首頁 > 網路資源 > 大同大學數位論文系統

Title page for etd-0216108-145157


URN etd-0216108-145157 Statistics This thesis had been viewed 2348 times. Download 5 times.
Author Pai-Li Hsu
Author's Email Address No Public.
Department Information Management
Year 2007 Semester 1
Degree Master Type of Document Master's Thesis
Language Chinese&English Page Count 83
Title Classification of Information Assets and Risk Assessment ─ by Example of Banking Industry
Keyword
  • Risk Assessment
  • Information Assets
  • Information Security
  • Information Security
  • Information Assets
  • Risk Assessment
  • Abstract Many incidents of information systems result in imperfect protection of information assets. Since overall protection is expensive, even impossible, security measures should be made at the most needed places in terms of cost and time. By means of classification of information assets and their risk assessment, we are able to know the degree of risk of the assets and to achieve a better decision in security measures. Owing to the secrecy policy, research reports on risk assessment of information assets are rarely made public. In this research we will classify the information assets of a financial institution and assess their risks. Because the institution is one of the major banks in Taiwan, the research results should be representative. The Delphi method is adopted in this research and the questionnaires are designed based on the guidelines of information security management of BS 7799-1: 2000, BS 7799-2: 2002 and ISO/IEC TR 13335. In total, 99 information assets subject to security breaches are chosen for risk assessment, and 7 experts in information security and computer auditing are invited to answer the questionnaires concerning current value of the assets, possible threats, vulnerabilities and degree of risks. Risks are expressed in low, medium and high, ranging over 9 degrees on risk scale. The results reveal that there is one item, the core router, with medium risk while others are in low risk. We also made suggestions for enhancing security measures for all assets with risk degree greater or equal to 2. Owing to the lack of publications of researches on classification of information assets and assessment of their risk in financial field, the results achieved in this study is of practical value.
    Advisor Committee
  • Patrick S. Chen - advisor
  • Files indicate not accessible
    Date of Defense 2008-01-28 Date of Submission 2008-02-16


    Browse | Search All Available ETDs