| Summary: | 碩士 === 東吳大學 === 資訊管理學系 === 102 === The thesis is based on a statistical analysis of the government agencies and the financial institutions that fulfilled the requirements for the ISO 27001 certification in Taiwan. The thesis will identify the most common nonconformities and further discuss the possible causes. The findings from this thesis can be a useful reference for those organizations, who can avoid the similar problems to be qualified for the ISO 27001 certification. In this thesis, we have identified the three most common nonconformities in the following order, i.e., “Communications and operations management”, “Access control”, and “Security requirements of information systems”. In this thesis, we have discovered that it is difficult for the organizations to formulate the procedures which meet the organization’s current operational processes and the ISO 27001 requirements. Those impracticable procedures lead to the nonconformities.
In addition, these organizations have also failed to find the root cause for the nonconformities. Therefore, it is incapable of adjusting its operational procedure in order to comply with the ISO 27001 requirements.
|
|---|
