建構個人資料保護之數位證據鑑識標準作業程序

我國公布新版修訂個人資料保護法是最近政府、企業組織與資訊界熱衷討論的議題，企業組織必須注意其所實施的資訊安全管理系統（ISMS），能否導入法規遵循（Compliance），支撐控制項目的運用，以達到個人資料保護法所規範要求，因此本文希望藉由ISMS　ISO27001管理要項，整合數位鑑識程序進行研究對應，並以國內學者林宜隆教授提出數位證據標準程序進行修正，建構個人資料保護數位證據鑑識標準作業程序雛型架構（Digital Evidence Forensics Standard Operating Procedure for Personal Information Protection Management，DEFSOP for PIPM），期望提供整合資訊安全治理機制，使其能導入政府機關及企業組織，強化組織在個資保護層面上的數位證據蒐證和舉證、與資安防護能量或培育鑑識專業人才之參考依據。

關鍵字

資訊安全管理系統；個人資料保護法；數位證據鑑識標準作業程序

並列摘要

Recently the government, business organizations and IT industry are keen to discuss the announced new amendments to the Personal Data Protection Act issues. In this research, we are interested in corporate organization and implementation of information security management system (ISMS), and its ability to import compliance (the Compliance) to support the use of the control project in order to achieve personal Data Protection Act by the specification requirements through the management of the ISMS ISO 27001 according to the study corresponding to integration of digital forensics programs by the domestic scholars I-Long Lin Professor requests that the digital evidence standard procedure be amended. In addition, we construct the personal data protection of Digital Evidence Forensics Standard Operating Procedure for Personal Information Protection Management (DEFSOP for PIPM).Provides an integrated information security governance mechanisms for government agencies and corporate organizations, which strengthen the organization and the facets of digital evidence in the capital protection level of evidence collection and presentation of evidence, and the information security protection energy or training reference for forensic professionals.

並列關鍵字

Information Security Management System ； Personal Data Protection Act ； Digital Evidence Forensic Standard Operating Procedures

參考文獻

Antenucci, J. C.,Brown, K.,Croswell, P. L.,Kevany, M. J.,Archer, H.(1991).Geographic Information Systems-A Guide to the Technology.New York:Chapman and Hall.