English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 65231/98744 (66%)
造訪人次 : 31962545      線上人數 : 3629
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋
    請使用永久網址來引用或連結此文件: https://tkuir.lib.tku.edu.tw/dspace/handle/987654321/34033


    題名: 風險限制與成本考量下之資安控制措施決策方法
    其他題名: A decision method to select information security controls - considering risk condition and cost
    作者: 辛婉甄;Hsin, Wan-chen
    貢獻者: 淡江大學資訊管理學系碩士班
    徐煥智;Shyur, Huan-jyh
    關鍵詞: 資安控制措施;風險值;條件風險值;資訊安全管理;Information Security Control;VAR;CVaR;Information Security Management
    日期: 2007
    上傳時間: 2010-01-11 04:49:08 (UTC+8)
    摘要: 隨著資訊安全管理觀念的逐漸受到重視,資訊安全風險評鑑已成為推動資安管理的初步重要工作。如何最有效益的利用資源來進行資安控制措施的建置以達到企業組織存在於一個可承受的資安風險損失水準環境,在策略決策上是一個重要的議題,但相關研究卻較為缺乏,因此本研究藉由探討風險分析管理等相關文獻,將量化風險分析的觀念導入資訊安全策略決策中,提出一套資安控制措施規畫決策模式,利用Uryasev(2000)提出的條件風險概念,應用於資安策略決策模式的建構上,使用此方法使企業在做損失評估時,能有更明確的決策選擇,以減少企業的損失,協助各企業在資訊安全管理中做適當的管理決策。在未來希望可以把此模式應用在現實的企業資安控制措施規畫決策過程中,增加該模式的可行性。
    Information security management has become an important issue in many various organizations. The fundamental work for information security management is how to assess the security risk and implement the information security controls to reach an acceptable information security level. However, only few related researches have been done so far. In this thesis, we apply the concept of conditional value of risk proposed by Uryasev (2000) to create a quantitative decision model for the selection of information security controls. In the decision process, the acceptable risk and security cost are considered. Using the model, the decision makers can make a more appropriate decision to minimize their information security cost according to the risk or loss they can bear. Our case study demonstrates the proposed model with the potential of becoming very useful in practice and of leading to further generalization of information security decision analysis.
    顯示於類別:[資訊管理學系暨研究所] 學位論文

    文件中的檔案:

    檔案 大小格式瀏覽次數
    0KbUnknown495檢視/開啟

    在機構典藏中所有的資料項目都受到原著作權保護.

    TAIR相關文章

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - 回饋