| 摘要: | 資訊科技的進步與普及,企業使用資訊系統與依賴資訊的程度也越來越高,企業使用資訊系統來取代單調重複的人工作業,成為企業競爭的利器之ㄧ。企業使用資訊化所帶來的便利,也要預防資訊洩漏所帶來的競爭威脅,故『資訊安全』是企業組織不容忽視的一項重要議題。企業如何善用資源,有效落實資訊安全的政策與管理,是企業組織的挑戰項目之ㄧ。 資訊安全規範最早由英國國家標準協會 (British Standards Institute,BSI) 於1995年提出 BS7799資訊安全管理系統 (ISMS︰Information Security Management System )是為BS7799 Part I,於2005年6月成為 ISO /IEC 17799︰2005國際標準,BS7799 Part II於2005年10月被國際標準化組織 (ISO) 正式採納為ISO/IEC 27001︰2005資訊安全管理系統標準,是現今國際社會最多所認同並採用的資訊安全管理標準。 本文獻屬於個案研究,透過深入訪談的方式,探討個案公司導入資訊安全管理系統 (ISMS︰Information Security Management System )並取得資訊安全認證,歸納出企業導入資訊安全系統時,於評估資訊資產風險要素的過程中所面臨使用者的抗拒、導入前後對於組織資訊安全的的效益以及導入認證的關鍵成功因素。 可作為其他企業導入之參考,縮短導入之時程。 並藉由PDCA ( Plan,Do,Check,Action) 管理循環達到持續改善的要求。The progress and popularization of information technology, business use of information systems and rely on increasingly high level of information, business information systems used to replace repetitive manual tasks, become competitive weapon subsequently. Enterprises to use the convenience of information technology, but also prevent information leakage caused by the competitive threat, so the information security 』『 organization is an important issue can not be ignored. How companies make the best use of resources, effective implementation of information security policy and management, is the challenge of the project organization subsequently. Security specification was first proposed by the British National Standards Institute (British Standards Institute, BSI) in 1995 proposed Information Security Management System BS7799 (ISMS ︰ Information Security Management System) is to BS7799 Part I, in June 2005 to become ISO / IEC 17799 ︰ 2005 International Standard, BS7799 Part II in October 2005 by the International Organization for Standardization (ISO) formally adopted as ISO / IEC 27001 Information Security Management System ︰ 2005 standard, is now the most recognized by the international community and adopt the information security management standards. In this study, case study, the use of in-depth interviews and questionnaire survey, case discussion, Information Security Management System (ISMS ︰ Information Security Management System) and get information security certification, induction into the enterprise information security system of risk assessment of information assets Elements of the resistance faced by users of the benefits and differences between before and after import. Can be used as a reference for other enterprises to import and shorten the time of import process. And achieve continuous improvement requirements through the PDCA (Plan, Do, Check, Action) management cycle. |
