The case study of Implementing ISMS to Insurance Company
| Autor: | Cheng-Kang Yang, 楊正康 |
|---|---|
| Rok vydání: | 2019 |
| Druh dokumentu: | 學位論文 ; thesis |
| Popis: | 107 Information Security Management System (ISMS) is a set of policies and procedures describing the controls that the organization implements for protecting the confidentiality, integrity and availability of information assets from internal or external threats and vulnerabilities. In this case study, the scenario of introducing ISMS to the insurance company is investigated. In 2011, S insurance company suffered three information security incidents causing information leakage and business crisis. Thus, the top management decided to establish their own ISMS suiting to S company itself in order to control all potential risks of information security. However, the ISMS implementation met huge resistances from internal employees. The security control execution could not synchronize original company culture and staff operation habit. In addition, because the resources that S insurance company can provide for implementing information security controls were restricted, how to prioritize the analyzed risks for these limited resources is the other critical issue. The information security internal and external audit mechanism was appropriately established as well in order to monitor and oversee the ISMS status. The managerial methodology such as risk management, information asset management, information security management, and business continuity management are used in this case to assist enterprises resolve the mentioned issues and avoid the failure of implementing ISMS. This case is suitable as a teaching material for enterprises to study the practical implement of ISMS. |
| Databáze: | Networked Digital Library of Theses & Dissertations |
| Externí odkaz: |
|