標題: Evaluation of information security related risks of an organization - The application of the multi-criteria decision-making method
作者: Guan, BC
Lo, CC
Wang, P
Hwang, JS
資訊管理與財務金融系 註:原資管所+財金所
Department of Information Management and Finance
關鍵字: information assets;information security;risk management;AHP;BS7799;Risk-Level Matrix
公開日期: 2003
摘要: In the wake of the fast popularization of information and the rise of electronic commerce, information security is gaining much attention. How to perform the evaluation of the value of assets, how to perform the analysis of the risks associated with assets, and how to protect information assets from sabotage, theft and tamper are important topics in the study of the management of information security. This research addresses the aspects of confidentiality, integrity and availability of information and applies the Analytic Hierarchy Process (AHP) to consolidate expert's opinions on information risks, in order to construct an integrated framework for risk analysis. The BS7799 standard and the risk level matrix(RLM) are used accordingly to evaluate the effectiveness of and to categorize the risk management measures and to create a complete model for the assessment of information assets related risks. Finally, the research results are verified by a case study. The results can be used by organizations as references for information security planning and management process improvements.
URI: http://hdl.handle.net/11536/18725
ISBN: 0-7803-7882-2
期刊: 37TH ANNUAL 2003 INTERNATIONAL CARNAHAN CONFERENCE ON SECURITY TECHNOLOGY, PROCEEDINGS
起始頁: 168
結束頁: 175
顯示於類別:會議論文