Return to search

行政院僑務委員會資訊安全管理現況分析 / A study of information security management -a case of OCAC

本研究以資訊安全管理的觀點以個案研究的方式,從機關資訊安全管理的策略、技術、組織、人力以及環境等五個面向切入,訪談機關中資訊單位與業務單位人員,藉以深入探討僑務委員會的資安現況以及目前資訊安全管理所遭遇的困難,並且進一步的提出可能的解決方式以及本研究發現的研究命題。

本研究歸納出四點結論:(1)主管對於機關資訊安全的重視影響部屬對機關資訊安全管理措施的遵循與重視;(2)資訊人員跨部門溝通能力略微不足;(3)教育訓練實際效果與預期目標之間存在落差,易導致溝通問題而引起業務單位反彈;(4)機關的核心業務未納入資訊安全驗證範圍中,無法完備資安管理之落實。

針對研究發現,本研究提出之解決方法為:(1)加強資訊人員之跨部門溝通能力;(2)採取更有效的教育訓練方式;(3)將核心業務納入資訊安全驗證範圍中以確保資訊安全管理。 / Based on the theory of informationsSecurity management, The study conduct a case study of qualitative approach.Five propositions are delveloped according to the strategy of information security management, technologies, organizations, human resource and environments and the interviews of the staff of Overseas Compatriot Affairs Commission (OCAC), including IT staff and business staff. IT attempts to find out the status quo and difficulties of information security management in OCAC. Furthermore,the study also proposes plausible solutions to resolve those diffculties.

The study concludes with four aspect of conclusion: (1) The manager ‘high priority and attention to information security, ead to the OCAC employees’, will affect employees’ compliance with information security rules. (2) IT staff are found to be comparatively lack of the inter-departmental communication skill to promote information security (3) There is a gap between expectation and the practical effect which then causes (4) Because the OCAC core business are not included in the scope of information security management verification, the implementation very unlikely to complete as required.

According to the previous findings, the study proposes propose the plausible resolution to advance information security management in OCAC, including (1) strengthening of the inter-departmental communication skill of IT staff (2) adopting more effective way to train the core business staff, and make sure its effectiveness. (3) core businesses should be included in the scope of information security management verification to ensure that completeness and effectiveness of information security management.

Identiferoai:union.ndltd.org:CHENGCHI/G0093256031
Creators林劭怡
Publisher國立政治大學
Source SetsNational Chengchi University Libraries
Language中文
Detected LanguageEnglish
Typetext
RightsCopyright © nccu library on behalf of the copyright holders

Page generated in 0.0021 seconds