Please use this identifier to cite or link to this item: http://rportal.lib.ntnu.edu.tw:80/handle/77345300/15648
Title: 資訊安全評估準則層級結構之研究
Other Titles: A Study of Hierarchical Structure of Information Security Valuation Criteria
Authors: 洪國興
季延平
趙榮耀
Kwo-Shing Hong
Yen-Ping Chi
Louis R. Chao
Issue Date: Oct-2003
Publisher: 國立台灣師範大學圖書資訊研究所
Graduate Institute of Library and Information Studies
Abstract: 各種調查或研究均顯示,資訊安全事故的發生比例與其所造成的財務損失均不斷上升。美國911事件、台灣納莉颱風的水災、財金公司的舞弊案等,均顯示隨著資訊科技的快速發展,資訊系統使用者的範圍不斷擴大,組織對資訊系統依賴程度的提高,資訊安全因而日愈重要。但組織資訊安全如何評估?應考慮那些評估準則?尚乏實証研究。本研究以資訊安全管理「整合系統理論」(Integrated System Theory)為基礎,經由因素分析、名目群組技術(Nominal Group Technique)的程序,匯集專家意見,建構「資訊安全評估準則層級結構」,共有9個評估構面,37項評估準則,可作為組織規劃資訊安全策略之參考,亦可作為繼續發展「資訊安全多準則評估模式」(Information Security Multiple Criteria Valuation Model)的基礎,實為資訊安全管理實証研究的重要里程碑。
Most results of various investigations and studies have shown that the percentage of information security accidents occurred and the financial losses caused are increasing continuously. September 11 attacks in the U.S.A., floods of Nari typhoon and malfeasant cases of Financial Information Service Co., Ltd. in Taiwan all indicate that information security has being more important day by day as a result of fast development of information technology, increasing range of users and dependence of an organization on information system. How to evaluate information security of an organization and what valuation criteria should be considered still lack of empirical studies. On the basis of“Integrated System Theory” of information security management, the study applies factor analysis and nominal group technique and collects opinions from experts to construct “Hierarchical Structure of Information Security Valuation Criteria”, which totally includes 9 valuation dimensions and 37 valuation criteria. The result may not only be a reference for the organization to make information security policies but also the foundation to further develop “Information Security Multiple Criteria Valuation Model”. It is obviously a key milestone of empirical studies of information security management.
URI: http://rportal.lib.ntnu.edu.tw//handle/77345300/15648
Other Identifiers: F46D1C35-7C98-E872-F7D3-4CB3233063A0
Appears in Collections:圖書館學與資訊科學

Files in This Item:
File SizeFormat 
ntnulib_ja_A1201_2902_044.pdf148.44 kBAdobe PDFView/Open


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.