摘要
近年來,國內許多組織為了提昇企業信譽與形象,強化資訊安全控管,紛紛導入資訊安全管理系統,並取得資訊安全認證。而在資訊安全規範中,營運持續管理(Business Continuity Management, BCM)都是標準中的重要管理要項之一。本研究採用個案研究方法,深入訪談兩家已經取得ISO/IEC 27001認證的金融機構,探討在資訊安全威脅下,金融機構如何推動與建置營運持續管理(Business Continuity Management, BCM),找出建置BCM的考量因素和相對應的具體作法。本研究整理並比較不同的管理理念與業務內容的金融機構,在識別關鍵營運流程、風險評估業務衝擊分析、風險減緩策略與營運持續計畫等構面中的相似與相異的考量和作法。
並列摘要
Due to the continual occurrence of many information security incidents, the protection of information systems is a major problem faced by organization. In recent years, the financial industry has been increasing attention to the Information Security Management System (ISMS) by promoting BS7799 or ISO/IEC 27001 certification. Business Continuity Management (BCM) is a crucial standard control item in all of information security management standards. This research looked into two financial companies that had received BS 7799 or ISO/IEC 27001 certification to discuss the key factors that the constructing and advancing of a BCM plan and these practice under modern complex internet security threats. In addition, we compared similarities and dissimilarities of factors and practice for each BCM constructs that include crucial process discrimination, risk assessment and business impact analysis, strategy of risk mitigation, and business continuity plan.