| Summary: | 碩士 === 國立臺灣科技大學 === 管理學院MBA === 97 === Several security metrics have been proposed to measure the effectiveness and states of information security in an organization recently. However, people in an organization may have trouble to utilize the metrics because the people may not know how to link the metrics to business objectives.
In this case, the purpose of this article is to propose 「A Framework of Aligning Information Security Performance Indicators to Business Objects with AHP - A Case Study on a Major Government Organization industry」. In this frame work, an organization should develop a hierarchical tree of security metrics. The root of hierarchical tree is business objective. The root has several Childs to represent security objectives.
Each security objective may have future each objective can be measures by several security metrics, which can future be matured by several sub-metrics. The organization can use AHP technology to colcalate might of the metrics. In addition to propose the framework, this study also validates the framework with us survey the literatures and develop a hierarchial tree based on the literature. The questionnaire of this study is designed by AHP, and distribute to the case companies. The case companies can develop a scale based on the result. And build a relationship between the organizational information security index and organizational strategy effectively by the scale. Finally, based on the analysis and application of the scale, the executive management will understand the importance of information security management.
|
|---|
