標題: | Evaluation of information security related risks of an organization - The application of the multi-criteria decision-making method |
作者: | Guan, BC Lo, CC Wang, P Hwang, JS 資訊管理與財務金融系 註:原資管所+財金所 Department of Information Management and Finance |
關鍵字: | information assets;information security;risk management;AHP;BS7799;Risk-Level Matrix |
公開日期: | 2003 |
摘要: | In the wake of the fast popularization of information and the rise of electronic commerce, information security is gaining much attention. How to perform the evaluation of the value of assets, how to perform the analysis of the risks associated with assets, and how to protect information assets from sabotage, theft and tamper are important topics in the study of the management of information security. This research addresses the aspects of confidentiality, integrity and availability of information and applies the Analytic Hierarchy Process (AHP) to consolidate expert's opinions on information risks, in order to construct an integrated framework for risk analysis. The BS7799 standard and the risk level matrix(RLM) are used accordingly to evaluate the effectiveness of and to categorize the risk management measures and to create a complete model for the assessment of information assets related risks. Finally, the research results are verified by a case study. The results can be used by organizations as references for information security planning and management process improvements. |
URI: | http://hdl.handle.net/11536/18725 |
ISBN: | 0-7803-7882-2 |
期刊: | 37TH ANNUAL 2003 INTERNATIONAL CARNAHAN CONFERENCE ON SECURITY TECHNOLOGY, PROCEEDINGS |
起始頁: | 168 |
結束頁: | 175 |
顯示於類別: | 會議論文 |