English  |  正體中文  |  简体中文  |  Items with full text/Total items : 52052/87180 (60%)
Visitors : 8888006      Online Users : 123
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    Please use this identifier to cite or link to this item: http://tkuir.lib.tku.edu.tw:8080/dspace/handle/987654321/105522

    Title: 整合國際標準ISO 27001及BS 10012之風險評鑑方法論 : 以政府A機關為例
    Other Titles: A study of integrated risk assessment methodology of ISO 27001 and BS 10012 : a case study of government agency A
    Authors: 楊佩穎;Yang, Pei-Ying
    Contributors: 淡江大學資訊管理學系碩士在職專班
    黃明達;Hwang, Ming-Dar
    Keywords: 風險評鑑;整合方法論;資訊安全;個人資料保護;BS 10012;ISO 27001;risk assessment;integration methodology;Information security;personal data protection
    Date: 2015
    Issue Date: 2016-01-22 14:58:12 (UTC+8)
    Abstract: 企業組織為求提高資訊安全及個人資料保護之管控措施,選擇導入管理制度ISO 27001(國際標準組織International Organization for Standardization, ISO)及BS 10012 (英國標準British Standard)等國際標準;導入制度時作業十分繁瑣,而風險評鑑是建立管理制度時必要的項目之一,若同時導入二種制度,風險評鑑作業即須執行二次,且花費重複的成本,故本研究將以政府A機關之個案,研究整合ISO 27001及BS 10012之風險評鑑方法論,以減少花費工作人時為目的。
    本研究依照政府機關相關法令法規之要求事項,及CNS 27005、CNS 31000風險管理框架做為風險評鑑架構,以流程方式盤點資訊資產及個人資料檔案,並訂定符合資訊資產及個人資料檔案之衝擊及風險情境構面,做為整合ISO 27001及BS 10012風險評鑑之因子。研究發現政府A機關依照本研究導入整合風險評鑑方法論後,僅需執行一次風險評鑑作業,可減少約29%盤點及風險評鑑作業之工作人時及33%教育訓練之工作人時,進而減少企業組織之人工時成本。
    In order to improve information security and personal data protection, business organizations have chosen to introduce ISO 27001 and BS 10012 management systems and other international standards. The introduction of these systems can be quite complicated, and risk assessment is one of the necessary items for establishing the management system. If two systems are introduced simultaneously, the risk assessment must be implemented twice, which will incur repeated costs. Therefore, this study investigated the integration of the risk assessment methods for ISO 27001 and BS 10012 based on the case study of government agency A, with the aim of reducing man-hour costs.
    With the requirements of relevant government laws and regulations and the risk management framework of CNS 27005 and CNS 31000 as the risk assessment architecture, this study made an inventory of the information assets and personal data files in the form of flow process, and stipulated the aspects of impact and risk scenario conforming to the information asset and personal data files to serve as the factors for integrating the ISO 27001 and BS 10012 risk assessments. This study found that government agency A only had to implement one risk assessment after introducing the integrated risk assessment methodology, which saved about 29% of inventory and risk assessment man-hours, and 33% of educational training man-hours, consequently decreasing the man-hour cost of the business organizations.
    Appears in Collections:[資訊管理學系暨研究所] 學位論文

    Files in This Item:

    File Description SizeFormat

    All items in 機構典藏 are protected by copyright, with all rights reserved.

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - Feedback