頁籤選單縮合
題名 | 以BS 10012為基礎評估大專校院導入個人資訊管理制度之研究= |
---|---|
作者 | 鄒宛璉; 黃明達; |
期刊 | 電腦稽核 |
出版日期 | 20120100 |
卷期 | 25 2012.01[民101.01] |
頁次 | 頁72-88 |
分類號 | 584.1414 |
語文 | chi |
關鍵詞 | 電腦處理個人資料保護法; 個人資料保護法; 個人資訊管理制度; BS 10012; PIMS; Computer Processing Personal Data Protection Act; Personal Data Protection Act; Personal information management system; |
中文摘要 | 根據趨勢科技於「2010上半年全球資安威脅報告」中指出,教育界在上半年所感染的惡意程式數量最多,幾乎有50%的感染出現於學校和大專院校,對擁有大量個人資料的學校而言,不僅會使校內個人資料外洩,造成校譽受損,更影響學校永續發展。因此本研究以「BS 10012:2009個人資訊管理制度」(Personal Information Management System, PIMS)之「規劃」、「實行與運作」、「監督與審查」、「改善」四構面為基礎,了解目前大專校院的個人資訊管理制度,並提出改善建議。研究發現若個人資料不慎外洩,93.4%的電算中心管理層認為校譽受損衝擊最大,56.9%考慮再加強內部稽核。而目前大專校院的個人資訊管理制度,多處於BS 10012的「規劃」和「實行與運作」構面,對於「監督與審查」和「改善」構面較缺乏控管。若依地區劃分比較,各區域的學校於四個構面無顯著差異,僅北區學校在職員的教育訓練表現較佳;若依電算中心專任職員人數規模劃分,10人以上的學校發展較佳。最後,本研究針對大專校院在個人資訊管理制度發展中較落後的「監督與審查」和「改善」構面,提出加強建議,降低個資法帶來的衝擊。 |
英文摘要 | Trend Micro in the "Global Threat Trends, 1H 2010" pointed out that when it comes to malware infections by industry sector, the education took the lead during the first half of 2010. Almost 50 percent of all malware infections occurred within schools and colleges which hold a large amount of personal data. Malware not only leaks personal data and damages school reputation, but also affects the sustainable development of school. Therefore, this study investigated the present college personal information management system based on "BS 10012: 2009-personal information management system", and presents recommendations for improvement.The study found that 93.4% of managers working at computer centers, considered college reputation damage the most serious impact in the case of personal information leaking; thus, most of them also considered strengthening internal audit to avoid this from happening. At present, the major developmental progress in college personal information management system is at the "Plan" and "Do" phase, and a lack of control for "Check" and "Act". This study researched whether regional differences and scale of computer center would affect personal information management system among colleges. In terms of regional comparison, there is no significant difference in PDCA phrases, except that the staff information security training performed better in the northern colleges. In terms of performance difference due to number of staff, it was found that colleges with more than 10 employees were better developed. Finally, the study presents recommendations for the colleges with "Check" and "Act" phase in personal information management system. |
本系統之摘要資訊系依該期刊論文摘要之資訊為主。