|摘要: ||根據趨勢科技於「2010上半年全球資安威脅報告」中指出，教育界在上半年所感染的惡意程式數量最多，幾乎有50%的感染出現於學校和大專院校，對擁有大量個人資料的學校而言，不僅會使校內個人資料外洩，造成校譽受損，更影響學校永續發展。因此本研究以「BS 10012：2009個人資訊管理制度」（Personal Information Management System, PIMS）之「規劃」、「實行與運作」、「監督與審查」、「改善」四構面為基礎，了解目前大專校院的個人資訊管理制度，並提出改善建議。|
Trend Micro in the " Global Threat Trends, 1H 2010" pointed out that when it comes to malware infections by industry sector, the education took the lead during the first half of 2010. Almost 50 percent of all malware infections occurred within schools and colleges which hold a large amount of personal data. Malware not only leaks personal data and damages school reputation, but also affects the sustainable development of school. Therefore, this study investigated the present college personal information management system based on “Plan", "Do", "Check", "Act”, four phases of "BS 10012：2009 －personal information management system, PIMS", and presents recommendations for improvement.
The study found that 64.6% of managers working at computer centers, considered college reputation damage the most serious impact in the case of personal information leaking; thus, most of them also considered strengthening internal audit to avoid this from happening. At present, the major developmental progress in college personal information management system is at the “Plan” and “Do” phase, and a lack of control for “Check” and “Act”. This study researched whether regional differences and scale of computer center would affect personal information management system among colleges. In terms of regional comparison, there is no significant difference in PDCA phrases, except that the staff information security training performed better in the northern colleges. In terms of performance difference due to number of staff, it was found that colleges with more than 10 employees were better developed. Finally, the study presents recommendations for the colleges with “Check” and “Act” phase in personal information management system.