資通安全管理法於107年5月三讀通過,自108年1月1日正式施行。本法將公務機關及特定非公務機關之資通安全責任等級,各自賦予不同的應辦事項要求。自施行後已經過2年,欲了解執行資通安全管理法要求所需能力,目前資安人才培訓練課程是否足夠。
本研究首先探討我國資安相關法規對政府機關的規定與要求,蒐集國內外有關資安人才培育之文獻,分析各制度與標準對資安人才培育之作法,透過專家意見收斂並歸納應辦事項與資安人才培育對應優先順序。研究結果發現,管理面委外廠商資安管理與稽核與評估委外廠商資安專業能力,技術面執行資通系統開發之安全需求設計、測試(含源碼安全管理)等三項是目前訓練課程較為缺乏的,可做為資安人才培訓規劃上的參考依據。
Cyber Security Management Law was passed the third reading in May 2018, and it was officially implemented on January 1, 2019. This measure assigns different levels of responsibility for information security to public agencies and specific non-public agencies.Two years have passed since its implementation. If you want to understand the capabilities required to implement the requirements of the Information Security Law,whether the current information security personnel training courses are adequate.
First, discuss the regulations and requirements of Taiwan's information security laws and regulations on government agencies, collect domestic and foreign literature on information security personnel training, analyze the practices of various systems and standards for information security personnel training, and converge through expert opinions and summarize what should be done Matters correspond to the priority order of information security personnel training. The results of the study found that the management of outsourced vendors’ information security management, audit and evaluation of the outsourcing vendors’ information security expertise, and technical implementation of information communication system development, security requirements design and testing (including source code security management) are currently relatively trained The lack of courses can be used as a reference for cyber security personnel training planning.
