文化大學機構典藏 CCUR:Item 987654321/53568
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 46833/50693 (92%)
Visitors : 11866041      Online Users : 374
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: https://irlib.pccu.edu.tw/handle/987654321/53568


    Title: 資訊委外服務提供者之彈性資安管理框架規劃
    Flexible Information Security Management Framework Planning for Information Outsourcing Service Providers
    Authors: 許育甄
    Contributors: 資訊安全產業碩士專班
    Keywords: 資訊委外
    資安管理
    風險管理
    彈性框架
    持續改進
    Information Outsourcing
    Infor-mation Security Management
    Risk Man-agement
    Flexible Framework
    Continuous Improvement
    Date: 2024
    Issue Date: 2024-08-02 15:50:39 (UTC+8)
    Abstract: 隨著資訊科技的飛速發展,企業將部分或全部資訊系統功
    能外包給協力廠商服務供應商已成為常態。然而,這一做法也
    引入了諸多資安風險,包括資料洩露、服務中斷等問題。本研
    究旨在開發一個彈性資安管理框架,幫助組織在資訊委外過程
    中有效管理這些風險。我們通過文獻回顧和案例分析,提出了
    一個綜合性的風險管理框架,涵蓋風險識別、評估、控制和治
    理等階段。這個框架不僅考慮了資訊技術的快速變化和業務需
    求的多樣性,還強調了與供應商的有效溝通和合作。
    實務應用部分,我們通過一系列資安自評表和查核標準,
    幫助組織評估和管理資訊委外相關的風險。這些自評表涵蓋了
    法遵風險、基礎架構風險、系統風險等不同類型的風險,並提
    供了相應的風險管理措施。
    本研究強調持續改進的重要性與滾動式修正的必要性。隨
    著外部環境和技術的變化,組織應定期評估和更新其資安管理
    措施,以應對新的安全挑戰。綜合而言,這個彈性框架為資訊
    委外服務提供者提供了一個全面、結構化的風險管理方法,旨
    在提高整體資訊安全水準,並確保業務持續性。

    With the rapid development of information technology, it has become common for
    businesses to outsource part or all of their information system functions to third-party
    service providers. However, this practice also introduces numerous security risks,
    including data breaches and service disruptions. This study aims to develop a flexible
    information security management framework to help organizations effectively manage
    these risks during outsourcing. Through literature review and case analysis, we
    propose a comprehensive risk management framework that covers stages of risk
    identification, assessment, control, and governance. This framework not only
    considers the rapid changes in information technology and the diversity of business
    needs but also emphasizes effective communication and cooperation with suppliers.
    In the practical application, we assist organizations in assessing and managing risks
    related to information outsourcing through a series of information security self￾assessment forms and audit standards. These forms cover various types of risks,
    including compliance, infrastructure, and system risks, and provide corresponding risk
    management measures.
    This study highlights the importance of continuous improvement and the necessity of
    rolling revisions. As external environments and technologies change, organizations
    should regularly assess and update their information security management measures
    to address new security challenges. Overall, this flexible framework provides a
    comprehensive and structured risk management method for information outsourcing
    service providers, aiming to enhance the overall level of information security and
    ensure business continuity.
    Appears in Collections:[Department of Information Management & Graduate Institute of Information Management] Thesis

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML76View/Open


    All items in CCUR are protected by copyright, with all rights reserved.


    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback