Please use this identifier to cite or link to this item:
A Study on Adopting ISO 27001 from The Perspective of
IT Dept. Process Reengineering Theory
— A Case of Commercial Bank
|Keyword:||ISO,流程改造(Business Process Reenginering),資訊安全(information security),|
ISO,Business Process Reengineering,information security,
|Publication Year :||2016|
The ISO 270001 Authentication is applied for the purpose of establishing trust from competent authorities and customers and maintaining the confidentiality, integrity and availability of Information System Security. As a matter of fact, the application and maintenance of ISO authentication require a huge amount of manpower, software and hardware cost. The motivation of research herein is probing into the method to minimize the impacts and optimize the performance within information units and overall organization when adopting ISO27001. There are three purposes for this research: firstly, discussing the impacts the security control process alteration exerting on the information units after adopting ISO27001; secondly, probing into the effectiveness of process reengineering after adopting ISO27001 by referring to, concluding and analyzing the interviews; thirdly, exploring the key factors for improving the overall organizational performance after adopting ISO27001.
This research understands the whole processes of ISO27001, either before or after process reengineering, analyses the effects on performance after process reengineering as well as finds out the key factors for improving performance by the application of in-depth interview, referring to the implementary processes by commercial banks, carrying out interviews for participants as well as observing and analyzing the interviews. According to the results herein concluded, there are several important impact factors for case information process reengineering:
1. PDCA: the organizational process reengineering is incapable of putting in place once
for all, which requires constant improvement, adjustment and progressive efforts.
2. 80/20 Principle: this principle is prevailing in this case, more specifically, collecting
relevant information for bottlenecks of processes to be ameliorated, finding out the core reasons resulting in 80% of problems and optimizing the system or processes.
3. Resources integration: uniforming the specifications of hardware, centralizing
management of database, establishing cross-unit partnerships, resources integration as well as application and solve potential problems deriving from environmental and equipment differences.
4. Vertical integration: the vertical integration of upstream and downstream enables the
overall operational optimization more sophisticated and the process designs more fluent to form an all-in-one services by automated sciences and technologies.
5. KPI: the quantitative and qualitative KPI is designed for uniforming the
reengineering goals of staff during process reengineering and serving for transforming the vulnerabilities existing in process reengineering.
The interactions, supports from these key factors make it possible for Information Department to better promote the strategies and achieve better results.
|Appears in Collections:||資訊管理組|
Files in This Item:
|1.7 MB||Adobe PDF|
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.