New Risk Analysis Method for Information System Security

Easter C. K. Huang；Chung-Jen Chin

Personal Information Protection ； information security ； risk analysis ； FMEA ； ISO27001 ； certification

資訊安全通訊

20卷4期（2014 / 10 / 01）

23 - 40

英文

This study used the Failure Mode Effect Analysis (FMEA) that is one of the most popular methods for risk analysis to explain the regulatory compliance rate with the information security risk analysis of the Taiwan universities. Using the regression analysis, the independent variables including violating times to Taiwanese laws, the self-detecting violating times to Taiwanese laws, the attacked times that detected by government and the non-conformities issued by third-party to the dependent variables that the risk priority number (RPN) that the multiplication of occurrence of violation (O), the Severity (S) and detecting ability (D). The multicollinearity is not obvious, and the result is significant correlation of the variables that independent variables could explain 68% to the dependent variable. In this study, the FMEA could explain the regulatory compliance that means the risk analysis could improve information security detective methods for the preventive purposes.

1. International Automotive Task Force-IATF, “Failure Mode Effect Analysis,” 2008, Fourth Edition..
2. Executive Yuan, “The development programs of national information security, 2009~2012,” National Information and Communication Security, 2009..
3. Slobodan Živković1, An illustration of Failure Mode Effect Analysis (FMEA), Techniques to the analysis of information risk, 2005..
4. Information Security Certification Center educational institutions of National Tsing Hua University, “ISMS Certifications list,” 2011..
5. International Automotive Task Force-IATF, “Advanced Product quality planning,” 2009..
6. Chen, C.,Cherng, B.,Chen, X.,Liu, Z.(2009).multivariate analysis.Wunan.
7. Cohen, J.,Cohen, P.,West, S. G.,Aiken, L. S.(2003).Applied multiple regression/correlation analysis for the behavioral sciences.Mahwah, N.J.:Lawrence Erlbaum Associates.
8. Huang, Easter C. K.(2014).Chaoyang University of Technology.
9. Huang, Easter C. K.,Chung-Jen, C.(2013).The using of Eyes contact Video conferencing system in the information security.Electro-optics and Communications Conference,Taipei:
10. Huang, Easter C. K.,Chung-Jen, C.(2013).The affection between the certification strategy and the quality cost.2013 Conference on Theory and Practice of Business Management & Accounting Information,Taichung:
11. Jiang, W.,Fan, X.,Duanmu, D.,Deng, Y.(2013).A new security risk assessment method of website based on generalized fuzzy numbers.Journal of Computers,8(1),136-145.
12. Lu, X.,Zhong, C.,Yang, L.(2009).Security risk assessment method of website based on threat analysis.Journal of Computer Applications,29,94-96.
13. Mintzberg, H.,Lampel, J.,Ahlstrand, B.(2005).Strategy Safari: A Guided Tour Through The Wilds of Strategic Management.Free Press.