Information Security Risk Management for Banking’sInformation Assets – Evidence from Some Bank

• Main Authors: Chin-Yu Chiang, 江芷佑
• Other Authors: Woei-Jiunn Tsaur
• Format: Others
• Language: zh-TW
• Published: 2010
• Online Access: http://ndltd.ncl.edu.tw/handle/00359299567208778268

碩士 === 大葉大學 === 資訊管理學系碩士班 === 98 === With the liberalization and internationalization of financial, the banking operation must face a lot of fierce challenges and competition, and it has become highly risky ap-parently. In the competition , the risks that financial institutions must deal are not only various but also more complex now. The result of banking asset risk management can improve the safety of operation. The current research is almost focused on analyzing the enterprise risk and establishing risk assessment model . In this research, we first classify the information assets of a financial institution, and further assess their risk. The expert questionnaire method is adopted in this research and the questionnaires are designed based on the guidelines of information security management of ISO 27001,ISO 27005 and OCTAVE . The research derives methods for evaluating the assets, threats, vulnera-bilities and risk levels. Owing to the lack of the related approaches on the classification of information assets and the assessment of their risk in banking , we affirm that the re-sults of our research can contribute to the risk management of the information assets .