隨著網際網路技術的成熟與應用普及,資訊安全(簡稱資安)已成為資訊技術 (IT, Internet Technology) 重要的基礎建設之一。目前相關的資安技術產品諸如:防火牆、防毒軟體、虛擬私人網路 (VPN, Virtual Private Network)、安全掃描以及入侵偵測系統 (IDS, Intrusion Detection System) 等,已廣泛為政府及企業運用在建置資安環境上。但隨著每天數以萬計的資安事件及紀錄檔需要處理或管理,讓網管或資安人員疲於奔命。由於單一的資安產品並無法提供某一組織完整的資安功能,故應將資安視為一服務流程 (service process) 而非單一產品。因此,將政府或企業的安全需求訂定成政策,並利用整合相關資安產品和統一應變中心,以形成資安監控中心 (SOC, Security Operation Center) ,已成為整體資安防護的新趨勢。 本論文除介紹國內外資安與SOC發展的實務,及探討SOC所牽涉的服務流程、涵蓋技術與建置類型外,更進一步導入風險管理 (risk management)的觀念,將客戶風險處理前後的風險等級、實體資訊資產、組織規模、業務特性與資安需求等,設為SOC服務層級協議書 (SLAs, Service Level Agreements) 的參數,以此區分出SOC之SLAs之服務等級,及對應各服務等級之差異條款,進而以委外建置SOC為例,提出委外建置資安監控中心契約差異條款的建議。最後,說明未來SOC發展可能面臨的難題與挑戰,期為SOC制度化之發展鋪路。
Owing to the mature technology and popular application on the Internet, Information security (IS) has become a critical issue of the Internet Technology (IT). Various types of information security products, such as Firewalls, Antivirus, Virtual Private Network, Online Security Scanning, and Intrusion Detection System, have been widely used by government agencies and business organizations to set up a secure information environment. The network manager and IS personnel are constantly faced with numerous of logs in information security events. In fact, problems in IS could not be solved by single product. We can deem IS as a process for its implementation, not point products. Therefore, it has become an inevitable trend for IS that sets up policies via the security requirements of government agencies and business organizations, and then integrates relevant IS products to implement SOC (Security Operation Center). The thesis introduces the development of IS and SOC in Taiwan and other countries, and discusses the service process, related technologies, and implementation types of SOC. Also, this thesis involves the concept of risk management to evaluate customers’ risk values before/after risk treatment, physical information assets, organization scales, business properties, and IS requirements. Then, we take above these parameters for categorizing various levels of SLAs (Service Level Agreements), and find out the different article respond to various levels. According to the determined level of SLAs, we provide proposal of refining contract regarding outsourcing SOC. Consequently, we illustrate the possible issues and challenges in emerging development of SOC. To be summarized, we expect that this thesis could be the reference model for SOC implementation in the future.