Mapping and Analyzing ISO 27002 with Controls of COBIT 4.1

碩士 === 國立高雄師範大學 === 資訊教育研究所 === 96 === “To understand the effect is to know the causes.” In the application of Information Technology (IT), improving the operations efficiency often brings about security problems. A careless mistake of access priority could cause a loss of hundreds of millions dol...

Full description

Bibliographic Details
Main Authors: Ou Yang, Hui-Hua, 歐陽惠華
Other Authors: Chung-Huang Yang
Format: Others
Language:zh-TW
Published: 2008
Online Access:http://ndltd.ncl.edu.tw/handle/54016056718856357994
id ndltd-TW-096NKNU5395035
record_format oai_dc
spelling ndltd-TW-096NKNU53950352016-11-12T04:20:11Z http://ndltd.ncl.edu.tw/handle/54016056718856357994 Mapping and Analyzing ISO 27002 with Controls of COBIT 4.1 ISO 27002與COBIT 4.1控制措施之對映分析 Ou Yang, Hui-Hua 歐陽惠華 碩士 國立高雄師範大學 資訊教育研究所 96 “To understand the effect is to know the causes.” In the application of Information Technology (IT), improving the operations efficiency often brings about security problems. A careless mistake of access priority could cause a loss of hundreds of millions dollars. An unexpected attack could destroy all valued data. Information security is not just to avoid virus and hackers attacks. It involves all aspects of business activities. A multi-layer defense against information security cannot fend off attacks from external and internal network. No system can prevent man-made information incident. Then, how can we protect our information assets and build a safe information operation environment for our organization? It depends on the quality of implementing the IT standards. Successful organizations recognize the importance of aligning IT strategy with the business strategy, the benefits of IT and using IT to take full advantage of it’s information assets. These organizations can thereby maximize benefits, capitalize on opportunities and gain competitive advantage. This thesis has three aims. The first is to map and analyze code of practice for Information Security Management System (ISMS) - the ISO 27002 which was popularly adopted in Taiwan with IT quality governance – the Control Objectives for Information and related Technology (COBIT) 4.1, compares them regarding control and measurement. The second is to brief IT Assurance using COBIT4.1. The third is to apply COBIT 4.1 in Critical Infrastructure (CI). The COBIT 4.1 has a better control process approach to improve the control objectives, through the measured indices. The benefits of COBIT 4.1 are that it is effective, efficient, reliable and measurable when organizations want to implement ISMS. Chung-Huang Yang Farn, Kwo-Jean 楊中皇博士 樊國楨博士 2008 學位論文 ; thesis 105 zh-TW
collection NDLTD
language zh-TW
format Others
sources NDLTD
description 碩士 === 國立高雄師範大學 === 資訊教育研究所 === 96 === “To understand the effect is to know the causes.” In the application of Information Technology (IT), improving the operations efficiency often brings about security problems. A careless mistake of access priority could cause a loss of hundreds of millions dollars. An unexpected attack could destroy all valued data. Information security is not just to avoid virus and hackers attacks. It involves all aspects of business activities. A multi-layer defense against information security cannot fend off attacks from external and internal network. No system can prevent man-made information incident. Then, how can we protect our information assets and build a safe information operation environment for our organization? It depends on the quality of implementing the IT standards. Successful organizations recognize the importance of aligning IT strategy with the business strategy, the benefits of IT and using IT to take full advantage of it’s information assets. These organizations can thereby maximize benefits, capitalize on opportunities and gain competitive advantage. This thesis has three aims. The first is to map and analyze code of practice for Information Security Management System (ISMS) - the ISO 27002 which was popularly adopted in Taiwan with IT quality governance – the Control Objectives for Information and related Technology (COBIT) 4.1, compares them regarding control and measurement. The second is to brief IT Assurance using COBIT4.1. The third is to apply COBIT 4.1 in Critical Infrastructure (CI). The COBIT 4.1 has a better control process approach to improve the control objectives, through the measured indices. The benefits of COBIT 4.1 are that it is effective, efficient, reliable and measurable when organizations want to implement ISMS.
author2 Chung-Huang Yang
author_facet Chung-Huang Yang
Ou Yang, Hui-Hua
歐陽惠華
author Ou Yang, Hui-Hua
歐陽惠華
spellingShingle Ou Yang, Hui-Hua
歐陽惠華
Mapping and Analyzing ISO 27002 with Controls of COBIT 4.1
author_sort Ou Yang, Hui-Hua
title Mapping and Analyzing ISO 27002 with Controls of COBIT 4.1
title_short Mapping and Analyzing ISO 27002 with Controls of COBIT 4.1
title_full Mapping and Analyzing ISO 27002 with Controls of COBIT 4.1
title_fullStr Mapping and Analyzing ISO 27002 with Controls of COBIT 4.1
title_full_unstemmed Mapping and Analyzing ISO 27002 with Controls of COBIT 4.1
title_sort mapping and analyzing iso 27002 with controls of cobit 4.1
publishDate 2008
url http://ndltd.ncl.edu.tw/handle/54016056718856357994
work_keys_str_mv AT ouyanghuihua mappingandanalyzingiso27002withcontrolsofcobit41
AT ōuyánghuìhuá mappingandanalyzingiso27002withcontrolsofcobit41
AT ouyanghuihua iso27002yǔcobit41kòngzhìcuòshīzhīduìyìngfēnxī
AT ōuyánghuìhuá iso27002yǔcobit41kòngzhìcuòshīzhīduìyìngfēnxī
_version_ 1718392490425319424