A Study on the Implementation of Information Security Management System with ISO 27001 in Military School－A Case of National Defense University in R.O.C.

• Main Authors: Tzeng,Thangru, 曾顯儒
• Other Authors: Yu,Tingjung
• Format: Others
• Language: zh-TW
• Published: 2011
• Online Access: http://ndltd.ncl.edu.tw/handle/33256863191449307058

碩士 === 國防大學管理學院 === 資訊管理學系 === 100 === Currently all the military units of Ministry of National Defense R.O.C produce and transmit information within a closed network. How to prevent information from being stolen, destroyed, and collected for ensuring the security of national defense information is the most important challenge in information management unit. Since National Defense University (NDU) is the personnel training place to take the military base, continuing, and graduate educations, it can not keep away from the control of information security. This paper tries to strengthen the protection of information security of NDU based on ISO 27001 by exploring the security strategies and priority measures. On the other hand, by the different views of experts and information managers for information security management system, this paper attempts to find the proper information security criteria on military school. This study first of all uses the way of questionnaire to understand the existing circumstances of NDU about introducing ISO 27001. Secondly, the summary about implementation priorities and key factors of ISO 27001 for military school is proposed by AHP method and expert interviews. Finally, this paper identifies the high risk measures of information security by associating the violative control measures resulted from recently information security incidents with ISO 27001 to improve the existing information security management and control measures in NDU and to make decision-making on implementing information security management system for military organizations.