資訊科技的發展使得人類社會更加進步,不論是公私部門都廣泛受益。但是,伴隨而來的資訊與通訊安全問題,包括病毒攻擊、隱私保護及恐佈攻擊等議題,也逐漸成為國家安全、經濟發展及社會安定等各層面的隱憂。本文面對「電子化政府」大力推動之際,探討如何因應網路應用的潛在風險。 本文透過臺灣資安通報統計及TNS所做電子化政府民調等實證資料,探討臺灣實際面對資通安全問題的程度以及影響面;同時,參照美國及OECD以及APEC兩個國際組織對於通安全相關規範,本文進而做出規範與實態的對應分析。 本文從現況的檢索中發現,隨著網路科技的擴展,資通安全所承受的風險也逐漸提升。政府雖然一直將資通安全列為重點工作,但是對於資訊的安全及風險管理概念仍有待加強。本文提出三項原則,首先強調資訊的利用與保護同等重要,以強化責任的認知;其次是全方位的觀念推動;第三則是重視顧客導向及宣傳。依循這些原則,N-SOC未來推動資通安全政策上,可以參照採行四項策略,分別是強化對於機敏性資料的保護、提高民眾對於資通安全警覺性的認知、檢討現行資通安全法規,並提升網路安全的偵防能力,最後加強資通安全技術研發與應用。本文認為唯有強化資通安全的重要性,建立讓民眾放心的資訊網路系統,才能有效的推動電子化政府。
The fast developing of the Information Technology (IT) has improved the efficiency of our society, regardless of the public or private sectors are both benefited much from it. Unfortunately, the problems followed by this technology, the information and communication security have become increasingly serious. This includes virus attacks, protection of privacy, and terrorist attacks. This issue might induce some potential problems which might lead to a major concern for our national security, economic development and social stability. In this article, it will discuss how to work against the potential risks when utilizing of the ”Internet Technology”, while developing and promoting a healthy ”electronic government”. By utilizing the statistic data from the National Information and Communication Security Taskforce (NICST) and the Taylor Nelson Sofres (TNS) surveys about the topic of e-government development, this article is focusing on analysis the level of degree and the aspect of influences of the information and communication security in Taiwan. Meanwhile, by referencing the similar experiences of United States and other international organizations, such as OECD and APEC, this article will take a further comparative study from the normative researches and the empirical researches. This article finds that, tinder the current condition, the more the expansion of Internet Technology, the more the risk it increases. Even though the government has always takes the issue of information and communication security, as one of the major concerns, hut the concept of information security and risk management must be further developed. This article suggests three main principles regarding to the information and communication security. First is the emphasis of the importance of the protection of data is equal to the use of information. All participants should understand their responsibility for the security of those information systems. Secondly, all dimensions of this concept must be widely promoted. Lastly, the most important of all, is that it must take a customer-orientated attitude, to strengthen and ensure the confidence about the security of users. Based on these principles, N-SOC should take four strategies in the future promotion of information and communication security which includes the following: to enhance the protection of the agile data, and to further lift up the recognition of the importance of the information and communication security to the general pubic; to review and discuss the current laws and regulations about information and communication security, and to boost the detection ability of the internet safety; to enhance the technology development and application of the information and communication security. This article concludes that only the further enhancement of information and communication security will establish an internet system that can let the public count on, and therefore it will be easy to promote a practical and user-friendly electronic government.