Forumas binarnich moznosti
Therefore it is necessary to retain information security characteristics of processes and systems in required limits and continuously evaluate the state using measurement.
The problem in measurement shows to be in the selection of suitable characteristics and measures of the processes or the products, which are subject to measurement. The main aim of the dissertation thesis is to design methodic for evaluating information security in information systems and formulate conclusions and recommendations for its use in practice.
Results showed that at present an absolute majority of surveyed organizations evaluate information systems from the perspective of risk to valuable information Organizations evaluating information security are most often to identify weaknesses and emerging issues Only a The designed methodic identifies behavioral forumas binarnich moznosti of the organization, defines measurable characteristics of the system and the organization based on extended security model, defines process of development of the measures based on GQM tool, engages measurement process compatible with ISO and presents evaluation procedure using measured values.
The proposed procedures and constructs focused on improvement of field detected by the survey, the "information classification" and "difference between perception of information value between owner and processor".
The procedures were validated on two anonymous organizations and are presented in form of case studies.
One of the conclusions is, that proposed methodic is applicable mostly in organizations with strong technical and financial base, where it is possible to overcome requirements of measures development processes and measurement application.
Also the methodic of evaluation has its own limits of applicability.