頁籤選單縮合
題 名 | 整合ITSMS與ISMS之經驗分享=Experience of Integrating ITSMS and ISMS |
---|---|
作 者 | 黃素梅; | 書刊名 | 行政院環境保護署環境監測及資訊處技術彙刊 |
卷 期 | 6 2011.05[民100.05] |
頁 次 | 頁117-133 |
分類號 | 312.76 |
關鍵詞 | 資訊安全管理; 資訊服務管理; ISMS; ITSMS; |
語 文 | 中文(Chinese) |
中文摘要 | 組織在考量導入任一新的管理制度時,必須就資源需求、內部衝擊、預期目標等各方面審慎評估,始能在取得適當資源及擬定因應措施等條件下達成目的。對於資訊領域來說,ITSMS與ISMS兩項國際標準,均有其嚴謹的規章要求,強調持續改善(即是規劃-執行-檢查-行動的循環)的精神。在字義上ISMS著重於資訊安全管理,ITSMS著重於資訊服務管理,除了都是針對資訊範疇而訂的標準,著眼點似乎無太大關連,甚至以一般的運作經驗而言,強調服務時,總得犧牲安全要求。然而,以環保署導入及施行的經驗而言,兩套管理系統不但有其關連性,且是相輔相成的,唯有建構在安全機制下的資訊服務始能確保持續運作,而以服務為考量的資訊安全要求,也不至於偏向資訊技術本位主義。 環保署於95年規劃導入ITSMS及ISMS兩項國際標準,分別於96年2月與96年12月通過國際驗證,並於99年2月與99年12月通過重新驗證。環保署在導入初期是以分別建置,並整合部分程序的方式進行,之後依組織的特性及資源整合運用等各方面因素,再逐步整併部分作業機制,期能依循組織之策略目標,強化工作紀律,提昇組織文化,創造組織、使用者、協力廠商三贏局面。 |
英文摘要 | Factors that organizations will take into consideration when assessing the importability of any new management system include the ability to assess resource requirements, internal shocks and target areas, in order to access appropriate resources and develop in response to measures. For IT fields, ITSMS and ISMS (two international standards) have their stringent regulatory requirements, with an emphasis on continuous improvement (ie, the planning - Do - Check - Act cycle). ISMS focuses on information security management while ITSMS focuses on IT service management. Even though the emphasis seems to be on information technology, service and safety requirements also play a vital part. However, with the EPA’s implementation and their experience, the two sets of management systems are not only similar, but are rather complementary. The EPA implemented the ITSMS and ISMS international standards in 2006, and was awarded with international certification in February and December of 2007. They also passed the re-evaluation in February and December of 2010. EPD is based on the initial building and integrating. Then by the integration of organizational characteristics and other factors, gradually the whole operating system will be expected to follow the strategic objectives of the organization in order to strengthen work discipline, improve organizational culture, and create a win-win situation among organizations, users and corporate companies. |
本系統中英文摘要資訊取自各篇刊載內容。