首頁 > 網路資源 > 大同大學數位論文系統

Title page for etd-0905106-014808


URN etd-0905106-014808 Statistics This thesis had been viewed 2112 times. Download 21 times.
Author Hsueh-Lien Hsu
Author's Email Address No Public.
Department Information Management
Year 2005 Semester 2
Degree Master Type of Document Master's Thesis
Language Chinese&English Page Count 105
Title Study of Information Security with BS7799 in Military Organization:A Case Study on M Organization
Keyword
  • BS7799
  • Information Security Management Standard
  • Information Security
  • Information Security
  • Information Security Management Standard
  • BS7799
  • Abstract In recent years, there are more and more information security cases. As shown in the survey report by US Computer Security Institute (CSI) and Federal Bureau of Investigation (FBI), most information security cases are caused by internal employees in the organization, which can not be prevented with any advanced information technologies. Australian ‘Computer Crime and Security Survey Report’ in 2005 also shows that the ratio of organizations which have introduced security standards has increased from 37% in 2003 to 65% in 2005. The two reports indicate that information security has evolved from technological level (for example, firewalls) to management mechanism level.
    Because military organizations have more urgent demand for information security management systems, this paper discusses the response of military staff members to the introduction of the information security management standard (BS7799) and the related ten control sections. Questionnaires were sent to military staff members, analysis and discussion are made based on collected data in the hope of providing some reference for military organizations.
    Main research discoveries are:
    Staff members of M organization have different overall views about BS7799. There is big gap between ‘important level’ and ‘implementation level’. Most respondents answered that the implementation level of each control section does not reach the important level they thought.
    Among sections of the information security standard, ‘System Development and Maintenance’, ‘Compliance’ and ‘Security Policy’ score the top 3, while ‘Business Continuity Management’, ‘Physical and Environmental Security’ and ‘Communication and Operations Management’ rank the lowest three.
    Through the IPA analysis, it is found that the most important sections to be improved are ‘Security Policy’ and ‘Personnel Security’.
    Testes from different units have different reviews about factors in introducing BS7799. Particularly, they have significant difference in ‘internal organization inducement’ and members of information units have more self-identity than members of non-information units.
    In the section of ‘Security Policy’, high level members have more cognizance than operators.
    In sections of ‘Security Policy’, ‘Personnel Security’, ‘Physical and Environment Security’, ‘Access Control’, and ‘System Development and Maintenance’, voluntary servicemen have significant higher cognizance than compulsory servicemen. In the section of ‘Compliance’, voluntary servicemen and hired men have significant higher cognizance than compulsory servicemen.
    Advisor Committee
  • Paul T.Y. Tseng - advisor
  • Huei-Huang Chen - co-chair
  • Peter Tzeng - co-chair
  • Files indicate in-campus access only
    Date of Defense 2006-07-20 Date of Submission 2006-09-05


    Browse | Search All Available ETDs