企業因應資訊科技而衍伸的資訊安全挑戰,需透過稽核活動以確保資訊安全。資訊安全稽核已成為企業中不可或缺的活動。本研究旨在結合資安人才的知識及能力領域與電腦稽核導入成效這兩個領域的研究,探討資訊安全管理稽核員的能力、稽核的客觀性、受稽企業對於資訊安全的重視度及受稽者的態度如何影響企業之資訊安全管理系統效能,以做為企業資訊安全規劃之參考。本研究建議企業應選用能力高的資訊安全稽核員,提高資訊安全稽核之客觀性,並使企業內部受稽者瞭解資訊安全之於企業本身的價值,用以提升企業之資訊安全管理系統效能。
Facing increasing information security challenges, enterprises ensure the safety and security of information assets through audit activities, which have become an integral part of today's enterprise operations. This study aims to integrate the research in IT security professional qualifications and information security management system performance. We investigate the relationship between several factors, namely, the competence and objectivity of the information security auditor, the attitude of the audited enterprises about information security and the attitude of auditees, and their influences on audited enterprise's information security management system performance.