Návrh implementace řízení bezpečnosti informací ve střední firmě dle metodického rámce ITIL

Abstract

The aim of this thesis was to define the fundamental concepts of information security, to introduce information security management system, to become acquainted with the methodology in this field and to design security management according to ITIL’s best practices. The first part summarized theoretical and methodological bases of information security and the gained knowledge has been used in the preparation of the second part. Introduction of the second part analyzes the current state of information security, which was performed using risk analysis and its evaluation in a specific company. At the end of the thesis there were suggested recommendations and actions to improve the status of information security. These recommendations were based on the best practices of ITIL. This paper introduces readers with bases of security information management and possibilities of its implementation.