1. 透過本課程,學生可瞭解什麼是資訊安全、資訊安全管理的重要性、以及資訊安全管理系統重要元素,包括資訊安全風險評估與處理、控制措施的選擇、資訊安全管理標準簡介及其演進,資訊安全管理之關鍵成功因素,以及資訊安全管理之重要名詞說明等知識, 以建立學生整體「資訊安全管理」的觀念。
2. 認識「資訊安全管理系統」標準 (ISO27001 / ISO27002 / ISO13335) 助於取得「資訊安全專業證照」。
3. 透過實務個案的風險評鑑及風險管理,以了解組織之「資訊安全管理」之理論與實務。
4. 本課程為本校「資訊安全學程」基礎課程,有助於後續各項資安課程的學習,及取得資安學程證書。1. Through this course, students can understand what information security is, the importance of information security management, and important elements of information security management systems, including information security risk assessment and processing, selection of control measures, introduction to information security management standards and their evolution , the key success factors of information security management, and the explanation of important terms of information security management, etc., to establish students' overall concept of "information security management".
2. Understanding the "Information Security Management System" standards (ISO27001 / ISO27002 / ISO13335) will help you obtain the "Information Security Professional Certificate".
3. Understand the theory and practice of the organization's "information security management" through risk assessment and risk management of practical cases.
4. This course is the basic course of our school’s “Information Security Education Program” and will help you study various subsequent information security courses and obtain an Information Security Education Certificate.
訊是組織的一種資產,和其他的營運資產一樣,是組織營運不可或缺的要素,需要妥善保護。然而資訊資產的保護,並不只是執行技術面的措施即可達成,應輔以組織面程序之管理控制、人因面資安知識的培養,才能面面俱到。透過本課程,期望學生可瞭解什麼是資訊安全、資訊安全管理的重要性、以及資訊安全管理系統重要議題,包括資訊安全風險評估與處理、控制措施的選擇、資訊安全管理標準簡介及其演進,資訊安全管理之關鍵成功因素,以及資訊安全管理之重要名詞說明等知識, 以建立學生整體「資訊安全管理」的觀念。
Information is an asset of the organization. Like other operating assets, it is an indispensable element of the organization's operation and needs to be properly protected. However, the protection of information assets cannot only be achieved through the implementation of technical measures. It should be supplemented by the management and control of organizational procedures and the cultivation of human factors information security knowledge in order to be comprehensive. Through this course, students are expected to understand what information security is, the importance of information security management, and important issues of information security management systems, including information security risk assessment and processing, selection of control measures, introduction to information security management standards and their evolution. The key success factors of information security management, as well as the explanation of important terms of information security management, etc., to establish students' overall concept of "information security management".
1.「教育部顧問室資通安全聯盟」研發之「資訊安全管理」教材
2. ISO27001(CNS27001) / ISO27002(CNS27002) / ISO13335(CNS14929) / CNS14644 / NIST
3. 資訊安全管理相關文獻
4. Thomas R. Peltier (2005), Information Security Risk Analysis, 2nd edition, Auerbach Publishers, Incorporated. (ISBN-13: 9780849333460)
5. Alan Calder and Steve Watkins (2009), IT Governance: A Managers Guide to Data Security and ISO27001/ISO27002, 4th edition. Kogan Page. (ISBN 9780749452711)
6. Douglas J. Landoll (2011), The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments, 2nd edition, CRC Press. (ISBN 9781439821480)
1. "Information Security Management" teaching materials developed by "Information Security Alliance of the Ministry of Education Consulting Office"
2. ISO27001(CNS27001) / ISO27002(CNS27002) / ISO13335(CNS14929) / CNS14644 / NIST
3. Literature related to information security management
4. Thomas R. Peltier (2005), Information Security Risk Analysis, 2nd edition, Auerbach Publishers, Incorporated. (ISBN-13: 9780849333460)
5. Alan Calder and Steve Watkins (2009), IT Governance: A Managers Guide to Data Security and ISO27001/ISO27002, 4th edition. Kogan Page. (ISBN 9780749452711)
6. Douglas J. Landoll (2011), The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments, 2nd edition, CRC Press. (ISBN 9781439821480)
| 評分項目 Grading Method | 配分比例 Grading percentage | 說明 Description |
|---|---|---|
| 課堂參與、期中及期末報告課堂參與、期中及期末報告 Class participation, midterm and final reports |
40 | |
| 期中考期中考 midterm exam |
30 | Module 1~10 |
| 期末考期末考 final exam |
30 | Module 11~18 |
