跳到主要內容

臺灣博碩士論文加值系統

(44.192.49.72) GMT+8:2024/09/17 20:07
Font Size: Enlarge Font   Word-level reduced   Reset  
Back to format1 :::

Browse Content

Author my cdr record
 
twitterline
Author:徐正
Author (Eng.):Cheng Hsu
Title:組織導入BS7799後之資訊安全管理成效研究
Title (Eng.):The Study of the Effectiveness of Information Security Management after Organizations Implement BS 7799
Advisor:黃明達黃明達 author reflink
advisor (eng):Ming-Dar Hwang
degree:Master
Institution:淡江大學
Department:資訊管理學系碩士班
Narrow Field:電算機學門
Detailed Field:電算機一般學類
Types of papers:Academic thesis/ dissertation
Publication Year:2004
Graduated Academic Year:94
language:Chinese
number of pages:92
keyword (chi):BS7799資訊安全管理系統
keyword (eng):BS7799ISMS
Ncl record status:
  • Cited Cited :21
  • HitsHits:273
  • ScoreScore:system iconsystem iconsystem iconsystem iconsystem icon
  • DownloadDownload:0
  • gshot_favorites title msgFav:4
在台灣,2006年5月已經有84家組織導入BS7799資訊安全管理系統。近年來,相關的研究都是以探討單一行業、個別領域與個案公司方面為主,目前較缺乏探討各不同行業別、不同領域的組織導入BS7799後,其成效分析之實證研究。因此,本研究探討的就是當ISMS(Information Security Management System)導入組織一段時間後,資訊安全管理上的成效議題,即BS7799導入組織後在資訊安全管理上的成效。
本研究是透過2005年12月底中華民國台灣地區在ISMS國際機構業已註冊,通過BS7799認證的組織共計66家來進行問卷調查。研究BS7799導入後,其不同組織行業別、導入部門範圍別間,資訊安全管理上實施的成效。最後歸納出的結果顯示:1.導入後,74%的組織資訊安全事件有減少;2.各組織的資訊安全控制領域皆有改善,當中以「資訊安全政策」、「營運持續管理」與「實體與環境安全」改善成效較高,「資訊安全政策」領域內的控制措施A5.1.2改善成效最佳;3.「資訊安全事件管理」與「資訊系統取得開發及維護」是改善成效比較偏低的領域,可作爾後組織導入BS7799時的參考。
Eighty four organizations in Taiwan have implementted BS 7799 information security management system in May, 2006. The relative researches in the recent years mostly discuss the topic of one industry field, specific doman or case study. It is lack to investigate in the effectiveness of imple- menting information security management system (ISMS) among the orga- nizations in different fields. This paper focuses on the effectiveness after
BS 7799 is implemented into organizations.
Based on the survey of the sixty six organizations in Taiwan which have registered in the ISMS international user group, this paper brings us to look into the better and worse domans and controls while implementing BS 7799.
The discovery of this paper is as follows: in general, after organizations implement BS 7799, the information security events of seventy four percent- ages in these organizations have decreased. It shows most organiza- tions have improved the environment of information security. Furthermore, the organizations gain improvement in most control objectives, and are remark- ablely secured in “Security policy, business continuity management ,and physical and environmental security.” Implementing A5.1.2 control makes outstanding effecttiveness. Neverthrless, the other outcome shows the lower implementational effectiveness in “information security incident management” and “information systems acquisition, development and maintenance.”
目錄

中文摘要……………………………………………………………… Ⅰ
英文摘要……………………………………………………………… Ⅱ
目錄…………………………………………………………………… Ⅳ
表目錄………………………………………………………………… Ⅴ
圖目錄………………………………………………………………… Ⅵ
第壹章 緒論.............................................. 1
第一節 研究背景與動機.................................... 1
第二節 研究目的.......................................... 2
第三節 研究範圍與限制.................................... 3
第貳章 文獻探討.......................................... 4
第一節 名詞釋義.......................................... 4
第二節 資訊安全管理系統的探討............................ 5
第三節 資訊安全管理的相關研究............................ 6
第四節 BS7799導入組織的探討.............................. 8
第參章 研究設計......................................... 10
第一節 研究方法......................................... 10
第二節 問卷設計與調查................................... 10
第三節 研究工具......................................... 11
第四節 研究流程與步驟................................... 11
第肆章 資料分析......................................... 13
第一節 問卷回收率分析................................... 13
第二節 問卷信度與效度分析............................... 13
第三節 資料分析......................................... 13
第四節 交叉分析......................................... 21
第五節 組織對已公佈BS7799:2005之看法分析................ 30
第伍章 結論與建議....................................... 32
第一節 結論............................................. 32
第二節 後續研究......................................... 32
參考文獻................................................ 34
中文部分................................................ 34
英文部分................................................ 35
附錄A 「組織導入BS 7799後之資訊安全管理成效」問卷....... 37
附錄B 「組織導入BS 7799後之資訊安全管理成效」問卷統計資料44

