資通安全責任等級分級辦法 -附表十
系統與服務獲得
系統文件
獲得程序
系統發展生命週期委外階段
系統發展生命週期部屬與維運階段
系統發展生命週期測試階段
滲透測試
弱點掃描
系統發展生命週期開發階段
系統發展生命週期設計階段
系統發展生命週期需求階段
系統與通訊保護
資料儲存之安全
傳輸之機密性與完整性
系統與資訊完整性
軟體及資訊完整性
資通系統監控
漏洞修復
識別與鑑別
非內部使用者之識別與鑑別
加密模組鑑別
鑑別資訊回饋
身分驗證管理
內部使用者之識別與鑑別
營運持續計畫
系統備援
系統備份
稽核與可歸責性
稽核資訊之保護
時戳及校時
稽核處理失效之回應
稽核儲存容量
稽核紀錄內容
稽核事件
存取控制
遠端存取
最小權限
帳號管理
資通安全管理法
Begin by entering your organisation's name in the central topic, then press Enter.
Action Plan
In this part of the map, plan out some initial actions for your Balanced Scorecard project.
Use this map to develop the plan further and keep track of actions as you make progress.
Maintenance phase
Add an action for the maintenance phase of your project, once the first round of improvement initiatives have been made. Think about:
- Regularly repeating measurements and reviewing trends
- Rewarding improvements
- Reviewing the effectiveness of the process
- Improving measurements for better results
- Realigning the programme with updates to objectives and strategy
- Maintaining communications and training
- Soliciting and acting on feedback
Execution phase
Add an action for the execution phase of your project. Think about:
- Identifying strategic measurements that reflect progress and potential for improvement
- Finalising a shortlist of a handful of measurements
- Designing measurements so that they have integrity and can be relied upon
- Agreeing measurements and targets with the people who will be affected by initiatives for change
- Creating a first set of benchmarks
- Communicating results for all to see
- Explaining what the measurements mean
- Working out what actions to take, and taking them
Initiation phase
Add an action for the initiation phase of your project. Think about:
- Getting corporate sponsorship
- Communicating and selling your project
- Forming a team
- Getting buy-in from those affected
- Identifying and helping those who may react negatively
- Resolving any lack of clarity over mission and strategy
- Communicating mission and strategy
Balanced scorecard perspectives
The four perspectives of the Balanced Scorecard technique help ensure that you are making measurements across all the important areas of your business.
Use the sections below to help identify further measurements, and to group any measurements that have already been identified by examining your stakeholder needs and strategy.
Learning and growth perspective
Motivation, empowerment and enlightenment
Add an employee motivation measurement that reflects the attitude of your staff and predicts future performance.
Measurements should be:
- Capable of consistent measurement
- Agreed to be more fact than opinion
- Can have a meaningful target value
- Capable of improvement
- Agreed as representative by the people taking action
Employee motivationEmployee satisfactionEmployee retentionImprovements achievedTeam performanceTargets reached & exceededStrategic awareness
Information systems capabilities
Add an information systems measurement that reflects the quality and accessibility of information available to your employees.
Measurements should be:
- Capable of consistent measurement
- Agreed to be more fact than opinion
- Can have a meaningful target value set
- Capable of improvement, by taking action
Accuracy of informationAvailability of informationTimeliness of informationAccessibility of informationCommunications efficiency
Employee capabilities
Add an employee capability measurement that reflects the skills, knowledge and performance of your employees, and predicts future capabilities.
Measurements should be:
- Capable of consistent measurement
- Agreed to be more fact than opinion
- Can have a meaningful target value set
- Capable of improvement, by taking action
- Not easy to manipulate to simulate success
Employee productivityStrategic skillsEmerging skillsSkills gapsSkills coverage ratioTraining levelsTraining initiatives
Internal business process perspective
Operations processes
Add an operations measurement that reflects the production performance.
