:::

詳目顯示

回上一頁
題名:個人資料檔案之設計與保護實作初探:稽核人員宜具備的知識與技能
書刊名:前瞻科技與管理
作者:樊國楨林惠芳林樹國黃健誠 引用關係
作者(外文):Farn, Kwo-jeanLin, Hui-fangLin, Shu-kuoHuang, Chien-cheng
出版日期:2012
卷期:2:1
頁次:頁147-174
主題關鍵詞:稽核驗證機構資訊安全管理系統管理系統標準標準化AuditCertification BodiesCBInformation Security Management SystemISMSManagement System StandardsMSSStandardization
原始連結:連回原系統網址new window
相關次數:
  • 被引用次數被引用次數:期刊(2) 博士論文(0) 專書(0) 專書論文(0)
  • 排除自我引用排除自我引用:1
  • 共同引用共同引用:3
  • 點閱點閱:19
標準可以累積知識與經驗,標準化則是冀求以系統的、共同協調一致之方法來強化標準實作的知識以供傳承。鑑於管理系統日益增多,驗證機構(Certification Bodies,簡稱CB)及其稽核(Audit)能力之問題日益滋增,宜加以規範,國際標準組織(International Standardization for Organization,簡稱ISO)自1999年起即分2階段進行CB管理系統標準之ISO/IEC 17021:2011(E)增加CB稽核人員的知識與能力之強制性要求,12年的工作已告一段落,並成為管理系統標準(Management System Standards,簡稱MSS)的組件。根基於此,本文以個人資料系統法規之要求及MSS中的紀錄管理系統,探討於資訊安全管理系統(Information Security Management System,簡稱ISMS)稽核已顯現的問題並提出宜強化之建議。
Standards can help to accumulate knowledge and experiences, while standardization aims to make use of systematic and coherent methods for reinforcing and passing down the knowledge of standard implementation. As management systems increases gradually, there are more and more problems concerning Certification Bodies (CB) and their Audit ability. In order to regulate these problems, International Standardization for Organization (ISO) has set about compulsory demands for improving the knowledge and ability of CB auditors by applying ISO/IEC 17021:2011(E) of CB management system standard in two phases since 1999. This twelve-year task has been accomplished and become the components of Management System Standards (MSS). As a result, according to the requests of the enactment of personal data systems and the record management systems in MSS, this paper plans to investigate the existing audit problems in Information Security Management System (ISMS) and put forward some possible solutions.
期刊論文
1.樊國楨(2011)。個人資料保護與資訊安全管理探微。政府機關資訊通報,279,5-14。new window  延伸查詢new window
2.中華民國電腦稽核協會(2009)。中華民國電腦稽核協會2009 年教育訓練課程。電腦稽核,20,178-179。  延伸查詢new window
3.樊國楨、黃健誠、林樹國(20110500)。資訊安全管理系統政策探微:根基一政府機關之異地備援個案。前瞻科技與管理,1(1),61-83。new window  延伸查詢new window
4.Wylie, J. J.、Bigrigg, M. W.、Strunk, J. D.、Ganger, G. R.、Kiliccote, H.、Khosla, P. K.(2000)。Survivable Information Storage Systems。IEEE Computer,33(8),61-68。  new window
會議論文
1.Huang, C.C. et al.(2011)。A Study on Information Security Management with Personal Data Protection。2011 IEEE 17th International Conference on Parallel and Distributed Systems。Tainan, Taiwan。624-630。  new window
2.樊國楨等(2011)。個人資料保護與資訊安全管理標準化初探--根基於美國聯邦資訊安全管理法計畫。2011 年第4 季資訊安全管理系統標準化系列討論會。台中:濟部標準檢驗局。  延伸查詢new window
3.樊國楨等(2011)。管理系統驗證稽核員應具備之知識與技能初探--根基於醫療法第68 條。第21屆全國資訊安全會議。雲林:國立虎尾科技大學。  延伸查詢new window
研究報告
1.Verizon Business(2010)。2010 Data Breach Investigations Report。Verizon。  new window
其他
1.樊國楨(2001)。一種知識分持之金鑰信託系統(第131670號)。  延伸查詢new window
2.Farn, K. J.(2003)。Key Management Method(No. US 6,658,114 B1)。  new window
3.Matthew, S. et al.(2008)。An Introductory Re sourc e Guide for Impl ement ing the Health Insurance Portability and Accountability Act (HIPPA) Security Rule,,The National Institute of Standards and Technology。  new window
4.McCallister, E. et al.(2010)。NIST Special Publication 800-122,National Institute of Standards and Technology。  new window
5.McMillan, R.(20100904)。Google Settles Privacy Lawsuit Over Buzz,http://www.pcworld.com/businesscenter/article/204868/google_settles_privacy_lawsuit_over_buzz.html, December 2, 2011。  new window
圖書論文
1.Irvine, C. E.、Levin, T. E.(2004)。A Doctoral Program with Specialization in Information Security。Information Security Management, Education and Privacy。Kluwer Academic Publishers。  new window
2.Rasmussen, C. W.、Irvine, C. E.、Dinolt, G. W.、Levin, T. E.、Burke, K. L.(2003)。A Program for Education in Certification and Accreditation。Security Education in Critical Infrastructures。Norwell, MA:Kluwer Academic。  new window
 
 
 
 
第一頁 上一頁 下一頁 最後一頁 top
:::
無相關書籍
 
無相關著作
 
QR Code
QRCODE