Michael Brenner, Stefan Metzger, Helmut Reiser, Wolfgang Hommel, and Thomas Schaaf

Subjects

ISO/IEC 27000

Published

2017

21. Information Security Management System in the company BluePool s.r.o

Author

Menčík, Jan, Veber, Jaromír, and Světlík, Marián

Subjects

analýza rizik, ISMS, risk analysis, PDCA, information security, ISO/IEC 27000, informační bezpečnost

Abstract

This master thesis deals with the topics Information Security Management by the group of ISO/IEC 27000 norms and implementation of the Information Security Management System (ISMS) in one particular company. The theoretical part describes the group of norms ISO/IEC 27000 and the legislation and institutions related to these norms. Then the theoretical framework of a risk analysis is introduced. The benefits and possible obstacles when implementing the ISMS in an organization with emphasis on small businesses is described at the end of the theoretical part. The practical part includes a complex risk analysis and measures to be taken for the revealed risks. Furthermore, it involves the settings of the information security internal rules in the company Bluepool s.r.o. with regard to the risk management and information security policy. The conclusion of this part puts forward a proposal of the process and examples of implementation, time schedule and budget for implementation of adopted measures.

Published

2017

22. COMPARING INFORMATION SECURITY POLICY STANDARDS

Author

Godec, Uroš and Hölbl, Marko

Subjects

sistem za upravljanje informacijske varnosti – SUIV, information security policy, ISO/IEC 27000, udc:004.775:004.056(043.2), information security, ISO/IEC 17799, informacijska varnost, BS 7799, information security management system - ISMS, informacijska varnostna politika, ISO/IEC 27001, ISO/IEC 27002

Abstract

Informacijska varnostna politika in njeno izvajanje sta ključna dejavnika, ki pomembno vplivata na poslovanje podjetja in organizacije. Ker so med podjetji razlike in specifike v načinu delovanja, univerzalna varnostna politika pa ne obstaja, si podjetja pri njenem ustvarjanju lahko pomagajo z različnimi standardi. Diplomsko delo predstavlja informacijsko varnostno politiko in upravljanje informacijske varnosti po standardih ISO/IEC 27002 ter ISO/IEC 17799 oziroma BS 7799. Glavni namen te naloge je predstavitev in medsbojna primerjava obeh izbranih standardov na primeru podjetja Štore Steel d.o.o. in na podlagi izdelanega kontrolnega vprašalnika ocene skladnosti prikaz primernejšega standarda za to podjetje. Information security policy and its implementation are key factors that have a significant impact on the operations of companies and organizations. A universal security policy does not exist because of the differences and specifics in the mode of operation amongst various companies. Companies develop their own policy with the help of variety of standards. The present thesis represents informaton security policy and information security management according to the ISO/IEC 27002 and ISO/IEC 17799 respectively BS 7799. The main purpose of this thesis is presentation and comparison of these two selected standards based on the case of company Štore Steel d.o.o. and presentation of the most appropriate standard for this company based on the created checklist of compliance assessment.

Published

2016

23. Protección de la red e infraestructura de la empresa: Herramientas SIEM, prevención y detección de ciberataques

Author

Ruiz García, Juan Carlos, Stouten, Floris, Universitat Politècnica de València. Escola Tècnica Superior d'Enginyeria Informàtica, Universitat Politècnica de València. Departamento de Informática de Sistemas y Computadores - Departament d'Informàtica de Sistemes i Computadors, Alepuz Reverter, David, Ruiz García, Juan Carlos, Stouten, Floris, Universitat Politècnica de València. Escola Tècnica Superior d'Enginyeria Informàtica, Universitat Politècnica de València. Departamento de Informática de Sistemas y Computadores - Departament d'Informàtica de Sistemes i Computadors, and Alepuz Reverter, David

