查詢結果分析
來源資料
頁籤選單縮合
題名 | 組織導入資訊安全管理制度之效益探討=Effectiveness Appraisal of Implementing an Information Security Management System in Organizations |
---|---|
作者 | 詹前隆; 黃依賢; 黃慶裕; Chan, Chien-lung; Hwang, I-shyan; Hwang, Ching-yuh; |
期刊 | 資訊傳播研究 |
出版日期 | 20121000 |
卷期 | 3:1 2012.10[民101.10] |
頁次 | 頁73-92 |
分類號 | 312.76 |
語文 | chi |
關鍵詞 | 資訊安全; ISO 27001; ISMS; PDCA; Information security management system; Information security; Plan, Do, Check, Act; |
中文摘要 | 本研究藉由訪談及問卷蒐集資料,以敍述統計、變異數及迴歸分析,探討導入Information Security Management System(ISMS)對組織的影響。研究發現,導入ISMS遭遇困難程度較高者為:增加額外的工作量、人力不足,以及資安成員缺乏足夠的權力。導入ISMS獲取效益程度較高者為:提升組織對維護資訊安全之聲譽、提升政府部門整體服務價值、建立標準化及文件化之資安作業流程,以及提升組織成員的資安標準認知及資安職能。導入ISMS的成功關鍵因素程度較高者為:高階主管的支持與承諾、具有資安職能之專案人員、資訊安全團隊的積極推動,以及持續的資安宣導和訓練。導入ISMS是一項管理制度的建立,組織應掌握成功關鍵因素並降低遭遇的阻力,以獲取最大效益;導入後,仍應秉持PDCA(Plan, Do, Check, Act)的精神,持續對ISMS改善與精進,使組織的資訊安全更臻完備。 |
英文摘要 | By using descriptive statistics, ANOVA and regression analysis approach, we examined the organizational impact when implementing ISMS. The top three types of difficulties for implementing ISMS are increased workload, Shortage of manpower and Lack of proper authority for information security team. The top four benefits for implementing ISMS are found to be: Gain reputation for enhancing information security, Raise value of governmental services, Establish standardized and documented information security processes, and Raise information security awareness and capabilities of organization staff. The top four critical success factors for implementing ISMS are shown as: Top management support and commitment, Project team members with information security capabilities, Proactive push by information security team, and On-going information security advocacy and training. Embarking on ISMS is one key step in enterprise management; therefore, enterprises should control the critical successful factors and minimize the possible difficulties in order to realize more benefits. To attain more complete information security, carrying out PDCA (Plan, Do, Check, Act) and improving ISMS will be the main factors. |
本系統之摘要資訊系依該期刊論文摘要之資訊為主。