隨著資訊快速普及化與電子商務興起，資訊的安全性要求也逐漸受到重視，如何執行資產價值評估、資產風險分析與風險處置，確保資訊資產（information asset）不會受側破壞、竊取與篡改，是目前資訊安全管理研究重要的議題。本文除就資訊安全主要相關標準作探討外，針對資訊安全之機密性、完整性及可用性三個構面，運用脆弱性、威脅模式（Asset/Vulnerability/Threat），建構風險分析的整體架構，最後舉一實例說明，羕能提供日後企業執行資訊安全風險評估之參考。

In the wake of the fast popularization of information and the rise of electronic commerce, information security is gradually gaining attention. How to perform the evaluation of the value of assets, how to perform the analysis of the risks associated with assets, and how to protect information assets fro sabotage, theft and tamper are currently the most important topics in the study of the management of information security. This research discusses the related standards of information security, and also addresses the aspects of confidentiality, integrated framework for risk analysis using vulnerability, threat of assets. Finally, the research results are illustrated by a case study. The results can be sued by business organizations as references or basis for information security planning and for management process improvements.