Case Studies on Adopting Full-Scope Information Security Management System in Organizations

• Main Authors: Chen Hung Wang, 王振鴻
• Other Authors: J. J. Hwang
• Format: Others
• Published: 2009
• Online Access: http://ndltd.ncl.edu.tw/handle/04948738289553420413

碩士 === 長庚大學 === 資訊管理學研究所 === 97 === 　　Replacing a large number of manual operations, the information systems become one of the most important infrastructures in enterprises. Therefore, enterprises have started to pay attention to the protection of its information assets. To avoid attack from external or destroy from internal, strengthening risk management and reducing the occurrence of security incidents has become the focus point to ensure the confidentiality, integrity and availability of information systems and assets. 　　The International Organization for Standardization officially announced ISO 27001 in April 2005. This standard is the most wildly accepted and adopted standard in the world. Based upon continual feedback management cycle, the ISO 27001 standard implements asset identification, reduces risk management, and develops information security policies to achieve the organizational objective for information security management. 　　Interviews and surveys are performed to study four cases of organizational adaption and certification of ISMS. In particular, the following topics concerning full-scope adaptation of ISMS are presented through in-depth analysis: 1.Evaluation aspects of full-scope adaptation, 2.Critical success factors, 3.Difficulties encountered, and 4.Benefits from adopting ISMS.