| Summary: | 碩士 === 國立中山大學 === 管理學院高階經營碩士學程在職專班 === 107 === In 2016, Taiwan Government selected "Aerospace Industry", "Shipbuilding Industry" and "Cybersecurity Industry" as the targets of nurturing and developing for major Defense Industries. How to assess the impact of "Cybersecurity Management" on the competitiveness of each individual Company in the Taiwan Defense Industry Supply Chains is one of the key priorities. The so-called ISMS (Information Security Management System) is a system that manages the cybersecurity inside a Company and is an impartant part of the overarching management systems. In addition to effectively manage the resources, a Company must formulate a management system IAW risk management methodology to well manage the risks, and the key purpose of ISMS is to effectively control the risks to the Company, and utilize it to establish and implement how the Company operate and monitor their cybersecurity, and it further serves as the basis for the Company to review and maintain their cybersecurity in order to achieve the umtimate goal of improving the organization''s cybersecurity to ensure that the Company''s operational risks can be effectively controlled and reduced, and to be in the hopes that this study could provide the Company with a basic concept to look inward to review their “Level of Cybersecurity” at the same time, therefore, this study mainly focuses on making sure whether a Company in the “Taiwan Defense Industry Supply Chains” possesses the required awareness of "Cybersecurity management" and can assess the Company’s Level and Procedures of Cybersecurity Capability on their own. This study mainly refers to the 6th edition of the Critical Security Controls (CSC) issued by the SANS (System Administration Networking and Security) as the guiding basis. The design of the study is to discuss with the managing department or decision maker(s) and information-related departments of the Companies in the supply chains to see whether the mechanism of the ISMS is actually followed through, and utilize the findings to assist the Company in the spirit of planning-executing- checking–improving to fully implement Cybersecurity Management to further their core competitiveness. When reviewing a Company’s ISMA, this study uses six levels of 20 key indicators in the expectation that these key indicators will enhance their protection of Cybersecurity and increase their core competitiveness to achieve:
1. The assessment of the impact of the cybersecurity management on the Company’s business.
2. The managing the known internal vulnerabilities to ensure and formulate their security policies to mitigate the risks.
3. The reviewing of the threats faced by the Company and the assessing of the lacuna(s) in their protective measures.
4. The verifying of their authority control criterion and follow-through of their cybersecurity.
Keywords: cybersecurity, Taiwan Defense Industry, ISMS, SANS, CSC
|
|---|
