The Risk Assessment of Personal Information Management System in Taiwan

• Main Authors: Yu-Hsuan Wu, 吳俞萱
• Other Authors: 楊朝成
• Format: Others
• Language: zh-TW
• Published: 2015
• Online Access: http://ndltd.ncl.edu.tw/handle/b4aze2

碩士 === 國立中興大學 === 資訊管理學系所 === 103 === Due to the rapid development of information technology and a wide range of e-commerce applications. The old Personal Information Protection Act in Taiwan, that has been unable to respond to current trend towards information security issues and protection of personal information, so there is the new version of Personal Information Protection Act arise. The new version of Personal Information Protection Act had passed in the Legislative Yuan on April, 2010, and formally implemented on October, 2012. In response to the new statute, all organizations are committed to build a complete and comprehensive Personal Information Management System. To avoid the risk of personal information being leaked out or deliberate theft, minimizing risks. Many companies have improved their security of information environment through BS10012, also use it to enhance the protection of personal information. Risk assessment is one of necessary process to planning a set of PIMS. At present, there are many of the standards relevant to risk assessment, but without any detail description of how to implement risk assessment. The protection of personal information is relatively new information security issues and less relevant research in this area, before the new version of Personal Information Protection Act enacted in 2012 and BS10012 promoted. Therefore, this study based on Analytic Hierarchy Process (AHP), distinguishing between asset class and the level of security threat. Coupling with the linked list to find the causal relationship among weakness threat. Further to propose a new risk assessment methods.