| Summary: | 碩士 === 國立臺北大學 === 公共行政暨政策學系 === 98 === Nowadays many industries and governmental organizations have stepped into the operating environment of digital data; however, it is easy to duplicate and spread digital data and the internet is very prevalent today, which has resulted in the endless disclosure events of internal important confidential documents, making the organizations suffer from not only the loss of reputation but also the serious loss of the substantive property owing to the letting out of the core technology. In the past, the organizations usually spent a lot of time and cost in guarding against the unlawful attack from the external users, but the occurrence of the issues of information security today mainly arises from the illegal stealing of the internal employees instead of the external attack, which makes it impossible to offer the organizations the overall information security protection through the traditional structure.
In order to prevent the internal employees from stealing, disclosing, or selling the confidential documents through the lawful channels, thus causing serious loss, more and more industries and governmental organizations have begun to face up to and try to solve the information security problems and the introduction of information security management standard is one of the general solutions.
The International Organization for Standardization officially announced ISO 27001 in 2005. It is the information security management standard that is accepted and adopted by the most industry organizations in the world. The organizations can attain their objective of information security management through continual feedback management cycle.
This research uses Theory of Constraints to find out the problems which may happen while the organization introduces Information Security Policy, and then applies logical relationship to locating the crucial problem. The research also employs Conflict Logic to find out the practicable solution. In addition, aiming at the possible obstacles that may occur in execution, elimination projects are proposed to reduce the risk of information security and the occurrence of information security issues.
|
|---|
