A Study on Feasibility of Information Security Management Implementation with ISO27001-a Case of One Military Academy

• Main Authors: LU,MING-YI, 呂明逸
• Other Authors: FU,CHEN-HUA
• Format: Others
• Language: zh-TW
• Published: 2018
• Online Access: http://ndltd.ncl.edu.tw/handle/ruu3vu

碩士 === 國防大學 === 資訊管理學系 === 106 === With the development of the times, the improvement of science and technology, as well as common uses of electronics in daily life, we rely more on information technology that causes rampant hackers and raging computer viruses. In order that, domestic and foreign government, military academies and private enterprises suffer. We have to strengthen the information security system and enhance the security level of information communication so that we are able to protect the organs and personal information from a variety of security threats at home and abroad. This study is mainly used in the 14 ISO 27001 control fields of 35 control objectives and 114 control measures, through expert interviews and the questionnaire, to explore the problems and improvement of security management military academies may face, through the ISO 27001 Verification program, to establish the best level structure, with analyzing level method, summarized into the ISO 27001 researching structure of information security management, we can improve abilities of risk control. The findings show that "information security policy" is the most important factor that should be listed as the most important factor in the feasibility of introducing information security for a certain military academy in the national army. The order of followings is "information security organization" and "asset management."After verification, the continuing verification of the audit organization and the continuous updating of ISO 27001 will ensure that the school units keep abreast of the latest information and continue to protect the school units. The operation of the information security management system and the ISO 27001 verification are tantamount to a security badge, and users can easily tell which organizations are certified and trusted. As users become more cautious of cybersecurity loopholes, they will start to seek specific security, and the operation of the information security management system and ISO 27001 certification will provide the confidence they need.