淡江大學機構典藏:Item 987654321/54389
English  |  正體中文  |  简体中文  |  全文笔数/总笔数 : 62830/95882 (66%)
造访人次 : 4039864      在线人数 : 1015
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
    •  进阶搜寻


    jsp.display-item.identifier=請使用永久網址來引用或連結此文件: https://tkuir.lib.tku.edu.tw/dspace/handle/987654321/54389


    题名: 資訊安全管理系統遵循性輔助工具設計之研究
    其它题名: A Study of Designing Compliance Assistant Tools for Information Security Management Systems
    作者: 蕭瑞祥
    贡献者: 淡江大學資訊管理學系
    关键词: 資訊安全管理系統;遵循性;Information Security Management Systems;Compliance
    日期: 2010
    上传时间: 2011-07-06 09:55:45 (UTC+8)
    摘要: 目前不論是在政府推動、法規要求或是企業基於客戶的期望之下,ISO/IEC 27001 之資訊安全管理系統(Information Security Management Systems,ISMS)的標準已經廣 泛的被企業及資訊安全等級較高的政府單位所建置並取得驗證。依據標準的規定,這些 取得驗證的組織必須定期執行標準之內部及外部的稽核,以驗證其標準之遵循性 (Compliance)。然而目前稽核員在執行稽核工作時,主要都只能藉由組織提供的書面文 件紀錄來做為查核控制措施的依據,稽核員必須花費大部分的時間來檢視這些數量龐大 的文件紀錄,同時卻也降低了稽核的效率。在相關文獻的探討中,研究者發現藉由輔助 工具的使用,或許能使稽核的工作進行的更加順利。 本研究探討建置與實證輔助工具擷取蒐集出組織內部資訊系統的相關資訊(如日誌 檔、封包),以驗證組織ISO/IEC 27001 的控制措施標準要求之遵循性,以提升以往大多 只檢閱組織提供之書面文件紀錄的驗證性,並觀察是否對稽核工作的效率能有顯著的提 升,及以此方式進行稽核的可行性與適用性。
    At present, regardless of the government driving, regulatory requirements or meeting the expectations of enterprise customers, the ISO/IEC 27001 Information Security Management Systems (ISMS) standards has been widely built and certified by most enterprise and the government units with higher information security levels. In accordance with the provisions of the standards, these organizations which have obtained the ISO/IEC 27001 certificate have to periodically perform the internal and external audit of their compliances with ISMS standards. However, now the auditors usually can only check the control objectives and controls according to the written documentation provided by the organizations when performing the audit activities. Auditors must spend most of time viewing these large numbers of documentation, and at the same time, it also reduces the efficiency of the audit activities. During the discussion of relevant literature, we find that it possibly can be much more successful when performing audit activities by the use of testing tools. This study probes the implementation and examination the prototype of ISMS compliance assistant tools by collecting related information from the information systems in organization (e.g. log files, packets). To exam the compliance of ISO/IEC 27001 certification and to observe whether the efficiency and accuracy of the audit activities could have a significant improvement and it is feasible and appropriate to proceed in this manner.
    显示于类别:[資訊管理學系暨研究所] 研究報告

    文件中的档案:

    没有与此文件相关的档案.

    在機構典藏中所有的数据项都受到原著作权保护.

    TAIR相关文章

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - 回馈