捷運技術半年刊 第46期                                            295



                                            資訊查核作業與管理

                                                        蔡崇熙     1

                                                          摘要
                 本局整體資訊作業之應用、管理與推動，一路伴隨著捷運工程路線一條一條的推廣、成
            長、紀錄，更把成長過程之紀錄一一轉成數位化資訊保存，有效地把捷運工程建設經驗累積
            成本局重要資產，經由經驗傳承之回饋與貢獻國內各捷運工程建設不遺餘力，期待繼續發光
            發熱，而資訊查核作業亦伴隨著本局整體資訊系統作業成長及資訊科技之進步不斷改進。
                 行政院於88年為推動各機關強化資訊安全管理，建立安全及可信賴之電子化政府，確保
            資料、系統、設備及網路安全，保障民眾權益，頒布「行政院及所屬各機關資訊安全管理要
            點」，本局初期即以本要點為範本，再依本局業務需求訂定資訊安全與查核相關作業要點或
            標準作業程序（QSOP），提供資訊管理人員及使用者做為資訊作業依據。近年來為因應資
            訊作業制度變革與科技進步，亟需加強個人資料安全保護之安全措施，引用ISO27001（資訊
            安全管理國際標準）規範，提供企業建置資訊安全管理；引進風險管理觀念，分析資訊安全
            因素，擴大資訊查核範圍，深化資訊查核內容及建立資訊倫理與資訊素養，在提高本局整體
            資訊作業效率之時，亦能兼顧資訊安全作業。
            關鍵詞：資訊查核
                           Information System Audit and Management

                                                   Tsai Chung-Hsi

                                                       Abstract
                 The application, management, and promotion of DORTS' overall information system
            operations have been keeping pace with the development of the Taipei MRT network, allowing
            the development to be recorded and even converted into digital information so as to effectively
            accumulate MRT experience and become an important asset for DORTS. DORTS spares no effort
            to pass on its accumulated experience to other MRT construction in Taiwan with the hope of
            continuing the growth of MRT technology. As a result, information system audit and management
            must continue to improve with the growth of DORTS integrated information system and the
            progress of information technology.
                 To promote information security management in government agencies and establish safe and
            reliable e-government so as to ensure data security, hardware equipment, and Internet security,
            the Executive Yuan enacted the “Information Security Management Regulations for the Executive
            Yuan and Its Subordinate Agencies” in 1999. In the early stage, based on the aforementioned
            regulations DORTS established regulations and quality standard operation procedure (QSOP)
            related to information security audits as guidelines for information operations staff and users to
            follow. In recent years, in response to the change of information system operations and technology
            progress, it is necessary to take measures for protecting personal data. Therefore, ISO 27001 (an
            information security management international standard) has been adopted to provide a basis for
            the establishment of an information security management system. In addition, risk management
            concepts have been applied to analyzing information security factors, expanding information audit
            scope, intensifying the content of information system audit, and establishing information ethics. It
            is hoped that consideration must be given to information security operations while enhancing the
            efficiency of DORTS' overall information system operations.
            Keywords: information system audit


            1   臺北市政府捷運工程局技術發展處副工程司 j1010864@trts.dorts.gov.tw