Abstract

[ES] En los tiempos actuales, la información es un activo muy valioso e infravalorado en términos de seguridad; por ello se pretende realizar un documento informativo con las bases en materia de seguridad de la información y seguridad informática, para ser capaces de detectar ataques a través de la red, brechas de seguridad, fugas de información, vulnerabilidades en los sistemas, etc; ya que muchas empresas y organizaciones no tienen los conocimientos necesarios para implementar una correcta política de seguridad. También se pretende abordar las normativas y estándares españoles actuales, como la presente ley de Protección de Datos de Carácter Personal (LOPD), que será mejorada con la implantación de la nueva ley europea, el Reglamento General de Protección de Datos (GDPR). Para finalizar, se va a realizar un estudio de mercado de las herramientas de Seguridad de la Información y Administración de Eventos (SIEM), además de investigar sobre la construcción de un Centro de Operaciones de Seguridad (SOC)., [EN] Nowadays, data and personal information are really valuable but undervalued in terms of security; therefore I have made this document to give basic information in terms of information security and managed security, to provide companies the capability to detect cyber-attacks, security breaches, information leaks, system’s vulnerabilities, etc. because the most companies are not able to implement good security politics. In addition, we are going to talk about the current Spanish law called “Protección de Datos de Carácter Personal” (LOPD), which will be replaced and improved by the new European law called General Data Protection Regulation (GDPR). To conclude, we are going to make a market research of the most popular SIEM tools and investigate the basic steps to build a Security Operations Center (SOC)

Published

2017

24. Information Classification in Swedish Governmental Agencies : Analysis of Classification Guidelines

Author

Anteryd, Fredrik

Subjects

ISO/IEC 27000, Computer and Information Sciences, Governmental agencies, Information Classification, Classification Guidelines, Data- och informationsvetenskap, Information Security Management Systems

Abstract

Information classification deals with the handling of sensitive information, such as patient records and social security information. It is of utmost importance that this information is treated with caution in order to ensure its integrity and security. In Sweden, the Civil Contingencies Agency has established a set of guidelines for how governmental agencies should handle such information. However, there is a lack of research regarding how well these guidelines are followed as well as if the agencies have made accommodations of these guidelines of their own. This work presents the results from a survey sent to 245 governmental agencies in Sweden, investigating how information classification actually is performed today. The questionnaire was answered by 144 agencies and 54 agencies provided detailed documents of their classification process. The overall results show that the classification process is difficult, while those who provided documents proved to have good guidelines, but not always consistent with the existing recommendations.

Published

2015

25. USING THE ISO 27000 FAMILY OF STANDARDS WHEN PERFORMING IINFORMATION SYSTEM AUDITS

Author

Greif, Anja and Živkovič, Aleš

Subjects

revizija informacijskih sistemov, sistem za upravljanje informacijske varnosti, information security audit, ISO/IEC 27000, udc:004.775(043.2), information security management system, ISO/IEC 27007, information system audit, COBIT 5, revizija informacijske varnosti, ISO/IEC 27001, ISO/IEC 27002

Abstract

Pričujoče diplomsko delo predstavlja področji revizije informacijskih sistemov in upravljanja informacijske varnosti po standardu ISO/IEC 27001. Obe področji sta pri tem povezani z relevantno in veljavno slovensko zakonodajo. Glavni namen te naloge je združiti obe področji v enoten in skladen sistem revidiranja informacijske varnosti. Za dosego tega cilja so usklajene zahteve standarda ISO 27001 s standardnim orodjem, tako revizije informacijskih sistemov, kot tudi upravljanja informatike nasploh COBIT 5. V končni fazi pa so izdelana natančna priporočila za revizijo informacijske varnosti, ki jih omogočata standarda ISO/IEC 27002 in ISO/IEC 27007. The present diploma work presents the fields of information systems audit and management of information security according to standard ISO/IEC 27001. Both areas are linked to the relevant and applicable Slovenian legislation. The main purpose of this diploma work is to unite the two areas into a unified and consistent system of information security auditing. This goal was achieved by aligning the requirements of ISO/IEC 27001 standard with the standard tool for not only performing information systems audit but also management of information technology in general COBIT 5. In the final stage detailed recomendations for information security audit that are made possible by the standards ISO/IEC 27002 and ISO/IEC 27007 are formed.

Published

2014

26. Izdelava varnostnih kopij kot varnostni mehanizem za zagotavljanje neprekinjenega poslovanja organizacije

Author

Rigelnik, Katja and Zrnec, Aljaž

Subjects

computer and information science, grožnje, računalništvo, threats, visokošolski strokovni študij, udc:004.7(043.2), computer science, ISO/IEC 27000, računalništvo in informatika, safety technology, diploma, diplomske naloge, varnostno kopiranje, varnostna tehnologija, Standard ISO/IEC 27000, backup in the cloud, varnostno kopiranje v oblaku, backup, tveganje, risk

