English  |  正體中文  |  简体中文  |  Items with full text/Total items : 49378/84106 (59%)
Visitors : 7381418      Online Users : 48
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    Please use this identifier to cite or link to this item: http://tkuir.lib.tku.edu.tw:8080/dspace/handle/987654321/111165


    Title: 資訊安全稽核作業評量輔助系統之研究
    Other Titles: The research of information security auditing operation and assessment assisting system
    Authors: 李沛倫;Li, Pei-Lun
    Contributors: 淡江大學資訊管理學系碩士在職專班
    劉艾華;Liou, Ay-Hwa Andy
    Keywords: ISO/IEC 27001:2005;資訊安全威脅;資訊安全稽核;評量輔助系統;Information Security Threat;Information Security Aduit;Assessment Assisting System
    Date: 2016
    Issue Date: 2017-08-24 23:45:35 (UTC+8)
    Abstract: 近年來企業組織面臨各種資訊安全威脅,推動與執行以ISO/IEC 27001:2005 資訊安全標準的稽核作業早已蔚為趨勢;但傳統人工資訊安全稽核作法有稽核結果錯誤率高、執行時間冗長且效率不彰、以及紙本紀錄無法保存長久且不環保、與稽核經驗無法有效傳承等等缺點。

    本研究以某財團法人機構為例,並以原有之資訊安全稽核清單表為基本條件,依循傳統稽核流程與計畫模式,設計與建立一套系統化與行動化的稽核評量輔助系統;並利用可擴充性模版功能,替換產生不同性質稽核過程所需要的資訊,更透過手持裝置的操作,消除空間與時間的限制,達到有效的稽核紀錄存放管理;並可預先載入企業組織過往稽核報告資訊,重新依據新式計分模式進行稽核活動,經過後端資料庫統計及進行新舊模式稽核結果之對照分析,更可顯現實際客觀的資訊安全稽核結果。
    In the face of increasing information security threats, it is now a trend among business organizations to promote and implement security audits based on the ISO/IEC 27001:2005 information security standards. However conventional manual audit has a number of shortcomings, including high error rate, time consuming, lack of efficiency, inability to preserve paper records indefinitely which is also environmentally unfriendly, and inability to effectively pass on the audit experience.

    This study uses a legal entity as an example and its existing information security audit checklist as basic conditions and follows the traditional audit process and planning model to design and establish a systematic and action-oriented audit and assessment aid system; scalable template features are also included for replacement of information of different natures needed during the auditing process while the use of handheld devices can eliminate the time and space constraints for effective audit log management; past audit report information of the business organization can be pre-loaded for conducting audit activities based on the new scoring model. The results of objective information security audit can be obtained through back-end database and comparative analysis on the audit results based on the old and new models.
    Appears in Collections:[資訊管理學系暨研究所] 學位論文

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML3View/Open

    All items in 機構典藏 are protected by copyright, with all rights reserved.


    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - Feedback