English  |  正體中文  |  简体中文  |  Items with full text/Total items : 70585/70585 (100%)
Visitors : 23086906      Online Users : 287
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version

    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/77232

    Title: 資訊安全管理系統升級之個案研究
    Authors: 陳聖崴;Chen, Shen-Wei
    Contributors: 高階主管企管碩士班
    Keywords: 國際化標準組織27001;資訊安全管理系統;轉版;風險管理;ISO 27001;IInformation Security Management System;Upgrade Version;Risk Management
    Date: 2018-05-24
    Issue Date: 2018-08-31 14:27:56 (UTC+8)
    Publisher: 國立中央大學
    Abstract: 資訊科技快速進步,雲端、大數據、物聯網等技術已經成為企業提升競爭力的利器。企業組織的資訊安全管理,是否跟上科技進步腳步進而升級,顯得格外重要。
    本研究依據國際化標準組織(International Organization for Standardization,ISO)27001資訊安全管理系統(Information Security Management System,ISMS),以個案研究法,選擇以石化業個案公司之ISO 27001:2005升級轉版至ISO 27001:2013過程為例,透過文獻、檔案記錄、長期直接觀察與參與性觀察,深入瞭解資訊安全風險控管流程,可經由ISO 27001轉版升級達到何種改善精進的效果為研究目的。為此研究目的,研究首先彙整比較「個案公司對於舊版標準與新版標準ISMS之間作法差異」,接著分析「個案公司因應新版標準ISMS的風險管理施作流程」,最後再分析「個案公司轉版認證後,是否提升企業之資訊安全績效」。研究發現,轉版後的ISMS流程,加入外部及內部議題,可以刺激思考新的弱點與威脅,有助於提升企業資訊安全管理績效。建立可以量測之量化ISMS績效管理指標,能夠落實資安日常管理。
    資訊安全管理是企業風險管理之一,透過ISMS制度,從制度面的管理著手,結合工作簽核流程,輔以技術面並進,更能有效強化資安防護能力。;An enterprise can be more competitive by utilizing the rapidly advanced information technologies including Cloud, Big Data and Internet of Things (IoT). To keep up with the modern technology for information security management is crucial to the future of the company.
    This study is based on the ISO (International Organization for Standardization) 27001 Information Security Management System (ISMS) and uses the case study method to examine the upgrade from the ISO 27001: 2005 version to the ISO 27001: 2013 one of the targeted petrochemical company. With data collected from literature reviews, archival records, long-term direct observations and participatory observations, we can understand more about the information security risk control process in order to improve ISMS. This study first, compared the differences between the old and the new version of ISMS, and then analyzed the case management process in response to the new ISMS version of risk management. The study finally analyzed whether the case company has enhanced its information security performance after the revision upgrade. The results show that the upgraded ISMS adding both external and internal issues can help identifying new weaknesses and threats to improve the performance of the information security management. The established measurable ISMS performance management indicators are also useful for daily management of the information security.
    Information security management is one critical aspect of the risk management of an enterprise. By implementing the ISMS system, combined with the work approval process and supplemented by technical advances, we can enhance our security capability more effectively.
    Appears in Collections:[高階主管企管(EMBA)碩士班] 博碩士論文

    Files in This Item:

    File Description SizeFormat

    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback  - 隱私權政策聲明