| At present,with the CPU calculation upgrade and huge increase of data operation capabilities,digital transformation became the most important topic around the world.Research data and information is the most important aspect in all organizations.As a part of company asset,those data and information which cost the most investment within research project might be stolen by competitors easily.IT strategy of R&D organization A is moving to Cloud-Users from traditional Datacenter-Users model.The most urgent requirement is how to protect company data and information and keep competitive advantage within industry.The paper is about evaluation and demonstration information security risk for R&D organization A with principle of IS027001 information security standard.Within the specific scope,regarding IS027001 information security standard to identify organization information asset,threaten and vulnerability,also use risk management skill from project management theory,expert consultation and entropy weight method to evaluate information security.Based on risk assessment results,this paper proposes system failure,storage media,inside damage,system hacking,force majeure,terrorist attack,device failure and employee threaten risk response strategies and risk control measures,and risk monitoring measures.The research result of the paper enhance A R&D organization information security protection level based on information security control plan and information security risk management methodology to prevent risk incident in the future.This article can be reference for R&D organization A to build up information security strategy and also for the origination with same industry. |
PDF Full Text Request