資通訊科技的快速發展，使得現今的行動裝置除了做為通訊用途外，因為該裝置具備有強大的資訊處理能力，加上許多各式各樣功能的應用軟體輔以使用，使得該裝置越來越多被運用於協助處理日常的活動。許多企業將行動裝置視為一種增進工作效率的工具，該裝置可運用於傳遞電子郵件、規劃行程、處理企業內部行政等作業，甚至可以用來呈現企業管理資訊。
2014年Gartner針對行動裝置的現況及未來進行研究與分析，該研究報告中指出，全球到2017年將有超過50%的企業將使用員工自攜裝置作為企業終端資訊處理設備。企業營運因為員工自攜裝置獲得了工作行動力增加、員工滿意度上升、企業資訊設備管理成本降低等好處。但於該研究報告中也指出，全球有15%的企業因考量資訊安全的問題，員工自攜裝置將永遠不被允許使用於企業營運活動中。新的資訊科技為企業帶來商機，同時也帶來了風險，如何將危機化為轉機，善用資訊科技帶來的助力，推升企業整體能力，實為重要的企業管理議題。
本研究採用質化研究方法，經由蒐集與分析ISO/IEC 27001:2013、
NIST SP 800-53 Revision 4及相關行動裝置資訊安全管理等文獻資料，提出企業對使用行動裝置的資訊安全管理規劃要點。並經由分析個案公司對使用行動裝置所提出的資訊安全管理規劃，進行本研究驗證。

The rapid advancement of information and communication technology has dramatically expanded the scope of application for mobile devices today. In addition to their typical usage for communication, due to the powerful data processing power that modern mobile devices have and the vast number of functional applications available on the market, mobile devices have been used more and more extensively by users to handle various day-to-day tasks. Many corporations have perceived mobile devices as a tool that enhances productivity, because such devices can be used to send e-mails, plan itineraries, perform internal administrations and even display relevant corporate management information.
According to a study conducted by Gartner in 2014 on the current status and future of mobile devices, it is estimated that by 2017, more than 50% of the corporations around the world will utilize employees’ mobile devices as their data processing equipment. Thanks to the mobile devices that employees have in their possession, corporations will benefit from advantages such as enhanced mobile productivity, improved employee satisfaction and lowered management costs for corporate IT equipment with regards to their operations. However, the report also pointed out that approximately 15% of corporations worldwide would forbid employees to use their personal devices for corporate operation related activities due to considerations of information security. While new information technology has brought business opportunities to corporations, along with the opportunities have come related risks. Turning the risks into opportunities and capitalizing on the strengths of information technology to boost a company’s overall performance have become vital issues of corporate management that must be addressed.
In this study, qualitative research methods have been applied for the collection and analyses of relevant literature on ISO/IEC 27001:2013, NIST SP 800-53 Revision 4 and mobile device information security management in order to present a list of key points on corporate information security management planning for mobile devices. The hypotheses presented in the study were also verified by means of case study on specific information security management planning that had been adopted by businesses.

1. 陳峰棋 (民國93年)。資訊安全。台北市：學貫行銷股份有限公司。
2. 鈕文英 (民國103年)。質性研究方法與論文寫作。台北市：雙葉書廊。
3. 葉乃菁與李順仁 (民國97年)。網路安全理論與實務。台北市：財團法人資訊工業策進會數為教育研究所。
4. 潘天佑 (民國97年)。資訊安全概論與實務。台北市：碁峰資訊股份有限公司。
5. 鄭燦堂 (民國103年)。風險管理：理論與實務。台北市：五南圖書公司。
6. 羅英嘉 (民國97年)。CISSP與資訊安全基礎技術。台北市：資策會資訊教育研究所。
7. A.W. David (2014). Bring Your Own Device: The Results and the Future (Rep. No. G00264028). Stamford, USA: Gartner.
8. International Organization for Standardization. (1989). Information processing systems -- Open Systems Interconnection -- Basic Reference Model -- Part 2: Security Architecture. (No. ISO 7498-2:1989). Geneva, Switzerland: ISO.
9. International Organization for Standardization. (2011). Information technology -- Security techniques -- Information security risk management. (No. ISO/IEC 27005:2011). Geneva, Switzerland: ISO.
10. International Standard of Organization. (2013). Information processing systems -- Open Systems Interconnection -- Basic Reference Model -- Part 2: Security Architecture. (No. ISO/IEC 27001:2013). Geneva, Switzerland: ISO.
11. K. Scarfone and M. Souppaya (2013). Guidelines for Managing the Security of Mobile Devices in the Enterprise. (No. SP 800-124 Revision 1). Gaithersburg, MD: NIST.
12. National Institute of Standards and Technology (2004). Standards for Security Categorization of Federal Information and Information Systems. (No. FIPS PUB 199). Gaithersburg, MD: NIST.
13. National Institute of Standards and Technology (2013). Security and Privacy Controls for Federal Information Systems and Organizations. (No. FIPS SP 800-53 Revison 4). Gaithersburg, MD: NIST.
14. T. Bradley (2011, Dec 20). Pros and Cons of Bringing Your Own Device to Work. Retrieved Apr 11, 2015, from http://www.pcworld.com/article/246760/pros_and_cons_of_byod_bring_your_own_device.html.