Published

2014

27. Varovanje informacij v skladu s standardom ISO/IEC 27000

Author

Košćak, Damjan and Vavpotič, Damjan

Subjects

computer and information science, računalništvo, visokošolski strokovni študij, information security, computer science, varnostna politika, intrusions, udc:004(043.2), ISO/IEC 27000, računalništvo in informatika, diploma, vdori, security policy, diplomske naloge, security standards, informacijska varnost, standardi varovanja informacij

Published

2014

28. ENHANCING SAFETY INFORMATION SYSTEMS WITH THE USE ISO/IEC 27000

Author

Jože Šrekl and Andrejka Podbregar

Subjects

Computer science, Systems engineering, Information system, ISO/IEC 27000

Abstract

A company should pay much attention to information systems security. It is necessary to secure the support system of the organization if we want continuity and effectiveness of business. In addition to providing security through technological precautions to prevent intrusion and abuse, it is necessary to pay more attention to the vulnerability and threats caused by the engaged users. Here we refer to unintentional threats, as a result of faulty workmanship or lack of knowledge of the information system. It is important to strive to reduce the possibility of causing the occurrence of incidents which are the result of improper use of information technology, which is due to ignorance. An organization shall consider and identify vulnerabilities of the system and threats to it. We confront the growing amounts of information in electronic form. Ensuring security of information systems (IS) in the workplace involves many steps that a company must adopt and carry out. The vulnerability of the systems is being examined, whereas the form of the new age of terrorism, cyber- terrorism, is being presented. This paper deals with ways of reducing risks and increasing safety and security of IS. It presents possible ways of ensuring the safe use of IS. Key words:Information system, management, safety, security.

Published

2014

29. Integración de Estándares de Gestión de TI mediante MIN-ITs

Author

Antonia Mas, Antoni Lluís Mesquida, Magdalena Arcilla, and Tomás San Feliu

Subjects

Integration of IT Management standards, Process management, lcsh:T58.5-58.64, General Computer Science, lcsh:Information technology, ISO 9001, business.industry, Best practice, media_common.quotation_subject, Integración de Estándares de Gestión de TI, Software development, Information technology, Service management, ISO/IEC 20000, Management, Software development process, ISO/IEC 27000, Information security management, Order (business), ISO/IEC 15504, Quality (business), Business, media_common

Abstract

Las empresas de desarrollo de software han apostado por la implantación de modelos y estándares de calidad con el objetivo de ofrecer productos que se adapten a las necesidades de los clientes y aumenten su satisfacción. Además de mejorar sus procesos de desarrollo de software, estas organizaciones también desean aumentar la capacidad de los procesos de otras disciplinas, como pueden ser la gestión de servicios de Tecnologías de la Información (TI) o la gestión de la seguridad de la información. Las normas ISO que definen las mejoras prácticas de estas áreas guardan una gran cantidad de relaciones entre sus recomendaciones, directrices y requisitos. A partir del estudio de todos estos elementos y aspectos comunes, se ha desarrollado el marco MIN-ITs, un marco que facilita la implantación integrada de los diferentes estándares ISO de gestión de TI. Software development companies have opted for implementing quality models and standards in order to provide products that meet customers’ needs and increase their satisfaction. In addition to improving their software development processes, these organizations also wish to increase the capability of the processes related to other disciplines, such as Information Technology (IT) service management and information security management. The ISO standards that define the best practices in these areas keep a great number of relations among their recommendations, guidelines and requirements. From the study of all these common elements and aspects we have developed MIN-ITs, a framework that facilitates the integrated implementation of different ISO IT management standards.

Published

2014

30. ISO/IEC 27000, 27001 and 27002 for Information Security Management

Author

Disterer, Georg

Subjects

Certified Information Security Manager, Computer science, Standard of Good Practice, Information security, Computer security, computer.software_genre, ITIL security management, 650 Management, Information security management, Information security standards, ddc:650, computer, ISO/IEC 27000, Information security management system

Abstract

With the increasing significance of information technology, there is an urgent need for adequate measures of information security. Systematic information security management is one of most important initiatives for IT management. At least since reports about privacy and security breaches, fraudulent accounting practices, and attacks on IT systems appeared in public, organizations have recognized their responsibilities to safeguard physical and information assets. Security standards can be used as guideline or framework to develop and maintain an adequate information security management system (ISMS). The standards ISO/IEC 27000, 27001 and 27002 are international standards that are receiving growing recognition and adoption. They are referred to as “common language of organizations around the world” for information security [1]. With ISO/IEC 27001 companies can have their ISMS certified by a third-party organization and thus show their customers evidence of their security measures.

