题名

Establishing the Risk Assessment Indicators of Electronic Records and Empirical Analysis of an Institution

并列篇名

電子檔案風險評估指標之建構及其應用實例分析

DOI

10.6182/jlis.202006_18(1).069

作者

林巧敏(Chiao-Min Lin)

关键词

Risk Assessment ; Archives Authenticity ; Archives Integrity ; Archives Accessibility ; Electronic Records Management ; 風險評估 ; 檔案真實性 ; 檔案完整性 ; 檔案可及性 ; 電子檔案管理

期刊名称

圖書資訊學刊

卷期/出版年月

18卷1期(2020 / 06 / 01)

页次

69 - 96

内容语文

英文;繁體中文
中文摘要

The purpose of this study is to construct a risk management model of electronic records in accordance with archival appraisal elements and the theoretical framework of risk management. The Delphi method was taken to generalize the expert consensus of electronic record risks, which can provide the basis for archival agencies to self-check their risk factors. In addition, considering the feasibility of promoting into practical, this study implemented an empirical case study to recommend a risk classification structure. The complete mode of electronic records risk management, according on the base of case study, was including of risk identification, risk assessment and implement strategy were addressed. The result proposed 63 risk indicators for agencies to carry out electronic records risk assessment. The study applied the risk assessment checklist to conduct risk identification and assessment surveys of individual cases, most of which fell in low risk areas. According to the risk management theory, the risk management strategy of electronic records was proposed. For risk indicators with risk values between 3 and 4, it was recommended to adopt a prevention strategy, risk indicators with a risk value of 4 or higher, and adopted a prevention and mitigation strategy to deal with them. Finally, the risk management framework of electronic records was proposed. The contribution of this study was to accomplish a risk checklist and set up the practice assessment model for the archival agencies as a reference to put risk management into practice.
英文摘要

