Implementation and Evaluation of Information Security Policy

• Main Authors: WU MEI SIA, 吳美霞
• Other Authors: Tzong-Chen Wu
• Format: Others
• Language: zh-TW
• Published: 2008
• Online Access: http://ndltd.ncl.edu.tw/handle/30863621190322379019

碩士 === 國立臺灣科技大學 === 管理研究所 === 96 === Since the risks of various kinds of information security increase day by day, the information incidents occur endlessly. The harm they cause is expanding, and thus leads to numerous degrees of detrimental influence on the formation of high-quality networked society. While a great number of governments make enormous efforts to construct an environment of information security by investing all available resources, both public and private organizations are confronted with tremendous difficulties in the promotion of information security policy and evaluation of efficacy. This study proposes a rudiment of information security system applicable to macro level (entire country) and micro level (individual organization) in order to solve these difficulties, referring to the circulation mechanisms of information security policy and administrative overview of other countries and examining literature related to policy assessment. The core of this system, Strategy-Focused Information Scurity Organization, must obtain key strategic position and contains the following functions: forming the common understanding regarding information security, conducting social communication, preparing the future prospect of information security, deciding the policy objective of information security, planning information security policy, scheming, managing and applying resources, promoting information security policy and evaluating performance. An additional crucial discovery is that PEARL model (Plan, Evaluate, Act, Regulate, Last) is able to fulfill the management of information security. This model possesses three components such as decision, conduction, and supervision. Accompanied with appropriate tools (the evaluation of information security governance maturity and key indicators of information security), a series of information security can be transformed into expected output and positive influence. Moreover, this study defines the equation of information security achievement as Function ( Balanced score card + Strategy-Focused Information Security Organization + Strategy map) and regards it as the fundamental step for breakthrough results of information security. Through Strategy-Focused Information Security Organization, the process is to build an integrated and interconnected strategy, on which basis object items and weighing items can be established. The financial faucet of the tactics map includes strategy for both supply and demand ends. If well applied, its function will be magnified and value be manifested.