資訊技術的應用既深且廣,網路服務的多樣化;儲存媒體的容量越來越大,但體積卻是越來越小;雲端概念如火如荼的發展,更是成為資訊產業發展的焦點。由於前述各項因素,衍伸出更多資訊安全方面的顧慮,急待資訊科技運用者的重視。然而,公司資訊人員在導入資訊安全相關的解決方案或設備時,卻常常遭遇到推展困難的情形。因此,本研究透過以全方位的ISO27001資訊安全管理規範,針對不同規模級距之電子業進行問卷調查,續以自組織映射圖網路(SOM)的技術進行問卷資料的分群圖像化,預期產出一資訊安全地圖,期能以淺顯易懂且具有說服力的方式,讓眾多的資訊安全決策者了解公司資訊安全的妥善程度,做為判斷推展加強資訊安全的決策依據。ISO27001的133個控制項,涵蓋的資訊安全規範之範圍是全方位的,但也由於項目太過繁雜,無法很直接的從中看出公司資訊安全的妥善程度。本研究分別以ISO27001的11個領域、39個控制目標及133個控制項為維度,產出三個結果些許差異的分群圖,並對於各群特徵加以定義說明,透過這樣的地圖,期能提供給其他公司,提升判別其公司資訊安全概況的效率。
The application of Information technology is wide, and the internet service is diversified. The volume of database storage is increasing, but the volume of object is decreasing. The concept of cloud computing is developing significantly and is becoming the focus of IT industry as well.According to the factors as mentioned above, there are more and more concerns on information security and needs the operator of information technology to emphasize. However, a lot of difficulties in promoting information security management systems occur when information technicians implement the solutions and equipments of information security. ISO 27001 generally plays a very important role in monitoring, reviewing, maintenance and improvement of information security management system. Data of this study was derived from the outcome of questionnaires from IT organizations by utilizing SOM (Self-Organizing Map) to produce some possible information security map. As a result, the outcome of the study would assist the decision maker of IT enterprises to understand the importance of a standard information security policy and how to shape it as per the organization’s requirements. The range of information security which 133 controls factors of ISO 27001 cover is all-directional, but it’s hard to distinguish the wellness of company information security directly due to over completed items. This research tries to propose to three differential Clustering maps by studying 11 domains, 39 Control objectives, 133 controls of the information security-ISO 27001 to help other companies improve the efficiency of the information security management.