Affiliation: | a Institute of Information Management, National Chiao-Tung University, 1001 Ta Hsueh Road, Hsinchu 300, Taiwan, ROC b Internet Security Solutions International Co., Taiwan, ROC c DCGS for Communications, Electronics and Information (J-6), Ministry of National Defense, Taiwan, ROC |
Abstract: | The security of information system is like a chain. Its strength is affected by the weakest knot. Since we can achieve 100% Information Security Management System (ISMS) security, we must cautiously fulfill the certification and accreditation of information security. In this paper, we analyzed, studied the evaluation knowledge and skills required for auditing the certification procedures for the three aspects of ISMS—asset, threat, and vulnerability. |