Open Access
Subscription Access
New Risk Analysis Method for Information System Security
Abstract
This study used the Failure Mode Effect Analysis (FMEA) that is one of the most popular methods for risk analysis to explain the regulatory compliance rate with the information security risk analysis of the Taiwan universities. Using the regression analysis, the independent variables including violating times to Taiwanese laws, the self-detecting violating times to Taiwanese laws, the attacked times that detected by government and the non-conformities issued by third-party to the dependent variables that the risk priority number (RPN) that the multiplication of occurrence of violation (O), the Severity (S) and detecting ability (D). The multicollinearity is not obvious, and the result is significant correlation of the variables that independent variables could explain 68% to the dependent variable. In this study, the FMEA could explain the regulatory compliance that means the risk analysis could improve information security detective methods for the preventive purposes.
Keywords
Personal Information Protection; information security; risk analysis; FMEA; ISO27001; certification
Citation Format:
Easter C. K. Huang, Chung-Jen Chin, "New Risk Analysis Method for Information System Security," Communications of the CCISA, vol. 20, no. 4 , pp. 23-40, Oct. 2014.
Easter C. K. Huang, Chung-Jen Chin, "New Risk Analysis Method for Information System Security," Communications of the CCISA, vol. 20, no. 4 , pp. 23-40, Oct. 2014.
Refbacks
- There are currently no refbacks.
Published by Chinese Cryptology and Information Security Association (CCISA), Taiwan, R.O.C
CCCISA Editorial Office
E-mail: ccisa.editor@gmail.com