English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  Items with full text/Total items : 113483/144470 (79%)
Visitors : 51376165      Online Users : 592
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    政大機構典藏 > 商學院 > 資訊管理學系 > 學位論文 >  Item 140.119/31126
    Please use this identifier to cite or link to this item: https://nccur.lib.nccu.edu.tw/handle/140.119/31126


    Title: The process-wide methodology for investigating the information security of a business process
    Authors: 洪妙如
    Hung, Miao-Ju
    Contributors: 蔡瑞煌
    江永裕

    Tsaih, Ray
    Chiang, Yung-Yu

    洪妙如
    Hung, Miao-Ju
    Keywords: 資訊安全
    風險分析管理
    企業流程
    information security
    risk analysis and management
    business process
    Date: 2004
    Issue Date: 2009-09-14 09:18:17 (UTC+8)
    Abstract: 為落實現行企業的資訊安全評估,研究一創新的方法論,從企業流程的角度做分析評估,將企業要面臨的風險降低到可接受的等級。我們提出的發法論主要分為: (1) 發展企業流程表,找出此流程中要完成的所有功能(2) 指出各功能中對應需運作的接觸點/資訊管道/資訊資源,並評估可能面臨的風險 (3) 將這些面臨的風險,依據風險的可能性、風險的影響性,決定出各風險的風險等級 (4)提出在需建議的風險等級以上的接觸點/資訊管道/資訊資源的控制措施 (5) 確認現行企業是否有落實建議之控制措施。並實際訪談個案公司,完成此方法論的案例雛型。
    We are interested in evaluating the information security of a critical business process and its relevant issues. We try to provide a new security investigation method which is concerned with ensuring the continuity of business essential processes even the whole organization. This study will provide a methodology for analyzing the risk of each component of a process to replace the original information security method which was too widespread or too tiny. Base on such investigation, we can realize the security implements in the process and discover what component is needed to changed such as reduce risk or enhance security of that process to an acceptable level within the limited budget.
    In our methodology for each decisive business process., the following steps are proposed: (1) to develop the business process table, (2) to figure out all practices of CP/IC/IR corresponding to each function and the related risks, (3) to classify the risk likelihood, risk impact, and security level for each CP/IC/IR of the critical process, (4) to propose the corresponding controls for each CP/IC/IR, and (5) to check the installed controls: The last column, installed check, is took down if the proposed controls are installed or not. A case study of the loan process in a financial institution will be conducted here to illustrate the proposed methodology.
    We find that here are a number of benefits offered by the PWIO security investigation approach. It is designed from the higher level view point. It involves more members. It is easier to be supported by managers. It makes systematic analysis and check for the security controls in the business process. It costs less than the conventional risk analysis which is adopted for the whole enterprise. The PWIO security investigation methodology can be used in one of the processes and be modified to fit the unique enterprise, and then it can be followed out by the other processes. It can save time and money via try-and-modify steps.
    Reference: 1. Carr, N.G., “IT Doesn’t Matter,” Harvard Business Review, May, pp. 41- 49, 2003
    2. Curtis, B., Keller, M.I. and Over, J., “Process Modeling”, Communication of the ACM, Vol.35, No.9, pp. 75 -90, 1992
    3. Davenport, T.H. and Short, J.E., “The new industrial engineering: information technology and business process redesign”, Sloan Management Review, Vol. 31, No. 4, pp. 11-27, 1990
    4. Denna, E.L., Perry, L.T. and Jasperson, J., “Reengineering and REAL business process modeling”, in Grover, V. and Kettinger, W.J. (Eds), Business Process Change: Reengineering Concepts, Methods, and Technologies, Idea Group Publishing, London, pp.350-375, 1995
    5. ISO/IEC 17799, Information technology — Code of practice for information security management, First edition, 2000
    6. Luo, W., and Tung, Y. A., “A framework for selecting business process modeling methods”, Industry Management and Data Systems, Vol. 99, No.7, pp.312-319, 1999
    7. McAdams, A. C., “Security and risk management: a fundamental business issue”, Information Management Journal, Vol. 38, No. 4, ABI/INFORM Global pp.36 - 44, Jul/Aug 2004
    8. Peltier, T. R., Information Security Risk analysis, CRC Press LLC, Florida, 2001
    9. Peltier, T. R., “Developing an Enterprisewide Policy Structure”, Information Systems Security, New York, Vol.13, Iss. 1, pp. 44 -50, Mar/Apr 2004a
    10. Peltier, T. R., “Risk analysis and risk management”, EDPACS, Vol. 32, No. 3; ABI/INFORM Global, pp. 1-17; Sep 2004b
    11. Porter, M. E., The value chain and competitive advantage. In: Competitive Advantage: Creating and Sustaining Superior Performance, Free Press, New York., 1985
    12. Halliday, S., Badenhorst, K., and Von Solms, R., “A business approach to effective information technology risk analysis and management”, Information Management & Computer Security, Bradford: Vol.4, Iss. 1, pp. 19-31, 1996
    13. Tsaih, R., Lin, W., Hung, M. J., and Cheng, Y. L., “The business process investigation in the perspective of customer value”, The Fourth International Conference
    on Electronic Business, Beijing, China, pp.596-603 , 2004
    Description: 碩士
    國立政治大學
    資訊管理研究所
    92356027
    93
    Source URI: http://thesis.lib.nccu.edu.tw/record/#G0923560272
    Data Type: thesis
    Appears in Collections:[資訊管理學系] 學位論文

    Files in This Item:

    File SizeFormat
    index.html0KbHTML2469View/Open


    All items in 政大典藏 are protected by copyright, with all rights reserved.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback