| Summary: | 碩士 === 國立中央大學 === 高階主管企管碩士班 === 106 === An enterprise can be more competitive by utilizing the rapidly advanced information technologies including Cloud, Big Data and Internet of Things (IoT). To keep up with the modern technology for information security management is crucial to the future of the company.
This study is based on the ISO (International Organization for Standardization) 27001 Information Security Management System (ISMS) and uses the case study method to examine the upgrade from the ISO 27001: 2005 version to the ISO 27001: 2013 one of the targeted petrochemical company. With data collected from literature reviews, archival records, long-term direct observations and participatory observations, we can understand more about the information security risk control process in order to improve ISMS. This study first, compared the differences between the old and the new version of ISMS, and then analyzed the case management process in response to the new ISMS version of risk management. The study finally analyzed whether the case company has enhanced its information security performance after the revision upgrade. The results show that the upgraded ISMS adding both external and internal issues can help identifying new weaknesses and threats to improve the performance of the information security management. The established measurable ISMS performance management indicators are also useful for daily management of the information security.
Information security management is one critical aspect of the risk management of an enterprise. By implementing the ISMS system, combined with the work approval process and supplemented by technical advances, we can enhance our security capability more effectively.
|
|---|
