| Summary: | 碩士 === 國防大學管理學院 === 資訊管理學系 === 99 === Today, more information security events occur. For most of governments, enterprises, and schools, they all think that a proper information security management can reduce damage that results from negligence or attack on information security; it is necessary for them to have an information security management mechanism. Information security management system (ISMS) is a systematic method to analyze and manage risk of information security; it is a risk-based methodology. ISMS handles risk management operations with defining policy, procedure, and a proper selection of control items. For assuring information systems keeping operation and acquiring a rich investment return ratio and business opportunities, ISMS tries to handle threads and reduce damage and loss of information security risk, which is acceptable for enterprises / organizations, with controllable methods.
Since the international standards about information security do not popularize in the domestic enterprises / organizations; some information security standards are not customized for them. Enterprises / organizations should depend on their characteristics and requirements to have their own information security control standards. Thus, this study tries to base the control points and items of ISO 27001 to assist enterprises / organizations to build their own information security management mechanisms. With expert and AHP questionnaires, we understand applicability of ISO 27001, 11 control dimensions and 133 information security control measures, for enterprises / organizations. The study results would be helpful for enterprises / organizations to build their required information security management systems with ISO 27001.
|
|---|
