282                                                28         92    2





                                                                 Risk Management
                                                  Process     Wright, 1999    Reid & Floyd, 2001

                           2001
                                             Risk Assessment                    Risk Control
                                             Information Security Risk




                            =f
                            =f
                            =f
                            =f
                            =f

                                       Control and Auditing Theory, CAT

                                           Control and Auditing Theory
                                     Control System                               Auditing
                                        Performance



                                   Internal Control System



                                    Control                     Prevents               Detects
                     Corrects                       ISO/IEC 17799
                                                   127                COBIT
                                                          34                       318

                     Weber     1999             2001    ISO/IEC 17799     2000    COBIT     1998



                     Control System                                            Information Auditing





                            =f
                                =f

                                    Management System Theory, MST

                                             Management System Theory
                                                         Information Security Management System,