English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 49633/84879 (58%)
造訪人次 : 7694336      線上人數 : 60
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋
    請使用永久網址來引用或連結此文件: http://tkuir.lib.tku.edu.tw:8080/dspace/handle/987654321/105522


    題名: 整合國際標準ISO 27001及BS 10012之風險評鑑方法論 : 以政府A機關為例
    其他題名: A study of integrated risk assessment methodology of ISO 27001 and BS 10012 : a case study of government agency A
    作者: 楊佩穎;Yang, Pei-Ying
    貢獻者: 淡江大學資訊管理學系碩士在職專班
    黃明達;Hwang, Ming-Dar
    關鍵詞: 風險評鑑;整合方法論;資訊安全;個人資料保護;BS 10012;ISO 27001;risk assessment;integration methodology;Information security;personal data protection
    日期: 2015
    上傳時間: 2016-01-22 14:58:12 (UTC+8)
    摘要: 企業組織為求提高資訊安全及個人資料保護之管控措施,選擇導入管理制度ISO 27001(國際標準組織International Organization for Standardization, ISO)及BS 10012 (英國標準British Standard)等國際標準;導入制度時作業十分繁瑣,而風險評鑑是建立管理制度時必要的項目之一,若同時導入二種制度,風險評鑑作業即須執行二次,且花費重複的成本,故本研究將以政府A機關之個案,研究整合ISO 27001及BS 10012之風險評鑑方法論,以減少花費工作人時為目的。
    本研究依照政府機關相關法令法規之要求事項,及CNS 27005、CNS 31000風險管理框架做為風險評鑑架構,以流程方式盤點資訊資產及個人資料檔案,並訂定符合資訊資產及個人資料檔案之衝擊及風險情境構面,做為整合ISO 27001及BS 10012風險評鑑之因子。研究發現政府A機關依照本研究導入整合風險評鑑方法論後,僅需執行一次風險評鑑作業,可減少約29%盤點及風險評鑑作業之工作人時及33%教育訓練之工作人時,進而減少企業組織之人工時成本。
    In order to improve information security and personal data protection, business organizations have chosen to introduce ISO 27001 and BS 10012 management systems and other international standards. The introduction of these systems can be quite complicated, and risk assessment is one of the necessary items for establishing the management system. If two systems are introduced simultaneously, the risk assessment must be implemented twice, which will incur repeated costs. Therefore, this study investigated the integration of the risk assessment methods for ISO 27001 and BS 10012 based on the case study of government agency A, with the aim of reducing man-hour costs.
    With the requirements of relevant government laws and regulations and the risk management framework of CNS 27005 and CNS 31000 as the risk assessment architecture, this study made an inventory of the information assets and personal data files in the form of flow process, and stipulated the aspects of impact and risk scenario conforming to the information asset and personal data files to serve as the factors for integrating the ISO 27001 and BS 10012 risk assessments. This study found that government agency A only had to implement one risk assessment after introducing the integrated risk assessment methodology, which saved about 29% of inventory and risk assessment man-hours, and 33% of educational training man-hours, consequently decreasing the man-hour cost of the business organizations.
    顯示於類別:[資訊管理學系暨研究所] 學位論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    index.html0KbHTML85檢視/開啟

    在機構典藏中所有的資料項目都受到原著作權保護.

    TAIR相關文章

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - 回饋