ISO27001認證之關鍵成功因素評估

Assessing Critical Success Factors of ISO 27001 Certification

韓慧林、劉佩葶、蔡齡葦、劉姵吟、方鄒如
H. L. Hai, P. T. Liu, J. Tsai, P. Y. Liu and T. R. Fang

實踐大學高雄校區 資訊管理系

摘要

  在資訊科技爆炸時代,資訊安全管理系統已成為各組織營運之最優先考量因素;資訊安全漏洞將造成企業之危機,風險發生原因及其影響也將帶來革命性的變化,為求組織永續發展及營運安全,不斷資訊安全管理系統評估、預防管理及立即應變計畫乃必然之防範作為。本研究以實踐大學高雄校區ISO27001系統認證為例,透過資管系受過ISO27001稽核員訓練課程54小時之同學為對象,進行問卷調查,運用投票式權重評選模式,評選「政策與規劃、執行與管理、檢查與矯正、管理審查」之ISO27001認證關鍵成功因素,並透過權重值排列優先順序,作為企業導入ISO27001認證之參考。

關鍵字:關鍵成功因素、資訊安全管理系統、投票式權重評選模式。

ABSTRACT

  In this era of information technology explosion, the information security management system (ISMS) assessment has become a top priority of the organization operations considerations. The ISMS vulnerabilities will cause the enterprise crisis, the causes and impact of ISMS will also bring revolutionary change. This study takes the ISO27001 certification at Shih Chien University Kaohsiung Campus as an example. These students who are the information management students are trained by 54 hours of ISO27001 auditor course will be requested to carry on questionnaires and use the voting-ranking model to evaluate and calculate the weights of critical success factors (CSF) for ISO27001 certification. We find out and rank the “policy and planning, execution and management, checking and correction, management reviews” as the references to CSF of the ISO27001 certification.

Keywords: Critical Success Factor (CSF); ISO27001; Vote-Ranking Model