文化大學機構典藏 CCUR:Item 987654321/25486
English  |  正體中文  |  简体中文  |  全文笔数/总笔数 : 46962/50828 (92%)
造访人次 : 12422952      在线人数 : 667
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
    •  进阶搜寻
    主页登入上传说明关于CCUR管理 到手机版


    jsp.display-item.identifier=請使用永久網址來引用或連結此文件: https://irlib.pccu.edu.tw/handle/987654321/25486


    题名: 運用‎ITIL‎服務管理建置納入個資管理之‎ISMS‎於中小企業
    Implement the ISMS integrating Personal Data Management Based on ITIL ‎Service Management in Small and Medium Enterprises
    作者: 李仲捷
    Chieh, Lee Chung
    贡献者: 資訊安全產業研發碩士專班
    关键词: 資訊技術基礎架構庫
    資訊技術服務管理
    國際資訊服務管理標準
    資訊安全管理系統
    國際資訊安全標準
    個人資訊管理系統
    個人資訊管理標準
    個資法
    中小企業
    ITIL
    ITSM
    ISO 20000
    ISMS
    ISO 27001
    PIMS
    BS 10012
    Personal Information Protection Act
    Small and Medium Enterprises
    日期: 2013-06
    上传时间: 2013-10-08 14:43:13 (UTC+8)
    摘要: 由於高度的資訊化、數位化,不論企業規模大小,均仰賴資訊化提升效益,故資訊安全在目前已成為重要的議題。但在此同時電腦犯罪者亦不斷的發展技術,竊取資料,破壞資訊系統或環境等新聞層出不窮。然而,中小型企業因預算或經濟效益考量,大多並無導入安全認證。面對中小企業的資訊安全需求與管理,本論文希望透過ITILV3的方法論將企業的IT服務與安全標準結合,規劃符合中小企業的整合式的ISMS,且有效運用這些控制措施達到資訊安全的目的。
    將ISO 27001、BS 10012、個人資料保護法條文與控制目標及措施進行比對分析,產生出整合性的安全需求。同時將ISO 27001與ITILV3進行分析研究,在ITILV3的管理流程中如何與ISO 27001的控制措施結合,最終提出一種整合性ISMS架構,將ISMS以一種服務的概念應用於企業。
    整合性ISMS有四個不同階段,透過實際個案,本研究完整呈現整個建置過程所需的要素,展示如何從企業政策到IT策略,從企業流程到IT服務到IT系統的詳細規劃。藉由此建置過程可提供企業自行建置ISMS的典範,這也是本研究的最終目的。
    Due to highly informationization and digitalization, enterprises, regardless of the size, rely on the informationization to improve their benefits. Information security has become an important topic at the present day. However, computer criminals also continuously develop their techniques at the same time. News relating to the data stealing, destruction of information systems or environment emerge in an endless stream. Most small and medium-sized enterprises do not implement security certificates due to considerations of budget or economic effects. Facing the demand and management of information security of small and medium-sized enterprises, This thesis intends to, through ITILV3 methodology, integrate the IT services and security standards of enterprises, and plan the integrated ISMS conforming to the requirements of small and medium-sized enterprises in order to effectively make use of these control measures to achieve the purpose of information security.
    ISO 27001, BS 10012, and clauses of Personal Information Protection Act are also compared and analyzed with control objects and measures, which results in the integrated security requirements. At the same time, ISO 27001 and ITILV3 are also analyzed and studied on how to combine the management procedures of ITILV3 with the control measures of ISO 27001. An integrated ISMS structure is ultimately addressed and applied in the enterprises as a service concept.
    There are four different stages of integrated ISMS. This research, by actual cases, presents intactly the required elements of entire establishment procedure. This research also reveals how it works from the policies of an enterprise to IT strategies, and from the procedures of a venture to IT services, and even more, to detailed plans of IT systems. This establishment procedure will provide an example to enterprises of establishing ISMS by themselves, which is also the ultimate purpose of this research.
    显示于类别:[資訊管理學系暨資訊管理研究所 ] 博碩士論文

    文件中的档案:

    档案 描述 大小格式浏览次数
    index.html0KbHTML261检视/开启


    检视Licence

    在CCUR中所有的数据项都受到原著作权保护.

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 回馈