English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 80990/80990 (100%)
造訪人次 : 42802946      線上人數 : 937
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋


    請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/48941


    題名: 以個案研究法探討組織ISMS之導入
    作者: 金天翼;Tien-Yi Chin
    貢獻者: 資訊管理學系碩士在職專班
    關鍵詞: 風險管理;資訊安全管理系統;ISO 27001;雲端產業;Risk Management;ISO 27001;ISMS;Information Security;Cloud Industry
    日期: 2011-06-21
    上傳時間: 2012-01-05 15:11:01 (UTC+8)
    摘要: 當企業為了追求效率以及迅速因應環境的瞬息萬變,紛紛採用資訊科技協助執行各項業務時,就表示企業的資訊化程度越來越高,發生資安事故對企業造成的衝擊也隨之增加。為了強化資訊安全,降低風險發生的機率及衝擊,資訊安全管理系統 (Information Security Management System, ISMS) 已經成為全球各國政府與企業公認的資訊安全管理最佳參照與標準。 本研究以國內現今最熱門的雲端產業導入ISMS為例,從個案研究的角度,從ISMS的導入動機、差異分析作業、資產盤點與風險評鑑、建立資訊安全管理體系、教育訓練、內部稽核、管理審查、矯正預防措施,以及第三方驗證,最終在2011年初取得國際標準ISO/IEC 27001:2005認證,深入探討ISMS導入遭遇的困難與解決方式、導入的效益以及關鍵成功因素。 研究結果發現ISMS導入範圍是否包含企業的關鍵核心業務,決定了企業落實資訊安全的決心。藉由尋求專業資安顧問的協助,導入已獲得業界認可的資訊安全管理方法論,進行全方位的風險分析,從制度面將各個控制環節加以串聯。首先在資訊安全政策明確宣示組織保護的範圍,並建立資訊安全組織進行跨部門的溝通協調,讓員工清楚感受到高階主管的願景與決心。搭配適當的資安教育訓練,提升員工資訊安全意識,將資安深化於作業之中,最後使企業培養出自我持續改善的能力,進而達到企業永續經營的目的。 Organizations use Information Technology (IT) to enhance their effective and efficient responses for facing this rapid growing world. The more IT they adopt, the more information security incidents can happen and the more impact they can be. In order to improve information security and decrease the probability of risk occurrence, more and more government agencies and enterprises implement the best practice, Information Security Management System (ISMS), in the information security field. This thesis is based on the case study, which is the process of an enterprise in the cloud industry to implementing ISMS. It includes the motivation of implementation, gap analysis, asset collection, risk assessment, ISMS establishment, awareness training, internal auditing, management review, corrective and preventive actions, and third party certification so that the enterprise obtained the international ISO/IEC 27001:2005 certificate in early 2011. The contribution of this thesis is to find the difficulties and solutions, benefits, and critical success factors while implementing ISMS. The research result indicates that the organization’s determination of putting information security into practice is based on whether its core business function is included in the ISMS scope or not. By the assistance of professional information security consultants to implement ISMS via a recognized methodology in the industry, the organization can conduct comprehensive risk analysis and adopt information security controls from different perspectives. After declaring the implementation scope in information security policy and create a dedicated information security organization to have cross-teams’ communication and coordination, employees in the organization can fully understand the support and commitment of their senior management. Along with appropriate information security trainings to enhance employees’ information security awareness, the organization can fulfill the objective of continuous improvement and the purpose of long-run business operations.
    顯示於類別:[資訊管理學系碩士在職專班 ] 博碩士論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    index.html0KbHTML892檢視/開啟


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明