| Summary: | 碩士 === 國防大學理工學院 === 資訊科學碩士班 === 99 === As internet becomes the most important way to exchange information and makes our lives more convenient,but there's a hazard behind it-Information Security. Applying the concept of risk management for information security management is an essential method. However, most of the current information security risk assessment has the following problems: risk assessment is time-consuming and cumbersome. Risk assessment will be emphasized in the qualitative analysis. But it's lack of the qualified or suitable person to control the risk evaluation process. Also, participants in evaluation workshop do not have enough training and preparations. In this research,we propose a quantitative risk assessment model based on the combination of OCTAVE-S and AHP. The work designs a semi-automatic evaluation system to assist the implementation of the risk assessment. It will reduce the man-made mistakes and save costs and resources of risk assessment.
Keywords:Risk assessment , OCTAVE-S, AHP
|
|---|
