摘要: | 駭客對政府機關的攻擊從不間斷,政府的資訊安全工作仍存在著許多的挑戰與隱憂,推動資安治理行動方案已成為落實電子化政府資安管理重要措施工作的主軸之一。本研究是以政府要求為前題,國際規範或指導原則(COBIT、ITIL、ISMS)為方法,藉由專家意見與問卷找出分析層級程序法(AHP)架構中,所有可能影響資安治理成熟度評估之因素與權重。
本研究由「策略與預算」、「組織與人員」、「績效與程序」、「環境與技術」、「法規與遵循」5個構面來探討資安治理成熟度的衡量要素與績效評估指標,並以擬訂之評估指標對某公務機關進行資安服務管理成熟度評估。研究結果提出了適合於政府機關自我評估之資安治理成熟度量化評鑑模型與權重體系,將可提供推動資安治理行動方案時相關績效評估的參考依據。
Hacker assault to the government institution has been an on-going event therefore government information security practices remain to face lots of challenges and hidden concerns. Thus the promotion action item for Information Security Governance(ISG) has become one of the main thrusts among important measurements in the implementation for e-government IT security management. This research is predicated on government requests, adopts international standards or guidelines like methodologies (COBIT, ITIL, ISMS) and through expert opinions as well as query survey to locate all factors and weightings that might have impacted Information Security Governance maturity assessment within the Analytic Hierarchy Process(AHP) context.
This research will explore the evaluating factors for ISG maturity and performance assessment indices through the five profiling factors: “strategy and budget”, “organization and personnel”, “performance and procedure”, “environment and technology” and “regulation and observance” . In addition, these are used to formulate assessment indices targeting certain official business institutions so as to proceed to IT security service management maturity assessment. From research findings, one can propose ISG maturity quantized assessment model and weighting system suitable to the self-assessment practices conducted at government institutions. And these can also provide references for relevant performance assessment while promoting ISG projects. |