本研究目的在於建立符合國內機關檔案情境之電子檔案風險管理作業模式。採用疊慧法(Delphi)評核電子檔案風險管理之共識項目,建立機關檔案進行電子檔案風險自我檢核的指標,接續進行個案實證研究,以驗證風險檢核表之適用性,進而提出個案機關之電子檔案風險管理策略。本研究調查結果提出63項電子檔案風險檢核指標,可供機關進行風險評估作業運用;完成個案機關風險辨識與評估作業後,呈現多數指標落於低度風險區;根據風險評估結果,對於風險值3到4的指標,提供預防策略建議,對於風險值4以上指標,提供預防及減輕策略加以因應。本研究提出之電子檔案風險管理檢核表以及實務評估作業模式,可供各機關進行電子檔案風險管理實務操作之參考。
主题分类 人文學 > 圖書資訊學
参考文献
  1. 何瑞萍, Jui-Ping(2005)。數位計畫營運風險管理之探討。圖書資訊學刊,3(1/2),107-124。
    連結:
  2. 林巧敏, Chiao-Min(2005)。電子檔案長期保存方法與策略初探。圖書與資訊學刊,55,78-100。
    連結:
  3. Bearman, D.(2007).Moment so frisk: Identifying threats to electronic records.Archivaria,62,15-46.
  4. Dearstyne, B. W.(Ed.)(2002).Effective approaches for managing electronic records and archives.Maryland, MD:Scarecrow Press.
  5. HM Government. (2004). The orange book: Management of risk—principles and concepts. Retrieved from https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/220647/orange_book.pdf
  6. International Council on Archives Committee(2005).Electronic records: A workbook for archivists.Paris, France:The International Council on Archives.
  7. Joint Information Systems Committee. (2014b). Risk management: A step-by-step practical guide to managing risk proactively and mitigating its effects. Retrieved from https://www.jisc.ac.uk/guides/risk-management
  8. Joint Information Systems Committee. (2014a). A five step risk management model. Retrieved from https://www.jisc.ac.uk/guides/ risk-management/five-step-model
  9. Knight, G.(2012).A digital curate’s egg: A risk management approach to enhancing data management practices.Journal of Web Librarianship,6(4),228-250.
  10. Lee, S. J.,Chung, H. K.(2008).Building a framework to measure and minimize information risks.The Information Management Journal,42(3),39-44.
  11. Macneil, H.(2000).Providing grounds for trust: Developing conceptual requirements for the long-term preservation of authentic electronic records.Archivaria,50,52-78.
  12. Mason, S.(2007).Authentic digital records: Laying the foundation for evidence.Information Management Journal,41(5),32-40.
  13. McLeod, J.(2014).Reinventing archival methods: Reconceptualising electronic records management as a wicked problem.Archives & Manuscripts,42(2),193-196.
  14. McLeod, J.(2012).On being part of the solution, not the problem: Taking a proportionate approach to managing records.Records Management Journal,22(3),186-197.
  15. McLeod, J.,Childs, S.,Hardiman, R.(2011).Accelerating positive change in electronic records management: Headline findings from a major research project.Archives & Manuscripts,39(2),66-94.
  16. Murry, J. W.,Hammons, J. O.(1995).Delphi: A versatile methodology for conducting qualitative research.The Review of Higher Education,18(4),423-436.
  17. Myler, E.(2008).Minimizing risks through a corporate information compliance initiative.The Information Management Journal,42(1),58-63.
  18. National Archives and Records Administration. (2018). Federal agency records management 2017 annual report. Retrieved from https://www.archives.gov/files/records-mgmt/resources/2017-farm-annual-report.pdf
  19. National Archives of Australia. (2016). Check-up digital. Retrieved from http://www.naa.gov.au/naaresources/documents/CheckupDigital-July2016.PDF
  20. Sprehe, J. T.(2008).Exploring the information management side of RIM.Information Management Journal,42(3),62-67.
  21. Stanescu, A.(2005).Assessing the durability of formats in a digital preservation environment: The INFORM methodology.OCLC Systems & Services: International Digital Library Perspectives,21(1),61-81.
  22. The Archives and Records Management Section of United Nations. (2017). Risk assessment guidance: Records management programme assessment tool. Retrieved from https://archives.un.org/content/ managing-information-risks
  23. The National Archives. (2017). Risk assessment handbook. Retrieved from http://www.nationalarchives.gov.uk/information-management/manage-information/policy-process/digital-continuity/risk-assessment/
  24. Williams, C. A., Jr.,Smith, M. L.,Young, P. C.(1995).Risk management and insurance.New York, NY:McGraw-Hill.
  25. 古步鋼, Buh-Gung(2006)。英國政府風險管理推動模式。研考雙月刊,30(2),37-49。
  26. 向立文, Li-Wen(2009)。電子文件風險管理機制的構建。檔案學通訊,2009(2),66-69。
  27. 李海南, Hai-Nan,孟韜, Tao(2010)。電子文件風險管理策略研究。檔案學研究,2010(4),63-65。
  28. 杜久霞, Jiu-Xia(2005)。電子文件管理風險應對。中國石油企業,2005(12),77。
  29. 柯雲娥, Yun-Er(2004)。臺北市=Taipei,國立政治大學圖書資訊與檔案學研究所=Graduate Institute of Library, Information and Archival Studies, National Chengchi Universiry。
  30. 馬麗娟, Li-Juan(2009)。風險管理視角下的電子文件安全管理研究。晉圖學刊,2009(5),12-14+23。
  31. 國立政治大學電子計算機中心(2019)。校園資訊安全。檢自http://www.cc.nccu.edu.tw/p/426-1001-32.php?Lang=zh-tw【National Chengchi University Computer Center. (2019). [Xiao yuan zi xun an quan]. Retrieved from http://www.cc.nccu.edu.tw/p/426-1001-32.php?Lang=zh-tw (in Chinese)】
  32. 國立政治大學電子計算機中心(2009)。2009電子公文線上簽核服務專區:緣起。檢自http://itservice.nccu.edu.tw/nccudoc/history.html【National Chengchi University Computer Center. (2009). [2009 dian zi gong wen xian shang qian he fu wu zhuan qu: Yuan qi]. Retrieved from http://itservice.nccu.edu.tw/nccudoc/history.html (in Chinese)】
  33. 國家發展委員會檔案管理局=National Archives Administration(2019)。國家發展委員會檔案管理局(2019)。機關檔案風險管理作業指引。新北市:國家發展委員會檔案管理局。【National Archives Administration. (2019). [Ji guan dang an feng xian guan li zuo ye zhi yin]. New Taipei: National Archives Administration. (in Chinese)】。
  34. 張寧, Ning(2010)。思維的“逆行”:電子文件風險管理解析。中國檔案,2010(7),59-61。
  35. 陳素芬, Su-Fen(2012)。臺北市=Taipei,國立臺灣師範大學健康促進與衛生教育學研究所=Department of Health Promotion and Health Education, National Taiwan Normal University。
  36. 馮惠玲, Hui-Ling(2008).電子文件風險管理.北京市=Beijing, China:中國人民大學=China Renmin University Press.
  37. 黃國寶, Guo-Bao(2010)。ISO 31000風險管理之要求及應用探討。永續產業發展雙月刊,53,48-56。
  38. 楊永年, Yung-Nane(2016)。國家發展委員會檔案管理局委託研究報告國家發展委員會檔案管理局委託研究報告,新北市=New Taipei:國家發展委員會檔案管理局=National Archives Administration。
  39. 楊高敏, Gao-Min(2010)。國內外電子文件風險管理研究現況分析。浙江檔案,2010(9),24-28。
  40. 劉婉柔, Wan-Jou(2013)。臺北市=Taipei,國立臺灣師範大學健康促進與衛生教育學研究所=Department of Health Promotion and Health Education, National Taiwan Normal University。
  41. 劉越男, Yue-Nan(2006)。識別電子政務系統中的文件風險。案學通訊,2006(2),52-55。
  42. 鄭燦堂, Can-Tang(1998).風險管理:理論與實務.臺北市=Taipei:五南=Wu-Nan.
  43. 鄧家駒, Jia-Ju(2002).風險管理.臺北市=Taipei:華泰文化=Hwa Tai.
  44. 鍾榮翰, Rong-Han,孫立勇, Li-Yong,吳文進, Wen-Jin,江衍勳, Yan-Xun,林子群, Zi-Qun(2014)。行政院資通安全辦公室委託研究行政院資通安全辦公室委託研究,臺北市=Taipei:財團法人資訊工業策進會=Institute for Information Industry。
被引用次数
  1. (2024)。文檔系統資安意識評估架構及其實務運用之探討。圖書資訊學研究,18(2),1-47。
print cancel