根據資安治理成熟度計算公式，發現學校資安治理成熟度低者占51%，中者占32.2%，高者占16.8%；使用判別分析確認資安治理成熟度低、中、高是可區別的，有87.2%交叉驗證成熟度低、中、高3組觀察值已正確分類，使用相關分析，發現34個項目與資安治理成熟度有相關顯著，針對相關顯著項目，使用ANOVA，檢定資安治理成熟度低、中、高各等級對各項目均數差異的顯著性，有31個項目具有顯著，確認各項目均數差異後，並以 post hoc 全距檢定和LSD來確認資安治理成熟度由低至中、由低至高及由中至高的項目是否有差異顯著，發現由中至高有2個項目未達顯著外，其餘皆達顯著，而且這些項目皆為資安治理成熟度相關項目。
This study used a questionnaire survey method, investigating the maturity of information security governance for institutes of higher education in Taiwan. The main objective is to assess the maturity of information security governance for institutes, exploring the factors concerned, providing the model for promoting the maturity of information security governance, and improvement methods. Questionnaires are sent to 164 information unit supervisors in schools, and 153 are returned. The return percentage is 93.3% excluding four invalid ones, and effective questionnaire is 149, the effective sample return percentage is 90.9%.
According to formula of governance maturity of the information security, it was found that schools with low rate of security governance maturity take up 51%, schools with medium rate 32.2%, high 16.8%; with discriminant analysis, it is confirmed that the governance maturity of the information security can be distinguished in low, medium, and high rate. With 87.2% cross validation, three observation groups of low, medium and high maturity have been classified. With correlation analysis, it is found that 34 items have significant correlation with governance maturity of the information security. With analysis of variance (ANOVA), the least significant difference (LSD) between item average with verification governance maturity of the information security grade of high, medium, and low is checked to find there are 31 items with significant differences. After confirming every item mean significant difference, post hoc range test and ANOVA multiple comparison LSD are used to confirm whether there is significant differences between the items of governance maturity of the information security from low to medium, from low to high and from medium to high. It is found that only two items from medium to high are not significant, the rest are significant, and these items are the related items of governance maturity of the information security.
This study aims to develop governance maturity of the information security promotion mode, find school security management problems, which are generally about too much IT Reliance, while the governance maturity of the information security is low, especially the items in the risk management aspect the project are quit low. Each school can find the easiest items of the maturity to improve according to their own governance maturity of the information security status, to promote the governance maturity of the information security.