MCDM in Risk Evaluation for Enterprise Digital Rights Management System

• Main Authors: CHIA-YU CHANG, 張嘉祐
• Other Authors: Chun-Te Chen
• Format: Others
• Language: zh-TW
• Published: 2007
• Online Access: http://ndltd.ncl.edu.tw/handle/82603681552640305408

碩士 === 華梵大學 === 資訊管理學系碩士班 === 95 === Abstract With the development of the Internet technology, many corporate confidential documents have been digitized, making them easy to be copied and disseminated. Most leaks of confidential documents are done by internal employees or resigned employees. Therefore, enterprises have implemented the Enterprise Digital Rights Management (E-DRM) system to prevent intellectual property from leaking. However, due to different internal and external environmental factors and policy needs, such as operational strategies, economics, organization, environment and staff acceptance, enterprise decision-makers need to make the right decision when implementing the system. This study proposes a complete decision-making framework for implementation of the E-DRM system based on the 10 administrative items of BS7799. This decision-making framework is able to assist enterprises in discovering the key factors in successfully implementing the E-DRM system and effectively adjusting the implementation strategies. This study uses the Fuzzy Multi-criteria Decision Making (FMCDM) to construct a Decision Support System (DSS) for implementation of the E-DRM system, which involves assessment of factor weights, conversion of qualitative factors into quantitative analysis, how to conduct a comprehensive evaluation, etc. This study first performed a risk analysis and risk assessment for information assets, including risk assessment, risk treatment, and risk tolerance and communication of enterprises, to help enterprises make decisions favorable to their operational performance when implementing the E-DRM system. We also interviewed experts on the E-DRM system to obtain preliminary risk assessment items. Then, we employed the factor analysis approach to develop the hierarchy system of assessment objectives for implementation of the E-DRM system. Finally, we used the Fuzzy AHP (Analytic Hierarchy Process) to obtain assessment indicators and inter-item weights, and applied the fuzzy number ranking method to obtain the priorities of various plans. Based on the above methods, we established a “Decision Support System for Implementation of the E-DRM System for Enterprises” to help enterprises in choosing and implementing the E-DRM system. The results of this study are as follows: 1) This study develops a fuzzy multi-criteria assessment framework to objectively assess the risks of the E-DRM system, whose assessment indicators include main functions, supporting functions, maintenance functions, system implementation management, enactment and management of document rights policy, service quality, and price and convenience of use. The two factors, enactment and management of document rights policy, and price and convenience of use are considered the most important. 2) According to the analytical results of this study, information management staff pay the most attention to the system compatibility and price when assessing the risks of the E-DRM system; and the weights of these two factors are respectively ranked top 1 and 2 after applying the AHP method, suggesting that these two factors are of high importance in the risks of the E-DRM system. Keywords: Enterprise Digital Rights Management (E-DRM), Multi-criteria Decision Making (MCDM), Analytic Hierarchy Process (AHP), Fuzzy Theory, BS7799, Risk Management