Exploratory Study on Maturity Assessment Model for Government Information Security Governance

• Main Authors: LIU, PEI-YI, 劉佩宜
• Other Authors: CHEN, YEONG-SHENG
• Format: Others
• Language: zh-TW
• Published: 2019
• Online Access: http://ndltd.ncl.edu.tw/handle/naxrck

碩士 === 國立臺北教育大學 === 資訊科學系碩士班 === 107 === With the rapid growth of cybersecurity incidents, the related issues become more serious than before. In Taiwan, the “Cybersecurity Management Act” was published on January, 1, 2019. All the agencies in the public sector and some specific organizations should follow the requirements defined in the Act and have the ISG maturity model involved. In this research, based on the requirements defined in “Cybersecurity Management Act,” referring to the ISO/IEC 27001, Cybersecurity Framework, and other international standards, we defined the appropriate scope of ISG maturity measurement and its adapted area for government agencies to implement. Besides, it combined the ideas of ISO/IEC 33004 “Information technology - Process assessment - Requirements for process reference, process assessment and maturity models,” ISO/IEC 33020 “Information technology - Process assessment - Process measurement framework for assessment of process capability” and Capability Maturity Model Integration (CMMI), eventually we proposed a novel ISG maturity measurement model in this paper. In order to exploratory study the application and operation of the ISG maturity assessment model proposed in this research, we applied this model to a target organization observing the applicability and operability of information governance implementation. As the result of the case, the organization can realize the status of cybersecurity achievement by checking the leading indicators and lagging indicators, also reveal the weakness, that will help the organization to get the direction of improvement in the future.