摘要(英) |
The maintenance of the information safety, often overweight the technology of the information safety. According to statistics, the problem that information faces safely, belong to natural factor influence, only account for 15%; And the influence of the human factor, is up to 85%. Further, the reason organizing inside personnel accounts for 80% in 85% of the proportions here. So the human factor is a subject matter of the recent information safety in fact, so what a disappearance of managing the human factor and causing effectively, it is a focal point discussed and probing into in fact.
Information management, especially the management of information personnel, must deal with the topic about ’’ people ’’, but, the topic related to people, seem to always have some fuzzy and difficult to resolve places. This research consults BS7799 and audit four projects regularly before dividing the safety management of information personnel into employing, after employing, promote, probe into separately “carry out morality and assess before employ”, “carry out after not employing mood assess”, “consider morality mood in front of not promoting” and “do personnel audit regularly” influence degree against information safety.
This research assesses the way with the questionnaire oneself(N=94). Discover that the size, company’’s scale have not influenced the incident of information safety to manage time, and less frequency happens to the incident of information safety to enterprises carrying out BS7799; In addition operational staff safety management happen information safety incident have lower taking place incident of information safety have result of suppressing chances to future.
|
參考文獻 |
1. 周宣光(2000),「管理資訊系統」,台北,東華書局。
2. 黃亮宇(1992),「資訊安全規劃與管理」,台北,松崗電腦圖書。
3. 黃慶堂(1999),「我國行政機關資訊安全管理之研究」,政治大學公共行政系碩士論文。
4. 劉永禮(2002),「以BS7799資訊安全管理規範建構組織資訊安全風險管理模式之研究」,元智大學工業工程與管理研究所碩士論文。
5. 樊國幀(1999),「通資訊安全工作初始方向芻議」,資訊安全通訊,第五卷,第三期,1-7頁。
6. 歐陽惠華(2007),「ISO 27002與COBIT 4.1控制措施之對映分析」,高雄師範大學資訊教育研究所碩士論文。
7. BS 7799-1(2002), Information Security Management- Part 1: Code of Practice for Information Security Management, British Standards Institution, London.
8. BS 7799-2(2002), Information Security Management- Part 2: Specification for Information Security Management Systems, British Standards Institution, London.
9. COBIT 4.1(2007), IT Governance Institute (ITGI), [online], Available: http://www.isaca.org/Content/NavigationMenu/Members_and_Leaders1/COBIT6/Obtain_COBIT/Obtain_COBIT.htm.
10. Hardy, G. (2006), “Using IT governance and COBIT to deliver value with IT and respond to legal, regulatory and compliance challenges,” Information Security Technical Report, Volume 11, Issue 1, 55-61. Elsevier Ltd.
11. Hutt, A. E. (1995), “Management's Role in Computer Security,” Computer Security Handbook, New York: Wiley.
12. IBM(1984), IBM Data Security Support Programs, USA.
13. ISO/IEC TR 13335-3:1998, Information technology -- Guidelines for the management of IT Security -- Part 3: Techniques for the management of IT Security, International Organization for Standardization.
14. ISO/IEC 27001:2005, Information technology-Security techniques-Information security management security management systems-Requirements, British Standards Institution, London.
15. OECD(1992), “OECD Recommendation,” Guidelines and Explanatory Memorandum for the Security of Information Systems.
16. OECD(2001), “OECD Guidelines for the Security of Information Systems, In formation Security Objective,” [online], Available: http://www,oecd.org/oecd/pages/displaygeneral/0.3380.EN-document-43-noderectorate-no-no-10249-13.EF.html#title.
17. Schneider, E. C. and G. W. Therkalsen(1990), “How Secure Are Your System?,” Avenues To Automation, November, 68-72.
18. Spruit, M. E. M. and M. Looijen(1996), “IT Security in Dutch Practice,” Computer & Security, Volume 15, Number 2, 157-170. Elsevier Ltd.
19. 行政院研考會,「可信賴資訊系統安全評估評鑑標準簡史」,[online],Available:http://www.rdec.gov.tw/ipcs/gd_os.htm#tcse,2001年。
20. 行政院國家資通安全會報技術服務中心,「政府機關資訊安全問卷調查」,[公告],2009年6月13 日取自:http://www.dgbas.gov.tw/ct.asp?xItem=9022&ctNode=418。
21. 愛普生遭入侵案(2009年6月17日)。取自: http://homepage.vghtpe.gov.tw/~ged/lefta/b1_054htm.htm
22. Sony生保遺失內含14萬筆個資的PC(2009年6月17日)。取自:http://www.itis.tw/node/2693
23. 美國線上工程師盜9200萬筆電郵帳號(2009年6月17日)。取自: http://forum.icst.org.tw/phpbb/viewtopic.php?f=5&t=2999
24. 德國LGT銀行人員離職後出賣客戶資料(2009年6月17日)。取自: http://www.epochtimes.com/b5/8/2/28/n2025940.htm
25. 漢光演習機密資料外洩(2009年6月17日)。取自: http://www.ttv.com.tw/096/04/0960430/09604304710403I.htm
26. 威盛商業間諜(2009年6月17日)。取自: http://news.taiwannet.com.tw/newsdata/showdetail1.php?ID=6844
27. 銀行資料外洩客戶遭冒名盜刷(2009年6月17日)。取自: http://forum.icst.org.tw/phpbb/viewtopic.php?f=5&t=13583
28. 警所私灌FOXY偵查筆錄外洩(2009年6月17日)。取自: http://www.libertytimes.com.tw/2007/new/apr/13/today-life1.htm
29. 東森購物台外洩客戶個人資料(2009年6月17日)。取自: http://www.itis.tw/node/2862
30. Foo Mei Ling(2007), “COBIT ® 4.1: An Update ISACA/MNCC IT Governance Conference, 22nd and 23rd May 2007,” Page8. Retrieved June 13, 2009, from : http://www.isaca.org.my/doc/itgc07/day1-6.pdf
|