| Summary: | 碩士 === 靜宜大學 === 資訊管理學系研究所 === 95 === In 1994, the sales person Yang, Ruei-Ren working in the International Bills Finance Corporation embezzled lots of company bills amounted to hundreds of million dollars. In 2003, Liou, Wei-Jie defalcated thirty million dollars from the Lee-and-Li Attorneys-at-Law. These two cases are resulted from the employees took advantage of their position to counterfeit the record of computer transactions, and the company lacked control of information security. That makes the security of system access priority need to pay more attention. The 911 terrible attack happened in 2001 shook not only the government of the United States but all of the world. The New York World Trade Center in which many companies depend so highly on computer operation system suddenly collapsed to dust in few minutes, the total cost of the event was not only one thousand and two hundred million dollars loss, but also invisible loss beyond estimation because of many companies without data backup on the other side. Moreover, the nation safety faces unprecedented strike.
A careless mistake of access priority resulted in hundreds of millions dollars lost. An unexpected attack caused all valued information buried in debris. The information security is more than preventing virus and hackers, but how to protect information assets in order to guarantee organization’s sustainable business. If a multi-layer protection frame of information security can obstruct attack from exterior network? How to take precautions against interior network attack and man-made information incident? The information security management standard we followed provides our organization an effective insurance or not. Under the criterion of ISO/IEC 27001, we build a safe information operation environment for our organization.
In 2003, the Information Communication Committee of Executive Yuan made a resolution that all the departments in Taiwan, under the administration of the government, classified as Core-A class must, by 2007, pass the security certification under the advise of an authorized unit; Core-B class departments by 2008. Even though all the colleges and universities in Taiwan belong to Core-B class, their daily processes of academic and administrative information heavily depend on computer and network systems. Therefore, it is worthwhile to investigate and understand the current situations of their security environment. In this research, we carry out a survey and then delineate the real situations based on the survey result. Furthermore, we also figure out the relationship among different factors related to the occurrence of security events. Based on the research result, we can provide some valuable and constructive information for those colleges and universities planning to build or strengthen their security systems.
In this competitive era, we pursue our work efficient and productive, and accelerate organization computerization. When all documents, data and procedures are digitalized, we need to carefully think about how to create high-efficiency but low-risk information environment, so as to guarantee organization’s sustainable business and protect all kind of information against variant attacks.
|
|---|
