| dc.description.abstract | Information technologies have been advanced greatly and rapidly in recent years, and accompany information safety issues that are challenges to government agencies and private enterprises. How to use limited resources to fulfill information safety management becomes a significant lesson facing every organization. Thus, the Executive Yuan promulgated “Government Agencies Information and Communication Security Responsibility Grade and Classification Regulations” to require all agencies to implement information security management system (ISMS). The Personal Data Protection Act implemented in 2012 also requires all agencies protect personal data of the public.
This research identifies an ISMS introduction process and approach suitable for government agencies by learning from the experience of a study case agency. Moreover, this research specifically describes the new version of ISO 27001: 2013 and the addendum of risk management standards, and also presents and highlights the actions and concerns of government agencies in response to the implementation of Personal Data Protection Act. Such efforts shall benefit future researchers and new implementers to quickly understand the essentials of these topics.
This research finds that the critical success factors for introducing ISMS include: supports of executives, propaganda and promotion of information security policies, active participation of all employees, continuous audits and correction, provision of complete educational training, employment of staff with information security expertise, and selection of proper information security consultants. These factors are also key points of implementing ISMS for agencies.
In addition, this research identifies the following benefits of introducing and implementing ISMS: reduce risks of information leakage, increase defense ability for information warfare, protect classified and sensitive data of agencies, upgrade organizations’ protection level of internal information security, improve the stability and practicality of systems, improve organizations’ information management environment, maintain good reputations of agencies, increase the public’s support and confidence in government agencies, promote agencies’ correct information security concepts, and sustainable operations of agencies’ businesses. | en_US |