English  |  正體中文  |  简体中文  |  Items with full text/Total items : 2737/2828
Visitors : 3537704      Online Users : 23
RC Version 4.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Adv. Search
LoginUploadHelpAboutAdminister

Please use this identifier to cite or link to this item: http://ir.lib.stu.edu.tw:80/ir/handle/310903100/1346

Title: 以CNS27002資安規範探討基層公務機關之教育訓練
Analysis Education and Training Procedures for Primary Public Organizations Based on CNS27002 Information Security Standard
Authors: 閻一平
Yi-Ping Yang
Contributors: Chun-Li Lin
資訊工程系碩士班
Keywords: 資訊安全;資訊安全教育;資訊安全事件;資訊安全管理;資訊安全管理之作業規範(CNS27002)
Information Security;Information Security Education;Information Security Events;Information Security Management;Information Security Management Operating Standards (CNS27002)
Date: 2010
Issue Date: 2011-05-24 15:28:53 (UTC+8)
Publisher: 高雄市:[樹德科技大學資訊工程系碩士班]
Abstract: 自資訊科技快速的發展,造就網際網路的興起,各類的資訊設備也日新月異,使得人類的生活方式與空間距離也日趨方便近在咫尺。但個人隱私與資訊安全保護能力亦趨受到重視,特別是防止網路上洩露、盜取、入侵及犯罪所引發的資訊安全維護能力也受到疑慮。縱使投入大量的資金更新及強化資訊設備(環境),未必可化解危機。因此,資訊安全最重要的課題之一即為教育及認知,要如何確保資安教育能有效的建立資安概念,以防範資訊安全類案再生,即是本研究的方向。
本研究係依我國資訊安全管理之作業規範(CNS27002)為問卷藍本,並以基層人員為對象,研究其對資安概念瞭解程度及教育規劃之探討。本研究以200份問卷調查為基礎,經初步分項統計顯示,未受過資安教育訓練相關課程,已達到資安概念標準僅佔17%,未達標準者高達83%;而受過現行資安教育訓練相關課程之基層人員,達到資安概念標準僅佔36%,未達標準者仍高達64%。顯見目前的資安教育課程,已無法使基層人員的資安概念隨著教育訓練課程增加應有的效益。本篇最後針對現行資安教育課程提出相關建議方案。
Since the development of information technology is rapid, the several types of information devices are change with each passing day. It let human life become more convenience and distance between each others becomes closer. The issues regarding to protect personal privacy and information security have been got increasingly attention. In particular, the abilities which is used to prevent the network leakage, theft, hack and crime are doubted. It may be useless to resolve the above problems even much money involves to update and strengthen the information equipment (or environment). Because the education and awareness are important issues in information security field, This study researches on estimating the current education for information security is effective enough to establish the users’ concepts or not, and given some advises to avoid similar security risks arise again.
The questionnaire in this study is based on Code of practice for information security management (CNS27002) and the target of questionnaire is focus on junior officers. Their degree of understanding on the concept of information security can be detected by the questionnaire, as well as the planning of current education principle can be analyzed. In the study, the total of available feetbacks amounted to 193. The result which is analyzed is given as follows: the junior offices who have not received the related training course, only 17% understand of information security enough. On the other words, their are 83% offices (have notreceived the related training course yet) lack the concept of information security. It is surprising, even the officers have received the related courses, only 36% officers understand information security enough, there are 64% offers still not enough. Base on above result, the current information security education programs seems not effective enough for junior officers. The study proposes some recommend for improving current information security course.
Appears in Collections:[資訊工程系(所) ] 博碩士論文

Files in This Item:

File Description SizeFormat
index.html0KbHTML295View/Open
stu-99-s97739106-1.pdf全文749KbAdobe PDF1461View/Open
以CNS27002資安規範探討基層公務機關之教育訓練__臺灣博碩士論文知識加值系統.htm國圖95KbHTML386View/Open


All items in STUAIR are protected by copyright, with all rights reserved.

 


無標題文件

著作權政策宣告:

1.

本網站之數位內容為樹德科技大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
 
2. 本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本校護人員(clairhsu@stu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
 
DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback