A Study of Information Security Policies Risk Assessment on Location-Based Service Systems

• Main Authors: Tun-Yu Su, 蘇敦煜
• Other Authors: Chun-Te Chen
• Format: Others
• Language: zh-TW
• Published: 2010
• Online Access: http://ndltd.ncl.edu.tw/handle/06012161891594467169

碩士 === 華梵大學 === 資訊管理學系碩士班 === 98 === The Location-Based Service is the value-added application of life-mobilization, which acquires users’ circumstances, location and needs on mobile phones or handsets through mobility position technology. However, there are a lot of problems which involve the security issue such as privacy protection, external inspection in confidential or personal data, and the illegal distortion of the personal data. Obviously, it is critical for the information transmission and prevention risk as well as weakness of security. The Therefore, for LBS, a complete solution in information security evaluation standard is keenly necessary. Through this research, we made cautious evaluation about the realm of LBS’s confidentiality, completeness, availability, and privacy for internal also external environment within the structure of the Health Insurance Portability and Accountability Act, and the Computer-Processed Personal Data Protection Law. By the method of document research and questionnaire, we constructed the risk assessment of information security policy on Location-Based Service. We concluded that six dimensions of the assessment which includes major service function, technical service support, technical security system, systematic security maintenance, operational environment safety, and organizational security policy, each dimension involves four to six items of the appraisal, the total items is 32. We also made use of Analytic Hierarchy Process to measure the risk weighting of each indicator for LBS providers as well as its management and users, to comprehend the influence from each indicator on the assessment method. The results can be the reference of LBS information security policy.