Applications of Fuzzy Markup Language on CMMI Information Security Management System

• Main Authors: Yuan-liang Wang, 王元良
• Other Authors: Chang-Shing Lee
• Format: Others
• Language: zh-TW
• Published: 2012
• Online Access: http://ndltd.ncl.edu.tw/handle/81052148235193173614

碩士 === 國立臺南大學 === 科技管理碩士班 === 100 === Currently, with the rapid development of the Internet, people highly use the Internet Communication Technology (ICT) so that computer systems and personal communication devices have become interconnection systems of the groups of network. Because of this, the derivative problems about information security have been threatening the stability and reliability of organizational information systems services. Since 1992, introducing the Information Security Management System (ISMS) into organizations has been an important part for organizations management after the World Organization for Economic Co-Operation and Development (OECD) published the guidelines for information system security. Consequently, the importance of the organizational information security maintenance increases day by day. Nowadays, the world’s university standard for ISMS is ISO 27001:2005 and the Standard Operation Procedure (SOP) for conducting ISMS is ISO 27002:2005. In Taiwan, the corresponding standard is CNS 27001 and CNS 27002. Meanwhile, Ministry of Education simplifies partial control objectives and controls to define another SOP for education systems to provide them with a reference of establishing and managing ISMS. However, the above-mentioned standards and SOPs are all guided statements, that is, they have no clear defined operation procedures and knowledge management practices for conducting ISMS. As a result, this thesis uses a computer center in the university as a case study to practice ISMS. Through improving procedures, establishing the task force groups, developing procedural forms, evaluating risk level, and actually practicing the related tasks, the maturity level in the introduction of ISMS is verified according to process areas of level 2 and level 3 of Capability Maturity Model Integration (CMMI), developed by Software Engineering College of Carnegie Mellon University. At the same time, this thesis also proposes an FML (Fuzzy Markup Language)-based inference system to infer the risk value of information assets when conducting ISMS. Additionally, this thesis uses FML to establish the knowledge base and rule base of conducting ISMS and uses technologies of ontology to construct the ISMS ontology. It is hoped that one day this thesis might provide other ISMS-introducing organizations with a reference for collecting, sharing, reusing, improving the procedures.