應用敏捷發展法於推展政府資通安全稽核業務;Adopting Agile Development Methodology to Promote Government Information Security Audit Services

NCU Institutional Repository > 管理學院 > 資訊管理研究所 > 博碩士論文 > Item 987654321/93151

jsp.display-item.identifier=請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/93151

题名:	應用敏捷發展法於推展政府資通安全稽核業務;Adopting Agile Development Methodology to Promote Government Information Security Audit Services
作者:	曾韋傑;ZENG, WEI-JIE
贡献者:	資訊管理學系
关键词:	資訊安全;稽核業務;敏捷方法;政府組織;個案研究;Information Security;Audit Services;Agile method;Government;Case Study Research
日期:	2023-07-11
上传时间:	2024-09-19 16:44:37 (UTC+8)
出版者:	國立中央大學
摘要:	隨著網路的普及以及資通訊科技(Information and Communication Technologies)的快速發展，有心人士針對政府各類資訊基礎設施、服務的攻擊行為也越趨頻繁。我國政府也在此背景之下通過資通安全管理法、資通安全管理法施行細則等各項法規及推動國家資通安全發展等方案，而資通安全主管機關為掌握政府部門中各單位推動及辦理之情形，就需要透過資通安全稽核的方式掌握受稽機關各項法遵及政策執行情況，然而現行整體資通安全稽核業務流程推展以瀑布式為主，從源頭的受稽機關遴選、實地稽核、產製稽核報告至後續追蹤及管考改善情形，皆是連續性的推展作業，一個階段的任務完成才能進入下一個階段，因此在這變化快速的環境中已造成執行上的困難，過程中執行至某一階段如因應法規修法或外界的變化，就容易造成執行中的流程無法接續運作需整個重新來過。由此可知，我國政府在資通安全稽核業務推展上，目前缺乏一個敏捷式管理架構與思維。在各行各業間，敏捷靈活且彈性的精神已逐步取代傳統循序開發流程，如果政府資通安全稽核業務也可以導入該精神理念進行優化，將可打破政府在資通安全稽核業務上執行面臨缺乏彈性問題。因此，本次研究將透過個案研究法，以研究個案機關執行資通安全稽核業務推展為例，使用敏捷的思維與觀念將其融入各項活動與流程中並藉由制度化的做法確保流程可以長久且穩定執行，以此探討可帶來的價值及產生之限制。;With the widespread use of the internet and rapid development of information and communication technology, malicious attacks on various government information infrastructure and services have become increasingly frequent. In response to malicious attacks, Cyber Security Management Act, National Cyber Security Strategy has been passed. The competent authority for information security needs to understand the implementation and execution of various divisions within the government through information security audits which requires compliance with laws and policies. However, the current overall process of information security audits is mainly based on waterfall. It involves continuous operations, starting from selection of audited agencies, conducting on-site audits, producing audit reports, and subsequent tracking and management for improvement. Each stage of the workflow must be completed before moving on to the next step. Therefore, it has gradually become difficult to execute the process in this rapidly changing environment. At any stage, it can be easily disrupting the continuity of the process by the regulatory amendments, requests from higher authorities, or even external changes, and require a complete restart. Consequently, it can be observed that our government currently lacks an agile management framework and mindset in the promotion of information security audit operations. In various industries, the agile and flexible method has gradually replaced traditional sequential development processes. If the government can incorporate this agile concept into the optimization of information security audit operations, it can overcome the lack of flexibility in the execution of government information security audits. Therefore, this study will adopt a case study approach, focusing on the implementation of information security audit operations in a specific government agency. By integrating agile thinking and concepts into various activities and processes and through institutionalized practices, it aims to ensure the long-term and stable execution of the processes and to explore the value and limitations that can be brought about by this approach.
显示于类别:	[資訊管理研究所] 博碩士論文

文件中的档案:

档案	描述	大小	格式	浏览次数
index.html		0Kb	HTML	14	检视/开启

在NCUIR中所有的数据项都受到原著作权保护.

社群 sharing

数据加载中.....