全球化的時代,資訊科技已普及到日常生活,無論各種行業對電腦資訊的依賴越來越深,使得資訊安全的議題也漸漸被重視。不但各企業組織逐年增加資安方面相關的投資,政府單位更積極推動資訊安全政策,以保護各項資訊資產免於遭受愈來愈多的資安問題所造成的傷害。 資訊資產己逐漸成為企業組織的主要資產,也是資訊安全工作首要保護的目標。為了便於保護及瞭解其風險所在,資訊資產本身要先受到管理,有效的管理需要良好的管理程序,如何管理這些程序使成為穩定又有效的流程是資訊管理最希望達成的目標,而能力成熟度整合模式(Capability Maturity Model Integration, CMMI)正是目前廣受肯定的持續性流程改善標準模式。 本研究為實現資訊資產管理及基於人員與現有設備的考量,藉由CMMI 連續式表述模式專注於單一的風險管理流程領域導入,配合個案目標滿足風險管理流程的建置及流程的持續改善,以提昇公司資訊資產風險管理的效率與品質。
In the era of globalization, information technology has become popular in our daily lives. No matter what businesses are, they rely more and more on computer. Therefore, the issue on information security is gradually concerned. Not only the enterprises increase the related investments on information security management, but also our government aggressively promotes the policy of information security to keep different kinds of information from damages caused by security problems. Information assets have gradually become the main assets of business organization and the primary goal of information security management. In order to protect and realize the risks of information security, information assets themselves must be managed; however, effective management needs good process of management. Therefore, how to make the process stable and effective becomes the main goal of information management. Moreover, Capability Maturity Model Integration (CMMI) is one of the widely used models of continuous process improvement. In this research, the Risk Management process area of CMMI is applied to construct continuously improved risk management process, and enhance the efficiency and quality of risk management in information assets.