淡江大學機構典藏:Item 987654321/102390
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 62830/95882 (66%)
Visitors : 4043272      Online Users : 957
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
    •  Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: https://tkuir.lib.tku.edu.tw/dspace/handle/987654321/102390


    Title: 國安機關推動資安治理現存問題與落差因素分析之研究
    Other Titles: A study of the problems and gaps of implementation of information security governance of national security government organizations
    Authors: 吳將煇;Wu, Jiang-Hui
    Contributors: 淡江大學資訊管理學系碩士在職專班
    蕭瑞祥;Shaw, Ruey-Shiang
    Keywords: 資安治理;資訊安全;資安治理成熟度;Information Security Governance;Information security;Maturity of Information Security Governance
    Date: 2014
    Issue Date: 2015-05-04 09:54:37 (UTC+8)
    Abstract: 我國2012年有344萬次的駭客攻擊,有251次成為資安事件,鑑於2013年美國史諾登(Edward Snowden)洩密案,對國家安全的影響,從資安的角度來探討其原因,資安治理工作執行的落差也可能是主要的肇因之一,所以本文以我國相關部門為例,探討治理現況與執行上的落差與問題。
    本研究採用個案研究法,對象為國安機關某業務單位,爰引我國資通安全政策等相關文獻,以問卷調查及深入訪談來瞭解個案現況,找出不同部門及階層之間對資安治理工作推展現存落差與問題,並提出建議。研究結果發現在風險管理及組織與人員方面,因不同部門與階層確實存有顯著性落差,根究其原因在於人員對政策指導認知、教育訓練及作業權責區分等都有所不足,建議治理高層與資訊部門應加強整體人員對政策與規範的認知,同時可藉由導入ISO27001(CNS27001)、ISO27005(CNS27005)等國際標準最佳實務,來提升組織內人員對風險管理的認識與能力,結合適當的資安人力配置、提供必要的專業訓練、合理明確的授權等措施,以增進國家資安防處之嚴謹可靠。
    We were attacked by hackers 3,340,000 times in 2012, and almost caused 251 information crisis. That Edward Snowden revealing confidential state secret in 2013 had great influence on the relationship between information security and national security. One of the reasons that cause the case might be lake of information security management. In this study, we discuss the status quo of information security management and investigate the real challenge it faces in our country.
    In this study, we take one of the departments of Ministry of state security as our case study. With relative references about information security policies of our country and that of the government, we use survey to know the status quo of the case and investigate the real challenge it faces, trying to find out if the information security works well, and if there is any obstacle existed in information security between different departments and different positions. The results of this study indicates some gaps among risk management, organizations and personnel does exist, and that’s because lack of policy acknowledgement, training and distinction between responsibility and accountability. The governing body and the information department should help their personnel to fully understand the policy, and help them know more about risk management through ISO27001(CNS27001) and ISO27005(CNS27005). With adequate information security manpower disposition, training, reasonable and definite authorization, the information security of our national system would be much stronger.
    Appears in Collections:[Graduate Institute & Department of Information Management] Thesis

    Files in This Item:

    File SizeFormat
    index.html0KbHTML238View/Open

    All items in 機構典藏 are protected by copyright, with all rights reserved.

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - Feedback