- 學位論文
資通安全治理之研究-以政府部門為例
A Study of Information Security Governance- A Case Study of Government Sectors
摘要
根據行政院研考會(Research, Development and Evaluation Commission, Executive Yuan, RDEC)指出,高達90%以上的政府機關表示,在落實資通安全管理及防護時,資通安全技術能力需加強、缺乏相關經費、沒有專責處理人員為三項極待克服的困難。於是政府開始思考可否藉由資通安全治理(Information Security Governance, ISG)的機制,使機關首長更能參與資安相關活動而改善上述問題。因此,行政院科技顧問組(Science and Technology Advisory Group of Executive Yuan, STAG)於「資安推動發展政策整合研究-資安治理機制與資安建設持續發展規劃委託研究計畫」中,將資通安全治理納為研究議題之一,期望藉由此計畫發展適用於我國政府機關的資通安全治理制度。 本研究之作者曾參與計畫中。該計畫是以資通安全治理為主軸,除了發展適用於我國政府機關的資通安全治理制度,並研擬適用於政府部門機關之資通安全治理成熟度評估工具。本研究採用個案研究的多重個案整體設計類型為研究方法,邀請三政府機關進行資通安全治理成熟度的評估,並搭配深入訪談活動,深入了解其資通安全工作落實程度與現況,且進一步探討未來落實資通安全治理可能遇到的困難。本研究成果主要利用資通安全治理成熟度評估工具評估三機關之資安治理成熟度並了解其現況,且研擬建議的五階段執行步驟,並提出未來落實可能遭遇人力與經費不足等的困難。
並列摘要
According to the report of RDEC (Research, Development and Evaluation Commission, Executive Yuan), more than 90% government sectors indicate that there are three imperative difficulties awaited being overcome, including the abilities of information security, a lack of related experiences and dedicated personnel. Therefore, the government starts to contemplate the problems and expects the officer of each government sector could pay close attention and join more security-related activities through adopting Information Security Governance Mechanism. Hence, STAG (Science and Technology Advisory Group of Executive Yuan) proposed a research plan developing Information Security Governance Mechanism which fits government sectors of our country. The author of this study is one of the members of the research plan. This research plan develops an Information Security Governance Maturity Assessment Tool in addition to government sectors’ Information Security Governance Mechanism. Through multiple case studies and in-depth interview, we discuss three government sectors’ ISG Maturity and real conditions of information security, and further, propose potential difficulties. The research indicates three government organizations’ ISG maturity and real security conditions, recommend execution steps and proposes the difficulties of human resources and budget.
參考文獻
延伸閱讀
- 郭祐誠(2008)。資通安全治理之研究-以民間企業為例〔碩士論文,淡江大學〕。華藝線上圖書館。https://doi.org/10.6846/TKU.2008.00196
- 羅慧真(2008)。政府研究機構資通安全系統架構之研究-以某政府研究機構為例-〔碩士論文,中原大學〕。華藝線上圖書館。https://doi.org/10.6840/cycu200800351
- 陳仕弘(2019)。我國資通安全管理法之探討-以規範對象為中心〔碩士論文,嶺東科技大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0103-2805201916520000
- 蕭秀琴(2014)。現階段政府資通安全政策與重點業務工作。電腦稽核,(30),147-150。https://www.airitilibrary.com/Article/Detail?DocID=2073090X-201407-201408070021-201408070021-147-150
- 李宗勳(2004)。A Study on Government's Public Security Governance Model from The View of Globalization。中國行政評論,13(3),75-118。https://doi.org/10.6635/cpar.2004.13(3).03