隨著網際網路技術與電子商務市場的高度成長,企業對資訊科技的需求與日俱增。但隨之而來的病毒與駭客入侵等資訊安全問題,卻無相應解決之道。其原因除企業對資訊安全相關知識的不足之外,尚無完整資訊安全執行架構與系統化步驟也是主因。 為解決此窘境,本研究參考BS7799系統,並以PDCA管理循環為基礎,來掌握資訊安全系統上各項重要構面與項目。接著,在Focus group interview與Delphi method等技術下,進行專家深度訪談,以確認其必要性、因果關係及其責任歸屬。此外,本研究也使用敘述性統計(Frequency Analysis),來確認各項目被重視的程度,以精簡構面中的項目,並運用模糊德爾菲法(Fuzzy Delphi Method)來確認執行架構與因果關係建立過程的穩定性。最後,本研究運用上述研究成果,並從管理及技術觀點,提出資訊安全管理系統之執行地圖。 相信,本研究所提出的執行地圖,將能協助企業掌握資訊安全系統中,各構面與項目其彼此之間的因果關係與重要度差異,進而提升建構系統過程中的完整度。另外,企業也能在此系統化執行程式中,降低摸索時間與失敗的可能性。
Following the market of internet network and e-commerce had become mature, the demand of information technology for enterprises had been important. But now there is no corresponding solution to solve the information security questions such as virus and hacker invading. Except that the implement framework and systematic steps are not perfected yet, the main reason is that most enterprises lack knowledge of information security management system (ISMS). To solve this awkward situation, this article consults BS7799 system and base on the PDCA management cycle to master the important domains and items of ISMS. Then, in order to confirm the necessity and the causality of each item, we carried out the expert’s profundity interview through Focus group interview and Delphi method. Meanwhile, this article also used the Fuzzy theory and Frequency Analysis to represent the difference of importance of each domains/items. Finally, we combine many scholars' framework of ISMS and set up the implementation map of ISMS on the points of management and technological. We believed this implementation map can assist enterprises to control the causality and the difference of importance and improve the completeness of ISS. Therefore it can enhance the ability of structuring the implement procedure for enterprise.