本研究主題是探討資訊安全管理系統(ISMS)與個資管理系統(PIMS)之關聯性,經由文獻之引用及專家訪談結果,發現兩者之關係相輔相成且可有效整合。
以資訊科技的快速演變,資訊安全事件更是逐年倍數增加,造成資訊系統損害或營運中斷、資訊財產或資料毀損、社交工程財務詐騙事件、個資外洩等;個人資料保護法自2012年10月1日實施之後,資訊系統在技術上、管理上、法規遵循上更具複雜性,稍有不慎,將造成組織重大影響與傷害,尤以歐盟「一般資料保護規則」(General Data Protection Regulation, GDPR)自2018年5月25日開始實施後更造成一陣恐慌。
為全面性解決資訊安全與個資保護問題,ISMS與PIMS整合導入便是一套有效控制管理之方法。本研究從評鑑角度探討ISMS與PIMS多面向整合工作,運用ISO國際標準和CNS國家標準來驗證本論文分析,並以專家訪談證明整合確實有效,均能符合相關標準與法規。
The main topic in this study is to discuss about the relatiombetween ISMS and PIMS . From the past articles we quoted and the depth interview with the experts ,we find that ISMS and PIMS illuminate each other and can go together.
As our information technology grows rapidly, information security incidents in-crease by times year after years. This phenomenon results in several unpredictable consequences , included damage to information system, interruptions to businesses deal, loss to the information property and data, finical fraud from social engeer-ing ,and leakage of personal information. Personal information protection act has been enacted since October first in2012. It gets more technically complicated in managing the in-formation system , and more complex to correctly follow the regulations. Any negli-gence and indiscretion may cause catastrophic damage and losses to organizations. Especially,the implement of GDPR (General Data Protection Regulation) inEU on 25th May 2018 has caused mass panic.
For the purpose to solve the problem of information security and personal protec-tion information once and for all, intergration and implementation of ISMS and PIMS would be an effective method for management.