表次

表2-1 國外BS7799資訊安全管理標準相關研究表............... 6
表2-2 國內BS7799資訊安全管理標準相關研究表............... 7
表3-1 新版BS7799:2005新增刪之控制項目表................. 10
表4-1 2005年12月受訪與全部已通過BS7799認證之組織行業別分布
一覽表.................................................. 14
表4-2 受訪組織資本額統計表.............................. 15
表4-3 年營業額統計表.................................... 15
表4-4 導入BS7799部門別統計表............................ 16
表4-5 導入部門人數統計表................................ 16
表4-6 不同所屬行業與導入BS7799的部門別交叉表............ 17
表4-7 導入BS7799的範圍別統計表.......................... 18
表4-8 輔導公司別統計表.................................. 18
表4-9 輔導時間別統計表.................................. 19
表4-10 導入後各控制領域內的改善程度表................... 20
表4-11 導入後A5.1.2控制措施是否有改善................... 21
表4-12 導入後A13.2.3控制措施是否有改善.................. 22
表4-13 導入後資訊安全政策共2項控制措施是否有改善........ 23
表4-14 導入後資訊安全組織共11項控制措施是否有改善....... 23
表4-15 導入後資產管理共5項控制措施是否有改善............ 24
表4-16 導入後人力資源安全共9項控制措施是否有改善........ 24
表4-17 導入後實體與環境安全共13項控制措施是否有改善..... 25
表4-18 導入後通訊與作業管理共32項控制措施是否有改善..... 25
表4-19 導入後存取控制共25項控制措施是否有改善........... 26
表4-20 導入後資訊系統取得開發及維護共16項控制措施是否有改善....... 26
表4-21 導入後資訊安全事件管理共5項控制措施是否有改善.... 27
表4-22 導入後營運持續管理共5項控制措施是否有改善........ 27
表4-23 導入後符合性共10項控制措施是否有改善............. 28
表4-24 各所屬行業較需持續改善的控制措施一覽表........... 29
表4-25 導入BS7799後,組織發生資訊安全事件降低表......... 29
表4-26 導入BS7799後,組織資訊系統downtime縮減比率表... 29
表4-27 各組織對已公佈BS7799:2005之看法彙總表之一........ 31
表4-28 各組織對已公佈BS7799:2005之看法彙總表之二........ 31

