Abstract [eng] |
Every organization process information in information systems and cannot manage without the protection of organization information systems. Due to reinforcing protection of organization and investments, a need to know the level of protection exists. In order to retain the same level of protection, security assessment works should be performed regularly. However, they are complicated, performed slowly, and the results are relevant only during the assessment. The above mentioned problems can be solved constantly monitoring the network, registering the violations with the help of automated means, presenting the evaluation of the level of protection in numeric values, so that the changes in the level of security in time could be traced. Therefore, in the following work an automated mean, constantly monitoring the network and registering the violations according to the crated methodology, is created. Methodology relates organization security policy with the automated mean and provides it with the possibility to calculate the general evaluation of security considering the number and the level of risk of violations. The „Snort“ tool, working in NIDS mode according to specially created rules, is chosen to register the violations. Information regarding the violations is saved in MySql data base. PHP language is applied to calculate and map the assessment of the level of security. |