透過您的圖書館登入
IP:34.204.196.206
  • 學位論文

應用限制理論於機關資訊安全管理系統導入之研究—以I政府機構個案為例

A Study for ISMS Implementation in an Organization Using TOC –An Example of I Government

指導教授 : 廖慶榮

摘要


政府機關資訊相關系統主要在提供民眾訊息傳遞及互動溝通之管道,其相關資訊系統作業應用需持續與正確的運作,而建立適當之資訊安全政策,作為資訊安全管理系統之指導方針是現今政府單位須努力達成的目標。政府機關因為病毒事件的發生、木馬程式的攻擊、垃圾郵件的攻擊與駭客入侵等,因而制定了資訊安全政策。但多數政府機構在導入此系統時,產生種種難以執行的問題,顯示出沒將導入之核心問題解決,讓執行產生瓶頸而失敗,政策是優良的,但是導入過程中常會發生不可預期之錯誤。在本研究之個案機關其病毒與木馬事件名列第一,平均每日發生40000件以上,垃圾郵件攻擊事件每月達到百萬封並且持續成長,駭客入侵是每日都有大量封包測試,而個案在建置大量防護系統與政策未能有效防護。 因此本研究是利用限制理論,找出個案機構在導入資訊安全政策時,所發生之問題,再運用邏輯關係找出關鍵核心問題。研究中利用衝突邏輯找出未來解決方案,針對執行中可能碰到之障礙,提出方案排除,最後達到降低資訊安全之風險減少資訊安全事件發生。本研究的結果在個案資料收集統計後顯示,個案機構大幅度改善減少資訊安全事件發生,又讓個案方便的使用資訊資源,達到資訊安全系統落實執行,降低資訊安全風險。

並列摘要


The main functions of Governmental Information Systems are to provide the channels for the public to transmit information and interactive communications. Its relevant information system’s application requires the operations with continuity and accuracy. To build up an appropriate Information Security Policy as the guideline of Information Security Management System become the goal of the current government to achieve with great efforts. Due to virus infections, attacks and invasion of Trojan horses, spam mails and hackers, governmental institutes establish Information Security Policy. However, various inapplicable problems occurred while the system was implemented by most of the governmental institutes. It appeared that the failure of solving the core problem will result in the bottleneck that leads to unsuccessful application. Even with a good policy, the unpredictable errors would happen during implementation. It was ranked No. 1 of virus and Trojan horses’ attack in this case study, with more than average 40,000 events per day, and the attacked of spam mails were up to millions per month and kept growing. With many attempting package of hackers’ invasion everyday, the case installed tremendous protection system and policy but in vain. Therefore, this research introduces Theory of Constraints to find out the problems while the institute implemented Information Security Policy, then applies logistic relationship to reach the core problem. The research applies Conflict Logic to locate the resolution for future. Aiming at the possible obstacles in execution, elimination projects are submitted to reduce the risk of Information Security and decrease the information security issues. Through statistic calculation of collective data, it reveals that the case considerably improved and reduced the information security issues. In the mean time, the case enjoyed the convenience of information resources, with practicable Information Security System, and reduced the risk of Information Security.

參考文獻


〔19〕 李杰(2005),限制理論解決模式中現況樹邏輯檢視之研究,中原大學工業工程系所碩士論文。
〔18〕 蔡文銘(2003),限制理論問題管理模式之研究,中原大學工業工程系所碩士論文。
顏貽楨(2000),創意式問題管理一般化模式之研究,中原大學工業工程系所碩士論文。
〔14〕 馬君梅(2000) - 台灣會計研究月刊 。
〔2〕 Chanaka Fayawardhena and Paul Foley. (2000) : Changes in the banking sector-the case of Internet banking in the UK, Electronic Networking Applications and Policy, Volume 10 Number 1.

延伸閱讀