政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/38538
English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  全文笔数/总笔数 : 113656/144643 (79%)
造访人次 : 51712754      在线人数 : 241
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
  • 进阶搜寻
    政大機構典藏 > 資訊學院 > 資訊科學系 > 學位論文 >  Item 140.119/38538


    请使用永久网址来引用或连结此文件: https://nccur.lib.nccu.edu.tw/handle/140.119/38538


    题名: 基於內容管理系統的資訊安全標準導入輔助系統
    A Content Management System Based Assistant for Implementing ISO Information Security Standard
    作者: 彭應武
    Peng, Ying-Wu
    贡献者: 陳恭
    Chen, Kung
    彭應武
    Peng, Ying-Wu
    关键词: 內容管理系統
    資訊安全管理系統
    CMS
    ISMS
    ISO 27001
    Drupal
    日期: 2009
    上传时间: 2010-04-09 14:49:29 (UTC+8)
    摘要: 隨著資訊科技日益普及,近年來資安事件仍層出不窮。行政院國家資通安全會報於94年5月,訂定「政府機關(構)資訊安全責任等級分級作業實施計畫」,針對各種資訊安全的潛在威脅,提出以建立管理機制並配合技術支援服務的方式,期能有效防護資訊資產,提昇資訊安全。其中管理面的具體措施為建構「資訊安全管理系統」(ISMS, Information Security Management System),並規範列屬資安責任等級為A或B級之機關,應在規定之期限內通過由第三方(third party)公正機構驗證符合資訊安全國際標準。根據行政院科技顧問組針對A、B級機關在2008年進行資安責任等級應辦事項調查顯示,B級機關在資安認證達成率只有43%,可見通過資安認證有其困難性。
    本研究依據已通過資安認證的機關的經驗分享文獻,分析歸納導入ISMS所可能遭遇的主要問題,從而主張可以採用內容管理系統(CMS, Content Management System)的平台來協助組織導入ISMS。Drupal是一套結構簡單且具高擴展性模組化的開放源碼內容管理系統,不僅容易在其平台上建立客製化的應用系統,且有大量的社群可提供技術支援,故本研採用Drupal建置輔助系統,方便組織在導入符合國際標準的ISMS(如ISO 27001)時,可以集中管理各類相關資訊,評定資產價值,計算風險值,並提供組織申請ISO驗證時作為部份佐證資料的集中管理。
    As information technology is widely used in our daily work and life, incidents of information security also occurs from time to time. In May of 2005, the National Information & Communication Security Taskforce of R.O.C. instituted “The operational plan for classifying the information security duty grade of the government agencies”. The plan demands government agencies to establish technological support services along with management mechanisms for all potential security threats to provide effective information security management. In addition, all agencies whose security grade belongs to the A or B levels must pass the third party certification for ISO Information Security Standard within a specific deadline. However, as shown in the investigation report released by the government technology advisors in 2008, the achievement rate for information security certification on grade B government agencies is only 43%. Therefore, it is perceived that there are some difficulties in passing the information security certification

    This thesis analyzes and summarizes the main difficulties that organizations may encounter when establishing an ISMS by following the international IS standard ISO 27001. The analysis results show that document management is a key issue. Therefore, we claim that a content management platform is a good foundation to build an assistant for an organization to establish its ISMS. To demonstrate our proposal, we choose the open source content management platform, Drupal, to set up such an assistant. By fully utilizing the simpler yet extensible structures provided Drupal, we build up an assistant system that facilitates an organization to manage all related documents centrally, to assess asset values and calculate risk values by following the ISO 27001 information security international standard. These facilities will give the organization a very strong evidence of employing a centralized information security management system when applying for ISO certification
    參考文獻: 【1】 個人資料保護法, 行政院, 2008
    【2】 CNS 27001-資訊安全管理之作業要點, 經濟部標準檢驗局, 2006
    【3】 CNS 14929-資訊與通訊技術安全管理概念與模型, 經濟部標準檢驗局, 2008
    【4】 教育部校園資訊安全服務網, http://cissnet.edu.tw/
    【5】 經濟部標準檢驗局, http://www.bsmi.gov.tw/
    【6】 經濟部標準檢驗局資訊安全管理系統導入經驗分享, http://www.dgbas.gov.tw/public/Data/97816385571.pdf
    【7】 行政院人事行政局「資訊安全管理系統」認證經驗分享, http://www.dgbas.gov.tw/public/Data/7121216243271.pdf
    【8】 世新大學 ISMS 經驗分享, 范修維, 2008
    【9】 ISMS的導入與後續之落實, 蘇建郡, 2009
    【10】 景文科技大學-建置ISMS經驗分享, 方鎮良, 2009
    【11】 台灣大學資訊與網路中心電子報, http://www.cc.ntu.edu.tw/chinese/epaper/
    【12】 Drupal Taiwan 正體中文支援站, http://drupaltaiwan.org/
    【13】 drupal.org | Community plumbing, http://drupal.org/
    【14】 Information technology -- Security techniques -- Information security management systems -- Requirements, ISO, 2005
    【15】 ISMS Auditor/ Lead Auditor Training Course, BSI, 2009
    【16】 Building powerful and robust websites with Drupal 6, David Mercer, 2008
    【17】 Learning Drupal6 Module Development, Matt Butcher, 2008
    【18】 Pro.Drupal.Development, John K. VanDyk and Matt Westgate, 2007
    【19】 Comparing Open Source Content Management Systems: WordPress, Joomla, Drupal, and Plone
    http://www.idealware.org/comparing_os_cms/
    【20】 2008 Open Source CMS Market Share Survey http://waterandstone.com/downloads/2008OpenSourceCMSMarketSurvey.pdf
    描述: 碩士
    國立政治大學
    資訊科學學系
    94971004
    98
    資料來源: http://thesis.lib.nccu.edu.tw/record/#G0094971004
    数据类型: thesis
    显示于类别:[資訊科學系] 學位論文

    文件中的档案:

    档案 大小格式浏览次数
    index.html0KbHTML2324检视/开启


    在政大典藏中所有的数据项都受到原著作权保护.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 回馈