探討證券業導入資訊安全管理系統必要性之研究

文化大學機構典藏 CCUR > 商學院 > 企業管理學系暨國際企業管理研究所 > 博碩士論文 > Item 987654321/37291

請使用永久網址來引用或連結此文件: https://irlib.pccu.edu.tw/handle/987654321/37291

題名:	探討證券業導入資訊安全管理系統必要性之研究 A Study on the implementation of Information Security Management System in Securities Industry
作者:	卓明怡
貢獻者:	國際企業管理學系碩士在職專班
關鍵詞:	證券業證券商金融服務業資訊安全管理系統 ISMS 資訊安全 ISO 27001
日期:	2017
上傳時間:	2017-08-10 12:39:24 (UTC+8)
摘要:	目前金融服務業中，銀行業、保險業已導入資訊安全管理系統（ISMS）及取得ISO 27001認證，惟證券商僅依照「建立證券商資通安全檢查機制」做為資訊安全之依據。故本論文探討證券業導入資訊安全管理系統（ISMS）必要性之研究。研究方法採用問卷調查、證券商個案訪談及專家訪談。研究目的主要為了解：一、資訊人員對於資訊安全管理系統（ISMS）導入必要程度之了解；二、完成認證並導入的證券業在導入後的效益為何？尚未開始執行導入資訊安全管理系統的證券商，對於資訊安全管理系統認知度有多少？三、透過輔導顧問公司協助企業進行導入過程，了解企業導入成功後的效益；四、金管會已完成導入資訊安全管理系統（ISMS），是否願意協助證券商推動資訊安全管理認證，全面提升國內證券業資訊安全？五、最後透過問卷調查、個案訪談及專家訪談，探討證券業導入資訊安全管理系統（ISMS）必要性相關研究與建議。經研究後發現：一、由問卷線性迴歸分析結果得知，可以觀察到資訊部門導入資訊安全管理系統（ISMS）以後，效益為資訊安全政策、遵循性、資訊安全組織及密碼學；資訊部門接受與認同程度明顯增加。二、依據個案訪談結果，發現證券商完成認證及導入資訊安全管理系統（ISMS），可以產生明確且為必要性之效益；三、在專家訪談方面，輔導顧問公司也提出導入後在「組織效益」、「內外部客戶滿意度」以及「ROI（投資報酬率）提升」這三方面具有效益；另還可歸納出以下結論：一、可達到符合主管機關要求；二、可達到持續強化組織資安需求；三、可達到建立風險管理機制作業；四、可達到建立永續循環機制；五、可達到保存資訊作業紀錄軌跡；六、可達到落實各項資安管控。觀察在導入資訊安全管理系統（ISMS）後，雖有產生上述效益，相對的間接也會帶來一些衝擊。為持續落實執行資訊安全作業管理，應注意以下幾點：一、持續進行強化內部資訊安全觀念；二、文件系統功能輔助，提高作業效率；三、藉由外稽以強化內稽查核作業。金管會證期局也提出對於證券商導入資訊安全管理系統和取得ISO / IEC 27001認證相關看法與建議。綜合研究結論與研究發現，最後提出建議：一、建置導入資訊安全管理系統（ISMS）如何因地制宜？二、是否宜制訂證券業資通安全管理等級？提供未來可能的研究方向給有意導入資訊安全管理系統（ISMS）及取得認證之證券商或是想繼續研究此相關題目者，可做為參考。 At present, in the financial services industry, the banking and insurance industry has been introduced into the information security management system (ISMS) and obtain ISO 27001 certification. But the securities business only in accordance with the "Establishing information security inspection mechanisms for securities firms" as the basis for information security. Therefore, this paper discusses the necessity of importing information security management system (ISMS) in securities industry. Research methods using questionnaires, securities business case interviews and expert interviews. The main purpose of the study is to understand： 1. Information staff whether can understanding the degree of necessity about importing information security management system (ISMS). 2. What are the benefits of getting the certification and import of the securities industry? And the securities firms which has not yet begun to implement the import information security management system, how much awareness about information security management system? 3. Through the process of counseling company assist enterprises to import, to understand the benefits of business import successfully. 4. The Financial Supervisory Commission (FSC) has completed the Import Information Security Management System (ISMS), whether it is willing to assist securities firms to promote information security management certification, and comprehensively enhance the domestic securities industry information security? 5. Finally, through questionnaires, case interviews and expert interviews to explore the relative research and suggestion on necessity of importing Information Security Management System (ISMS) in Securities Industry. After this research can found： 1. Using the linear regression analysis from the questionnaire. It can be observed after importing the information security management system (ISMS), the benefits of information sector are information security policy, compliance, information security organization and cryptography, It is indicating a significant increase in the acceptance and recognition from information staff. 2. Based on case interviews, Find that the securities business to complete the certification and import information security management system (ISMS) can produce clear and necessary benefits. 3. In the expert interview, Counseling consultants have also proposed significant effectiveness results in three dimensions of "organizational efficiency", "internal and external customer satisfaction" and "ROI (ROI) promotion". And the following conclusions can be summarized： 1. Can meet the requirements of the competent authorities. 2. Can continue to strengthen the organization needs of security. 3. Can achieve the establishment of risk management mechanism operations. 4. Can achieve the establishment of a permanent cycle mechanism. 5. Can be saved the information record track. 6. Can be implemented the various security control. Observe although it have the benefits as above of introducing the Information Security Management System (ISMS). The relative indirect influence will also bring some impact. For the continued implementation of information security operations management. It is should note the following points： 1. Continuously strengthen the concept of internal information security. 2. File system function can support for improving operational efficiency. 3. By the externally audit unit to strengthen the internal audit work. The information room of Financial Supervisory Commission (FSC) Securities and Futures Bureau also provides for the introduction of information security management system and obtain ISO / IEC 27001 certification related views and suggestions. Comprehensive research conclusions and research findings, finally make recommendations as follows： 1. How to build information security management system (ISMS) which is adapt to local conditions? 2. Is it appropriate to develop securities industry safety management level? Provide future possible research directions to want to import the information security management system (ISMS) and get relative certified securities firms or research related to this topic as a reference.
顯示於類別:	[企業管理學系暨國際企業管理研究所] 博碩士論文

文件中的檔案:

檔案	描述	大小	格式	瀏覽次數
index.html		0Kb	HTML	178	檢視/開啟

檢視Licence

在CCUR中所有的資料項目都受到原著作權保護.

資料載入中.....