An CNS17799-Based Information Security Management System Self-Evaluating Model－ Taking a Local Hospital Medicine Record Department as an Example

• Main Authors: Mei–Ying Chuang, 莊梅櫻
• Other Authors: Dwen-Ren Tsai
• Format: Others
• Language: zh-TW
• Published: 2006
• Online Access: http://ndltd.ncl.edu.tw/handle/91816686585749895714

碩士 === 中國文化大學 === 資訊管理研究所碩士在職專班 === 95 === National Information Security Management Standard, CNS 17799, were be used in this study to establish an Information Security Management system self- evaluating Model. This stud took a Record deportment in a hospital as a case to verify this model. Through analyzing the results, we found the security situations and deficiencies. There are eleven security categories in the self- estimate model. We first tabulated a grading form for all controls. Then, We gave a form to every persons in the organization assessed. to fill according to the reality of her work After that, we used the “arithmetic mean” to calculate the total grades and draw the kavit graphs for all categories. The graphs showed the overall situation of the Information Security in the organization visually. The case we picked belonged to a special sector which needed to conform regulations of the Bureau of National Health Insurance Based on this reason, we found that most of their security categoried are compliant. “Business Continuity Management” and “Information Security Incident Management” are their strongest categories. “Asset Management”, “Security Policy” and “Organizing Information Security” are the three they have to reinforce.