| Information is the key element to the successful business today. Information brings value to the organization and profits to stakeholders, as well as some hidden dangers. As an important part of organization’s assets, information should be fully protected. It has become the researcher’s focus, how information can be well protected. Therefore, series of information security management system has been published. B Corp. is the Shanghai Branch of a global construction&engineering company. Information security relates to not only B corp.’s designing, patent, contracts, but also clients’classified information. Thus, it is an urgent requirement for B corp. to evaluate and control information security risks, and then setting up information security management system.The study researches the risk evaluating and risk controlling for B corp., basing on ISO27000. From the analysis of B corp.’s background, the risk control scope had been defined. By the risk evaluating procedure of ISO27000, B corp.’s information assets, threats, vulnerabilities were identified. By the risk calculation formula, the study gave the risk evaluation report. And according to the report and ISO27000requirements, mitigation plans were drafted and advised. The study would be a reference of risk evaluation for other organizations in information security. |
PDF Full Text Request