การประเมินการควบคุมภายในด้านความมั่นคงปลอดภัยสารสนเทศโดยใช้มาตรฐาน ISO/IEC 27001: กรณีศึกษาบริษัทประกันวินาศภัยแห่งหนึ่ง / เอกฉัตร ผลวัฒนโรจน์ =PInternal Control Assessment of Information Security based on ISO/IEC 27001 Standard: A Case Study of an Insurance Company / Ekkachat Pholwattanaroj
The objective of this independent study is to assess the internal control of information security of an insurance company based on ISO/IEC 27001:2013 standard in 5 domains including A.5 Information Security Policy, A.6 Organization of Information Security, A.7 Human Resource Security, A.8 Asset Management and A.9 Access Control. The data in this study were collected by interviewing, observation, document review and test of control. Then, an evaluation of compliance based on ISO/IEC 27001:2013. The results of this study show that the company has fully complied with 22 prescribed controls and partially complied with 17 prescribed controls.