As computer becomes popular and internet advances rapidly, information application systems are used extensively in organizations. Various information application systems such as attendance systems, accounting systems, and statistical systems have already replaced manual operations. In such a drastic change, the information security issue encountered by organizations becomes increasingly significant. This study adopts an attendance system of a governmental organization to explore the information security issue. The risk assessment of the attendance system mainly focuses on the assessments of confidentiality, integrity and availability. Weak points of the attendance system and threats to the outside are also included in the scope of consideration. This study adopts the ISO/IEC 27001 information security management system standard and ISO/IEC27005:2008 Information technology - Security techniques - Information security risk management to explore the risk assessment method of the attendance system and establish a set of fuzzy expert systems to measure the value at risk. In the meantime, a recommended acceptable value at risk is provided for facilitating and assisting decision makers through practical aspects and fuzzy expert systems and used as a reference for selecting an acceptable value at risk.
[1]
菅野 道夫,et al.
Industrial applications of fuzzy control
,
1985
.
[2]
Lotfi A. Zadeh,et al.
Outline of a New Approach to the Analysis of Complex Systems and Decision Processes
,
1973,
IEEE Trans. Syst. Man Cybern..
[3]
Efraim Turban,et al.
Decision support systems and intelligent systems
,
1997
.
[4]
E. H. Mamdani,et al.
An Experiment in Linguistic Synthesis with a Fuzzy Logic Controller
,
1999,
Int. J. Man Mach. Stud..
[5]
Kazuo Tanaka,et al.
An Introduction to Fuzzy Logic for Practical Applications
,
1996
.