警政資通安全現況分析及管理政策之研究

Analysis of present situation and study on Policy of Police Information Security Management System in Taiwan

 

王俊雄

內政部警政署專員

secudet@npa.gov.tw

林宜隆

中央警察大學資管所教授

paul@sun4.cpu.edu.tw

 

摘 要

本研究經由蒐集ISO/IEC 17799:2000(BS7799 PART I)等國際資通安全規範及警政資通安全管理規定等文獻,並以「文獻資料分析法」交叉比對、分析,比較現行警察資通安全管理規定與ISO/IEC 17799:2000(BS7799 PART I)等國際資通安全規範之異同及缺失,再以「問卷調查法」測量各級警察機關資通安全設備、電腦及網路使用情形、資通安全管理、資通安全觀念及資通安全事故發生情形等警察資通安全現況,發現警政資通系統存在「警察資通組織不佳」、「資通安全設備不足」、「電腦及網路使用待推廣」、「警察資通安全現況堪虞」、「資通安全管理欠落實」、「資通安全觀念待宣導」及「警察資通安全規範待修訂」等缺失,並提出「遵循警察任務需求,明訂政策分段執行」、「健全警察資通組織,強化資通安全編組」、「確認資產風險評估,定期清查分類標示」、「辦理人員忠誠考核,落實訓練追蹤督考」、「控制資通設備環境,防護資通設備安全」、「確保通訊安全快速,提昇資訊網絡安全」、「使用技術協助管理,存取控制嚴格便利」、「運用安全科技產品,支援維護系統安全」、「律定危機處理程序,持續演練檢討修正」、「嚴禁違反法規命令,獨立內部稽核偵防」等警政資通安全管理政策芻議。

關鍵詞:資通安全、警政資訊、ISO17799-1:2000、BS7799

Abstract

In this paper, we use the method of literature review to collect many documents like ISO/IEC 17799:2000 (BS7799PART I) and the regulations of police information security management system in Taiwan and compare the difference between them in order to find the faults of police information security management system in Taiwan..

Basing on the differences and faults, we use the method of survey research to

measure the present situation of police information security management system in Taiwan. According to the analysis of those answers of survey, there are six main problems such as bad information security organization, not enough information security equipment, few information security training for policemen, dangerous present situation of information security, not workable information security management system, mistaken information security concepts, simpler regulations. Final, we propose ten policies for police information security management system to solve the problems.

Keywords: information security, police information system, ISO/IEC 17799:2000, BS7799