Summary: | 碩士 === 國立高雄師範大學 === 資訊教育研究所 === 96 === “To understand the effect is to know the causes.” In the application of Information Technology (IT), improving the operations efficiency often brings about security problems. A careless mistake of access priority could cause a loss of hundreds of millions dollars. An unexpected attack could destroy all valued data. Information security is not just to avoid virus and hackers attacks. It involves all aspects of business activities. A multi-layer defense against information security cannot fend off attacks from external and internal network. No system can prevent man-made information incident.
Then, how can we protect our information assets and build a safe information operation environment for our organization? It depends on the quality of implementing the IT standards. Successful organizations recognize the importance of aligning IT strategy with the business strategy, the benefits of IT and using IT to take full advantage of it’s information assets. These organizations can thereby maximize benefits, capitalize on opportunities and gain competitive advantage.
This thesis has three aims. The first is to map and analyze code of practice for Information Security Management System (ISMS) - the ISO 27002 which was popularly adopted in Taiwan with IT quality governance – the Control Objectives for Information and related Technology (COBIT) 4.1, compares them regarding control and measurement. The second is to brief IT Assurance using COBIT4.1. The third is to apply COBIT 4.1 in Critical Infrastructure (CI). The COBIT 4.1 has a better control process approach to improve the control objectives, through the measured indices. The benefits of COBIT 4.1 are that it is effective, efficient, reliable and measurable when organizations want to implement ISMS.
|