| Summary: | 碩士 === 華梵大學 === 資訊管理學系碩士班 === 100 === The effectiveness of the enterprise information security management will determine the information security risks faced by the business operations. How to effectively enhance the enterprise's information security management with limited resources is one of the enterprise information security governance issues. IT security auditing is one of the processes to assess the enterprises IT security controls. The design of the audit process should respond to questions such as “what to investigate”, “how to rate”, “how to benchmark” and “which to improve”, so that, audit findings could not only identify the insufficient controls but also help the managements evaluate the costs and benefits of improvement actions and make right decisions. In this research, the methods and findings of a government sponsored project were studied, in which volunteer retailers were surveyed and an improvement proposal was submitted to each of them. Then, Analytic Hierarchical Process was adapted to turn the original non-weighted flat assessment framework into a weighted hierarchical one to improve the assessment model. The audit results were re-evaluated, and new improvement proposals were made. As identified by comparing the results, the weighted hierarchical assessment model can help prioritizing the needed improvements and making strategic decisions easier.
|
|---|
