- 學位論文
資訊安全管理制度中矯正措施之處理結果:資安專家與人工智慧的比較分析
The Results of Corrective Measures in the Information Security Management System: a Comparative Analysis between Information Security Experts and AI
本文將於2027/12/31開放下載。若您希望在開放下載時收到通知,可將文章加入收藏。
摘要
本論文以資訊安全管理制度中矯正措施的處理結果為主題,專注於資安專家與生成式人工智慧的比較分析。研究背景指出,隨著全球網絡擴展,有效的資訊安全管理系統(ISMS)對組織至關重要。ISO 27001標準提供了一套管理和保護組織資訊資產的系統性架構。然而,在實施此標準過程中,組織面臨多種挑戰,如不符合事項的識別和矯正。 研究目的在於探討資安專家與人工智慧在處理ISO 27001不符合事項及其矯正措施方面的效果。研究方法包括文獻回顧、個案研究和實驗設計,對比資安專家與人工智慧(特別是ChatGPT)的矯正措施建議。研究發現,雖然人工智慧在處理一些標準問題上顯示出速度和效率優勢,但對於複雜的安全挑戰,資安專家的經驗和對特定情況的深入了解則更具優勢。研究結論強調,AI和資安專家各有所長,組合使用兩者的優勢可以提高資訊安全管理的整體效能。未來研究應進一步探索如何有效整合人工智慧與專業人力資源,以應對日益複雜的資訊安全挑戰。 關鍵詞:資訊安全管理,ISO 27001,矯正措施,人工智慧,資安專家,不符合事項。
並列摘要
This thesis focuses on the results of corrective measures in the Information Security Management System, specifically analyzing the comparative effectiveness of information security experts and generative artificial intelligence (AI). The research context underscores the importance of effective Information Security Management Systems (ISMS) as organizations globally expand their digital footprint. The ISO 27001 standard provides a systematic framework for managing and safeguarding organizational information assets. However, organizations face multiple challenges in implementing this standard, such as identifying and correcting non-conformities. The purpose of this study is to investigate the effectiveness of security experts and AI in handling non-conformities and their corrective measures under the ISO 27001 standard. The research methods include literature review, case studies, and experimental designs comparing corrective measures suggested by security experts and AI (specifically ChatGPT). The findings suggest that while AI demonstrates speed and efficiency in handling some standard issues, security experts have advantages in dealing with complex security challenges due to their experience and in-depth understanding of specific situations.The conclusion emphasizes that both AI and security experts have strengths that can enhance the overall efficacy of information security management when used in combination. Future research should explore how to effectively integrate artificial intelligence with professional human resources to meet increasingly complex information security challenges. Keywords: Information Security Management, ISO 27001, Corrective Measures, Artificial Intelligence, Security Experts, Non-conformities.
參考文獻
1. Abbass Asosheh, Parvaneh Hajinazari & Hourieh Khodkari. (2013). A Practical Implementation of ISMS. 7th International Conference on e-Commerce in Developing Countries:with focus on e-Security, Kish Island, Iran, 2013, pp. 1-17, doi: 10.1109/ECDC.2013.6556730.
2. Abid Haleem, Mohd Javaid & Ravi Pratap Singh. (2022). An era of ChatGPT as a significant futuristic support tool: A study on features, abilities, and challenges. BenchCouncil Transactions on Benchmarks, Standards and Evaluations Volume 2, Issue 4, October 2022, 100089.
3. Amol Thakka , Simon Johansson, Kjell Jorner, David Buttar, Jean-Louis Reymond & Ola Engkvist. (2021). Artificial intelligence and automation in computer aided synthesis planning. Reaction Chemistry & Engineering 01 January 2021, Issue 1.
4. Bertino, Elisa & Kantarcioglu, Murat & Samtani, Sagar & Mittal, Sudip & Gupta, Maanak & Akcora, Gurcan. (2021). AI for Security and Security for AI. 10.1145/3422337.3450357.
5. Chandradeo Rajak, Jayshankar Bharti, Asfa Mateen, Nishtha Mehndiratta,