公开(公告)号：US20140130170A1

公开(公告)日：2014-05-08

申请号：US13686897

申请日：2012-11-27

Applicant: INSTITUTE FOR INFORMATION INDUSTRY

Inventor： Chien-Ting KUO ,  He-Ming RUAN ,  Chin-Laung LEI

IPC: G06F21/57

CPC classification number: G06F21/577

Abstract: An information security audit method used in an information security audit system is provided. The information security audit method comprises the steps outlined below. A normalized weighting of each of a plurality of members of an organization is computed according to a level and at least one feature of each of the members. A plurality of risk evaluation values corresponding to a plurality of audit items are computed and a normalized risk evaluation value of each of the members is further computed according to the risk evaluation values and the normalized weighting. A relation of the normalized risk evaluation value and a plurality of threshold value intervals are determined to dynamically adjust an audit period and/or a number of the audit items according to the relation.

Abstract translation: 提供了信息安全审计系统中使用的信息安全审计方法。 信息安全审计方法包括以下步骤。 根据每个成员的级别和至少一个特征来计算组织的多个成员中的每一个的归一化加权。 计算与多个审计项目对应的多个风险评估值，并且根据风险评估值和归一化加权进一步计算每个成员的归一化风险评估值。 确定归一化风险评估值与多个阈值间隔的关系，以根据该关系动态地调整审计期间和/或审计项目的数量。