當企業發展越來越龐大,獲利越來越高,難免引起競爭對手或商業間諜的覬覦。台灣近年來發生的許多企業重大機密外洩事件,主因多在「人」的身上,同時也表示公司的內控機制存在漏洞。法規雖然日趨完備,但網路建設與應用漸趨成熟,加上軟硬體技術的不斷精進,企業資訊安全的重要性面臨更為嚴峻的挑戰。 本研究以單一個案方式探討公司內部發生資訊安全風險(指內部人不正確使用與流通資訊)時,如何改善並加強內部控制之過程。本研究主要目的在於:(1)紀錄專案如何啟動;(2)進行過程中所遇到之困難如何解決,彙整專案成功的要素;(3)專案結果在內部後續的反應,以調查專案成效。資訊安全問題層出不窮,藉由深入了解此個案之狀況,將可提供企業在發生內部資訊管控問題後,如何達成專案目標過程之實際案例。且能有效率的進行專案推動,以提高專案成功之機率。
When an enterprise becomes bigger and makes more profits, it’s easily coveted by their opponents or business emissaries. Recently, there are various events of confidential information leakage that people involved is the main reason in Taiwan. It implies that a loophole in the internal control system is possible. The regulation of information security has almost built in a corporation, but the importance of corporation information security becomes a rigorous challenge with the common usage of the internet and the high development of software and hardware. This study analyzes how to improve the process of internal control when a company faces internal information security risks (employees use and disseminate internal information without authorization) by a case study. The main purposes of this study are as following: (1) how the project start-up activities, (2) how to solve the difficulty during the project, and what key successful factors are, (3) what internal responses after the end of the project will be. The problems of information security are continually happening. By the case study, it provides a practical example that how to make a success of the project for handling the problem of internal information control and how to improve the efficiency of project execution.