網際網路時代資訊安全管理制度檢覈表之建立

Abstract

資訊安全是維護公司競爭力的基本與重要的管理機制。大多數討論此議題的論文是技術導向的，可能屬於電腦科學或資訊技術。除了這些學門外，資訊安全的管理觀點也是經營整體安全系統被關注的。本文強調後者。在本文的觀點下，資訊安全的管理機制可被視為是一連串片斷的、多元的、但互相有關連的功能。如果一家公司想要建立一套完整的系統以確保他們資訊的安全，他們必須檢視這些公司是否已經存在，並良好的整合。本文主要的貢獻是為現代企業建構一個資訊安全管理系統（Information Security Management System, ISMS）的檢覈表，對於尚未建立資訊安全管理制度的公司具有實務上的參考價值。

Information Security is one of the most important and basic managerial mechanisms to maintain the competitiveness for an enterprise. Most papers involved in this topic echnical orientations, which might be computer science or information technology. Other than these disciplines, managerial perspective of information security is also coincided for operation an entire security system. This paper emphasizes he latter. In our viewpoint, managerial mechanisms of information security could be present by a series of fragmental, diversified, but interrelated functions. If a company wanted to establish a complete system to protecting their information secured, they had to check whether these functions had been already existed and integrated well. The main contribution of this paper is to construct a checklist of information security management system (ISMS), which is specially useful to those companies that had not installed their system.