COBIT(Control Objectives for Information Technology, COBIT)自1996年推出第一版以來,隨著科技與企業需求的演變,已成為企業或政府機關導入IT治理的標準。然而,由於COBIT主要精神是為了配合組織或單位營運需求,但是對於資安事故控管、防範方面,比起ISMS較無完整的控制。是以,當資安事故發生時,COBIT控制措施是否能即時鑑別資安事故或問題,並採取適當行動來降低對組織的損害? 本研究企圖為發生異常或無法解決之資安狀況時,提出一套採用電腦鑑識工具與程序作為輔助媒介,以發掘問題癥結,補強COBIT控制要項之亡羊補牢程序,希望藉由此套程序能縮短組織對資安事故反應時間、降低風險,同時協助完成或提升各COBIT控制目標達成率,又可符合組織營運的管理要求。 The evolution of technology and business requirements has seen COBIT (Control Objectives for Information Technology) become the standard for IT governance in the corporate and government sectors since the first version was released in 1996. COBIT was originally intended to support an organization or agency''s operating requirements, however, so its information security incident control and prevention elements are less comprehensive than ISMS. In that case, are COBIT controls adequate for immediately identifying information security incidents or problems and taking the appropriate measures to minimize the threat to the organization? This study attempts to propose a set of auxiliary computer forensic tools and procedures that can be used to identify the cause of the problem when there is an anomaly or unsolvable information security incident. This procedure will reinforce the post-incident response capability of COBIT controls to shorten the organization''s response times to security incidents and reduce their potential risk. At the same time, it will also help realize or improve the target accomplishment rates of each COBIT control while meeting the organization''s management needs.
