English  |  正體中文  |  简体中文  |  Items with full text/Total items : 52075/87215 (60%)
Visitors : 8911890      Online Users : 196
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    Please use this identifier to cite or link to this item: http://tkuir.lib.tku.edu.tw:8080/dspace/handle/987654321/111165

    Title: 資訊安全稽核作業評量輔助系統之研究
    Other Titles: The research of information security auditing operation and assessment assisting system
    Authors: 李沛倫;Li, Pei-Lun
    Contributors: 淡江大學資訊管理學系碩士在職專班
    劉艾華;Liou, Ay-Hwa Andy
    Keywords: ISO/IEC 27001:2005;資訊安全威脅;資訊安全稽核;評量輔助系統;Information Security Threat;Information Security Aduit;Assessment Assisting System
    Date: 2016
    Issue Date: 2017-08-24 23:45:35 (UTC+8)
    Abstract: 近年來企業組織面臨各種資訊安全威脅,推動與執行以ISO/IEC 27001:2005 資訊安全標準的稽核作業早已蔚為趨勢;但傳統人工資訊安全稽核作法有稽核結果錯誤率高、執行時間冗長且效率不彰、以及紙本紀錄無法保存長久且不環保、與稽核經驗無法有效傳承等等缺點。

    In the face of increasing information security threats, it is now a trend among business organizations to promote and implement security audits based on the ISO/IEC 27001:2005 information security standards. However conventional manual audit has a number of shortcomings, including high error rate, time consuming, lack of efficiency, inability to preserve paper records indefinitely which is also environmentally unfriendly, and inability to effectively pass on the audit experience.

    This study uses a legal entity as an example and its existing information security audit checklist as basic conditions and follows the traditional audit process and planning model to design and establish a systematic and action-oriented audit and assessment aid system; scalable template features are also included for replacement of information of different natures needed during the auditing process while the use of handheld devices can eliminate the time and space constraints for effective audit log management; past audit report information of the business organization can be pre-loaded for conducting audit activities based on the new scoring model. The results of objective information security audit can be obtained through back-end database and comparative analysis on the audit results based on the old and new models.
    Appears in Collections:[資訊管理學系暨研究所] 學位論文

    Files in This Item:

    File Description SizeFormat

    All items in 機構典藏 are protected by copyright, with all rights reserved.

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - Feedback