English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 50123/85142 (59%)
造訪人次 : 7902399      線上人數 : 53
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋
    請使用永久網址來引用或連結此文件: http://tkuir.lib.tku.edu.tw:8080/dspace/handle/987654321/102390


    題名: 國安機關推動資安治理現存問題與落差因素分析之研究
    其他題名: A study of the problems and gaps of implementation of information security governance of national security government organizations
    作者: 吳將煇;Wu, Jiang-Hui
    貢獻者: 淡江大學資訊管理學系碩士在職專班
    蕭瑞祥;Shaw, Ruey-Shiang
    關鍵詞: 資安治理;資訊安全;資安治理成熟度;Information Security Governance;Information security;Maturity of Information Security Governance
    日期: 2014
    上傳時間: 2015-05-04 09:54:37 (UTC+8)
    摘要: 我國2012年有344萬次的駭客攻擊,有251次成為資安事件,鑑於2013年美國史諾登(Edward Snowden)洩密案,對國家安全的影響,從資安的角度來探討其原因,資安治理工作執行的落差也可能是主要的肇因之一,所以本文以我國相關部門為例,探討治理現況與執行上的落差與問題。
    本研究採用個案研究法,對象為國安機關某業務單位,爰引我國資通安全政策等相關文獻,以問卷調查及深入訪談來瞭解個案現況,找出不同部門及階層之間對資安治理工作推展現存落差與問題,並提出建議。研究結果發現在風險管理及組織與人員方面,因不同部門與階層確實存有顯著性落差,根究其原因在於人員對政策指導認知、教育訓練及作業權責區分等都有所不足,建議治理高層與資訊部門應加強整體人員對政策與規範的認知,同時可藉由導入ISO27001(CNS27001)、ISO27005(CNS27005)等國際標準最佳實務,來提升組織內人員對風險管理的認識與能力,結合適當的資安人力配置、提供必要的專業訓練、合理明確的授權等措施,以增進國家資安防處之嚴謹可靠。
    We were attacked by hackers 3,340,000 times in 2012, and almost caused 251 information crisis. That Edward Snowden revealing confidential state secret in 2013 had great influence on the relationship between information security and national security. One of the reasons that cause the case might be lake of information security management. In this study, we discuss the status quo of information security management and investigate the real challenge it faces in our country.
    In this study, we take one of the departments of Ministry of state security as our case study. With relative references about information security policies of our country and that of the government, we use survey to know the status quo of the case and investigate the real challenge it faces, trying to find out if the information security works well, and if there is any obstacle existed in information security between different departments and different positions. The results of this study indicates some gaps among risk management, organizations and personnel does exist, and that’s because lack of policy acknowledgement, training and distinction between responsibility and accountability. The governing body and the information department should help their personnel to fully understand the policy, and help them know more about risk management through ISO27001(CNS27001) and ISO27005(CNS27005). With adequate information security manpower disposition, training, reasonable and definite authorization, the information security of our national system would be much stronger.
    顯示於類別:[資訊管理學系暨研究所] 學位論文

    文件中的檔案:

    檔案 大小格式瀏覽次數
    index.html0KbHTML102檢視/開啟

    在機構典藏中所有的資料項目都受到原著作權保護.

    TAIR相關文章

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - 回饋