淡江大學機構典藏:Item 987654321/52164
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 62819/95882 (66%)
Visitors : 4007247      Online Users : 583
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
    •  Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: https://tkuir.lib.tku.edu.tw/dspace/handle/987654321/52164


    Title: 政府機關資安治理之研究 : 以臺北市政府為例
    Other Titles: Government agencies study of information security governance : a case study of Taipei city government
    Authors: 柯炫旭;Ke, Shiung-shuei
    Contributors: 淡江大學資訊管理學系碩士在職專班
    黃明達;Hwang, Ming-dar
    Keywords: 政府機關;資通安全治理;資通安全治理成熟度;Government Agencies;Information Security Governance;Information Security Governance Maturity
    Date: 2010
    Issue Date: 2010-09-23 17:01:37 (UTC+8)
    Abstract: 根據行政院研考會科技顧問組於「國家資通訊安全發展方案(98年-101年)」中,將推動資通安全治理納為行動方案之一,並提供適用於政府部門機關之資通安全治理成熟度評估工具,期望藉由此方案落實我國政府機關的資通安全治理制度。
    本論文研究目的為,透過評估工具評估臺北市政府資通安全治理成熟度,並搭配深入訪談活動,深入了解其資通安全工作落實程度與現況,且進一步探討未來落實資通安全治理可能遇到的困難。本論文研究採用個案研究的單一個案類型為研究方法,針對臺北市政府進行資通安全治理成熟度之評估,以了解機關資通安全治理成熟度與實際情況,並加以分析與比較,本論文研究成果為:提出臺北市政府對資通安全治理的落實程度、可能遭遇問題、改善項目及時程建議。本論文研究對象在機關業務IT依賴度分數級距主要落在非常高,而評估結果發現機關資通安全治理成熟度之整體評價與整體加權平均落在「持續改善」項次,因此表示臺北市政府在資通安全治理方面,需加強實施風險管理之評估為主要目標。透過深入訪談與研究討論發現,導入資通安全治理可能遭遇問題,對於風險管理作業有觀念與想法,但在落實上仍需加強,並且缺乏制定流程來改善資通安全政策、程序、落實所面臨的缺失,所以應建立資通安全計畫,規劃推動組織及規劃資通安全治理流程,用以支援單位營運及落實資通安全管理,經由專責人員進行定期檢核相關程序是否適宜,並持續進行資通安全治理改善,以達到良好之成效。
    According to the RDEC (Research, Development and Evaluation Commission, Executive Yuan) and Technology Advisory Group, "National Information and Communications Security Development programme (2009-2012)" in promoting information and communication security control will accept one of the options for action, and to provide authority for information on government departments communication security governance maturity assessment tool, expected by the implementation of this program our government authorities information and communication security management system.
    The purpose of this study, the Taipei City Government, through assessment tools to assess the maturity of information security governance, and activities with in-depth interviews, in-depth understanding of the extent of implementation of information security, and current status of work then to further discuss with management of the implementation of information and communication security may experience difficulties. In this study, a single case by case study type of research method, for the Taipei City Government to conduct information and communication security governance maturity assessments, to understand the authority information and communication security governance maturity with the actual situation, and make analysis and comparison, this thesis results: make the Taipei City Government on the implementation of information and communication security management level, may encounter problems, to improve the process of the proposed project in a timely manner. In this research, dependence on IT in business organizations from the main falls scores very high level, while the evaluation found that agencies information and communication security governance maturity of the overall evaluation of the overall weighted average fall on "continuous improvement" entry times, so that Taipei Government information and communication security governance, risk management need to strengthen the implementation of the main objectives of the evaluation. Through interviews and research and discussion shows that, information and communication security control may encounter problems with the concept of risk management practices and ideas, but on the need to be strengthened in the implementation and the lack of the development process to improve information and communication security policies, procedures, implementation of face absence, it should be the establishment of information and communication security plan, and planned to promote the organization and management of information security, process planning, to support unit operations and the implementation of information security management, and through dedicated personnel regularly check the suitability of the relevant procedures, and ongoing improve information and communication security control in order to achieve effect.
    Appears in Collections:[Graduate Institute & Department of Information Management] Thesis

    Files in This Item:

    File SizeFormat
    index.html0KbHTML337View/Open

    All items in 機構典藏 are protected by copyright, with all rights reserved.

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - Feedback