資訊安全多準則評估之研究--捷運等相關個案

Abstract

層出不窮的資訊安全事件不停的上演，駭客入侵、資訊外洩也時有所聞，在 e 化聲中，從政府到民間無不驚覺到資訊安全的重要。身負大眾運輸重任的捷運相關組織，無論係運輸營運，或是工程營建，其資訊系統對組織的重要程度正與日俱增，甚至是營運管理的命脈所繫，因此，資訊安全事件一旦發生，將立即衝擊組織的營運與服務。組織如何評估其資訊安全的程度？確實為管理當局及社會所關注的議題，本研究係以資訊安全管理之「整合系統理論」為基礎，以「資訊安全評估之總體指標」為基本架構，建立「資訊安全多準則評估模式」，再以捷運等相關個案為例，進行個案資訊安全評估，可作為該等組織制定資訊安全管理策略之參考。

Various accidents of information security emerge in an endless stream. The hacker’s invading\r\nand information revealing also happen frequently. In the voice of electronic trend, the importance of\r\ninformation security is being aware by both the public and private sectors. Since the Rapid Transit\r\nSystem is responsible for public transportation, its information system is more and more important\r\nto the organization day by day either in the operation or construction. The information system is\r\neven the key element and lifeline of its operation management. Accordingly, once the information\r\nsecurity accident happens, the operation and service of the Rapid Transit System will be affected\r\nimmediately. How does the organization evaluate the degree of information security? It is really an\r\nimportant subject concerned by the management authority and the society. Basing on the “integrated\r\nsystem theory” of information security management, the research establishes the “information\r\nsecurity multicriteria evaluation model” by the basic construct “overall indicator of information\r\nsecurity evaluation”. It furthermore takes case studies of Rapid Transit System for example to\r\nevaluate the information security of cases. Its result is a useful reference for the organization to\r\nmake information security management policy.