After importing the military effectiveness of ISO/IEC 27001 Information Security Policy Analysis –Taking a unit basis

碩士 === 健行科技大學 === 資訊管理系碩士班 === 104 === Because of the fast development of technology and internet, It also improves the convenience and efficiency of human life. The government agencies and business also rely on information systems more and more because they want to keep their competitiveness and im...

Full description

Bibliographic Details
Main Authors: Yao-Ren Chang, 張耀仁
Other Authors: Jie-Cherng Chen
Format: Others
Language:zh-TW
Published: 2016
Online Access:http://ndltd.ncl.edu.tw/handle/r2g5bz
id ndltd-TW-104CYU05399004
record_format oai_dc
collection NDLTD
language zh-TW
format Others
sources NDLTD
description 碩士 === 健行科技大學 === 資訊管理系碩士班 === 104 === Because of the fast development of technology and internet, It also improves the convenience and efficiency of human life. The government agencies and business also rely on information systems more and more because they want to keep their competitiveness and improve the efficiency. The information network technology brought the convenience and openness. It also produced the information security issues. This becomes serious threat to the personal, organizations and even the entire country. Due to rapid development of technology and the Internet, but also to enhance the convenience and efficiency of human life, the government and business in order to maintain competitiveness and improve the effectiveness of information systems rely more and more weight, but with the science and technology information network brought to facilitate and openness, the relative also produced information security issues, which for individuals, organizations and even countries, are a serious threat. The study of information security has moved to management field from technology field in recent years. Especially after the Enron case happened. Every business unit besides build defense mechanism of information technology, it’s also getting more serious about internal control. There is 911 in 2001 in USA, although it’s a terrorist attacks, but it also exposes the weakness of business information. Especially the business suffered in a serious setback for its continue operation. The business unit has started to enterprises reflections information security issues. In recent years, information security technology research has entered the field from the field to management , especially after the outbreak of the US Enron case , the various business units in addition to build the information technology defenses outside of internal Controls are becoming increasingly stringent. 911 events occurred in 2001 in the United States , although it is terrorist attacks , but also exposed the vulnerability of business information , especially in the ability to continue operating the business suffered a serious setback , but also to start enterprises Reflections information security issues. Because the popularity of e- highly organized global network of relationships , patterns of various organizations , enterprises, institutions units are based on the level of demand from their practice and custom e- development , using information not only during the data processing only, or even contains a financial transaction behavior , a variety of demanding applications highlight the importance of e era of information security. With the advancement of information technology development , national defense business integration and reliance on the use of information systems increased year by year , the business of information technology and the process to obtain immediate information through the Internet , then computers from cyber attacks or alert information leakage events have Diego heard . National information security point of view, information security of military units is to be taken seriously , and the relevant military or special military units , hiring staff , training staff and students , business trip people , engineering support and other providers are directly or indirectly acquire high-risk group of military information. Today the military use of military units closed military units of the pipeline network to do for the information system of production and delivery , the importance of ensuring national defense information security , without being interested parties theft, sabotage , intelligence gathering , etc., for the current through asset management unit the most important challenge facing the issue . Standard Specification for Information Security Management System , was first started by the DTI (UK Department of Trade and Industry) to conduct Information Security Management System (Information Security Management System, abbreviated : ISMS) for the primary purpose of the UK National Standards Development (British Standard), and released in 1995, announcement . After the 2005 revision and approval by the ISO number ISO/IEC 27001: 2005, last revised in 2013 revised ISO/IEC 27001: 2013. So far , the world has more than 1000 organizations verified. DOD has issued Order 99 , " military information security policy " , asked all units in accordance with ISO/IEC 27001 standard control measures to establish information security management system , and in accordance with the requirements of the Deming cycle " Plan - Do - Check - Improve " the PDCA ( Plan-Do-Check-Action) cycle mode , continue to promote the information security management activities to effectively manage information security risks to achieve the purpose to ensure information security . Given the " Personal Data Protection Act" in the Republic of China after 101 years October 1 implementation , a clear law given category of personal information , official organ collection, processing , use the guidance of a resource and breach of a funding method of the penalties , so the existing of the information in under security management system (ISMS) framework to ensure a capital protection and privacy seems to military units priority. The main purpose of this study is aimed at an army unit to carry out the survey , the use of Information Security Management System (ISMS) specification to carry out, the effectiveness of the implementation of the relevant Security Policy in the unit after the analysis , and to understand the ISO/IEC 27001 standards control measures , which area is to improve the effectiveness of most Zhidezhuyi place , and made available to reference a national army in the future to implement or amend information security policy when , and in the future will continue to strengthen and improve the basis of existing information security control measures , the can provide future military units To build information security management system and information security policy , given a reference policies .
author2 Jie-Cherng Chen
author_facet Jie-Cherng Chen
Yao-Ren Chang
張耀仁
author Yao-Ren Chang
張耀仁
spellingShingle Yao-Ren Chang
張耀仁
After importing the military effectiveness of ISO/IEC 27001 Information Security Policy Analysis –Taking a unit basis
author_sort Yao-Ren Chang
title After importing the military effectiveness of ISO/IEC 27001 Information Security Policy Analysis –Taking a unit basis
title_short After importing the military effectiveness of ISO/IEC 27001 Information Security Policy Analysis –Taking a unit basis
title_full After importing the military effectiveness of ISO/IEC 27001 Information Security Policy Analysis –Taking a unit basis
title_fullStr After importing the military effectiveness of ISO/IEC 27001 Information Security Policy Analysis –Taking a unit basis
title_full_unstemmed After importing the military effectiveness of ISO/IEC 27001 Information Security Policy Analysis –Taking a unit basis
title_sort after importing the military effectiveness of iso/iec 27001 information security policy analysis –taking a unit basis
publishDate 2016
url http://ndltd.ncl.edu.tw/handle/r2g5bz
work_keys_str_mv AT yaorenchang afterimportingthemilitaryeffectivenessofisoiec27001informationsecuritypolicyanalysistakingaunitbasis
AT zhāngyàorén afterimportingthemilitaryeffectivenessofisoiec27001informationsecuritypolicyanalysistakingaunitbasis
AT yaorenchang guójūndǎorùisoiec27001zīxùnānquánzhèngcèhòuchéngxiàofēnxīyǐmǒudānwèiwèijīchǔ
AT zhāngyàorén guójūndǎorùisoiec27001zīxùnānquánzhèngcèhòuchéngxiàofēnxīyǐmǒudānwèiwèijīchǔ
_version_ 1719139874032844800
spelling ndltd-TW-104CYU053990042019-05-15T23:01:40Z http://ndltd.ncl.edu.tw/handle/r2g5bz After importing the military effectiveness of ISO/IEC 27001 Information Security Policy Analysis –Taking a unit basis 國軍導入ISO/IEC 27001資訊安全政策後成效分析-以某單位為基礎 Yao-Ren Chang 張耀仁 碩士 健行科技大學 資訊管理系碩士班 104 Because of the fast development of technology and internet, It also improves the convenience and efficiency of human life. The government agencies and business also rely on information systems more and more because they want to keep their competitiveness and improve the efficiency. The information network technology brought the convenience and openness. It also produced the information security issues. This becomes serious threat to the personal, organizations and even the entire country. Due to rapid development of technology and the Internet, but also to enhance the convenience and efficiency of human life, the government and business in order to maintain competitiveness and improve the effectiveness of information systems rely more and more weight, but with the science and technology information network brought to facilitate and openness, the relative also produced information security issues, which for individuals, organizations and even countries, are a serious threat. The study of information security has moved to management field from technology field in recent years. Especially after the Enron case happened. Every business unit besides build defense mechanism of information technology, it’s also getting more serious about internal control. There is 911 in 2001 in USA, although it’s a terrorist attacks, but it also exposes the weakness of business information. Especially the business suffered in a serious setback for its continue operation. The business unit has started to enterprises reflections information security issues. In recent years, information security technology research has entered the field from the field to management , especially after the outbreak of the US Enron case , the various business units in addition to build the information technology defenses outside of internal Controls are becoming increasingly stringent. 911 events occurred in 2001 in the United States , although it is terrorist attacks , but also exposed the vulnerability of business information , especially in the ability to continue operating the business suffered a serious setback , but also to start enterprises Reflections information security issues. Because the popularity of e- highly organized global network of relationships , patterns of various organizations , enterprises, institutions units are based on the level of demand from their practice and custom e- development , using information not only during the data processing only, or even contains a financial transaction behavior , a variety of demanding applications highlight the importance of e era of information security. With the advancement of information technology development , national defense business integration and reliance on the use of information systems increased year by year , the business of information technology and the process to obtain immediate information through the Internet , then computers from cyber attacks or alert information leakage events have Diego heard . National information security point of view, information security of military units is to be taken seriously , and the relevant military or special military units , hiring staff , training staff and students , business trip people , engineering support and other providers are directly or indirectly acquire high-risk group of military information. Today the military use of military units closed military units of the pipeline network to do for the information system of production and delivery , the importance of ensuring national defense information security , without being interested parties theft, sabotage , intelligence gathering , etc., for the current through asset management unit the most important challenge facing the issue . Standard Specification for Information Security Management System , was first started by the DTI (UK Department of Trade and Industry) to conduct Information Security Management System (Information Security Management System, abbreviated : ISMS) for the primary purpose of the UK National Standards Development (British Standard), and released in 1995, announcement . After the 2005 revision and approval by the ISO number ISO/IEC 27001: 2005, last revised in 2013 revised ISO/IEC 27001: 2013. So far , the world has more than 1000 organizations verified. DOD has issued Order 99 , " military information security policy " , asked all units in accordance with ISO/IEC 27001 standard control measures to establish information security management system , and in accordance with the requirements of the Deming cycle " Plan - Do - Check - Improve " the PDCA ( Plan-Do-Check-Action) cycle mode , continue to promote the information security management activities to effectively manage information security risks to achieve the purpose to ensure information security . Given the " Personal Data Protection Act" in the Republic of China after 101 years October 1 implementation , a clear law given category of personal information , official organ collection, processing , use the guidance of a resource and breach of a funding method of the penalties , so the existing of the information in under security management system (ISMS) framework to ensure a capital protection and privacy seems to military units priority. The main purpose of this study is aimed at an army unit to carry out the survey , the use of Information Security Management System (ISMS) specification to carry out, the effectiveness of the implementation of the relevant Security Policy in the unit after the analysis , and to understand the ISO/IEC 27001 standards control measures , which area is to improve the effectiveness of most Zhidezhuyi place , and made available to reference a national army in the future to implement or amend information security policy when , and in the future will continue to strengthen and improve the basis of existing information security control measures , the can provide future military units To build information security management system and information security policy , given a reference policies . Jie-Cherng Chen 陳皆成 2016 學位論文 ; thesis 63 zh-TW