- About
-
The Global ETD Search service is a free service for researchers
to find electronic theses and dissertations. This service is
provided by the
Networked Digital Library of Theses and Dissertations.
Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
Search results
Showing 31 to 40 of 54 (0.009 seconds)| 31 |
保險業因應新版個資法之資安管理研究-以S公司為例 / Information Security Management for Insurance in Response to the New Version of Personal Data Protection Law-A Case Study of S Company謝正彬 Unknown Date (has links)
新版個人資料保護法,在歷經立法院多年之審議,於民國99 年4月27日三讀通過,並於同年5月26 日由總統公布;而行政院也在歷經一年多來與國內各界反覆討論後,正式公布「個資法施行細則修正條文」,並定於民國101年10月1日正式施行。
雖然早在「電腦處理個人資料保護法」的年代,保險業已經列入法律適用範圍內,但還是侷限於電腦資料的處理;而保險業在相關資訊安全管理工作的施行,主要多侷限於公司單位所管理電子資料為主。保險業無論公司規模大小、擁有個人資料數量多寡,均必需受到個人資料保護法規範;而在客戶個人資料蒐集、處理及各式的運用上,此法無疑對保險業造成莫大衝擊。因此積極規劃及施行滿足個人資料保護的資訊安全管理制度,是保險公司當前極為重要的課題。
本研究的目的在以個人資料保護法為法令遵循為前提,探討多數保險業現行採行的ISO 27001資訊安全管理標準為基礎架構,蒐集分析國內外個人資訊管理系統(PIMS)規範,期望在滿足保險業業務特性下,透過個案公司規劃實例,為個案公司及保險業掌握資安管理制度的關鍵重點,強化個人資料保護防護作為,以符合個資保護要求。
|
| 32 |
戶政資訊安全管理機制之研究-以新北市戶政機關為例 / The study of residence administration information security management:the case of household registration office,New Taipei City蔡玫娟 Unknown Date (has links)
戶政機關所掌管個人自出生到死亡之機敏隱私戶籍記錄資料,為一切行政措施的基礎資訊,並與人民權益相關,在現今已全面電腦化,並透過資訊系統加以蒐集、使用、管理與流通之過程中,僅依現行法令規章及內政部制訂之系統安全管理規範似不足以確保個資之安全性,且無法完全防杜個資之外洩,造成民眾人身安全威脅與權益受損之風險。
面對個資保護等相關法制之推行及行政院於2009年1月訂頒「國家資通訊安全發展方案〈2009-2012年〉」之願景目標,新北市政府民政局預見其重要性並率先配合辦理,期為該市戶政機關建構一優質資安環境,於2011年6月份起擇轄內三重區戶政事務所導入資訊安全管理系統及中和區戶政事務所建置個資安全管理機制;本研究以上述兩戶政機關為個案,經由資訊安全管理觀點透過質性研究方式,深入探討戶政機關於資訊〈個資〉安全之相關實務管理問題,提出資訊〈個資〉安全管理重點與建議,以供新北市政府民政局未來規劃所轄戶政機關資訊安全管理之參據。
本研究歸結出新北市戶政機關資安管理現況問題,其分別為:一、新北市戶政機關普遍缺乏資訊專業人員與知能;二、新北市無訂定全市戶政機關戶政資訊管理規範;三、新北市戶政機關資訊安全編組及職掌疊床架屋;四、新北市戶政機關欠缺風險管理及評鑑執行能力;五、新北市戶政資訊稽核機制未完備且無專業稽核人員。
針對上述研究發現,本研究建議新北市政府民政局參照內政部規範之戶役政資訊系統安全防護需求,依據ISO 27001及個人資料保護法之規範,統籌律訂新北市各區戶政事務所資訊安全編組、風險管理及稽核機制,建立一套以落實資訊安全管理為目的,明確、有效、易於遵循之規範原則,供所屬戶政機關予以遵循,並透過教育訓練加強相關人員專業知能及執行能力,最後藉PDCA循環模型之作法,強化及落實個資保護目標。
|
| 33 |
Zhodnocení připravenosti podniku na zavedení ISO 27001 pomocí GAP analýzy / Evaluation of preparedness of a business for an implementation of ISO 27001 using Gap analysisZrcek, Tomáš January 2016 (has links)
The aim of the thesis is to evaluate the preparedness of an information security management system (ISMS) in a logistic company JASA s.r.o. for a certification by standard ISO/IEC 27001:2013. This enterprise oscillates between small and medium enterprise. It has already implemented the certificate on quality management ISO 9001:2008. For this reason, in the thesis there are presented advantages for a company that already has implemented one of ISO standards and decides to implement another. First of all, the present state of information security management system in Jasa s.r.o was compared to other businesses functioning in the Czech and European market. Then the company control environment was evaluated accordingly to the requirements of standard ISO/IEC 27001:2013. Furthermore, a scheme was created in order to evaluate specific controls based on the impact risk that could arise in case of ignoring the suggested recommendations. In the last part, the controls were evaluated accordingly to difficulty, so that the company can find cheap and fast solutions with adequate impact. The main contribution of the thesis is the evaluation of the approach to solve information security in one of many enterprises that are afraid or are starting to notice the increasing amount of security threats. This approach may be chosen by other companies that decide to go the similar way.
