Mapping and Analyzing ISO 27002 with Controls of COBIT 4.1
碩士 === 國立高雄師範大學 === 資訊教育研究所 === 96 === “To understand the effect is to know the causes.” In the application of Information Technology (IT), improving the operations efficiency often brings about security problems. A careless mistake of access priority could cause a loss of hundreds of millions dol...
| Main Authors: | , |
|---|---|
| Other Authors: | |
| Format: | Others |
| Language: | zh-TW |
| Published: |
2008
|
| Online Access: | http://ndltd.ncl.edu.tw/handle/54016056718856357994 |
| id |
ndltd-TW-096NKNU5395035 |
|---|---|
| record_format |
oai_dc |
| spelling |
ndltd-TW-096NKNU53950352016-11-12T04:20:11Z http://ndltd.ncl.edu.tw/handle/54016056718856357994 Mapping and Analyzing ISO 27002 with Controls of COBIT 4.1 ISO 27002與COBIT 4.1控制措施之對映分析 Ou Yang, Hui-Hua 歐陽惠華 碩士 國立高雄師範大學 資訊教育研究所 96 “To understand the effect is to know the causes.” In the application of Information Technology (IT), improving the operations efficiency often brings about security problems. A careless mistake of access priority could cause a loss of hundreds of millions dollars. An unexpected attack could destroy all valued data. Information security is not just to avoid virus and hackers attacks. It involves all aspects of business activities. A multi-layer defense against information security cannot fend off attacks from external and internal network. No system can prevent man-made information incident. Then, how can we protect our information assets and build a safe information operation environment for our organization? It depends on the quality of implementing the IT standards. Successful organizations recognize the importance of aligning IT strategy with the business strategy, the benefits of IT and using IT to take full advantage of it’s information assets. These organizations can thereby maximize benefits, capitalize on opportunities and gain competitive advantage. This thesis has three aims. The first is to map and analyze code of practice for Information Security Management System (ISMS) - the ISO 27002 which was popularly adopted in Taiwan with IT quality governance – the Control Objectives for Information and related Technology (COBIT) 4.1, compares them regarding control and measurement. The second is to brief IT Assurance using COBIT4.1. The third is to apply COBIT 4.1 in Critical Infrastructure (CI). The COBIT 4.1 has a better control process approach to improve the control objectives, through the measured indices. The benefits of COBIT 4.1 are that it is effective, efficient, reliable and measurable when organizations want to implement ISMS. Chung-Huang Yang Farn, Kwo-Jean 楊中皇博士 樊國楨博士 2008 學位論文 ; thesis 105 zh-TW |
| collection |
NDLTD |
| language |
zh-TW |
| format |
Others
|
| sources |
NDLTD |
| description |
碩士 === 國立高雄師範大學 === 資訊教育研究所 === 96 === “To understand the effect is to know the causes.” In the application of Information Technology (IT), improving the operations efficiency often brings about security problems. A careless mistake of access priority could cause a loss of hundreds of millions dollars. An unexpected attack could destroy all valued data. Information security is not just to avoid virus and hackers attacks. It involves all aspects of business activities. A multi-layer defense against information security cannot fend off attacks from external and internal network. No system can prevent man-made information incident.
Then, how can we protect our information assets and build a safe information operation environment for our organization? It depends on the quality of implementing the IT standards. Successful organizations recognize the importance of aligning IT strategy with the business strategy, the benefits of IT and using IT to take full advantage of it’s information assets. These organizations can thereby maximize benefits, capitalize on opportunities and gain competitive advantage.
This thesis has three aims. The first is to map and analyze code of practice for Information Security Management System (ISMS) - the ISO 27002 which was popularly adopted in Taiwan with IT quality governance – the Control Objectives for Information and related Technology (COBIT) 4.1, compares them regarding control and measurement. The second is to brief IT Assurance using COBIT4.1. The third is to apply COBIT 4.1 in Critical Infrastructure (CI). The COBIT 4.1 has a better control process approach to improve the control objectives, through the measured indices. The benefits of COBIT 4.1 are that it is effective, efficient, reliable and measurable when organizations want to implement ISMS.
|
| author2 |
Chung-Huang Yang |
| author_facet |
Chung-Huang Yang Ou Yang, Hui-Hua 歐陽惠華 |
| author |
Ou Yang, Hui-Hua 歐陽惠華 |
| spellingShingle |
Ou Yang, Hui-Hua 歐陽惠華 Mapping and Analyzing ISO 27002 with Controls of COBIT 4.1 |
| author_sort |
Ou Yang, Hui-Hua |
| title |
Mapping and Analyzing ISO 27002 with Controls of COBIT 4.1 |
| title_short |
Mapping and Analyzing ISO 27002 with Controls of COBIT 4.1 |
| title_full |
Mapping and Analyzing ISO 27002 with Controls of COBIT 4.1 |
| title_fullStr |
Mapping and Analyzing ISO 27002 with Controls of COBIT 4.1 |
| title_full_unstemmed |
Mapping and Analyzing ISO 27002 with Controls of COBIT 4.1 |
| title_sort |
mapping and analyzing iso 27002 with controls of cobit 4.1 |
| publishDate |
2008 |
| url |
http://ndltd.ncl.edu.tw/handle/54016056718856357994 |
| work_keys_str_mv |
AT ouyanghuihua mappingandanalyzingiso27002withcontrolsofcobit41 AT ōuyánghuìhuá mappingandanalyzingiso27002withcontrolsofcobit41 AT ouyanghuihua iso27002yǔcobit41kòngzhìcuòshīzhīduìyìngfēnxī AT ōuyánghuìhuá iso27002yǔcobit41kòngzhìcuòshīzhīduìyìngfēnxī |
| _version_ |
1718392490425319424 |