The Research of the Information Security Governance of Value Delivery

• Main Authors: Yen- Ju Chen, 陳彥如
• Other Authors: Kwo-Jean Farn
• Format: Others
• Language: zh-TW
• Published: 2010
• Online Access: http://ndltd.ncl.edu.tw/handle/24554623459213727816

碩士 === 中國文化大學 === 資訊安全產業研發碩士專班 === 98 === Control Objectives for Information and Related Technology（COBIT）published by IT Governance Institute（ITGI）have focus on five main areas，they are Strategic alignment、Risk management、Resource management、Performance measurement and Value delivery。 This thesis is mainly focus on the Value delivery，and using Information Security Governance（ISG）Implementation Model to study the Value delivery。After analysis of three sample model of the Information Security Governance，I hereby to proposal two suggestions as below: (1)Add Context establishment implementation model addition to The Process/Metrics、Organization/R&R、Security Architecture and Investment Management implementation models that announced in the ISO/IEC 3rd WD 27014 plus，and to integrated with the ISO/IEC 3rd WD 27014 and ISMS(ISO/IEC 27001) Implementation Framework。 (2)When implementing the ISMS，suggest to add High risk evaluation model addition to the Evaluate、Direct and Monitor models in the ISO/IEC 38500。And use the Context establishment implementation model and High risk evaluation model as the Areas of information security governance。Base on the above suggestions，this thesis’s object is to integrate both the Information Security Governance and ISMS and to establish a framework and modeling for the ISMS。