| 摘要: | 根據行政院研考會(Research, Development and Evaluation Commission, Executive Yuan, RDEC)指出,高達90%以上的政府機關表示,在落實資通安全管理及防護時,資通安全技術能力需加強、缺乏相關經費、沒有專責處理人員為三項極待克服的困難。於是政府開始思考可否藉由資通安全治理(Information Security Governance, ISG)的機制,使機關首長更能參與資安相關活動而改善上述問題。因此,行政院科技顧問組(Science and Technology Advisory Group of Executive Yuan, STAG)於「資安推動發展政策整合研究-資安治理機制與資安建設持續發展規劃委託研究計畫」中,將資通安全治理納為研究議題之一,期望藉由此計畫發展適用於我國政府機關的資通安全治理制度。
本研究之作者曾參與計畫中。該計畫是以資通安全治理為主軸,除了發展適用於我國政府機關的資通安全治理制度,並研擬適用於政府部門機關之資通安全治理成熟度評估工具。本研究採用個案研究的多重個案整體設計類型為研究方法,邀請三政府機關進行資通安全治理成熟度的評估,並搭配深入訪談活動,深入了解其資通安全工作落實程度與現況,且進一步探討未來落實資通安全治理可能遇到的困難。本研究成果主要利用資通安全治理成熟度評估工具評估三機關之資安治理成熟度並了解其現況,且研擬建議的五階段執行步驟,並提出未來落實可能遭遇人力與經費不足等的困難。
According to the report of RDEC (Research, Development and Evaluation Commission, Executive Yuan), more than 90% government sectors indicate that there are three imperative difficulties awaited being overcome, including the abilities of information security, a lack of related experiences and dedicated personnel. Therefore, the government starts to contemplate the problems and expects the officer of each government sector could pay close attention and join more security-related activities through adopting Information Security Governance Mechanism. Hence, STAG (Science and Technology Advisory Group of Executive Yuan) proposed a research plan developing Information Security Governance Mechanism which fits government sectors of our country.
The author of this study is one of the members of the research plan. This research plan develops an Information Security Governance Maturity Assessment Tool in addition to government sectors’ Information Security Governance Mechanism. Through multiple case studies and in-depth interview, we discuss three government sectors’ ISG Maturity and real conditions of information security, and further, propose potential difficulties.
The research indicates three government organizations’ ISG maturity and real security conditions, recommend execution steps and proposes the difficulties of human resources and budget. |
