According to the RDEC (Research, Development and Evaluation Commission, Executive Yuan) and Technology Advisory Group, "National Information and Communications Security Development programme (2009-2012)" in promoting information and communication security control will accept one of the options for action, and to provide authority for information on government departments communication security governance maturity assessment tool, expected by the implementation of this program our government authorities information and communication security management system.
The purpose of this study, the Taipei City Government, through assessment tools to assess the maturity of information security governance, and activities with in-depth interviews, in-depth understanding of the extent of implementation of information security, and current status of work then to further discuss with management of the implementation of information and communication security may experience difficulties. In this study, a single case by case study type of research method, for the Taipei City Government to conduct information and communication security governance maturity assessments, to understand the authority information and communication security governance maturity with the actual situation, and make analysis and comparison, this thesis results: make the Taipei City Government on the implementation of information and communication security management level, may encounter problems, to improve the process of the proposed project in a timely manner. In this research, dependence on IT in business organizations from the main falls scores very high level, while the evaluation found that agencies information and communication security governance maturity of the overall evaluation of the overall weighted average fall on "continuous improvement" entry times, so that Taipei Government information and communication security governance, risk management need to strengthen the implementation of the main objectives of the evaluation. Through interviews and research and discussion shows that, information and communication security control may encounter problems with the concept of risk management practices and ideas, but on the need to be strengthened in the implementation and the lack of the development process to improve information and communication security policies, procedures, implementation of face absence, it should be the establishment of information and communication security plan, and planned to promote the organization and management of information security, process planning, to support unit operations and the implementation of information security management, and through dedicated personnel regularly check the suitability of the relevant procedures, and ongoing improve information and communication security control in order to achieve effect.