The Risk Management of Information System Using CRAMM - Case of a Korean Credit Card Company -

CRAMM을 이용한 정보시스템 위험관리 - 신용카드회사 사례연구 -

  • 김법진 (동양시스템하우스) ;
  • 한인구 (한국과학기술원 테크노경영대학원) ;
  • 이상재 (한국과학기술원 테크노경영연구소)
  • Published : 2000.06.30

Abstract

As companies become more dependent upon information systems(IS), the potential losses of IS resources become critical. IS management must assume the increasing responsibility for protection of IS resources as the IS and business environments become more vulnerable to various threats. The major issues facing management, when attempting to manage risks, include the assessment of the impact of risks on business objectives and the design of security safeguards to reduce the unacceptable risks to an acceptable level. This paper provides a case study of the risk management for IS. A Korean credit card company which has the high sensitivity for customers security was selected as a case. The risk management procedure using a powerful tool, CRAMM(the Central Computer and Telecommunications Agencys Risk Analysis and Management Method) was applied for this company.

Keywords