| Summary: | 碩士 === 清雲科技大學 === 資訊管理所 === 99 === As the internet develops in recent years, integrating information technology to elevate organizational performance and competitiveness has become a global trend. However, as the information security has been constantly under attack and the information crime has frequently taken a new form, how to establish an appropriate information security management system in order to protect the organizational information properties and maintain the processes of organizations for business continuity has become the need of many corporations. In responding to this need, the international standard of ISO/IEC 27001 Information Security Management System (ISMS) has been developed and published by the International Organization for Standardization (ISO). Based on ISO/IEC 27001, a corporation could manage the use of organizational information properties, the security of information equipment and the access control of users, which then ensures the confidentiality, integrity, and availability of information property.
Those three characteristics mentioned above are equally important and none of them is negligible. Nonetheless, there is a potential conflicting relationship among those three characteristics. While confidentiality is increased, then availability and integrity might decrease. Thus this study aims to investigate the influence of ISMS controls on software project performance, to examine the critical successful factors for ISMS implementation, and to explore the common problems and difficulties in the ISMS implementation processes.
This study adopts a qualitative research method — interviewing. Three companies, which have achieve ISO 27001 certification, have been investigated according to the ISMS controls of ISO/ISE 27001 in this study. Content Analysis is adopted to analyze transcripts, triangulation is adopted to ensure the reliability and validity of this study and leading to the conclusions.
The findings show that: (1) among the ISMS controls, “change control process” and “technical review of applications after operating system changes” have the most distinctive negative influence on the software project performance; (2) the major critical successful factors of ISMS implementation are the full support and commitment from top management, and the participation and consensus of all the staff; (3) the most common problems and difficulties of ISMS implementation are lack of familiarity with ISMS standards among promote group members.
Finally, implications of the findings listed above are discussed. The findings of this study would provide an important reference for corporations in their future practices of ISMS implementation.
|
|---|
