|
Seeing that two information security events happened in the sensitive military organization successively, this study, which is for preventing other similar events and setting up a direction for policy, combines “Project Risk Management’ and “ISO/IEC 27001”, adopting a questionnaire method to implement risk analysis. This study also indicates important information security points of sensitive military organization according to the probability-impact array.
For “Risk Response Planning”, this study use “Avoidance” and “Mitigation”, which work out control over high risk point, to provide information or suggestion for IT professionals, managers and users. This study constructs an information operating environment on the basis of ISO/IEC 27001 to monitor the information security level, and prepare for the third-party information security authentication.
|