Malicious Software Management for Campus Information Systems Using ISO 27001 － A Case Study on School Affairs Systems of Some Junior High School in Hsinchu Country

• Main Authors: PENG, CHIAO-YUN, 彭巧勻
• Other Authors: TSAUR, WOEI-JIUNN
• Format: Others
• Language: zh-TW
• Published: 2017
• Online Access: http://ndltd.ncl.edu.tw/handle/3gpa56

碩士 === 大葉大學 === 資訊管理學系碩士班 === 105 === The development of information technology and the advance of the Internet have made it possible for people to quicken the speed of updating information, store enormous data, communicate with one another more frequently, and get much closer with others. While all these bring conveniences to mankind, they also become avenues that cybercriminals take advantage of. Now cutting-edge technological software and products have been widely used in schools to help boost administrative efficiency and shorten administrative procedures. However, while such convenience benefits substantially, threats that malicious software have brought about should also be taken into consideration. From this perspective, to establish a set of strategies to manage crisis over information security is a critical issue to address. It should be set up in advance, while the information system is still intact so that the loss caused by the attack of malicious software can be prevented. Based on ISO 27001 information security management standard, this study designs an in-depth interview, focusing on four dimensions—planning, execution, assessment, and improvement—to examine how the participated junior high school in Hsinch County managed information security when malicious software came with menaces. The findings show that the school of this case study did not comply with related regulations to do the rectification and management, and that no efficient measure was taken to prevent campus network from being attacked by malicious software. Such inadequacy resulted in the poor crisis management when that junior high school faced attack events of malicious software. As a precaution, this study suggests (1) increasing the number of managers for campus information system, (2) constantly enhancing junior high school’s management structure against malicious software, (3) improving the prevention of information security, (4) designing learning opportunities to learn how to prevent malicious software from intruding into the campus, and lastly (5) promoting and strengthening the awareness of information security. It is hoped that all these endeavors will efficiently fend off the trespass of malicious software into the campus.