淡江大學機構典藏:Item 987654321/33084
English  |  正體中文  |  简体中文  |  全文笔数/总笔数 : 62830/95882 (66%)
造访人次 : 4038873      在线人数 : 611
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
    •  进阶搜寻


    jsp.display-item.identifier=請使用永久網址來引用或連結此文件: https://tkuir.lib.tku.edu.tw/dspace/handle/987654321/33084


    题名: 臺灣金融業導入資訊安全管理系統關鍵成功因素研究 : 以A金控為例
    其它题名: The critical success factors of ISMS implemention in a Taiwan financial holding company
    台灣金融業導入資訊安全管理系統關鍵成功因素研究 : 以A金控為例
    作者: 李仁暉;Li, Jen-hui
    贡献者: 淡江大學管理科學研究所企業經營碩士在職專班
    吳錦波;Wu, Jiin-po
    关键词: 資訊安全管理;關鍵成功因素;Information Security Manager System;ISO 27001;Critical success factors
    日期: 2008
    上传时间: 2010-01-11 03:16:06 (UTC+8)
    摘要: ISO 27001 為目前國際公認最完整之資訊安全管理標準。因此本研究希望能透過分析個案企業導入資訊安全管理系統之經驗,萃取各階段導入成功之因素,以期能對未導入ISO 27001 組織提供經驗之分享及建議方向。
    本研究蒐集資料範圍包括:(一)個案公司內部之檔案文件資料;(二)針對導入專案參與者包括高、中主管及ㄧ般員工進行深度訪談;(三)觀察並記錄個案在導入資訊安全管理系統各個階段過程中之實地觀察情形。本研究透過學者文獻探討的方式,彙整出導入資訊安全管理系統一十六項關鍵成功因素,再依據個案公司五個導入工作階段逐一分析、探討:(一)導入資訊安全管理系統的各個工作階段中,哪些關鍵成功因素必需重視?(二)導入資訊安全管理系統的各個工作階段中,遭遇到哪些困難?因應措施為何?
    研究結果如下:高階主管的全力支持並參與運作、專責的資訊安全管理單位與顧問經驗豐富並提供過去導入的經驗法則在所有階段均重要,其他因素僅在部分階段為關鍵成功因素。另外本研究顯示具有完善的資訊安全防禦設備與具備資安專業技能的資訊安全人員等技術層面因素,並非導入資訊安全管理系統之關鍵因素。
    In today’s environment, financial reporting processes and services are driven by IT systems,More and more, IT systems are automating business processes. In doing so, these systems often replace manual control activities with automated or IT dependent control activities. As a result, compliance programs need to consider system-based controls to keep pace with changes in business processes and new system functionality.
    Performing a thorough review of IT control processes and documenting them as the enterprise moves forward can be a time-consuming task. The review of application and IT processes will be driven by the risk of the business processes and environments. Without appropriate knowledge and guidance, organizations run the risk of doing too much or too little. This document’s purpose is sharing the “real world” experience to those enterprise which hope or need to design and assessment of IT controls or lack the necessary skill or management structure to identify and focus on the correct model .
    The methodology of this research will base on case study model,scope of this research include:
    (1)Documentation evidence – include internal project document;
    (2)Interview - with project stakeholder,either Executive leadership or operation team member;
    (3)Observation - In circumstances in which documentary evidence of controls or the operation of controls does not exist and is not expected to exist.
    Critical success factor finding – extract all evidence and summary as 16 critical success factor
    Suggestion:
    (1)Enterprise need to deploy ISO 27001 guideline must develop their own critical factor, such as necessary skill or management structure. Well-prepared for those critical factor will be a important key of ISMS project.
    (2)Enterprise need to deploy ISO 27001 guideline can develop external workshop for those argument and difficulty. Well-prepared for those argument and difficulty can help project move on more efficiency.
    显示于类别:[管理科學學系暨研究所] 學位論文

    文件中的档案:

    档案 大小格式浏览次数
    0KbUnknown253检视/开启

    在機構典藏中所有的数据项都受到原著作权保护.

    TAIR相关文章

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - 回馈