摘要:The purpose of this paper is to suggest structural risk management processes and scope assessment methods for performing risk management in information system operation audit. Based on the ISMS methodology for international standards for risk management and domestic information security standards, this research provides an empirical way of improvement in information system audit checklist. In order to perform the risk management procedures of the ISMS and information security effectively on the basis of the existing information system audit framework, we compare domestic information security risk management, derive a detailed checklist, and evaluate properness of the checklist to improve the information security risk management
关键词:Information security management system(ISMS); information security risk management;information system operation audit
