金融服務業高度倚賴資訊科技達成其營運需求, 引發對於資訊安全管理議題之重視,本研究針對金融服務業間導入與未導入資訊安全管理機制對資訊安全衝擊影響之差異比較。 本研究採問卷調查方式,並輔以企業深度訪談進行,歸納出之結果如下。 1. 金融服務業導入資訊安全管理機制關鍵因素以資訊安全政策、網路安全管理、使用者存取管理、作業系統存取控制、應用系統之存取控制最具成效。 2. 發生資訊安全事件前五項為主:病毒、濫用內部網路/電子郵件、電力中斷、濫用即時通訊軟體、未經授權取存;導入資訊安全管理機制之單位發生機率及影響衝擊程度皆較未導入較低。 3. 已導入企業於資訊安全異常事件之因應及對資訊安全之幫助皆較未導入企業為佳。
Financial service industry highly relies the information technology to achieve its business demand, initiates value of regarding the information security management subject, this research inducts in view of the financial service industry with has not inducted the information security management to compare to difference of the information security management impact influence This research picks the questionnaire survey way, and auxiliary carries on by enterprise depth interview, induces the result to be as follows: 1. Financial service industry inducts the information security management machine-made key aspect by the information security policy, the network safety control, the user access control, Operation system control application system control 2. Has the information security event first five items primarily: The virus, abuses internal network/email, electric power severance, abuses the immediate communication software, without authorization access; Inducts unit of the information safety control mechanism to have the probability and the influence impact degree comparatively has not all inducted lowly。 3. The organization who has implement ISMS, when fact to information security event is better then do not implement’s organization.