資訊安全管理系統建置工作之研究

A Study on the Implementation of Information Security Management Systems

九十年代全球文明歷經了重大的轉變，品質、環境和安全衛生管理逐漸朝向一致化與標準化，而相關的國際標準也影響了許多國家經濟的發展和組織管理與經營的方式，ISO 9000 品質管理和ISO 14000 環境管理系列標準的遵從，是最佳的佐證。二十世紀最後一個月，資訊安全管理的國際標準已正式頒佈，成為創建可信賴資訊作業環境的指引，若善加運用，不僅可以提昇資訊系統的安全性，亦有助於品質文化之塑造。

During the 90's, global civilization went through a great change. Quality of life, preservation of our environment, and management of human health and safety all turned gradually toward universal consistency and toward a high level of standardization. Related international standards have influenced economic development as well as operations in corporate organizations. Best examples are the compliance with the series of ISO 9000 standards for quality management and ISO 14000 standards for environmental protection. In the last month of the twentieth century, an international standard for the emerging field of information security management was adopted by ISO, the standardization body. The standard offers guidelines for establishing reliable and safe environment for information processing and communication. In this article, the authors describe the approach and steps for systematic implementation of information security management systems under the guideline of this newly adopted standard─ ISO 17799.