A Study on Quantifiable Risk Assessment of Information System
碩士 === 正修科技大學 === 資訊管理研究所 === 99 === Big organizations or enterprises considered any significant subjects about Information System (IS) security very important and they are willing to put a huge budget to safely maintain their business operations. And they often asked security experts to help audit...
| Main Authors: | , |
|---|---|
| Other Authors: | |
| Format: | Others |
| Language: | zh-TW |
| Published: |
2011
|
| Online Access: | http://ndltd.ncl.edu.tw/handle/44381050241483444018 |
| Summary: | 碩士 === 正修科技大學 === 資訊管理研究所 === 99 === Big organizations or enterprises considered any significant subjects about Information System (IS) security very important and they are willing to put a huge budget to safely maintain their business operations. And they often asked security experts to help audit the system security by ISO27001:2005 Standard. We need to refer to this main trend of international standard to manage and validate any IS security (described in contents of ISO27001:2005). Also, refer to the power points described in (CNS27001), the standard IS security are provided by Taiwan Executive Yuan and its affiliates, the study focuses on the quantifiable IS risk assessment. The Poisson distribution is suggested to fit the random numbers of system crashed by the data collected from SME questionnaires. By the Poisson distribution to evaluate the probability of any risk happened or crashes. Therefore we can minimize the maintenance expenses which is the main part of risk assessment caused by the two types of errors. It will help any enterprise to allocate the enough budget to product the higher profits.
|
|---|