在高度競爭的環境下,銀行依賴資訊系統程度也日益增加。然而隨著資訊安全事件不斷發生,遵循一套良好規範的資訊安全管理系統 (Information Security Management System, ISMS),將是落實資訊安全的重要環節。本研究以個案銀行作為研究對象,透過以ISO 27001 為基礎的問卷,調查133 項控制措施中對銀行最為關鍵的項目。此外,本研究亦調查員工在組織導入ISMS 後,對於其資訊安全幫助程度及行政效率影響程度的認知。研究結果發現,對銀行而言共有10 項關鍵措施,分別為「人力資源管理」構面的1 項;「安全政策」、「資訊安全的組織」與「實體與環境安全」構面各有2項以及「通訊與作業管理」構面的3 項。因此銀行在導入ISMS 時,可針對相關的控制措施特別著墨並投入較多的資源。另外,研究發現組織導入ISMS 後不僅對於資訊安全有所助益,對於行政效率也沒有產生負面的影響。有鑑於此,建議尚未導入ISMS 的銀行,可以審慎評估導入的可行性,以增強組織的資訊安全。除此之外,受訪者對於「ISMS 對組織資訊安全的幫助程度」可能會因為不同科別與職等的特性,導致態度上有所差異。所以組織亦可在導入ISMS 時,考量不同群體的特質,提出對應的措施。In a highly competeive enronment, banks rely more and more on infromation security system. However, with the incresing information secutiry incidents, it would be very important for banks to follow a well-defined information security management system (ISMS). This research takes a bank as the case study. The researcher wants to find out those important controls among those 133 ones based on the questionaries of ISO 27001. Besides, this study also wants to find out if it helps or promotes staff's understanding towards administration effect after implementing ISMS.This study finds out there are ten key controls for bank. There are one control that comes form human resources security, six from security policy, orgination of imformation security, physical and environmental security, and three form communications and operations management. As a result, when implementing ISMS, banks should put more importance and human resource on those related meausres.What's more this study also finds that implementing ISMS not only helps the imformation security but also does no negative effect to the administration effiency. As a reuslt, the researcher suggests banks which do not implement ISMS could take the possibilty of implementing ISMS into serious consideration to reinforce the information security of the orgination. Besides, the attitude of interviewers towards "the level that ISMS helps imformation security of banks" differs from different departments and job. Therefore, when an orgination could take this into consideration when implementing ISMS and find out its solution.
