English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 46833/50693 (92%)
造訪人次 : 11842138      線上人數 : 503
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
    •  進階搜尋
    主頁登入上傳說明關於CCUR管理 到手機版


    請使用永久網址來引用或連結此文件: https://irlib.pccu.edu.tw/handle/987654321/53568


    題名: 資訊委外服務提供者之彈性資安管理框架規劃
    Flexible Information Security Management Framework Planning for Information Outsourcing Service Providers
    作者: 許育甄
    貢獻者: 資訊安全產業碩士專班
    關鍵詞: 資訊委外
    資安管理
    風險管理
    彈性框架
    持續改進
    Information Outsourcing
    Infor-mation Security Management
    Risk Man-agement
    Flexible Framework
    Continuous Improvement
    日期: 2024
    上傳時間: 2024-08-02 15:50:39 (UTC+8)
    摘要: 隨著資訊科技的飛速發展,企業將部分或全部資訊系統功
    能外包給協力廠商服務供應商已成為常態。然而,這一做法也
    引入了諸多資安風險,包括資料洩露、服務中斷等問題。本研
    究旨在開發一個彈性資安管理框架,幫助組織在資訊委外過程
    中有效管理這些風險。我們通過文獻回顧和案例分析,提出了
    一個綜合性的風險管理框架,涵蓋風險識別、評估、控制和治
    理等階段。這個框架不僅考慮了資訊技術的快速變化和業務需
    求的多樣性,還強調了與供應商的有效溝通和合作。
    實務應用部分,我們通過一系列資安自評表和查核標準,
    幫助組織評估和管理資訊委外相關的風險。這些自評表涵蓋了
    法遵風險、基礎架構風險、系統風險等不同類型的風險,並提
    供了相應的風險管理措施。
    本研究強調持續改進的重要性與滾動式修正的必要性。隨
    著外部環境和技術的變化,組織應定期評估和更新其資安管理
    措施,以應對新的安全挑戰。綜合而言,這個彈性框架為資訊
    委外服務提供者提供了一個全面、結構化的風險管理方法,旨
    在提高整體資訊安全水準,並確保業務持續性。

    With the rapid development of information technology, it has become common for
    businesses to outsource part or all of their information system functions to third-party
    service providers. However, this practice also introduces numerous security risks,
    including data breaches and service disruptions. This study aims to develop a flexible
    information security management framework to help organizations effectively manage
    these risks during outsourcing. Through literature review and case analysis, we
    propose a comprehensive risk management framework that covers stages of risk
    identification, assessment, control, and governance. This framework not only
    considers the rapid changes in information technology and the diversity of business
    needs but also emphasizes effective communication and cooperation with suppliers.
    In the practical application, we assist organizations in assessing and managing risks
    related to information outsourcing through a series of information security self￾assessment forms and audit standards. These forms cover various types of risks,
    including compliance, infrastructure, and system risks, and provide corresponding risk
    management measures.
    This study highlights the importance of continuous improvement and the necessity of
    rolling revisions. As external environments and technologies change, organizations
    should regularly assess and update their information security management measures
    to address new security challenges. Overall, this flexible framework provides a
    comprehensive and structured risk management method for information outsourcing
    service providers, aiming to enhance the overall level of information security and
    ensure business continuity.
    顯示於類別:[資訊管理學系暨資訊管理研究所 ] 博碩士論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    index.html0KbHTML76檢視/開啟


    檢視Licence

    在CCUR中所有的資料項目都受到原著作權保護.

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 回饋