A Decision Method to Select Information Security Controls ─ Considering Risk Condition and Cost
碩士 === 淡江大學 === 資訊管理學系碩士班 === 95 === Information security management has become an important issue in many various organizations. The fundamental work for information security management is how to assess the security risk and implement the information security controls to reach an acceptable informa...
| Main Authors: | , |
|---|---|
| Other Authors: | |
| Format: | Others |
| Language: | zh-TW |
| Published: |
2007
|
| Online Access: | http://ndltd.ncl.edu.tw/handle/20365364610851495530 |
| id |
ndltd-TW-095TKU05396003 |
|---|---|
| record_format |
oai_dc |
| spelling |
ndltd-TW-095TKU053960032015-10-13T14:08:16Z http://ndltd.ncl.edu.tw/handle/20365364610851495530 A Decision Method to Select Information Security Controls ─ Considering Risk Condition and Cost 風險限制與成本考量下之資安控制措施決策方法 Wan-Chen Hsin 辛婉甄 碩士 淡江大學 資訊管理學系碩士班 95 Information security management has become an important issue in many various organizations. The fundamental work for information security management is how to assess the security risk and implement the information security controls to reach an acceptable information security level. However, only few related researches have been done so far. In this thesis, we apply the concept of conditional value of risk proposed by Uryasev (2000) to create a quantitative decision model for the selection of information security controls. In the decision process, the acceptable risk and security cost are considered. Using the model, the decision makers can make a more appropriate decision to minimize their information security cost according to the risk or loss they can bear. Our case study demonstrates the proposed model with the potential of becoming very useful in practice and of leading to further generalization of information security decision analysis. Huan-Jyh Shyur 徐煥智 2007 學位論文 ; thesis 44 zh-TW |
| collection |
NDLTD |
| language |
zh-TW |
| format |
Others
|
| sources |
NDLTD |
| description |
碩士 === 淡江大學 === 資訊管理學系碩士班 === 95 === Information security management has become an important issue in many various organizations. The fundamental work for information security management is how to assess the security risk and implement the information security controls to reach an acceptable information security level. However, only few related researches have been done so far. In this thesis, we apply the concept of conditional value of risk proposed by Uryasev (2000) to create a quantitative decision model for the selection of information security controls. In the decision process, the acceptable risk and security cost are considered. Using the model, the decision makers can make a more appropriate decision to minimize their information security cost according to the risk or loss they can bear. Our case study demonstrates the proposed model with the potential of becoming very useful in practice and of leading to further generalization of information security decision analysis.
|
| author2 |
Huan-Jyh Shyur |
| author_facet |
Huan-Jyh Shyur Wan-Chen Hsin 辛婉甄 |
| author |
Wan-Chen Hsin 辛婉甄 |
| spellingShingle |
Wan-Chen Hsin 辛婉甄 A Decision Method to Select Information Security Controls ─ Considering Risk Condition and Cost |
| author_sort |
Wan-Chen Hsin |
| title |
A Decision Method to Select Information Security Controls ─ Considering Risk Condition and Cost |
| title_short |
A Decision Method to Select Information Security Controls ─ Considering Risk Condition and Cost |
| title_full |
A Decision Method to Select Information Security Controls ─ Considering Risk Condition and Cost |
| title_fullStr |
A Decision Method to Select Information Security Controls ─ Considering Risk Condition and Cost |
| title_full_unstemmed |
A Decision Method to Select Information Security Controls ─ Considering Risk Condition and Cost |
| title_sort |
decision method to select information security controls ─ considering risk condition and cost |
| publishDate |
2007 |
| url |
http://ndltd.ncl.edu.tw/handle/20365364610851495530 |
| work_keys_str_mv |
AT wanchenhsin adecisionmethodtoselectinformationsecuritycontrolsconsideringriskconditionandcost AT xīnwǎnzhēn adecisionmethodtoselectinformationsecuritycontrolsconsideringriskconditionandcost AT wanchenhsin fēngxiǎnxiànzhìyǔchéngběnkǎoliàngxiàzhīzīānkòngzhìcuòshījuécèfāngfǎ AT xīnwǎnzhēn fēngxiǎnxiànzhìyǔchéngběnkǎoliàngxiàzhīzīānkòngzhìcuòshījuécèfāngfǎ AT wanchenhsin decisionmethodtoselectinformationsecuritycontrolsconsideringriskconditionandcost AT xīnwǎnzhēn decisionmethodtoselectinformationsecuritycontrolsconsideringriskconditionandcost |
| _version_ |
1717748198778339328 |