| This thesis applies the combination of the model of ERM, the new internal control framework by COSO, and COBit, and studies the information system risk management under the compliance project of SOX Act of the WT Company.The author firstly introduces the basic concepts of the management of risk control of information system, theory and methodology, and then discusses the system of risk control of information system under the compliance project of SOX Act of WT Company in the following aspects: (1) the security of information system; (2) the operation of information system; (3) amendment of program; and (4) implementation and maintenance of the applicable system.The main body of the thesis begins with risk evaluation. The author analyzes the related factors, the scope of risk management, targeting of the risk system, locating the potential risk and evaluation of their likelihood of occurrence and outcome, and fixation of the main risk. In the section of risk control, the author, on the basis of the result of risk evaluation, discusses the strategy of dealing with the risk, and by reference to the flow design of COBit model, creates the detailed measures to lowering the risk. At last the author discusses the supervision to the management of risk control system.As the research on information system risk management, the thesis focuses on the process and measures of risk control of information system, and does not discuss in detail the relevant issues in technical level, but pay more attention to the IT Governance. |
PDF Full Text Request