摘要 |
An information security audit method and system is provided. A normalized weighting of each of a plurality of members of an organization is computed according to a level and at least one feature, such as member attribute, asset, performance etc. of each of the members. A plurality of risk evaluation values corresponding to a plurality of audit items are computed and a normalized risk evaluation value of each of the members is further computed according to the risk evaluation values and the normalized weighting. A relation of the normalized risk evaluation value and a plurality of threshold value intervals are determined to dynamically adjust an audit period and/or a number of the audit items according to the relation. Alternatively a relation of risk evaluation values and a plurality of threshold value intervals are determined. |