An Information Security Risk Assessment Model for Computer Facilities in Bank
碩士 === 世新大學 === 資訊管理學研究所(含碩專班) === 101 === With the rise of consumer awareness and the capability of enhancing the use of information, a stable and reliable system is a major key point for financial institutions to improve their competitive advantage and customer satisfaction. Because of information...
Main Authors: | , |
---|---|
Other Authors: | |
Format: | Others |
Language: | zh-TW |
Published: |
2013
|
Online Access: | http://ndltd.ncl.edu.tw/handle/21610995323570653988 |
id |
ndltd-TW-101SHU05396073 |
---|---|
record_format |
oai_dc |
spelling |
ndltd-TW-101SHU053960732016-12-19T04:14:25Z http://ndltd.ncl.edu.tw/handle/21610995323570653988 An Information Security Risk Assessment Model for Computer Facilities in Bank 一個適用於銀行電腦機房之資訊安全風險評鑑模式 YOU-CHENG CHANG 張祐誠 碩士 世新大學 資訊管理學研究所(含碩專班) 101 With the rise of consumer awareness and the capability of enhancing the use of information, a stable and reliable system is a major key point for financial institutions to improve their competitive advantage and customer satisfaction. Because of information technology, various operations must rely on IT equipment. The way in which to prevent equipment failure in order to reduce the risk of business operations is indeed one of the operation topics for the existing businesses. However, information security incidents continue to occur in recent years. Following a set of information security management system with good standard will be an important factor for the financial institutions to implement information security. This study collected the related literature on information risks and was based on 133 controlled measures of ISO 27001 to get nine aspect factors and 56 critical success factors. This study also used reliability analysis and questionnaires for the case company to obtain 7 information security risk factors. First, propose a comprehensive information security policy. Second, the work processes and safety regulations for staff and a comprehensive educational training. Third, a check of the equipment for the information engine room. Fourth, both PC and the operating system must be protected by an impeccable defense mechanism. Fifth, the control management for the permissions must be planned completely. Sixth, the data backup mechanism and the specifications for confidential data masking operations. Last, the backup system and the procedures for emergency treatment. This thesis built an applicable evaluation model of security risks and hopes to propose risk assessment considerations for information engine rooms in financial institutions in the future. Tony Chiu 邱孟佑 2013 學位論文 ; thesis 102 zh-TW |
collection |
NDLTD |
language |
zh-TW |
format |
Others
|
sources |
NDLTD |
description |
碩士 === 世新大學 === 資訊管理學研究所(含碩專班) === 101 === With the rise of consumer awareness and the capability of enhancing the use of information, a stable and reliable system is a major key point for financial institutions to improve their competitive advantage and customer satisfaction. Because of information technology, various operations must rely on IT equipment. The way in which to prevent equipment failure in order to reduce the risk of business operations is indeed one of the operation topics for the existing businesses. However, information security incidents continue to occur in recent years. Following a set of information security management system with good standard will be an important factor for the financial institutions to implement information security.
This study collected the related literature on information risks and was based on 133 controlled measures of ISO 27001 to get nine aspect factors and 56 critical success factors. This study also used reliability analysis and questionnaires for the case company to obtain 7 information security risk factors. First, propose a comprehensive information security policy. Second, the work processes and safety regulations for staff and a comprehensive educational training. Third, a check of the equipment for the information engine room. Fourth, both PC and the operating system must be protected by an impeccable defense mechanism. Fifth, the control management for the permissions must be planned completely. Sixth, the data backup mechanism and the specifications for confidential data masking operations. Last, the backup system and the procedures for emergency treatment. This thesis built an applicable evaluation model of security risks and hopes to propose risk assessment considerations for information engine rooms in financial institutions in the future.
|
author2 |
Tony Chiu |
author_facet |
Tony Chiu YOU-CHENG CHANG 張祐誠 |
author |
YOU-CHENG CHANG 張祐誠 |
spellingShingle |
YOU-CHENG CHANG 張祐誠 An Information Security Risk Assessment Model for Computer Facilities in Bank |
author_sort |
YOU-CHENG CHANG |
title |
An Information Security Risk Assessment Model for Computer Facilities in Bank |
title_short |
An Information Security Risk Assessment Model for Computer Facilities in Bank |
title_full |
An Information Security Risk Assessment Model for Computer Facilities in Bank |
title_fullStr |
An Information Security Risk Assessment Model for Computer Facilities in Bank |
title_full_unstemmed |
An Information Security Risk Assessment Model for Computer Facilities in Bank |
title_sort |
information security risk assessment model for computer facilities in bank |
publishDate |
2013 |
url |
http://ndltd.ncl.edu.tw/handle/21610995323570653988 |
work_keys_str_mv |
AT youchengchang aninformationsecurityriskassessmentmodelforcomputerfacilitiesinbank AT zhāngyòuchéng aninformationsecurityriskassessmentmodelforcomputerfacilitiesinbank AT youchengchang yīgèshìyòngyúyínxíngdiànnǎojīfángzhīzīxùnānquánfēngxiǎnpíngjiànmóshì AT zhāngyòuchéng yīgèshìyòngyúyínxíngdiànnǎojīfángzhīzīxùnānquánfēngxiǎnpíngjiànmóshì AT youchengchang informationsecurityriskassessmentmodelforcomputerfacilitiesinbank AT zhāngyòuchéng informationsecurityriskassessmentmodelforcomputerfacilitiesinbank |
_version_ |
1718401015995170816 |