A Case Study on Taiwan’s Government Organizations Performance Evaluation Indicators for Implementing Information Security Management System

• Main Authors: Ya-chuan ke, 柯雅娟
• Other Authors: none
• Format: Others
• Language: zh-TW
• Published: 2007
• Online Access: http://ndltd.ncl.edu.tw/handle/m74yyu

碩士 === 國立臺灣科技大學 === 資訊管理系 === 95 === In the recent years, the invasion of computer virus, Trojan Horses and hacker has not only caused great damages to the operation of enterprise but also leads to the confidential information leak-out. To take precaution against this problem, the domestic and overseas companies are using ISMS (Information Security Management System) to keep the important business operation going and minimize the risk of information leak-out to the lowest when serious attacks occur. Through the studies of related performance evaluation, ISMS individual case studies and information security development strategies, they have conducted the Balance Socrecard evaluation management model and created an ISMS performance evaluation indicator system. The information security development strategies and goals are defined by the four perspectives of Balanced Scorecard –‘Mission’, ‘Customer’, ‘Internal Business Process and ‘Learning and Growth’, and conclude strategy measures and action plans. This case study has concluded that to design a successful Balanced Scorecard, a 4C principle – Communication, Control, Connection and Completeness. The reference of these four 4C principles allows each institution implementing ISMS to establish performance evaluation system. The studies also show that attention on both sides of the supervisor and employees to two-way communication model minimizes resistance to application; focus on strategic objective relation enables increase of efficiency in performance management; establishment of an all-sided and complete set of indicators enhances the applicability of balance score card; good flow control ability facilitates the practice of balance score card.