Conceptual Models and the Implementations of the information Security Management and Education System

• Main Authors: Tung-Ju Chiang, 江通儒
• Other Authors: Jen-Shiang Kouh
• Format: Others
• Language: en_US
• Published: 2010
• Online Access: http://ndltd.ncl.edu.tw/handle/94517390521484438096

博士 === 國立臺灣大學 === 工程科學及海洋工程學研究所 === 98 === The main purpose of the presented work is to provide a meta-model to implement the Information Security Management system (ISMS) with effect. Rich Internet Applications (RIAs) are web applications that have many of the characteristics of desktop applications. A contribution of the presented work is the adoption of RIAs and their technologies, MXML and ActionScript 3, to extend the features of the existing ISMS. Multiple criteria decision making (MCDM) refers to find the best opinion from all of the alternatives. Some methods of MCDM used in this paper are Analytic hierarchy process (AHP), Fuzzy Analytic Hierarchy Process (FAHP), and Grey Relational Analysis (GRA). Besides this, ontologies are typically presented as tree structure containing all the relevant entities and their relationships and rules within that domain knowledge. Rules may be used for creating new rules, defining classes and properties of the ontology. To use the ontologies and rules to implement the knowledge management is the other purpose of this work. This system also uses the semantic web technologies, such as semantic web rule language (SWRL), SPARQL, SQWRL to query and infer domain knowledge. There are two models proposed in this paper, the meta model of the information security management (MMISM) and the information security maturity model (ISEMM). There are four parts of MMISM, including security requirement and risk analysis, meta-policy, meta-process and the PLOAT view of the implementation model. For the purpose of expanding the scope of ISMS certification, PLOAT view is proposed and it stands for People, Legal, Organization, Asset and Technology. In ISEMM, there are five levels from top to bottom, which are role, certification, standard, course and knowledge level.