本研究植基於「ISO27001/BS7799資訊安全管理規範」、「教育體系資通安全管理規範」,挑選適當控制項內容,以問卷方式調查國內大專院校的資通安全狀況。其間接促成教育部在「教育體系資通安全管理規範」的要求,讓受訪之學校以本研究問卷進行自審,並將結果作比較討論,期望能提供學校、教育部在推動教育體系資通安全之參考。 此外,在本研究中討論資訊安全的需求及原因,並從風險管理的角度,建立一套資訊安全風險評估的模式。從問卷調查的分析結果顯示,除了可以提供資訊安全事項的優先處理順序與相關對策外,更可彰顯出組織資訊安全風險問題之所在,從而有效加以管理及規範與建立完善的資訊安全。
Based on "ISO27001/BS7799 information security management standards" and "The norms of Information and Communication Security Management in Educational Systems", this study was conducted by selecting appropriate control items and emailing questionnaires to survey the current status of implementing information and communication security management in domestic universities and colleges. This indirectly facilitates the request of "The norms of Information and Communication Security Management in Educational Systems" by Ministry of Education, and prompts surveyed universities and colleges to review themselves with the questionnaires of this study. Hopefully the review discussion will provide schools and Ministry of Education a helpful reference for building a security management system. Furthermore, the demand and reason of information security were discussed in this study. From the viewpoint of risk management, a model of risk assessment for information security was established. According to the analysis result of questionnaires, it produced a set of priorities concerning information security as well as suggestions for proper responses. It also helped identify potential problems of information security within organization. Thus, the model put forward by this study is able to raise information security consciousness among organization members and contribute to better information security.