淡江大學機構典藏:Item 987654321/105522
English  |  正體中文  |  简体中文  |  全文笔数/总笔数 : 62822/95882 (66%)
造访人次 : 4012931      在线人数 : 932
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
    •  进阶搜寻


    jsp.display-item.identifier=請使用永久網址來引用或連結此文件: https://tkuir.lib.tku.edu.tw/dspace/handle/987654321/105522


    题名: 整合國際標準ISO 27001及BS 10012之風險評鑑方法論 : 以政府A機關為例
    其它题名: A study of integrated risk assessment methodology of ISO 27001 and BS 10012 : a case study of government agency A
    作者: 楊佩穎;Yang, Pei-Ying
    贡献者: 淡江大學資訊管理學系碩士在職專班
    黃明達;Hwang, Ming-Dar
    关键词: 風險評鑑;整合方法論;資訊安全;個人資料保護;BS 10012;ISO 27001;risk assessment;integration methodology;Information security;personal data protection
    日期: 2015
    上传时间: 2016-01-22 14:58:12 (UTC+8)
    摘要: 企業組織為求提高資訊安全及個人資料保護之管控措施,選擇導入管理制度ISO 27001(國際標準組織International Organization for Standardization, ISO)及BS 10012 (英國標準British Standard)等國際標準;導入制度時作業十分繁瑣,而風險評鑑是建立管理制度時必要的項目之一,若同時導入二種制度,風險評鑑作業即須執行二次,且花費重複的成本,故本研究將以政府A機關之個案,研究整合ISO 27001及BS 10012之風險評鑑方法論,以減少花費工作人時為目的。
    本研究依照政府機關相關法令法規之要求事項,及CNS 27005、CNS 31000風險管理框架做為風險評鑑架構,以流程方式盤點資訊資產及個人資料檔案,並訂定符合資訊資產及個人資料檔案之衝擊及風險情境構面,做為整合ISO 27001及BS 10012風險評鑑之因子。研究發現政府A機關依照本研究導入整合風險評鑑方法論後,僅需執行一次風險評鑑作業,可減少約29%盤點及風險評鑑作業之工作人時及33%教育訓練之工作人時,進而減少企業組織之人工時成本。
    In order to improve information security and personal data protection, business organizations have chosen to introduce ISO 27001 and BS 10012 management systems and other international standards. The introduction of these systems can be quite complicated, and risk assessment is one of the necessary items for establishing the management system. If two systems are introduced simultaneously, the risk assessment must be implemented twice, which will incur repeated costs. Therefore, this study investigated the integration of the risk assessment methods for ISO 27001 and BS 10012 based on the case study of government agency A, with the aim of reducing man-hour costs.
    With the requirements of relevant government laws and regulations and the risk management framework of CNS 27005 and CNS 31000 as the risk assessment architecture, this study made an inventory of the information assets and personal data files in the form of flow process, and stipulated the aspects of impact and risk scenario conforming to the information asset and personal data files to serve as the factors for integrating the ISO 27001 and BS 10012 risk assessments. This study found that government agency A only had to implement one risk assessment after introducing the integrated risk assessment methodology, which saved about 29% of inventory and risk assessment man-hours, and 33% of educational training man-hours, consequently decreasing the man-hour cost of the business organizations.
    显示于类别:[資訊管理學系暨研究所] 學位論文

    文件中的档案:

    档案 描述 大小格式浏览次数
    index.html0KbHTML183检视/开启

    在機構典藏中所有的数据项都受到原著作权保护.

    TAIR相关文章

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - 回馈