中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/60114
English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 80990/80990 (100%)
造訪人次 : 42733733      線上人數 : 2076
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋


    請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/60114


    題名: 以ISO27001為基礎探討個資法對電信業者的影響-以F公司為例;Based on the ISO 27001: To Explore the Influence of Personal Information Protection Act toward Telecommunications
    作者: 余昌霖;LIN,YU CHANG
    貢獻者: 資訊管理學系在職專班
    關鍵詞: 個人資料保護法;ISO 27001;ISO 27011;Personal Information Protection Act;ISO 27001;ISO 27011
    日期: 2013-06-19
    上傳時間: 2013-07-10 12:07:02 (UTC+8)
    出版者: 國立中央大學
    摘要: 鑑於電信業者擁有通訊、網路等資源,留存大量的用戶資料,常為不法人士覬覦的目標,致使公司業務機密及用戶資料外洩事件頻傳,造成社會信用危機。本研究以個案電信公司作為研究對象,探討在ISO 27001資訊安全管理系統 (Information Security Management System, ISMS) 架構下,個案公司對於客戶個人資料保護的具體做法,以及該架構是否能符合個資法的資料保護措施。此外,本研究另以ISO 27001資訊安全管理標準下11大控制領域、39個控制目標、133項控制措施及ISO 27011增列檢查項目,與個人資料保護法找出兩者的相關聯性,並進行資料歸納整理及分析。

    研究結果發現,電信業運用現有的ISMS架構去規劃以下作業流程,包含:個人隱私衝擊分析、個人資料定義與辨識、個人資料價值之判定標準、個人資料生命循環週期控管等,確實能補強個案公司在個資安全上的管控。另外,對電信業者而言,在ISO 27001共有6個控制領域、24項控制措施與個資法有相關聯性,分別為「遵循性」、「人力資源安全」各2項;「資產管理」、「存取控制」各3項;「資訊安全事故管理」5項;以及「通訊與作業管理」9項。因此,電信業者在針對個資法規劃防護時,可對這些相關聯性的控制措施投入較多資源並加強管控。

    除此之外,研究發現個案公司通過ISO 27001認證,只需檢視目前ISMS下的架構,再針對個資保護控管仍不足的地方,建立屬於本身的個人資料作業流程並嚴格遵循,就不需重新導入新的認證機制。

    Some illegal persons cast greedy eyes on the telecommunication companies because of its communication, Internet and a large amount of users’ data. Therefore, the company’s business secrets and users’ data are frequently leaked and crisis of social credit are occurred. The study aims to study the telecommunications to explore the F Telecom’s concrete measures to protect the consumers’ data under the structure of ISO 27001 Information Security Management Systems (ISMS). Besides, ISO 27001 contain 11 control domains, 39 control objectives, 133 controls and the inspection items of ISO 27011. The research seeks to find out the relevance between ISO 27001 and Personal Information Protection Act (PIPA), then collate and analyze the data.

    The study shows that telecom use the existing ISMS structure to arrange the following processes, including Privacy Impact Assessment (PIA), definition and identification of personal data, the value criteria of personal data and the life cycle of personal data. It definitely can reinforce the security and control for the case company. In addition, for telecommunication companies, six domains and twenty-four measures are correlative with PIPA in ISO27001. There are two items for each compliance and human resources security
    there are three for each asset management and access control
    there are five items for Information security incident management, and there are nine items for communications and operations management. Hence, the telecom companies can invest more resources on the control measures when they plan to protect the PIPA.

    Besides, the research finds that the case company passes the ISO 27001 certification. They need to review the existing ISMS structure and build their operation procedures to make up its insufficient parts. They do not need to use the new authentication mechanism.
    顯示於類別:[資訊管理學系碩士在職專班 ] 博碩士論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    index.html0KbHTML1303檢視/開啟


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明