Published

2013

31. An application of integral engineering technique to information security standards analysis and refinement

Author

Alexander V. Lyubimov and Dmitry V. Cheremushkin

Subjects

Process (engineering), Computer science, business.industry, Information security, computer.software_genre, Asset (computer security), Unified Modeling Language, Information security standards, Data mining, business, Software engineering, computer, ISO/IEC 27000, Risk management, Information security management system, computer.programming_language

Abstract

The work demonstrates practical application of information security integral engineering technique to solve standards analysis and refinement problem. The application was exemplified by the development and analysis of the ISMS standards (ISO/IEC 27000 series) dictionary object model. Standards refinement process consisting of model development, model and standards modification was described. As a result of the research the weaknesses related to "Asset", "Risk management", "Information security policy" and "Certification document" concepts were revealed and proposals on their elimination were formulated. The paper shows that semiformal modeling techniques can be successfully applied and efficiently used to analyze and amend international standards.

Published

2010

32. An enterprise risk management framework for evaluation of eMaintenance

Author

Ramin Karim and Peter Söderholm

Subjects

Annan samhällsbyggnadsteknik, Strategy and Management, Risk management framework, Context (language use), Information security, Information logistics, Other Civil Engineering, Risk analysis (engineering), Enterprise risk management, Information and Communications Technology, ISO 31000, Operations management, Business, Safety, Risk, Reliability and Quality, ISO/IEC 27000

Abstract

Maintenance is one approach to managing risk by a reduction of the probability of failure of technical systems and/or the consequences of their failure. However, history has shown that erroneous maintenance also can lead to reduced quality, incidents and accidents with extensive losses. Today, eMaintenance promises great opportunities for a paradigm shift from a rather narrow, condition-based maintenance approach with focus on a technical system’s health to a true risk-based maintenance approach that also considers organizational excellence. This is achieved by proper information logistic solutions that address the needs of all stakeholders of the maintenance process, which are possible due to new and innovative information and communication technology (ICT). However, all opportunities are also linked with some threats, which are seldom highlighted in the case of eMaintenance. In this article, a risk management framework for evaluation of eMaintenance solutions is proposed. The framework is based on a combination of international standards (e.g. ISO 31000, ISO/IEC 27000, and IEC (2004) 60300-3-14) to achieve integrated Enterprise Risk Management (ERM) and enable a linkage of eMaintenance to the strategic goals of an organization. The framework is illustrated in the railway context of Trafikverket (2010b) (the Swedish Transport Administration).

Published

2010

33. Porovnání výuky informační a kybernetické bezpečnosti v České republice a Jižní Koreji s návrhy na zlepšení

Author

Sedlák, Petr, Zápotočný, Matej, Šisler, Marcel, Sedlák, Petr, Zápotočný, Matej, and Šisler, Marcel

Abstract

Tato diplomová práce se zabývá návrhem na zlepšení současného stavu výuky informační a kybernetické bezpečnosti v České republice. Tyto návrhy pramení ze srovnání výuky na Vysokém učení technickém v Brně - Fakultě podnikatelské a Hallym University v Jižní Koreji. Dalším podkladem je analýza trendů v oblasti kybernetických útoků a srovnání této oblasti mezi Českou republikou a Jižní Koreou., This diploma thesis deals with a suggestions to improve the current state of education information and cyber security in the Czech Republic. These suggestions are from a comparison of education at the Brno University of Technology - Faculty of Business and Hallym University in South Korea. Another part is the analysis of trends in the field of cyber attacks and comparison of this area between the Czech Republic and South Korea.

34. Budování bezpečnostního povědomí na základní škole

Author

Sedlák, Petr, Sobotková, Hana, Zezula, Dominik, Sedlák, Petr, Sobotková, Hana, and Zezula, Dominik

Abstract

Tato diplomová práce se zabývá zavedením programu budování bezpečnostního povědomí na základní škole. Tento cíl je řešen ve třech hlavních částech. V úvodní části práce jsou představeny základní pojmy a teoretická východiska problematiky ISMS a programu SAE. V další části je provedena analýza současného stavu systému školy a představeny požadavky pro zavedení programu. Třetí a hlavní část práce je věnována návrhu vlastního řešení pro vybudování a zavedení programu SAE. Výstupem této práce je bezpečnostní politika, program SAE a školící materiály., This diploma thesis deals with the introduction of a primary school security awareness program. This goal is solved in three main parts. The introductory part of the thesis introduces basic concepts and theoretical basis of ISMS issues and the SAE program. The next part is analyzing the current state of the school system and introduced requirements for the introduction of the program. The third and main part of the thesis is devoted to the proposal of its own solution for building and introducing the SAE program. The outcome of this work is a security policy, SAE program and training materials.