圖次

圖3-1 研究流程圖........................................ 12
參考文獻
【1】全球安全科技網,http://www.asmag.com,民國九十五年一月。
【2】孫淑景,內控處理準則電腦資訊循環之個案研究-BS7799為例,中原大學會計系碩士學位論文,民國九十二年六月,頁1-81。
【3】郭志賢,以BS 7799為基礎評估大學資訊中心之資訊安全管理---以淡江大學為例,淡江大學資訊管理系碩士學位論文,民國九十二年七月,頁1-55。
【4】陳信章,服務業推動BS7799認證關鍵因素之研究,中正大學企業管理系碩士學位論文,民國九十二年六月,頁1-27。
【5】行政院國家資通安全會報,http://www.nicst.nat.gov.tw/,民國九十五年五月。
【6】黃光雄、簡茂發,教育研究法,台北市,師大書苑,民八十年。
【7】曾淑惠,以BS7799為基礎評估銀行業的資訊安全環境,淡江大學資訊管理系碩士學位論文,民國九十二年九月,頁1-19。
【8】資通安全資訊網,http://ics.stpi.org.tw,民國九十四年 十一月。
【9】資安人雜誌, http://www.informationsecurity.com.tw,民國九十五年十二月。
【10】資安會報技術服務中心,資策會MIC 經濟部ITIS計畫。
【11】瑞麟科技電子報,民國九十二年11月號。
【12】趙榮耀、季延平、洪興國,組織制定資訊安全政策對資訊安全影響之研究,資訊管理研究,民國九十二年,頁72-95。
【13】樊國楨、林樹國、鄭東昇,資訊安全保證框架標準初探:根基於ISO/IEC 17799:2005,中華資訊安全管理協會,資通安全專論,民國九十四年,頁1-32。
【14】劉有禮,以BS7799資訊安全管理規範建構組織資訊安全風險管理模式之研究,元智大學工業工程與管理系碩士學位論文,民國九十年,頁1-38。
【15】劉培文,2nd RAISS Forum會議報告,資訊工業策進會專案支援處,民國九十四年六月,頁8-16。
【16】Anderson, Alison and Michael Shain. “Risk Management,” Information Security Handbook. 1st ed. New York City: Stockton Press, 1991.
【17】BSi Taiwan, http://asia.bsi-global.com/Taiwan/index.xalter, Apr. 2006.
【18】Chau, Jacqui. “Skimming the Technical and Legal Aspects of BS7799 Can Give a False Sense of Security,” Computer Fraud & Security , Sep. 2005, pp.8.
【19】Deeks, Jonathan and Vorley, Geoff. “White Paper on BS15000 IT Service
Management and BS7799 Security Management,” Quality Conformance , Feb. 2002.
【20】DNV Taiwan, http://www.dnv.com.tw/, May. 2006.
【21】ISMS International User Group, http://www.xisec.com/, Dec. 2005.
【22】Peltier, Thomas R. “Risk Analysis and Risk Management,” Information Systems Security, Sep. 2004, pp. 44.
【23】Stephenson, Peter. “Forensic Analysis of Risks in Enterprise Systems.” Law, Investment, and Ethics, Sep. 2004, pp.11.
【24】Saint-Germain, Rene. “Information Security Management Best Practice Based on ISO/IEC 17799,” The Information Management Journal, Jul. 2005, pp. 60.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
First Page Prev Page Next Page Last Page top
1. A Study of Information Security with BS 7799 in Banking
2. Key Factors influencing the Acquirement of BS7799 Certification in the Service Industry
3. A Study of the Critical Success Factors on ISO27001 Implement for Government Department
4. A Study of Information Security Management with BS 7799 in Information Center of University —A Case Study of TamKang University
5. A Study on Critical Success Factors of Information Security Management Implementation with ISO 27001 in Military Organizations
6. A Study on Military School Information Security Management with BS7799 – a Case of Management College, N.D.U
7. A Discussion on the Effectiveness of Information Security by Importing Management System to A University
8. A Study of the Effectiveness of Implementing the ISMS on Organization
9. The Study of Information Security Management in Military School
10. A Study on the Information Security Policy of the Military with an Aspect of Information Technology Governance
11. A Study on Importing ISO27001/ISMS to the Organizational Impact of Bank
12. Constructing the Operational Procedures of Information Security Management System -- A Study on a Department of University
13. The Benefit Analysis of the Introduction of ISO27001 by Printing and Enveloping Outsourcing Vendors
14. A Study on Information Security Management System Implementation for an Enterprise with ISO 27001
15. A Study of Management Effectiveness on Implementing International Information Security Standards ISO27001 into the Company- Chunghwa Telecom
 
1. A Study of the Information Security Management System -- A case of BS7799 Applying on the Evaluation of the Monitoring System of Taiwan Water Treatment Plant
2. Comparative Study on Earnings Management Models of Financial Distress Firms
3. A Study of the effectiveness of information security management: An Exploration from the defend against of the network improperly theft
4. Effects of Introducing Information Lifecycle Management on Relevant Personnel of Enterprise
5. 圖書出版業RFID管理資訊系統之探討
6. A Study of Information Security Management in Enterprise Information Outsourcing
7. 應用地理資訊系統於公衛突發事件通報管理之研究
8. Sales Force Management Strategy Of Information Service industry
9. Multimedia Technology Integrated with GPS/GISApplied on the Establishment of Engineering MIS for Tseng-Wen Watershed in Taiwan
10. The Study of the Organization Climate Innovative、Management Styles and Creative Personality on Innovative Performance : A case of Software Developing department in IT Firms between Taiwan and Mainland China
11. A Study on Critical Success Factors of Information Security Management Implementation with ISO 27001 in Military Organizations
12. A Study of the Development of Information Security Awareness Scale
13. Effects of Information Disclosure Transparency on Information Content and Earnings Management
14. An empirical research of the relationship amount customer information system competency, dynamic customer relationship management, organizational learning and customer relationship management performance - Take Taiwan’ Securities Industry and Life Insuran
15. A study of the application and evaluation of IT Service Management - A case study on international telecom company.A study of the application and evaluation of IT Service Management - A case study on international telecom company.A study of the applicat
 
system icon system icon