本研究針對三個個案結果進行比較分析後，發現針對網站安全、網路架構、內部網路防護機制、個人電腦與伺服器惡意程式防護與更新管理; 系統、資料庫與網路安全設定等五個構面存在類似的問題，如三個機關網站均存在OWASP 2013 TOP 10的問題，有兩個機關存在相同的惡意程式，使用者電腦與伺服器更新管控機制及內部網路存取管控均較弱等問題。兩個機關在資料庫重要資料加密與稽核機制均缺乏管控機制，三個機關對外服務使用之通訊協定均有未加密而產生可能洩露重要資訊的風險。行政院國家資通安全會報雖針對上述五個構面有訂定相關規範且不定期執行稽核，但由於各機關執行的範圍與落實度不盡相同，導致無法顯示真實的防護情況。例如X機關ISO27001驗證的範圍較其他機關廣泛，所以在資安健診結果上整體資安的強度較其他機關高。本研究提出幾個改善的建議，期望透過這些建議可改善政府的整體資安現況。 The majority of regional case studies on information security focus on the management of individual organizations, this study however cross an analysis diagnosis results from “Company A” on the information security (technology-wise) of three government agencies. Through this study, common mistakes among organizations can be identified, risks can be evaluated, and approaches to reduce such risks will be proposed. It is found in this study that similar problems on web security, network architecture, internal network protection mechanisms, update management, databases security were identified in all three cases. Meaning that although regulations and guidelines on information security for all government divisions are set by the National Information and Communication Security Taskforce, and audits are carried out irregularly, the extent of accomplishments of each and individual divisions vary significantly, resulting their true security level not fully reflected. For instance, “Organization A” gets best mark on over all information security only because it has a wider inspection range on ISO27001. Several recommendations are proposed in this study for future improvements. It is expected that the information security level of our government will be enhanced through these suggestions.