A study of Integrated risk assessment methodology of ISO 27001 and BS 10012 – A Case Study of government agency A
碩士 === 淡江大學 === 資訊管理學系碩士在職專班 === 103 === In order to improve information security and personal data protection, business organizations have chosen to introduce ISO 27001 and BS 10012 management systems and other international standards. The introduction of these systems can be quite complicated, and...
Main Authors: | , |
---|---|
Other Authors: | |
Format: | Others |
Language: | zh-TW |
Published: |
2015
|
Online Access: | http://ndltd.ncl.edu.tw/handle/9smqxt |
id |
ndltd-TW-103TKU05396033 |
---|---|
record_format |
oai_dc |
spelling |
ndltd-TW-103TKU053960332019-05-15T22:34:05Z http://ndltd.ncl.edu.tw/handle/9smqxt A study of Integrated risk assessment methodology of ISO 27001 and BS 10012 – A Case Study of government agency A 整合國際標準ISO 27001及BS 10012之風險評鑑方法論-以政府A機關為例 Pei-Ying Yang 楊佩穎 碩士 淡江大學 資訊管理學系碩士在職專班 103 In order to improve information security and personal data protection, business organizations have chosen to introduce ISO 27001 and BS 10012 management systems and other international standards. The introduction of these systems can be quite complicated, and risk assessment is one of the necessary items for establishing the management system. If two systems are introduced simultaneously, the risk assessment must be implemented twice, which will incur repeated costs. Therefore, this study investigated the integration of the risk assessment methods for ISO 27001 and BS 10012 based on the case study of government agency A, with the aim of reducing man-hour costs. With the requirements of relevant government laws and regulations and the risk management framework of CNS 27005 and CNS 31000 as the risk assessment architecture, this study made an inventory of the information assets and personal data files in the form of flow process, and stipulated the aspects of impact and risk scenario conforming to the information asset and personal data files to serve as the factors for integrating the ISO 27001 and BS 10012 risk assessments. This study found that government agency A only had to implement one risk assessment after introducing the integrated risk assessment methodology, which saved about 29% of inventory and risk assessment man-hours, and 33% of educational training man-hours, consequently decreasing the man-hour cost of the business organizations. Ming-Dar Hwang 黃明達 2015 學位論文 ; thesis 64 zh-TW |
collection |
NDLTD |
language |
zh-TW |
format |
Others
|
sources |
NDLTD |
description |
碩士 === 淡江大學 === 資訊管理學系碩士在職專班 === 103 === In order to improve information security and personal data protection, business organizations have chosen to introduce ISO 27001 and BS 10012 management systems and other international standards. The introduction of these systems can be quite complicated, and risk assessment is one of the necessary items for establishing the management system. If two systems are introduced simultaneously, the risk assessment must be implemented twice, which will incur repeated costs. Therefore, this study investigated the integration of the risk assessment methods for ISO 27001 and BS 10012 based on the case study of government agency A, with the aim of reducing man-hour costs.
With the requirements of relevant government laws and regulations and the risk management framework of CNS 27005 and CNS 31000 as the risk assessment architecture, this study made an inventory of the information assets and personal data files in the form of flow process, and stipulated the aspects of impact and risk scenario conforming to the information asset and personal data files to serve as the factors for integrating the ISO 27001 and BS 10012 risk assessments. This study found that government agency A only had to implement one risk assessment after introducing the integrated risk assessment methodology, which saved about 29% of inventory and risk assessment man-hours, and 33% of educational training man-hours, consequently decreasing the man-hour cost of the business organizations.
|
author2 |
Ming-Dar Hwang |
author_facet |
Ming-Dar Hwang Pei-Ying Yang 楊佩穎 |
author |
Pei-Ying Yang 楊佩穎 |
spellingShingle |
Pei-Ying Yang 楊佩穎 A study of Integrated risk assessment methodology of ISO 27001 and BS 10012 – A Case Study of government agency A |
author_sort |
Pei-Ying Yang |
title |
A study of Integrated risk assessment methodology of ISO 27001 and BS 10012 – A Case Study of government agency A |
title_short |
A study of Integrated risk assessment methodology of ISO 27001 and BS 10012 – A Case Study of government agency A |
title_full |
A study of Integrated risk assessment methodology of ISO 27001 and BS 10012 – A Case Study of government agency A |
title_fullStr |
A study of Integrated risk assessment methodology of ISO 27001 and BS 10012 – A Case Study of government agency A |
title_full_unstemmed |
A study of Integrated risk assessment methodology of ISO 27001 and BS 10012 – A Case Study of government agency A |
title_sort |
study of integrated risk assessment methodology of iso 27001 and bs 10012 – a case study of government agency a |
publishDate |
2015 |
url |
http://ndltd.ncl.edu.tw/handle/9smqxt |
work_keys_str_mv |
AT peiyingyang astudyofintegratedriskassessmentmethodologyofiso27001andbs10012acasestudyofgovernmentagencya AT yángpèiyǐng astudyofintegratedriskassessmentmethodologyofiso27001andbs10012acasestudyofgovernmentagencya AT peiyingyang zhěnghéguójìbiāozhǔniso27001jíbs10012zhīfēngxiǎnpíngjiànfāngfǎlùnyǐzhèngfǔajīguānwèilì AT yángpèiyǐng zhěnghéguójìbiāozhǔniso27001jíbs10012zhīfēngxiǎnpíngjiànfāngfǎlùnyǐzhèngfǔajīguānwèilì AT peiyingyang studyofintegratedriskassessmentmethodologyofiso27001andbs10012acasestudyofgovernmentagencya AT yángpèiyǐng studyofintegratedriskassessmentmethodologyofiso27001andbs10012acasestudyofgovernmentagencya |
_version_ |
1719131668740046848 |