English  |  正體中文  |  简体中文  |  Items with full text/Total items : 2737/2828
Visitors : 345724      Online Users : 71
RC Version 4.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Adv. Search
LoginUploadHelpAboutAdminister

Please use this identifier to cite or link to this item: http://ir.lib.stu.edu.tw:80/ir/handle/310903100/1878

Title: 資訊安全標準規範於軍中管理系統之應用
Research of Information Security Standards for Military Management System Application
Authors: 陳明泰
Chen,Ming-Tai
Contributors: 李志宏
Lee,Chih-Hung
資訊管理研究所
Keywords: 資訊安全;管理標準;無線射頻辨識系統;CNS 27001標準;資訊安全管理系統
Information Security;CNS 27001;RFID;ISMS;Management System
Date: 2007
Issue Date: 2011-05-26 11:06:27 (UTC+8)
Publisher: 高雄市:[樹德科技大學資訊管理研究所]
Abstract: 以國家資訊安全觀點而言,軍事單位之資訊安全是最應受到重視的,而軍事單位所屬之軍職或特約、聘僱人員、受訓員生、洽公民眾、工程承商等都是可以直接或間接取得軍事資訊的高風險群。如何確保重要軍事資訊不外洩,在管理上,許多軍事單位皆以人為優先考量,使用最新的RFID技術為建置基礎,結合前端設施與後台系統,整合成為『人員及車輛進出管理系統』,輔以資訊存取管理規定之措施,形成一道電子化圍牆,特別是以後勤單位、軍事院校、訓練中心等國軍機構最為常見。
本研究以行政院於民國90年1月17日第二七一八次院會通過之「建立我國通資訊基礎建設安全機制計畫」之政策與標準為動機,並應用我國資訊安全管理標準CNS27001規範為核心,評估軍方所建置之『人員及車輛進出管理系統』是否因為偏重人員進出管理而忽略了實際軍中資訊安全漏洞的防治。並以南部某軍事單位以RFID(無線射頻辨識系統)建置之『人員進出管理系統』為例,依政府資通安全管理作業規定,進行資訊系統安全之研究。在軍方這個範例中我們可以發現,建置人員車輛管理系統之後,管理效能提昇,但在我國的CNS27001標準的評估下,有管理上的風險及安全問題,建議組織再深入評估與加強,本文的結果期望能提供給相關單位作為參考,使軍方對於資訊安全更加落實,達到國家安全政策的目標。
From the national security point of view, information security of military is the most important issue. The soldiers, employee, academy student, contractor and etc. often pass through the military base. They are the highly risk group because they could directly or indirectly contact the classified information of military.
How to protect the classified information, the first thing thought over is the management of people. Most of the military bases such as the administrative services division, military academy, and training center use the management system based on RFID technique and integrating the front-end process equipment and the host system to become a “Person and Vehicle Control and Management System”. An electronic-wall for the base is supposed to be formed by the system, but usually failed.
The purpose of this research is to follow the instruction of “The data and telephone communication security for infrastructure plan” which lunched by the Executive Yuan Republic of China (Taiwan) at January 17th , 2001, and apply the CNS 27001 standard to evaluate the “Person and Vehicle Control and Management System” of the military academy.
The result shows that the “Person and Vehicle Control and Management System” didn’t fulfill the criterion of CNS 27001 standard. We give some suggestion to enhance the security of the system and try to establish a standard procedure to evaluate the similar system to avoid the failure of keeping information security of military base.
Appears in Collections:[資訊管理系(所)] 博碩士論文

Files in This Item:

File Description SizeFormat
資訊安全標準規範於軍中管理系統之應用__臺灣博碩士論文知識加值系統.htm國圖108KbHTML442View/Open


All items in STUAIR are protected by copyright, with all rights reserved.

 


無標題文件

著作權政策宣告:

1.

本網站之數位內容為樹德科技大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
 
2. 本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本校護人員(clairhsu@stu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
 
DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback