電傳勞動資訊安全防護機制之研究

「電傳勞動」（Teleworking）是採用電子溝通及資訊科技代替實際通勤的一種工作方式，例如勞動者可以攜帶筆記型電腦外出，遠離公司的辦公處所，然後透過網際網路與雇主、同事或客戶連絡，藉以溝通或達成工作任務。現今電傳勞動已形成一種新的工作型態，並且逐漸被各企業所採用。雖然網際網路的發達為電傳勞動者大開方便之門，然而在方便之下也帶來了許多隱憂，造成資訊安全事件層出不窮。本研究主要目的是在探討企業在何種情況下會需要採用電傳勞動的工作型態；電傳勞動會面臨哪些資訊安全問題；若企業採用電傳勞動的工作型態時，如何確保企業的資訊安全，並探討如何建立適當的資訊安全防護機制。本研究採用質性研究的訪談法，針對已經通過ISO 27001認證的三家公司進行訪談。然後採用內容分析法來分析訪談逐字稿，並運用三角檢定法來確保本研究的信度及效度，最後產生本研究之結論命題。此外，本研究採用品質管制新七大手法中的「系統圖法」，針對電傳勞動的資訊安全問題進行解析，以探討企業採用電傳勞動時會面臨什麼樣的弱點及威脅，並提出資訊安全防護機制建置的解決方案。本研究結果發現(1)企業會採用電傳勞動的主要原因為：「職務類型」及「業務需求」；(2)企業採用電傳勞動時，所面臨的資訊安全問題主要為人為因素所導致；(3)企業採用電傳勞動時，所使用的資訊安全防護機制可以分為技術面及流程面，在技術面的主要資訊安全防護機制為「虛擬私有網路」，在流程面的主要資訊安全防護機制為「存取控制管理作業程序」。最後，本研究針對前述發現所隱含的管理意涵進行討論，本研究成果將可提供企業在實施電傳勞動時做為重要參考借鏡。

關鍵字

電傳勞動；遠距工作；資訊安全防護機制

並列摘要

Teleworking is a new work style which telecommunication and information technology are used in place of traditional physical commute. For instance, employees could bring laptops away from the organizational office and contact their employers, colleagues or customers via internet to communicate and accomplish their jobs. In recent years, teleworking has become a popular work style and has gradually been accepted and adopted by a lot of corporations. As the rapid growing of internet, which provides convenience for teleworkers, it also produces some concerns as the information security is frequently under attack. This study aims to investigate: in what circumstances that corporations would adopt teleworking as the form of employment; what sorts of information security problems that teleworking may face; and once if corporations implement teleworking, how to ensure the information security, and how to establish an appropriate information security mechanism. This study adopts a qualitative research method — interviewing. Three companies, which have achieve ISO 27001 certification, have been investigated in this study. Content Analysis is adopted to analyze transcripts, triangulation is adopted to ensure the reliability and validity of this study and leading to the conclusions. This study also uses one of the New Seven Quality Control Tools — the Systematic Diagram — to analyze the information security problems of teleworking in order to examine the weakness and threats that corporations may face when implementing teleworking. This study then offers solutions to establish an appropriate information security mechanism. The findings show: (1) the major reasons of implementing teleworking are “occupational type” and “business requirement”; (2) while corporations implementing teleworking, information security problems are mainly caused by human factors; (3) while corporations implementing teleworking, the information security mechanism could be classified into two types which are “techniques” and “processes”. With regard to “techniques”, Virtual Private Network is the main information security mechanism. With regard to “processes”, Access Control Procedures are the main information security mechanism. Finally, implications of the findings listed above are discussed. The findings of this study would provide an important reference for corporations in their future practices of teleworking implementation.