Measurements should be:
- Capable of consistent measurement
- Agreed to be more fact than opinion
- Can have a meaningful target value set
- Capable of improvement, by taking action
- Not easy to manipulate to simulate success
ProcurementStock levelsQuality measuresLead timesThroughputsScrap ratesYield ratesDefect ratesWaste levelsOn-time deliveries
After-sales service processes
Add an after-sales service measurement that reflects the performance of customer support.
Measurements should be:
- Capable of consistent measurement
- Agreed to be more fact than opinion
- Can have a meaningful target value set
- Not easy to manipulate to simulate success
- Not a 'blame' factor that picks out individuals
ComplaintsSupport requestsSupport turnaroundReturnsRepairsRepair turnaroundService Level Agreements
Innovation processes
Add an innovation measurement that reflects innovation in your organization.
Measurements should be:
- Capable of consistent measurement
- Agreed to be more fact than opinion
- Can have a meaningful target value set
- Capable of improvement, by taking action
- Agreed as representative by the people taking action
Suggestions madeSuggestion adoptedSavings madeInnovation projects startedInnovation projects completedProduct launchesTime to marketTime to break-evenPatents and rights
External customer perspective
Add an external customer measurement that reflects future potential. Choose from the typical ones suggested, or preferably create your own.
Measurements should be:
- Capable of consistent measurement
- Agreed to be more fact than opinion
- Can have a meaningful target value set
- Capable of improvement, by taking action
- Agreed as representative by the people taking action
- Not easy to manipulate to simulate success
- Not a 'blame' factor that picks out individuals
Market shareCustomer acquisitionCustomer retentionCustomer satisfactionCustomer profitabilityProduct or service attributesCustomer relationshipsImage and reputation
Financial perspectives
Measurement
Measurements in the Financial perspective show whether your company has performed well financially, where improvements can be made, and whether it is in a secure position.
Add a financial measurement that reflects achievement and progress.
The team
Support for your project is vital.
If your project is successful at identifying the need for significant change, then you can be sure there will be barriers to change and people to convince.
Key roles
Add a key player to your project. Think about:
- A project manager
- Corporate sponsors to influence and authorise change
- Buy-in from senior management
- Buy-in from team leaders who will need to implement change
- Buy-in from people already involved in other improvement initiatives
- Buy-in from anyone who is likely to resist focus on performance and change
- External expertise
Objectives
A Balanced Scorecard project will require resources and long-term commitment, and the results must be used to implement change, otherwise, it will die. In the same way that Balanced Scorecard is based on measurements, you should identify the KPIs for the project itself by agreeing on objectives and measuring progress towards them.
Project objective
Add an objective for your Balanced Scorecard project. Think about:
- Establishing an environment of management by measurement
- Identifying and correcting imbalances between internal/external factors and past/future indicators
- Identifying areas for improvement, taking action and evaluating results
- Identifying and reacting to trends
- Communicating strategy
- Aligning action with strategy
- Assessing whether strategy is being followed
- Assessing whether strategy is working
第10條
資通安全維護計畫
Continually communicating the results of your Balanced Scorecard project is vital.
Reviewing and taking action
Who will review the results, and what actions can they take?
Add an action for reviewing and applying the measurements.
Designing dashboards
What factors will influence the design of your dashboards, to keep people informed?
Add an action for designing your dashboards to communicate measurements and improvements.
資通安全長
Action
How will the results of your project, and the background information that supports it, be distributed in your company?
Add an action for sharing the measurements from your project.
資通安全情資分享機制
Additional information
第8條
第7條
Identify areas for measurement and management by thinking about your organization's mission, objectives and strategy.
資通安全責任等級
資通安全責任等級分級辦法
第11條
In order to identify measurements that give insights into performance, be clear about the needs of all the stakeholders in your company.
Add a stakeholder who has an interest in the success of your organization.
You can choose from the suggestions, or better, add stakeholders that are specific to your company.
CustomersConsumersOwnersShareholdersStaffMembersRegulatorsThe communityPartnersSuppliers
自行或委外開發之資通系統應依附表九原則分級並依附表十定資通系統防護基準執行控制措施
依資通安全責任等級辦理附表一至八之事項