35. Zavedení bezpečnostních opatření dle ISMS pro základní školu

Author

Sedlák, Petr, Ondrák, Viktor, Pexa, Marek, Sedlák, Petr, Ondrák, Viktor, and Pexa, Marek

Abstract

Diplomová práce se zabývá zavedením bezpečnostních opatření pro základní školu. Práce je rozdělena na tři hlavní části. V první části diplomové práce jsou zpracovány základní teoretické pojmy z oblasti informační bezpečnosti a legislativní náležitosti potřebné pro pochopení dané problematiky. Druhá část diplomové práce popisuje stávající stav na základní škole. Poslední praktická část obsahuje samotný návrh bezpečnostních opatření a doporučení., The diploma thesis deals with introduction of security measures for primary and elementary school. The thesis is devided into three main parts. The first part deals with basic theoretical concepts of information security and legislative elements needed for understanding the issue. The second part desrcibes the current state for primary and elementary school. The last practical part includes proposal of security measures and recommendations.

36. Technické opatření pro zajištění informační bezpečnosti na podnikatelské fakultě

Author

Sedlák, Petr, Kubek, Ján, Kajan, Tomáš, Sedlák, Petr, Kubek, Ján, and Kajan, Tomáš

Abstract

Diplomová práca sa zameriava na návrh technických opatrení slúžiacich na docielenie informačnej bezpečnosti na Fakulte podnikateľskej, ktorá je súčasťou univerzity Vysoké učení technické v Brne. Návrh sa vo veľkej miere riadi Vyhláškou o kybernetickej bezpečnosti, ktorú dopĺňa rada noriem ISO/IEC 27000. Výstupom práce sú technické opatrenia, ktoré doprevádzajú smernice na vybrané časti opatrení., The diploma thesis focuses on the design of technical measures used to achieve information security at the Faculty of Business and Management, which is part of the Brno University of Technology. The proposal is largely governed by the Cyber Security Ordinance, which is complemented by a series of ISO/IEC 27000 standards. The output of the work is technical measures that accompany the directives on selected parts of the measures.

37. Management informační bezpečnosti v podniku

Author

Ondrák, Viktor, Sedlák, Petr, Kalabis, Petr, Ondrák, Viktor, Sedlák, Petr, and Kalabis, Petr

Abstract

Tato diplomová práce je zaměřena na návrh zavedení systému řízení bezpečnosti informací v určitém podniku podle souboru norem ISO/IEC 27000. Nejprve byl teoreticky popsán systém řízení bezpečnosti informací a byly vysvětleny relevantní pojmy a další náležitosti k dané problematice. Práce obsahuje analýzu současného stavu podniku a návrhy, které vedou ke snížení zjištěných rizik a k zvýšení celkové bezpečnosti informací., This master thesis is focused on the design of implementation the information security management system in the company according to standards ISO/IEC 27000. First of all, it was described the theory of information security management system and it was explained the relevant terms and other requirements in the context of this issue. This assignment involves analysis of the current situation of the company and suggestions that lead to reducing discovered risks and bring improvement of the general information security.

38. Nástroj pro bezpečnostní audit OS Linux/Unix/AIX

Author

Barabas, Maroš, Homoliak, Ivan, Koppon, Martin, Barabas, Maroš, Homoliak, Ivan, and Koppon, Martin

Abstract

Predmetom tejto bakalárskej práce je problematika automatizovaného testovania operačných systémov Linux, Solaris a AIX v kontexte bezpečnostného konfiguračného auditu, vzhľadom na platné normy a zavedené štandardy. Bakalárska práca sa zaoberá analýzou rizika, jeho posúdením a zmiernením a vyhodnocuje dodržiavanie zásad. Pre tento účel bol navrhnutý nástroj pre vyššie uvedené operačné systémy. Implementovaný je v skriptovacom jazyku bash. Nástroj rovnako umožňuje automatizovanú správu zraniteľností k zavedeným standardom SCAP: CCE, CVE, XCCDF, OVAL a k špecifikáciam CIS a NVD. V procese bezpečnostného auditu pomáha znížiť časové nároky, pričom zachováva integritu auditovaného systému., The subject of this bachelor's thesis is in regards to an issue of automated testing of Linux, Solaris and AIX operating systems according to security configuration audit in consideration of applicable norms and established standards. The bachelor thesis deals with risk analysis, its assessment and risk mitigation and evaluation policy compliance. For this purpose, a tool was designed for operating systems mentioned earlier. It is implemented in the bash script language. The tool allows automated vulnerability management depending on established standards of SCAP: CCE, CVE, XCCDF, OVAL and CIS a NVD specifications. Moreover, it helps to reduce the time requirements during the auditing process while preserving an integrity of the auditing system.

39. Návrh doporučených postupů pro zajištění informační bezpečnosti v malých zdravotnických zařízeních

Author

Ondrák, Viktor, Sedlák, Petr, Fábryová, Bianka, Ondrák, Viktor, Sedlák, Petr, and Fábryová, Bianka

Abstract

Cieľom tejto práce je návrh odporúčaných postupov informačnej bezpečnosti so zameraním na malé zdravotnícke zariadenia a ochranu dát pacientov. Úvodná časť práce sa sústredí na zhrnutie teoretických východísk z oblasti informačnej bezpečnosti, ktorých ťažiskom je séria noriem ČSN ISO/IEC 27000. V praktickej časti je na základe aplikácie teoretických poznatkov formulovaný návrh odporúčaných postupov a konkrétne kroky, ktoré by mali zdravotnícke zariadenia učiniť pre dodržanie zásad informačnej bezpečnosti., This thesis deals with proposal of the best practices of Information Security focusing on small medical facilities and data protection of the pacients. The introductory part of this thesis focuses on the theoretical background of information security, based on the series of standards ISO/IEC 27000. In the practical part, based on the application of theoretical knowledge, there is formulated a proposal of recommended steps health care facilities should take to compliance with the principles of information security.

40. Návrh zavedení bezpečnostních opatření pro danou společnost

Author

Sedlák, Petr, Andreas,, Volkov, Krídla, Matúš, Sedlák, Petr, Andreas,, Volkov, and Krídla, Matúš

Abstract

Táto diplomová práca sa zaoberá návrhom a zavedením bezpečnostných opatrení v rámci vybranej spoločnosti. Cieľom práce je vytvoriť návrh opatrení proti možným bezpečnostným hrozbám. Prvá kapitola práce sa venuje všeobecnému úvodu do danej problematiky, opisuje a definuje jednotlivé pojmy z teoretického hľadiska. Druhá časť sa zaoberá popisom súčasného stavu a analýzou vybraných oblasti danej spoločnosti. V závere tejto práce sa venujeme zvýšeniu povedomia o bezpečnostných hrozbách a návrhu opatrení prispievajúcich k zvýšeniu bezpečnosti informácií., This diploma thesis deals with the design and implementation of security measures within a selected company. The aim of the work is to create a proposal for measures against possible security threats. The first chapter deals with a general introduction to the issue, describes and defines the concepts from a theoretical point of view. The second part deals with the description of the current state and analysis of selected areas of the company. At the end of this work, we focus on raising awareness of security threats and proposing measures that contribute to increasing the security of information.

41. Zavedení managementu bezpečnosti ICT na základní škole

Author

Ondrák, Viktor, Sedlák, Petr, Matusík, Jan, Ondrák, Viktor, Sedlák, Petr, and Matusík, Jan

Abstract

Obsahem této diplomové práce je návrh zavedení managementu bezpečnosti ICT na konkrétní základní škole. Úvodní část popisuje objekt školy, její vybavení a dosavadní management bezpečnosti. V praktické části jsou diskutovány nedostatky a jsou navrženy opatření pro řešení nejzávažnějších problémů školy z pohledu managementu bezpečnosti ICT., The aim of this study is aproposal of ICT Security Management implementation in a specific Basic school. Introduction describes the school building, its equipment and existing Security Management. The practical part consists of a discussion about current shortcomings and proposed set of measures for solving the most important problems in terms of management of ICT security.

