透過您的圖書館登入
IP:44.192.53.34
  • 學位論文

我國大專校院資安治理成熟度及其相關因素之分析

Analysis on the Maturity of Information Security Governance and relative factors for Institutes of Higher Education in Taiwan

指導教授 : 黃明達

摘要


由於網路的安全問題層出不窮,學校不僅是受害者,也是加害者,使得資訊安全及資安治理在配合國家政策與整體投入資源有限的狀況下,如何提升學校資訊安全與治理等級,應做通盤了解與因應。 本研究使用問卷調查方法,針對我國大專校院資安治理成熟度做調查,主要的目的在於評估大專校院各校資安治理成熟度、探討資安治理成熟度相關因素,並提供資安治理成熟度提升模式及其改善之道;發出164份調查問卷,請各校資訊單位主管進行問卷填答,回收153份問卷,回收百分比為93.3%,扣除無效問卷4份,實際回收有效問卷為149份,有效樣本回收百分比為90.9%。 根據資安治理成熟度計算公式,發現學校資安治理成熟度低者占51%,中者占32.2%,高者占16.8%;使用判別分析確認資安治理成熟度低、中、高是可區別的,有87.2%交叉驗證成熟度低、中、高3組觀察值已正確分類,使用相關分析,發現34個項目與資安治理成熟度有相關顯著,針對相關顯著項目,使用ANOVA,檢定資安治理成熟度低、中、高各等級對各項目均數差異的顯著性,有31個項目具有顯著,確認各項目均數差異後,並以 post hoc 全距檢定和LSD來確認資安治理成熟度由低至中、由低至高及由中至高的項目是否有差異顯著,發現由中至高有2個項目未達顯著外,其餘皆達顯著,而且這些項目皆為資安治理成熟度相關項目。 為有效提升大專校院資安治理成熟度,尋找成熟度各等級之相同特徵與相關因素,本研究並發展資安治理成熟度概念圖及資安治理成熟度提升模式,含資安治理成熟度低者提升至成熟度中者、成熟度中者提升至成熟度高者的相關項目,並使用統計判別分析、相關分析、變異數分析等找出資安治理成熟度相關因素、顯著項目,從不同構面比較後,找出資安治理成熟度等級容易往上提升的項目,發現各校資安治理面臨的問題,普遍性是業務IT依賴度偏高,而資安治理成熟度偏低,尤其風險管理構面各項目更是偏低,各校可依自己資安治理成熟度現況,找出最容易提升成熟度之項目,達到資安治理成熟度改善的目的。

並列摘要


This study used a questionnaire survey method, investigating the maturity of information security governance for institutes of higher education in Taiwan. The main objective is to assess the maturity of information security governance for institutes, exploring the factors concerned, providing the model for promoting the maturity of information security governance, and improvement methods. Questionnaires are sent to 164 information unit supervisors in schools, and 153 are returned. The return percentage is 93.3% excluding four invalid ones, and effective questionnaire is 149, the effective sample return percentage is 90.9%. According to formula of governance maturity of the information security, it was found that schools with low rate of security governance maturity take up 51%, schools with medium rate 32.2%, high 16.8%; with discriminant analysis, it is confirmed that the governance maturity of the information security can be distinguished in low, medium, and high rate. With 87.2% cross validation, three observation groups of low, medium and high maturity have been classified. With correlation analysis, it is found that 34 items have significant correlation with governance maturity of the information security. With analysis of variance (ANOVA), the least significant difference (LSD) between item average with verification governance maturity of the information security grade of high, medium, and low is checked to find there are 31 items with significant differences. After confirming every item mean significant difference, post hoc range test and ANOVA multiple comparison LSD are used to confirm whether there is significant differences between the items of governance maturity of the information security from low to medium, from low to high and from medium to high. It is found that only two items from medium to high are not significant, the rest are significant, and these items are the related items of governance maturity of the information security. This study aims to develop governance maturity of the information security promotion mode, find school security management problems, which are generally about too much IT Reliance, while the governance maturity of the information security is low, especially the items in the risk management aspect the project are quit low. Each school can find the easiest items of the maturity to improve according to their own governance maturity of the information security status, to promote the governance maturity of the information security.

參考文獻


Ismail, Zuraini, Masrom, Maslin, Ahmad, Rabiah, & Sharif, Haniza (2009). Addressing Information Security for Academic Environment: A Confirmatory Factor Analysis. MASAUM Journal of Computing, 1:2, 109-115.
Susanto, Heru, Almunawar, Mohamad Nabil, & Tuan, Yong Chee (2011). Information Security Management System Standards: A Comparative Study of the Big Five. International Journal of Electrical & Computer Science IJECS-IJENS, 11(5), 23-29.
Bowen, Paul L., Cheung, May-Yin Decca, & Rohde, Fiona H. (2007). Enhancing IT Governance Practices: A Model and Case Study of an Organization's Efforts. International Journal of Accounting Information Systems , 8, 191-221. doi:1.1016/j.accinf.2007.07.002.
Allen, Julia H., & Westby, Jody R. (2007). Characteristics of Effective Security Governance. EDPACS, 35:5.
Business Software Alliance (2003). Information Security Governance: Toward a Framework for Action.

被引用紀錄


李冠潔(2015)。以資安成熟度來探討銀行業導入行動支付工具意圖的決策〔碩士論文,國立中正大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0033-2110201614004575

延伸閱讀