| URN |
etd-0730108-112423 |
|---|
| Author |
Ruei-shian Hu |
|---|
| Author's Email Address |
No Public. |
|---|
| Statistics |
This thesis had been viewed 5636 times. Download 21 times. |
|---|
| Department |
Information Management |
|---|
| Year |
2007 |
|---|
| Semester |
2 |
|---|
| Degree |
Master |
|---|
| Type of Document |
|
|---|
| Language |
zh-TW.Big5 Chinese |
|---|
| Title |
Information Security Risk Assessment Model – A Case Study of a Semiconductor Assembly Company |
|---|
| Date of Defense |
2008-06-12 |
|---|
| Page Count |
125 |
|---|
| Keyword |
Assets Threats
Assets Vulnerability
Assets Evaluation
Risk Assessment
Information Security
|
|---|
| Abstract |
The information security incidents have most often been reported. The loss of enterprise operation is more and more serious because of information security incidents. There are more and more operation risks happening inside the enterprise because of such informational and electronic transformation. Consequently, the requirement to have an effective management framework of information security is more and more urgent.
The research adopts the international standard ISO 27001 as the foundation of the information security management framework. And then, risk assessment is the main process of the informational security management framework. This process includes five stages: identification and classification of information assets, value evaluation of information assets, vulnerability assessment of information assets, threats assessment of information assets, and measurement of information security risks. The operational definition, implementation steps and measurement of the information security risks are worked out through review of relevant literature and interview with experts in the semiconductor assembly company. Finally, the experts of the consulting firm of the informational security are entrusted to verify the availability of the model. The result of this informational security risk assessment model will be used as the basis for future improvement.
It is hoped that this research can offer a guideline for the information security risk assessment suitable for the semiconductor company and can be used as a reference for internal auditors and management. |
|---|
| Advisory Committee |
Chia-Mei Chen - chair
Fen-Hui Lin - co-chair
Hsin-Hui Lin - advisor
|
|---|
| Files |
indicate in-campus access in a year and off_campus not accessible |
|---|
| Date of Submission |
2008-07-30 |
|---|
