現今資訊科技應用發展快速,如何避免網路應用時重要資訊與個人隱私不會遭到竊取或竄改、如何強化組織的資訊安全以及當資安事件發生時的衝擊損害程度能夠降低,導入資訊安全管理系統即為首要工作。 教育部於105年8月15日提出新版「教育體系資通安全暨個人資料管理規範」,並以此規範為基礎建立驗證機制。本研究以個案研究的角度,從組織在既有資通安全管理規範下為何願意再進行轉版的動機、新舊規範的差異分析、執行資安資產盤點與風險評鑑、制定組織新版資通安全管理規範,到通過第三方驗證,深入探討轉版建置新規範所面臨的困難及解決方法、導入效益以及成功因素,期望能提供給有意轉版資通安全管理規範的組織有個實作參考步驟,能迅速有效的完成新版資通安全管理規範。 Nowadays, due to the rapid development of information technology, the application of Information Security Management System (ISMS) to the internet usage has become a primary task. With the monitoring of ISMS, we can keep our personal and private information confidential. Otherwise, personal information could be stolen, pirated or tampered. Moreover, ISMS can improve the information security for the organizations, and reduce the damage in the security events. The Ministry of Education released the new "Information Security Management and Personal Information Management Practices for Education System" in August 15, 2016, and took it as the core of the verification mechanism. This case study aims to investigate the motivation to adopt the new version of ISMS, the differences between the previous and new versions, the execution of the information assets and the risk assessment, the establishment of new ISMS standard and the authentication of the third-party. This study makes further interpretations of the difficulties, solutions, benefits, and the succeeding factors of implementing the new "Information Security Management Practices for Education System". Hopefully, the study can provide the practical suggestions for any organizations willing to adopt the new Information Security Management Practices for Education System".
