English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 62797/95867 (66%)
造訪人次 : 3749502      線上人數 : 464
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋
    請使用永久網址來引用或連結此文件: https://tkuir.lib.tku.edu.tw/dspace/handle/987654321/34168


    題名: 組織導入BS7799後之資訊安全管理成效研究
    其他題名: The study of the effectiveness of information security management after organizations implement BS 7799
    作者: 徐正;Hsu, Cheng
    貢獻者: 淡江大學資訊管理學系碩士班
    黃明達;Hwang, Ming-dar
    關鍵詞: BS7799;資訊安全管理系統;BS7799;ISMS
    日期: 2006
    上傳時間: 2010-01-11 04:59:31 (UTC+8)
    摘要: 在台灣,2006年5月已經有84家組織導入BS7799資訊安全管理系統。近年來,相關的研究都是以探討單一行業、個別領域與個案公司方面為主,目前較缺乏探討各不同行業別、不同領域的組織導入BS7799後,其成效分析之實證研究。因此,本研究探討的就是當ISMS(Information Security Management System)導入組織一段時間後,資訊安全管理上的成效議題,即BS7799導入組織後在資訊安全管理上的成效。
    本研究是透過2005年12月底中華民國台灣地區在ISMS國際機構業已註冊,通過BS7799認證的組織共計66家來進行問卷調查。研究BS7799導入後,其不同組織行業別、導入部門範圍別間,資訊安全管理上實施的成效。最後歸納出的結果顯示:1.導入後,74%的組織資訊安全事件有減少;2.各組織的資訊安全控制領域皆有改善,當中以「資訊安全政策」、「營運持續管理」與「實體與環境安全」改善成效較高,「資訊安全政策」領域內的控制措施A5.1.2改善成效最佳;3.「資訊安全事件管理」與「資訊系統取得開發及維護」是改善成效比較偏低的領域,可作爾後組織導入BS7799時的參考。
    Eighty four organizations in Taiwan have implementted BS 7799 information security management system in May, 2006. The relative researches in the recent years mostly discuss the topic of one industry field, specific doman or case study. It is lack to investigate in the effectiveness of imple- menting information security management system (ISMS) among the orga- nizations in different fields. This paper focuses on the effectiveness after
    BS 7799 is implemented into organizations.
    Based on the survey of the sixty six organizations in Taiwan which have registered in the ISMS international user group, this paper brings us to look into the better and worse domans and controls while implementing BS 7799.
    The discovery of this paper is as follows: in general, after organizations implement BS 7799, the information security events of seventy four percent- ages in these organizations have decreased. It shows most organiza- tions have improved the environment of information security. Furthermore, the organizations gain improvement in most control objectives, and are remark- ablely secured in “Security policy, business continuity management ,and physical and environmental security.” Implementing A5.1.2 control makes outstanding effecttiveness. Neverthrless, the other outcome shows the lower implementational effectiveness in “information security incident management” and “information systems acquisition, development and maintenance.”
    顯示於類別:[資訊管理學系暨研究所] 學位論文

    文件中的檔案:

    檔案 大小格式瀏覽次數
    0KbUnknown227檢視/開啟

    在機構典藏中所有的資料項目都受到原著作權保護.

    TAIR相關文章

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - 回饋