42. Technické opatření pro zajištění informační bezpečnosti na podnikatelské fakultě

Author

Sedlák, Petr, Kubek, Ján, Kajan, Tomáš, Sedlák, Petr, Kubek, Ján, and Kajan, Tomáš

Abstract

Diplomová práca sa zameriava na návrh technických opatrení slúžiacich na docielenie informačnej bezpečnosti na Fakulte podnikateľskej, ktorá je súčasťou univerzity Vysoké učení technické v Brne. Návrh sa vo veľkej miere riadi Vyhláškou o kybernetickej bezpečnosti, ktorú dopĺňa rada noriem ISO/IEC 27000. Výstupom práce sú technické opatrenia, ktoré doprevádzajú smernice na vybrané časti opatrení., The diploma thesis focuses on the design of technical measures used to achieve information security at the Faculty of Business and Management, which is part of the Brno University of Technology. The proposal is largely governed by the Cyber Security Ordinance, which is complemented by a series of ISO/IEC 27000 standards. The output of the work is technical measures that accompany the directives on selected parts of the measures.

43. Návrh průmyslového řešení ISMS

Author

Sedlák, Petr, Popelář, Ondřej, Havlík, Michal, Sedlák, Petr, Popelář, Ondřej, and Havlík, Michal

Abstract

Práce se zabývá návrhem průmyslového řešení ISMS především síťové infrastruktury. V úvodu jsou uvedena teoretická východiska práce. Dále analýza současné situace v podniku a její zhodnocení. Následně samotný návrh řešení, tak aby vyhovovalo normám ISO/IEC 27 000., Thesis deals with industrial solutions of ISMS mainly network infrastructure. First introduction into theoretical background of the thesis. Further analysis of the current situation in the company and its evaluation. Consequently, the design of solution done to meet the standards of ISO / IEC 27000.

44. Zavedení managementu bezpečnosti ICT na střední škole

Author

Ondrák, Viktor, Král, Pavel, Matusík, Jan, Ondrák, Viktor, Král, Pavel, and Matusík, Jan

Abstract

Obsahem této bakalářské práce je návrh zavedení managementu bezpečnosti ICT na konkrétní střední škole v Moravskoslezském kraji. Úvodní část popisuje objekt školy a dosavadní management bezpečnosti. V praktické části této práce jsou poté rozebrány nedostatky. Především z hlediska používaných bezpečnostních mechanismů, chování uživatelů, správců. Součástí práce jsou také návrhy na řešení dané situace., The aim of this bachelor’s thesis is proposal of implementation of the ICT Security Management to the specific Highschool in the Moravian-Silesian region. Introduction part describes the school building and current Security Management. In the practical part of this thesis are then discussed the shortages in the Highschool. This is done mainly from the perspective of security mechanisms used and the behavior of users and administrators. There are also proposals how to deal with this situation in this work.

45. Návrh přístupového systému jako součást řešení fyzické bezpečnosti

Author

Sedlák, Petr, Svoboda, Vlastimil, Dohnal, Matěj, Sedlák, Petr, Svoboda, Vlastimil, and Dohnal, Matěj

Abstract

Tato diplomová práce pracovává návrh přístupového systému jako součásti řešení fyzické bezpečnosti pro energetickou společnost v České republice. Přístupový systém je navržen tak, aby vyhověl všem zákonným požadavkům, a obstál i při certifikaci dle normy ISO 27001. Nasazení navrženého přístupového systému je předvedeno na vybraném objektu společnosti, který je reprezentativní ukázkou spojení prvku kritické infrastruktury a běžného objektu společnosti., This master’s thesis deals with design of an access system as a part of physical security solution for an energy company in the Czech Republic. The access system is designed to meet all legal requirements and conform to ISO 27001 certification. Implementation of the proposed access system is demonstrated on the selected company object, a representative example of connecting the critical infrastructure element and the company's common facility.

46. Klasifikace dokumentů pomocí analýzy obsahu

Author

Třeštíková, Lenka, Kačic, Matej, Borčík, Filip, Třeštíková, Lenka, Kačic, Matej, and Borčík, Filip

Abstract

Táto práca sa zaoberá klasifikáciou dokumentov podľa rodiny štandardov ISO/IEC 27000. Poukazuje na potrebu, ale aj problémy klasifikovania v korporátnom prostredí. Práca taktiež implementuje systém pre klasifikáciu dokumentov prostredia MS Office založenej na analýze obsahu pomocou definovaných pravidiel. Tento systém je zavedený do aplikácie DocTag vyvíjanej spoločnosťou AEC., This work deals with document classification based on standard family ISO/IEC 27000. Points to a need, but also issues of classification in corporate environment. The work also implements system for MS office documents classification based on content analysis using defined rules. This system is introduced into DocTag application developed by AEC company.

