| Summary: | 碩士 === 國立臺灣科技大學 === 資訊管理系 === 98 === Considering security and convenience in information systems and services of organizations, organizations need to implement information security risk management processes to identify potential information security incidents and to evaluate loss expectancy of the incidents. Consequently, organizations can adopt appropriate or cost-effective countermeasures to control the incidents.
To establish risk management processes, an organization needs to maintain huge amount of data about risks or potential incidents. Obviously, it would be a tedious work to maintain the data. Therefore, this study proposes an information system, called Risk Patrol, for an organization to perform risk management processes. While many organizations establish information security management systems based on ISO 27001, the proposed system follow ISO 27005 to help organizations to comply the requirements about risk management in ISO 27001. In addition, the proposed system also contributes to provide an integrated view for managers or stakeholders of an organization to know risks of the organization. The managers and stakeholders can then decide how to treat the risks based on the system. Therefore, the proposed system can contribute to improve organizational security.
|
|---|
