| dc.description.abstract | In the frequent and frequent information security incidents, most enterprise organizations have realized the importance of information security management. The Information Security Management System (ISMS) is an internationally recognized information security management standard and an overall information security management system. Some of these include: information security organizations, information security policies, planning activities, responsibilities, implementation, processes, resources, etc., based on risk assessment practices for establishing, implementing, monitoring, reviewing, maintaining, and improving information security. Provide appropriate security controls and adequate protection of information assets to ensure the security of the organization′s information; and give stakeholders the trust.
The Information Security Management System regulates, establishes and implements information security management systems, and implements documented requirements to ensure that information security management systems can be effectively operated within the organization; The occurrence of information security risk hazards and losses will be reduced to an acceptable level within the organization of the enterprise to ensure the sustainable operation of the enterprise. Continue to implement information security management. After introducing the ISO 27001 institutionalized, documented, and systematic management mechanism, we will continue to improve and strengthen management and technology through planning-execution-check-action (PDCA), etc., to provide Better and safer service.
This study uses the case study method and reference to the ISO/IEC 27001 appendix A5-A18 control measure design score table to evaluate the management maturity analysis of the company′s introduction into the ISMS, using a subsidiary of a financial control company as a research case to discuss the current Analyze the ISMS maturity model to understand the current status of organizational differences analysis, ISMS import and international security verification of information security management systems to ensure that the company′s security management complies with international information security standards, and diagnoses the degree of maturity and implementation of corporate security management Research as a basis for strengthening information security in the future.
Keyword: Information Security ManagementSystem , PDCA , ISO27001 , Maturity of Information Security Management. | en_US |