查詢結果分析
來源資料
頁籤選單縮合
題 名 | 資訊查核作業與管理=Information System Audit and Management |
---|---|
作 者 | 蔡崇熙; | 書刊名 | 捷運技術 |
卷 期 | 46 2012.02[民101.02] |
頁 次 | 頁295-305 |
專 輯 | 標竿學習,活化經驗—孕育新捷運專輯 |
分類號 | 448.6 |
關鍵詞 | 資訊安全; 資訊查核; Information system audit; |
語 文 | 中文(Chinese) |
中文摘要 | 本局整體資訊作業之應用、管理與推動,一路伴隨著捷運工程路線一條一條的推廣、成長、紀錄,更把成長過程之紀錄一一轉成數位化資訊保存,有效地把捷運工程建設經驗累積成本局重要資產,經由經驗傳承之回饋與貢獻國內各捷運工程建設不遺餘力,期待繼續發光發熱,而資訊查核作業亦伴隨著本局整體資訊系統作業成長及資訊科技之進步不斷改進。 行政院於88年為推動各機關強化資訊安全管理,建立安全及可信賴之電子化政府,確保資料、系統、設備及網路安全,保障民眾權益,頒布「行政院及所屬各機關資訊安全管理要點」,本局初期即以本要點為範本,再依本局業務需求訂定資訊安全與查核相關作業要點或標準作業程序(QSOP),提供資訊管理人員及使用者做為資訊作業依據。近年來為因應資訊作業制度變革與科技進步,亟需加強個人資料安全保護之安全措施,引用ISO27001(資訊安全管理國際標準)規範,提供企業建置資訊安全管理;引進風險管理觀念,分析資訊安全因素,擴大資訊查核範圍,深化資訊查核內容及建立資訊倫理與資訊素養,在提高本局整體資訊作業效率之時,亦能兼顧資訊安全作業。 |
英文摘要 | The application, management, and promotion of DORTS' overall information system operations have been keeping pace with the development of the Taipei MRT network, allowing the development to be recorded and even converted into digital information so as to effectively accumulate MRT experience and become an important asset for DORTS. DORTS spares no effort to pass on its accumulated experience to other MRT construction in Taiwan with the hope of continuing the growth of MRT technology. As a result, information system audit and management must continue to improve with the growth of DORTS integrated information system and the progress of information technology. To promote information security management in government agencies and establish safe and reliable e-government so as to ensure data security, hardware equipment, and Internet security, the Executive Yuan enacted the “Information Security Management Regulations for the Executive Yuan and Its Subordinate Agencies” in 1999. In the early stage, based on the aforementioned regulations DORTS established regulations and quality standard operation procedure (QSOP) related to information security audits as guidelines for information operations staff and users to follow. In recent years, in response to the change of information system operations and technology progress, it is necessary to take measures for protecting personal data. Therefore, ISO 27001 (an information security management international standard) has been adopted to provide a basis for the establishment of an information security management system. In addition, risk management concepts have been applied to analyzing information security factors, expanding information audit scope, intensifying the content of information system audit, and establishing information ethics. It is hoped that consideration must be given to information security operations while enhancing the efficiency of DORTS' overall information system operations. |
本系統中英文摘要資訊取自各篇刊載內容。