隨著網際網路時代的來臨與電子商務服務的快速發展,使企業對資訊安全的需求越來越高,但是原本電腦作業系統的設計便存在著許多安全方面的不足,包括目前的作業系統、商務應用系統、資料庫系統等所提供的基本安全機制並無法有效阻隔層出不窮的資訊安全漏洞與惡意入侵問題,更無法滿足現今要求越來越高的資訊安全管理標準與電子商務需求,因此本論文以存取控制(Access Control)的角度來探討其在資訊安全架構中扮演的角色及如何解決企業資訊系統面臨的安全議題。 本論文從資訊安全架構開始探討,分別透過對國內業界存取控制解決方案、資訊安全規範及個案的探討,以及對導入存取控制方案的具體建議,進一步分析如何規劃與實施作業系統資源的存取控制及如何滿足資訊安全規範的控制目標。 根據本論文提出的最佳實務(Best Practice)與建議,企業可以很快地選擇適合的工具並導入一個能提升組織整體安全性的存取控制方案,除了可以保護企業重要資產的安全,還可以加強對資訊安全規範的遵循度。 With the onset of the online revolution, the pace of business has completely changed. So does the thinking of information security. The more e-commerce service running on the internet, the more people pay much attention to security of information and information system. The paper represents the access control and how it plays the important role in Information Security Architecture. Access control is concerned with determining the allowed activities of legitimate users, mediating every access attempted by user in the system, more sophisticated and complex control is granted after successful identification, authentication and authorization of the user. Through the explanation for popularity of access control solutions, specification of information security management, and case study, the paper comes up with the best practice for the access control system implementation, and makes suggestions to the organizations planning to implement an access control scheme.