Publications-Theses

Article View/Open

Publication Export

Google ScholarTM

NCCU Library

Citation Infomation

Related Publications in TAIR

題名 基於內容管理系統的資訊安全標準導入輔助系統
A Content Management System Based Assistant for Implementing ISO Information Security Standard
作者 彭應武
Peng, Ying-Wu
貢獻者 陳恭
Chen, Kung
彭應武
Peng, Ying-Wu
關鍵詞 內容管理系統
資訊安全管理系統
CMS
ISMS
ISO 27001
Drupal
日期 2009
上傳時間 9-Apr-2010 14:49:29 (UTC+8)
摘要 隨著資訊科技日益普及,近年來資安事件仍層出不窮。行政院國家資通安全會報於94年5月,訂定「政府機關(構)資訊安全責任等級分級作業實施計畫」,針對各種資訊安全的潛在威脅,提出以建立管理機制並配合技術支援服務的方式,期能有效防護資訊資產,提昇資訊安全。其中管理面的具體措施為建構「資訊安全管理系統」(ISMS, Information Security Management System),並規範列屬資安責任等級為A或B級之機關,應在規定之期限內通過由第三方(third party)公正機構驗證符合資訊安全國際標準。根據行政院科技顧問組針對A、B級機關在2008年進行資安責任等級應辦事項調查顯示,B級機關在資安認證達成率只有43%,可見通過資安認證有其困難性。
      本研究依據已通過資安認證的機關的經驗分享文獻,分析歸納導入ISMS所可能遭遇的主要問題,從而主張可以採用內容管理系統(CMS, Content Management System)的平台來協助組織導入ISMS。Drupal是一套結構簡單且具高擴展性模組化的開放源碼內容管理系統,不僅容易在其平台上建立客製化的應用系統,且有大量的社群可提供技術支援,故本研採用Drupal建置輔助系統,方便組織在導入符合國際標準的ISMS(如ISO 27001)時,可以集中管理各類相關資訊,評定資產價值,計算風險值,並提供組織申請ISO驗證時作為部份佐證資料的集中管理。
As information technology is widely used in our daily work and life, incidents of information security also occurs from time to time. In May of 2005, the National Information & Communication Security Taskforce of R.O.C. instituted “The operational plan for classifying the information security duty grade of the government agencies”. The plan demands government agencies to establish technological support services along with management mechanisms for all potential security threats to provide effective information security management. In addition, all agencies whose security grade belongs to the A or B levels must pass the third party certification for ISO Information Security Standard within a specific deadline. However, as shown in the investigation report released by the government technology advisors in 2008, the achievement rate for information security certification on grade B government agencies is only 43%. Therefore, it is perceived that there are some difficulties in passing the information security certification
     
