永田 清 経営学部 経営学科 教授
Construction of Effective Database System for Information Risk Mitigation
In the Information Technology Communication Society, the information system in any organization is always exposed to various kinds of risks, and they should prepare countermeasures against possible risks to protect their assets and secure their activities'
continuity. For that purpose, several types of information risk evaluation and management
systems, such as ISO/IEC 27002, MEHARIT, MAGERIT, SP800-30, OCTAVESM, etc., are proposed by institutions all over the world. Although each system has its own policy and characteristic, on the final stage after the risk evaluation was done and some serious risks were clarified, the system usually goes on the process of choosing effective and available mitigation controls against each of risks.
Security Enhanced Application for Information Systems INTECH Open Access Publisher pp.111-130 2012/05
Copyright(C) 2011 Daito Bunka University, All rights reserved.