摘要
由於網際網路的日益普及化,大幅的降低了學習知識與技術的門檻,如果能夠好好的運用網路科技無遠弗屆的特性,以及善用網路上取之不盡的豐富資源,那麼網際網路的發明,對於學習新知、以及降低學習的門檻,就有很大的助益,但是「水能載舟,亦能覆舟」,如果使用不當,則後果就不堪設想,資訊安全就是其中重要的一環,因為其影響的範圍,小至個人隱私權被侵犯、公司機密資料外洩,並且傷害到整個社會的金融體系,甚至有危害國家安全之虞等,這些都是使得資訊安全的這個議題不容小歔,孫子兵法有云: 「故用兵之法,無恃其不來,恃吾有以待也﹔無恃其不攻,恃吾有所不可攻也」。就企業與組織而言,如何加強資訊安全機制,就變成現在的當務之急,如何建立堅而不摧的資訊安全堡壘,就變成當今的首要之務。 面對日益險峻的資訊安全挑戰,企業組織需要有相對應的做法,由於資訊安全是一個專門的領域,除了需要面對專門知識領域的挑戰,還有就是時間的急迫性壓力,如何面對資訊安全領域的挑戰,並且還要兼顧時間上的無形壓力,這些都是企業或組織的嚴苛考驗。 如何兼顧資訊安全領域的挑戰以及時間上的壓力呢?或許資訊安全委外是個可行的做法,不過,就技術而言,雖然解決了企業資訊安全的疑慮,但是卻又有機密資訊外洩的隱憂,因此,資訊安全到底是要公司自建呢?還是尋求委外的合作方式呢?如果是委外的話,究竟是要全部委外呢?還是部份委外呢?那些部份是可以委外,那些部份又是不能委外的?這些都是本研究衡量資訊安全到底是自建或是委外的重要考量因素。
並列摘要
The popularity of the Internet, greatly reducing the threshold of learning knowledge and technology .There is an old adage” Water is a boon in the desert, but the drowning man curses it.” applies to convenience from Internet. If you can properly use the benefits brought by technology, of course, it is the people's welfare. If used in the wrong place, then the consequences would be disastrous. Information security is one of the important part, because the scope of its impact, personal privacy is being violated, company confidential data leakage, damage to the financial system and society as a whole, and even endangers national security, etc. But we will have unbelievable damage if use it on the wrong direction. Information security is the sample. There is an old adage of Sun Tzu on the Art of War.”If, on the other hand, in the midst of difficulties, we are always ready to seize an advantage, we may extricate ourselves from misfortune.”. Forts to strengthen information security mechanisms, it becomes a top priority for today, how to consolidate information security, it becomes imperative now. Information security implicates for the entire organization for sustainable development. Information security is a specialized field, the face of increasingly dangerous security challenges, organizations need to have a corresponding practice. In addition to challenging areas of expertise, there is the urgency of time. Information security both for business or organization, it is vexation important thing. Information security outsourcing, it might be a viable approach. Technically, you can quickly make up the gap in information security within the enterprise. But yet there is the risk of confidential information leakage considerations, therefore, Information Security Company in the end is to self-built it? Or seek cooperation outsource it? If it is outsourced, then what is to outsource all of it? Outsourcing is part of it? Those parts can be outsourced, who is not part of outsourcing? These are information security in the end of this study is to measure the self or outsource important considerations.
參考文獻
吳金庭,2007,以 Snort 偵測並封鎖網路異常行為之研究,碩士論文, 新竹市:國立交通大學理學院網路學習學程。
萬偉良,2008,資訊委外服務駐外人員離職傾向之研究-以某資訊委外服務廠商
Benoit A. Aubert, Suzanne Rivard, Michel Patry, “A transaction cost model of IT outsourcing”, Information & Manage -ment, Vol. 41, pp. 921–932,2004.
Grover, V. and Teng JTC,, ”A Descriptive Study on the Outsourcing of Information System Functions”, Information & Management, Vol.27, pp. 33- 44, 1994.
Heshmati, A, “Productivity Growth, Efficiency and Outsourcing in Manufacturing and Service Industries”, Journal of Economic Surveys,Vol. 17, No.1, 80-112, 2003.