近年,企業組織為了強化營運靈活度,運用各種資訊技術提升競爭優勢。同時由於,企業營運趨向全球化,與服務營運密切相關的系統必須以幾乎全年無休的狀態持續運作,當營運流程愈是與資訊設備高度整合,資訊系統的「可靠度」對於影響企業成敗愈具影響力。廣泛的資訊系統定義是由數個資產所組成的集合體,因此一旦系統的可靠度降低,建立在系統上的其他任何相關的作業、營收,甚至企業名譽等,都會受到牽連影響,嚴重甚至可能中止營運。
因此本研究基於資訊資產相互牽連之關係,提出風險連動的概念,進而從企業營運服務角度分析資訊系統的風險對整體營運的影響,予傳統風險評估方法一個新的視野,期有助於企業進行整合性的風險管理,並能普及資訊安全風險管理意識、形塑風險管理文化至一般社會大眾。
In recent years, in order to improve their operational flexibilities, organizations use a variety of information technologies to enhance their competitiveness. Also, while en-terprises’ operations tent to go global, information systems close linked to their service operations should maintain operational continuously all the year. While business processes became more and more closely integrated with information systems, the roles the reliabilities of information systems played in the success of enterprise became heavier. A broader definition of an information system is an aggregate of several information assets. Therefore, once the system reliability decline, any operation, revenue and even business reputation relied on the system will also reduce. Sometimes, the impact might serious enough to bring the enterprise out of business.
This research based on information asset dependency describes how the risk of an asset might affect the risks of other correlated assets. This research also expresses the results of risk consequence in terms of measurable indicators, providing a new view point to the traditional risk assessments. This might provide a reference for enterprises to carry out integrated system risk managements. As a result, hopefully, the concept of information security can be promoted to a higher level. Further, we try to build aware-ness of information security risk management and risk management culture to general public.
