English  |  正體中文  |  简体中文  |  Items with full text/Total items : 74010/74010 (100%)
Visitors : 24684623      Online Users : 266
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version

    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/72499

    Title: 政府部門導入資訊安全管理系統之分析
    Authors: 翁燕秋;Weng,Yen-chiu
    Contributors: 營建管理研究所在職專班
    Keywords: 資訊安全;資訊安全管理系統;ISO 27001;風險管理;關鍵成功因素;information security;information security management system;ISO 27001;risk management;critical success factor
    Date: 2016-08-24
    Issue Date: 2016-10-13 15:24:26 (UTC+8)
    Publisher: 國立中央大學
    Abstract: 在這十倍速的時代裡,資訊科技一日千里,伴隨而來的資訊安全問題,對政府單位或是私人企業來說都是一項挑戰。如何善用有限的資源,落實資訊安全管理,是每個組織都要面臨的重大課題。因此,行政院制定「政府機關(構)資通安全責任等級分級作業規定」,要求所有單位需依據此規定導入ISMS。並於2012年實施「個人資料保護法」,對於民眾的個人資料,所有單位均需加以全面防護。
    本研究藉由個案單位實際的經驗,尋求較符合現階段政府機構需求的資訊安全管理系統之導入過程及方法,提供給未來推動者參考;再者,本研究將政府機關因應新版標準ISO 27001: 2013及風險管理標準之增修部分特別加以描述;同時,個人資料保護法實施後,公務單位如何因應變化所採取的措施,以及其所關注的重點呈現出來,使得未來研究者或新的執行者得以掌握重點及清楚其脈絡。

    ;Information technologies have been advanced greatly and rapidly in recent years, and accompany information safety issues that are challenges to government agencies and private enterprises. How to use limited resources to fulfill information safety management becomes a significant lesson facing every organization. Thus, the Executive Yuan promulgated “Government Agencies Information and Communication Security Responsibility Grade and Classification Regulations” to require all agencies to implement information security management system (ISMS). The Personal Data Protection Act implemented in 2012 also requires all agencies protect personal data of the public.
    This research identifies an ISMS introduction process and approach suitable for government agencies by learning from the experience of a study case agency. Moreover, this research specifically describes the new version of ISO 27001: 2013 and the addendum of risk management standards, and also presents and highlights the actions and concerns of government agencies in response to the implementation of Personal Data Protection Act. Such efforts shall benefit future researchers and new implementers to quickly understand the essentials of these topics.
    This research finds that the critical success factors for introducing ISMS include: supports of executives, propaganda and promotion of information security policies, active participation of all employees, continuous audits and correction, provision of complete educational training, employment of staff with information security expertise, and selection of proper information security consultants. These factors are also key points of implementing ISMS for agencies.
    In addition, this research identifies the following benefits of introducing and implementing ISMS: reduce risks of information leakage, increase defense ability for information warfare, protect classified and sensitive data of agencies, upgrade organizations’ protection level of internal information security, improve the stability and practicality of systems, improve organizations’ information management environment, maintain good reputations of agencies, increase the public’s support and confidence in government agencies, promote agencies’ correct information security concepts, and sustainable operations of agencies’ businesses.
    Appears in Collections:[營建管理研究所碩士在職專班] 博碩士論文

    Files in This Item:

    File Description SizeFormat

    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明