Discussion on Establishing Information Security Management System Based on ISO 27001: 2013 Revolving Edition--Taking a University as an Example

• Main Authors: TSAI, LING-YI, 蔡伶宜
• Other Authors: WANG, CHANG-BIN
• Format: Others
• Language: zh-TW
• Published: 2018
• Online Access: http://ndltd.ncl.edu.tw/handle/a969w4

碩士 === 南華大學 === 資訊管理學系 === 106 === 　　Nowadays, due to the rapid development of information technology, the application of Information Security Management System (ISMS) to the internet usage has become a primary task. With the monitoring of ISMS, we can keep our personal and private information confidential. Otherwise, personal information could be stolen, pirated or tampered. Moreover, ISMS can improve the information security for the organizations, and reduce the damage in the security events. 　　The Ministry of Education released the new "Information Security Management and Personal Information Management Practices for Education System" in August 15, 2016, and took it as the core of the verification mechanism. This case study aims to investigate the motivation to adopt the new version of ISMS, the differences between the previous and new versions, the execution of the information assets and the risk assessment, the establishment of new ISMS standard and the authentication of the third-party. This study makes further interpretations of the difficulties, solutions, benefits, and the succeeding factors of implementing the new "Information Security Management Practices for Education System". Hopefully, the study can provide the practical suggestions for any organizations willing to adopt the new Information Security Management Practices for Education System".