     This thesis analyzes and summarizes the main difficulties that organizations may encounter when establishing an ISMS by following the international IS standard ISO 27001. The analysis results show that document management is a key issue. Therefore, we claim that a content management platform is a good foundation to build an assistant for an organization to establish its ISMS. To demonstrate our proposal, we choose the open source content management platform, Drupal, to set up such an assistant. By fully utilizing the simpler yet extensible structures provided Drupal, we build up an assistant system that facilitates an organization to manage all related documents centrally, to assess asset values and calculate risk values by following the ISO 27001 information security international standard. These facilities will give the organization a very strong evidence of employing a centralized information security management system when applying for ISO certification
參考文獻 【1】 個人資料保護法, 行政院, 2008
【2】 CNS 27001-資訊安全管理之作業要點, 經濟部標準檢驗局, 2006
【3】 CNS 14929-資訊與通訊技術安全管理概念與模型, 經濟部標準檢驗局, 2008
【4】 教育部校園資訊安全服務網, http://cissnet.edu.tw/
【5】 經濟部標準檢驗局, http://www.bsmi.gov.tw/
【6】 經濟部標準檢驗局資訊安全管理系統導入經驗分享, http://www.dgbas.gov.tw/public/Data/97816385571.pdf
【7】 行政院人事行政局「資訊安全管理系統」認證經驗分享, http://www.dgbas.gov.tw/public/Data/7121216243271.pdf
【8】 世新大學 ISMS 經驗分享, 范修維, 2008
【9】 ISMS的導入與後續之落實, 蘇建郡, 2009
【10】 景文科技大學-建置ISMS經驗分享, 方鎮良, 2009
【11】 台灣大學資訊與網路中心電子報, http://www.cc.ntu.edu.tw/chinese/epaper/
【12】 Drupal Taiwan 正體中文支援站, http://drupaltaiwan.org/
【13】 drupal.org | Community plumbing, http://drupal.org/
【14】 Information technology -- Security techniques -- Information security management systems -- Requirements, ISO, 2005
【15】 ISMS Auditor/ Lead Auditor Training Course, BSI, 2009
【16】 Building powerful and robust websites with Drupal 6, David Mercer, 2008
【17】 Learning Drupal6 Module Development, Matt Butcher, 2008
【18】 Pro.Drupal.Development, John K. VanDyk and Matt Westgate, 2007
【19】 Comparing Open Source Content Management Systems: WordPress, Joomla, Drupal, and Plone
http://www.idealware.org/comparing_os_cms/
【20】 2008 Open Source CMS Market Share Survey http://waterandstone.com/downloads/2008OpenSourceCMSMarketSurvey.pdf
描述 碩士
國立政治大學
資訊科學學系
94971004
98
資料來源 http://thesis.lib.nccu.edu.tw/record/#G0094971004
資料類型 thesis
dc.contributor.advisor 陳恭zh_TW
dc.contributor.advisor Chen, Kungen_US
dc.contributor.author (Authors) 彭應武zh_TW
dc.contributor.author (Authors) Peng, Ying-Wuen_US
dc.creator (作者) 彭應武zh_TW
dc.creator (作者) Peng, Ying-Wuen_US
dc.date (日期) 2009en_US
dc.date.accessioned 9-Apr-2010 14:49:29 (UTC+8)-
dc.date.available 9-Apr-2010 14:49:29 (UTC+8)-
dc.date.issued (上傳時間) 9-Apr-2010 14:49:29 (UTC+8)-
dc.identifier (Other Identifiers) G0094971004en_US
dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/38538-
dc.description (描述) 碩士zh_TW
dc.description (描述) 國立政治大學zh_TW
dc.description (描述) 資訊科學學系zh_TW
dc.description (描述) 94971004zh_TW
dc.description (描述) 98zh_TW
dc.description.abstract (摘要) 隨著資訊科技日益普及,近年來資安事件仍層出不窮。行政院國家資通安全會報於94年5月,訂定「政府機關(構)資訊安全責任等級分級作業實施計畫」,針對各種資訊安全的潛在威脅,提出以建立管理機制並配合技術支援服務的方式,期能有效防護資訊資產,提昇資訊安全。其中管理面的具體措施為建構「資訊安全管理系統」(ISMS, Information Security Management System),並規範列屬資安責任等級為A或B級之機關,應在規定之期限內通過由第三方(third party)公正機構驗證符合資訊安全國際標準。根據行政院科技顧問組針對A、B級機關在2008年進行資安責任等級應辦事項調查顯示,B級機關在資安認證達成率只有43%,可見通過資安認證有其困難性。
      本研究依據已通過資安認證的機關的經驗分享文獻,分析歸納導入ISMS所可能遭遇的主要問題,從而主張可以採用內容管理系統(CMS, Content Management System)的平台來協助組織導入ISMS。Drupal是一套結構簡單且具高擴展性模組化的開放源碼內容管理系統,不僅容易在其平台上建立客製化的應用系統,且有大量的社群可提供技術支援,故本研採用Drupal建置輔助系統,方便組織在導入符合國際標準的ISMS(如ISO 27001)時,可以集中管理各類相關資訊,評定資產價值,計算風險值,並提供組織申請ISO驗證時作為部份佐證資料的集中管理。
zh_TW
dc.description.abstract (摘要) As information technology is widely used in our daily work and life, incidents of information security also occurs from time to time. In May of 2005, the National Information & Communication Security Taskforce of R.O.C. instituted “The operational plan for classifying the information security duty grade of the government agencies”. The plan demands government agencies to establish technological support services along with management mechanisms for all potential security threats to provide effective information security management. In addition, all agencies whose security grade belongs to the A or B levels must pass the third party certification for ISO Information Security Standard within a specific deadline. However, as shown in the investigation report released by the government technology advisors in 2008, the achievement rate for information security certification on grade B government agencies is only 43%. Therefore, it is perceived that there are some difficulties in passing the information security certification
     
     This thesis analyzes and summarizes the main difficulties that organizations may encounter when establishing an ISMS by following the international IS standard ISO 27001. The analysis results show that document management is a key issue. Therefore, we claim that a content management platform is a good foundation to build an assistant for an organization to establish its ISMS. To demonstrate our proposal, we choose the open source content management platform, Drupal, to set up such an assistant. By fully utilizing the simpler yet extensible structures provided Drupal, we build up an assistant system that facilitates an organization to manage all related documents centrally, to assess asset values and calculate risk values by following the ISO 27001 information security international standard. These facilities will give the organization a very strong evidence of employing a centralized information security management system when applying for ISO certification
en_US
dc.description.tableofcontents 第一章 緒論 1
     1.1 前言 1
     1.2 研究動機 7
     1.3 研究目的 11
     1.4 研究成果 11
     1.5 研究限制 12
     1.6 論文大綱 12
     第二章 核心技術探討 13
     2.1 資訊安全管理系統(ISMS, Information Security Management System) 13
     2.2 內容管理系統(CMS, Content Management System) 28
     2.3 Drupal 32
     第三章 系統分析 41
     3.1 系統緣起 41
     3.2 系統分析 42
     3.3資料結構分析 45
     第四章 系統設計與實作 50
     4.1系統架構說明 50
     4.2評定資產價值範例說明 55
     4.3內容類型設計說明 58
     4.4資產價值及風險值計算設計說明 63
     4.5系統功能展示說明 65
     第五章 結論與建議 71
zh_TW
dc.language.iso en_US-
dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0094971004en_US
dc.subject (關鍵詞) 內容管理系統zh_TW
dc.subject (關鍵詞) 資訊安全管理系統zh_TW
dc.subject (關鍵詞) CMSen_US
dc.subject (關鍵詞) ISMSen_US
dc.subject (關鍵詞) ISO 27001en_US
dc.subject (關鍵詞) Drupalen_US
dc.title (題名) 基於內容管理系統的資訊安全標準導入輔助系統zh_TW
dc.title (題名) A Content Management System Based Assistant for Implementing ISO Information Security Standarden_US
dc.type (資料類型) thesisen
dc.relation.reference (參考文獻) 【1】 個人資料保護法, 行政院, 2008zh_TW
dc.relation.reference (參考文獻) 【2】 CNS 27001-資訊安全管理之作業要點, 經濟部標準檢驗局, 2006zh_TW
dc.relation.reference (參考文獻) 【3】 CNS 14929-資訊與通訊技術安全管理概念與模型, 經濟部標準檢驗局, 2008zh_TW
dc.relation.reference (參考文獻) 【4】 教育部校園資訊安全服務網, http://cissnet.edu.tw/zh_TW
dc.relation.reference (參考文獻) 【5】 經濟部標準檢驗局, http://www.bsmi.gov.tw/zh_TW
dc.relation.reference (參考文獻) 【6】 經濟部標準檢驗局資訊安全管理系統導入經驗分享, http://www.dgbas.gov.tw/public/Data/97816385571.pdfzh_TW
dc.relation.reference (參考文獻) 【7】 行政院人事行政局「資訊安全管理系統」認證經驗分享, http://www.dgbas.gov.tw/public/Data/7121216243271.pdfzh_TW
dc.relation.reference (參考文獻) 【8】 世新大學 ISMS 經驗分享, 范修維, 2008zh_TW
dc.relation.reference (參考文獻) 【9】 ISMS的導入與後續之落實, 蘇建郡, 2009zh_TW
dc.relation.reference (參考文獻) 【10】 景文科技大學-建置ISMS經驗分享, 方鎮良, 2009zh_TW
dc.relation.reference (參考文獻) 【11】 台灣大學資訊與網路中心電子報, http://www.cc.ntu.edu.tw/chinese/epaper/zh_TW
dc.relation.reference (參考文獻) 【12】 Drupal Taiwan 正體中文支援站, http://drupaltaiwan.org/zh_TW
dc.relation.reference (參考文獻) 【13】 drupal.org | Community plumbing, http://drupal.org/zh_TW
dc.relation.reference (參考文獻) 【14】 Information technology -- Security techniques -- Information security management systems -- Requirements, ISO, 2005zh_TW
dc.relation.reference (參考文獻) 【15】 ISMS Auditor/ Lead Auditor Training Course, BSI, 2009zh_TW
dc.relation.reference (參考文獻) 【16】 Building powerful and robust websites with Drupal 6, David Mercer, 2008zh_TW
dc.relation.reference (參考文獻) 【17】 Learning Drupal6 Module Development, Matt Butcher, 2008zh_TW
dc.relation.reference (參考文獻) 【18】 Pro.Drupal.Development, John K. VanDyk and Matt Westgate, 2007zh_TW
dc.relation.reference (參考文獻) 【19】 Comparing Open Source Content Management Systems: WordPress, Joomla, Drupal, and Plonezh_TW
dc.relation.reference (參考文獻) http://www.idealware.org/comparing_os_cms/zh_TW
dc.relation.reference (參考文獻) 【20】 2008 Open Source CMS Market Share Survey http://waterandstone.com/downloads/2008OpenSourceCMSMarketSurvey.pdfzh_TW