淡江大學機構典藏:Item 987654321/54389
English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 58317/91854 (63%)
造訪人次 : 14029788      線上人數 : 103
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋
    請使用永久網址來引用或連結此文件: http://tkuir.lib.tku.edu.tw:8080/dspace/handle/987654321/54389


    題名: 資訊安全管理系統遵循性輔助工具設計之研究
    其他題名: A Study of Designing Compliance Assistant Tools for Information Security Management Systems
    作者: 蕭瑞祥
    貢獻者: 淡江大學資訊管理學系
    關鍵詞: 資訊安全管理系統;遵循性;Information Security Management Systems;Compliance
    日期: 2010
    上傳時間: 2011-07-06 09:55:45 (UTC+8)
    摘要: 目前不論是在政府推動、法規要求或是企業基於客戶的期望之下,ISO/IEC 27001 之資訊安全管理系統(Information Security Management Systems,ISMS)的標準已經廣 泛的被企業及資訊安全等級較高的政府單位所建置並取得驗證。依據標準的規定,這些 取得驗證的組織必須定期執行標準之內部及外部的稽核,以驗證其標準之遵循性 (Compliance)。然而目前稽核員在執行稽核工作時,主要都只能藉由組織提供的書面文 件紀錄來做為查核控制措施的依據,稽核員必須花費大部分的時間來檢視這些數量龐大 的文件紀錄,同時卻也降低了稽核的效率。在相關文獻的探討中,研究者發現藉由輔助 工具的使用,或許能使稽核的工作進行的更加順利。 本研究探討建置與實證輔助工具擷取蒐集出組織內部資訊系統的相關資訊(如日誌 檔、封包),以驗證組織ISO/IEC 27001 的控制措施標準要求之遵循性,以提升以往大多 只檢閱組織提供之書面文件紀錄的驗證性,並觀察是否對稽核工作的效率能有顯著的提 升,及以此方式進行稽核的可行性與適用性。
    At present, regardless of the government driving, regulatory requirements or meeting the expectations of enterprise customers, the ISO/IEC 27001 Information Security Management Systems (ISMS) standards has been widely built and certified by most enterprise and the government units with higher information security levels. In accordance with the provisions of the standards, these organizations which have obtained the ISO/IEC 27001 certificate have to periodically perform the internal and external audit of their compliances with ISMS standards. However, now the auditors usually can only check the control objectives and controls according to the written documentation provided by the organizations when performing the audit activities. Auditors must spend most of time viewing these large numbers of documentation, and at the same time, it also reduces the efficiency of the audit activities. During the discussion of relevant literature, we find that it possibly can be much more successful when performing audit activities by the use of testing tools. This study probes the implementation and examination the prototype of ISMS compliance assistant tools by collecting related information from the information systems in organization (e.g. log files, packets). To exam the compliance of ISO/IEC 27001 certification and to observe whether the efficiency and accuracy of the audit activities could have a significant improvement and it is feasible and appropriate to proceed in this manner.
    顯示於類別:[資訊管理學系暨研究所] 研究報告

    文件中的檔案:

    沒有與此文件相關的檔案.

    在機構典藏中所有的資料項目都受到原著作權保護.

    TAIR相關文章

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - 回饋