Audit bezpečnosti informací ve vybrané organizaci

Abstract

This thesis deals with the audit of information security of the company ABC Ltd., with evaluation of the status of all areas of information security and designing appropriate recommendations . The basis for the audit of information security management in company ABC is standard ISO / IEC 27001:2005 . The standard is appropriate to evaluate the safety of information regardless of the size of the company, number of employees or business field . Due to increasing globalization it is important that the Standard ISO / IEC 27001:2005 is also internationally accepted . The first part of the thesis deals with information security, discusses the different types of control and information security. At the end of the theoretical part the audit of information security is discribed. The following section includes a description of the performance of ABC Ltd. and specification of the audit methodology . The next stage is to audit the security of information in company ABC Ltd. The individual parts of the standard are analyzed according to the existence of the document and the extent of actual implementation. The aim of the thesis is to conduct a comprehensive audit of information security companies according to ISO / IEC 27001:2005 and in case of insufficient fulfillment of the necessary procedures to design appropriate and practically useful measures for the company ABC Ltd.