近年來全球資訊安全事件頻傳,犯罪手法不斷翻新,造成的損害影響甚鉅。為保護企業持續營運,企業領導人負有實施資訊安全之責,而國際認證的資訊安全管理系統ISMS( Information Security Management Systems ),便是一套能有效控制與持續運作的系統化管理機制。本研究目的在瞭解組織導入資訊安全管理系統時,組織需要有那些配套措施或必備的條件才能使制度發揮其功效。本研究採用了質性研究的訪談法,以適應性結構化理論角度,選取四間公司為研究對象,從實際導入ISMS 的經驗中,發現組織應具備哪些互補性資產與關鍵成功因素。研究結果不但呈現導入期間的困難與解決方式。 In recent years, the number of cyber (information security) attacks has been increasing all over the world and such attacks are constantly evolving and cause huge damage. In order to protect the operation of enterprises, the enterprise leaders have the responsibility to take information security measures. The internationally certified ISMS (Information Security Management Systems) is a systematic management mechanism for achieving effective control and continuous operation. The purpose of this study is to understand, when introducing ISMS, what supporting measures or conditions the organization will need in order to effectively implement the system. This study is based on qualitative research carried out by interviews, and from the aspect of the adaptive structural theory, four companies have been chosen as the study objects. This study is to find what complementary assets and critical success factors are required for the organization from the experience of actually introducing ISMS. The results show the difficulties during introduction and the solutions.