|
| 34 |
Metodika zavedení síťové bezpečnosti v softwarové společnosti / Implementation Methodology of Network Security in the Software CompanyTomaga, Jakub January 2013 (has links)
This thesis deals with network security and its deployment in the real environment of the software company. The thesis describes information management framework with a specific concentration on computer networks. Network security policy is designed as well as network infrastructure modifications in order to increase the level of security. All parts of the solution are also analyzed from financial point of view.
|
| 35 |
Gap Analysis of Information Security Management Systems in Sri Lankan Higher Education InstitutesDon Appuhamilage, Suneth Piumal, Rathnayake, Rathnayake Mudiyanselage Dineth Udyan January 2023 (has links)
This work presents an overview of preliminary stages taken towards proper establishment ofan Information Security Management System (ISMS) for Sri Lankan Higher EducationInstitutes (HEIs) based on ISO/IEC 27001:2013 standard. This study consists with a gapanalysis conducted on selected HEIs within Sri Lanka to evaluate their compliance withISO/IEC 27001:2013 standards. This analysis aimed at identifying gaps in existing informationsecurity practices and assess associated risks to Sri Lankan HEIs. To provide a more tailoredapproach, Management, Technical, and Operational (MTO) model was introduced, aligningwith institute’s structure and responsibilities. This research also emphasizes on criticality ofprotecting information assets and the need for comprehensive controls to ensureconfidentiality, integrity, and availability. Additionally, the study investigates the level ofinformation security compliance with ISO/IEC 27001:2013 among the selected HEIs. Theresults reveal a maturity level of 2, indicating numerous control weaknesses and highlightingthe need for developing security policies, procedures, and implementing a securitymanagement system and security culture. The research concludes with detailed benchmarkingresults, maturity level measurements for each security control domain, and recommendationsfor improvement.
|
| 36 |
The Impact of ISO 27001 Compliance on Employees' Information Security Awareness and Behaviors in Medium Sized Enterprises (MSEs)Munir, Noman January 2024 (has links)
No description available.
|
| 37 |
Návrh metodiky bezpečnosti informací v podniku / Design of Information Security Methodology in the CompanyBartoš, Lukáš January 2013 (has links)
This thesis proposes a design of information security methodology in the company. After the theoretical bases of this thesis is introduced company for which is intended this work. Then is performed analysis of risks based on selected assets and potential threats. Followed by design of the measures to minimize the creation of possible risks in the company.
|
| 38 |
Návrh zavedení bezpečnostních opatření ve společnosti vyvíjející software / Proposal for the Implementation of Security Measures in the Software Development CompanyŠtěpánek, Daniel January 2017 (has links)
Master's thesis focuses on proposal for the implementation of security measures in the software development company. Theoretical section defines chosen information security terms. Analytical section deals with analysis and assessment of current security situation in the company. Solution proposal contains risk analysis, proposal of security measures for risk treatment and economic evaluation.
|
| 39 |
Zavádění řízení informační bezpečnosti ve zdravotnickém zařízení / The Implementation of Information Security in Healthcare OrganizationProcingerová, Lucie January 2017 (has links)
This Master‘s thesis is based on knowledge of information security and its management. The thesis is divided into two parts. The first part provides the theoretical background, definitions and terminology according to the information security management and it is based on concepts from standard ISO 27000 series. The second part aims to analysis of a selected company. Following to this analysis proposal of implementation of information security management system and security guide is drawn up. This guide contains recommendations for ICT security management and advices in field of personal and physical security in company.
|
| 40 |
Návrh metodiky pro příručku ISMS a opatření aplikované na vybrané oblasti / Proposal of Methodics for ISMS Guide and Measures Applied to Selected AreasNemec, Tomáš January 2013 (has links)
Content of this thesis is a methodology for creating ISMS Security Manual. Implementation of the proposal is supported by theoretical knowledge in the introductory part of this work. Practical process design methodology is conditional on the structure of the international standard ISO/IEC 27001:2005.
|
Page generated in 0.6676 seconds