Analýza stavu systému managementu bezpečnosti informací včetně návrhu opatření

Abstract

Bachelor work is focused on analyzing the state of information security management system including the draft measure. The work is divided into theoretical and practical part. Theoretical part contains information about the OECD guidelines for security of information systems and networks, the ISO / IEC 27001:2005, including their individual chapters, the ISMS process model, information security audit and informations about researched the company. The practical part includes research investigation of four selected areas of ISO / IEC 27001:2005, including the results and any recommendations. The aim of this work is to analyze the state of information security management system and suggest possible measures in selected areas. Research indicates that only one of the four analyzed areas of ISO / IEC 27001:2005, showed the existence of deficiencies in the document to the appropriate measures and the application of the document. This area was the area "Security of human resources." Here I suggested to the respective shortcomings of its recommendations, which should lead to their elimination. The results, together with its recommendations, I handed over the management to close explore and possible implementation of my recommendations.