47. Návrh metodiky pro příručku ISMS a opatření aplikované na vybrané oblasti

Author

Sedlák, Petr, Vonyš, Rudolf, Nemec, Tomáš, Sedlák, Petr, Vonyš, Rudolf, and Nemec, Tomáš

Abstract

Obsahom tejto diplomovej práce je návrh metodiky pre vytvorenie bezpečnostnej príručky ISMS. Realizácia návrhu je podložená teoretickými poznatkami v úvodnej časti tejto práce. Praktické spracovanie návrhu metodiky je podmienené štruktúre medzinárodnej norme ISO/IEC 27001:2005., Content of this thesis is a methodology for creating ISMS Security Manual. Implementation of the proposal is supported by theoretical knowledge in the introductory part of this work. Practical process design methodology is conditional on the structure of the international standard ISO/IEC 27001:2005.

48. Řízení bezpečnosti a kontrolní aktivity použité v firemním prostředí

Author

Sedlák, Petr, Šoukal, Petr, Zápotočný, Matej, Sedlák, Petr, Šoukal, Petr, and Zápotočný, Matej

Abstract

Cílem této práce bylo popsat řízení bezpečnosti a kontrolní mechanizmy, které jsou používané v korporátním prostředí. Práce se zabývá teoretickým popisem standardů používaných pro aplikační bezpečnost, dále popisuje nástroje určené pro získavání informací o firemním prostředí, které mohou být použity pro odhalovaní bezpečnostních zranitelností, nebo pro jejich odstranění. Také popisuje procesy, kterými se mají společnosti řídit, aby byla minimalizována možnost dopadu na produkci a rovněž zaručena trvalá bezpečnost prostředí. Uvedené jsou i kontroly dosažených výsledků při použití nových technologií a jejich finanční i časové výhody., The goal of this thesis is to describe the security control and remediation activities which are used in corporate environment. The thesis deals with the theoretical insight into the standards used for application security, describes tools used for gathering of information about enterprise environment, which might be used to reveal sefety vulnerabilities or for their remediation. Processes, which should be followed by companies to minimize the impact on production and to ensure the environment safety, are described as well. Mentioned is also the verification of gathered data gained by new technical approaches and their financial and time-related benefits.

49. Klasifikace dokumentů pomocí analýzy obsahu

Author

Třeštíková, Lenka, Kačic, Matej, Borčík, Filip, Třeštíková, Lenka, Kačic, Matej, and Borčík, Filip

Abstract

Táto práca sa zaoberá klasifikáciou dokumentov podľa rodiny štandardov ISO/IEC 27000. Poukazuje na potrebu, ale aj problémy klasifikovania v korporátnom prostredí. Práca taktiež implementuje systém pre klasifikáciu dokumentov prostredia MS Office založenej na analýze obsahu pomocou definovaných pravidiel. Tento systém je zavedený do aplikácie DocTag vyvíjanej spoločnosťou AEC., This work deals with document classification based on standard family ISO/IEC 27000. Points to a need, but also issues of classification in corporate environment. The work also implements system for MS office documents classification based on content analysis using defined rules. This system is introduced into DocTag application developed by AEC company.

50. Návrh metodiky bezpečnosti informací v podniku provozující elektronický obchod

Author

Sedlák, Petr, RNDr. et RNDr. Vladimír Mazálek, PhD., DBA, Mráčková, Kateřina, Sedlák, Petr, RNDr. et RNDr. Vladimír Mazálek, PhD., DBA, and Mráčková, Kateřina

Abstract

Práce se zabývá bezpečnostní analýzou provozovny prodávající zboží přímo v prodejně a formou elektronického obchodu. Jsou identifikována aktiva a hrozby na ně působící, zpracována analýza rizik a vybrána opatření, která jsou zhodnocena. Práce se opírá o teoretická východiska uvedena v první části a vychází z norem řady ISO/IEC 27000., The work deals with the analysis of security management in company selling goods trought the stone shop and the electronic commerce. The assets and threats affecting them were identified and an analysis of risks and selected measures was evaluated. The work is based on the theoretical background from series of standards ISO/IEC 27000 given in the first part of it.