中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/77565
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 80990/80990 (100%)
Visitors : 42805555      Online Users : 1055
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/77565


    Title: 導入資訊安全管理制度之資安管理成熟度研究-以B個案公司為例;A Study on Security Management Maturity of the Information Security Management System As B Company Case
    Authors: 林志宏;Lin, Chih-Hung
    Contributors: 資訊管理學系在職專班
    Keywords: 資訊安全管理制度;規劃-執行-查核-行動;ISO27001;資安管理成熟度;Information Security Management System;PDCA;ISO27001;Maturity of Information Security Management
    Date: 2018-06-27
    Issue Date: 2018-08-31 14:48:34 (UTC+8)
    Publisher: 國立中央大學
    Abstract: 在日異頻繁的資訊安全事件中,大多數的企業組織均已體會到資訊安全管理的重要性,資訊安全管理制度(ISMS)是國際上受到認可的資訊安全管理標準,是整體資訊安全管理系統的一部分,包括:資訊安全組織、資訊安全政策、規劃活動、職責、實施、流程和資源等,以風險評鑑的作法為基礎,用以建立實施、運行、監控、檢視、維護和改善資訊安全。提供適當的安全控制措施及充分地資訊資產保護,以確保組織的資訊安全;並賦予利害關係人的信賴。
    ISMS是規範、建立及實施資訊安全管理系統的方式,以及落實文件化的要求,可以確保ISMS在組織內部能夠有效的運作;並即時掌握資訊安全現況,把可能發生的資訊安全風險危害與損失,降低至企業組織可接受的程度範圍內,確保企業永續經營。持續落實資訊安全管理,在導入ISO 27001制度化、文件化及系統化的管理機制後,將透過規劃-執行-查核-行動(PDCA)等,持續進行管理與技術的改善及強化,期以提供更優質、更安全的服務。
    本研究以個案研究法及參照ISO/IEC 27001附錄A5-A18控制措施設計評分表評估企業導入ISMS之管理成熟度分析方式,以某金控公司下子公司為研究個案,探討現行的企業中,透過ISMS成熟度模型分析,瞭解組織現況差異分析、ISMS導入及資訊安全管理系統之國際資安認證,確保企業資安管理符合國際資訊安全標準,並診斷企業在資安管理成熟度及落實的程度之研究,以作為未來強化組織改善資訊安全的依據。

    關鍵字:資訊安全管理制度,規劃-執行-查核-行動,ISO27001,資安管理成熟度。;In the frequent and frequent information security incidents, most enterprise organizations have realized the importance of information security management. The Information Security Management System (ISMS) is an internationally recognized information security management standard and an overall information security management system. Some of these include: information security organizations, information security policies, planning activities, responsibilities, implementation, processes, resources, etc., based on risk assessment practices for establishing, implementing, monitoring, reviewing, maintaining, and improving information security. Provide appropriate security controls and adequate protection of information assets to ensure the security of the organization′s information; and give stakeholders the trust.

    The Information Security Management System regulates, establishes and implements information security management systems, and implements documented requirements to ensure that information security management systems can be effectively operated within the organization; The occurrence of information security risk hazards and losses will be reduced to an acceptable level within the organization of the enterprise to ensure the sustainable operation of the enterprise. Continue to implement information security management. After introducing the ISO 27001 institutionalized, documented, and systematic management mechanism, we will continue to improve and strengthen management and technology through planning-execution-check-action (PDCA), etc., to provide Better and safer service.

    This study uses the case study method and reference to the ISO/IEC 27001 appendix A5-A18 control measure design score table to evaluate the management maturity analysis of the company′s introduction into the ISMS, using a subsidiary of a financial control company as a research case to discuss the current Analyze the ISMS maturity model to understand the current status of organizational differences analysis, ISMS import and international security verification of information security management systems to ensure that the company′s security management complies with international information security standards, and diagnoses the degree of maturity and implementation of corporate security management Research as a basis for strengthening information security in the future.

    Keyword: Information Security ManagementSystem , PDCA , ISO27001 , Maturity of Information Security Management.
    Appears in Collections:[Executive Master of Information Management] Electronic Thesis & Dissertation

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML236View/Open


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明