透過您的圖書館登入
IP:52.55.55.239
  • 期刊

企業導入BS7799資訊安全管理系統之關鍵成功因素-以石化產業為例

Critical Success Factors for Implementing BS7799 Information Security Management System-Based on Petrochemical Industry

摘要


隨著電子交易的發展,資訊安全逐漸受到企業重視。「BS 7799」是由英國國家標準協會(BSI)於1995年所制定;企業只要做到BS 7799的要求,並通過獨立稽核機構評鑑,便可獲頒BS7799資訊安全認證。因此,可向其客戶與合作夥伴宣告,該企業網路內與他們相關的資料都受到適當的保護,而且該企業整體的安全度也值得信任。國外許多石化公司紛紛建立供應鏈體系及電子市集,以期降低交易成本、掌握市場趨勢及交換市場訊息。而國內由經濟部工業局推動「石化產業電子化標準推動計劃」,積極輔導業者成立電子化產銷體系,以因應國際化之電子交易趨勢。另外石化業者為即時掌握生產狀況及監控工廠運作情形,利用網路、控制介面及數據擷取等技術將程控資訊與管理資訊系統整合,為管理上帶來極大的便利。但相對地因資訊安全問題所造成的風險會更加嚴重,由於石化原料及產品多屬易燃物,其所造成的影響不僅是資訊及經濟的損失,嚴重時可能造成公共安全問題,使得石化產業的資訊安全更應受到重視。本研究以BS 7799為基礎,針對國內石化產業的資訊安全議題及現況進行調查,以瞭解該產業資訊安全狀況及其差異。並利用區別分析找出影響石化產業導入資訊安全管理機制的關鍵成功因素。研究發現其關鍵成功因素分別為安全防護、資訊安全技能、供應商、法令規章、競爭壓力、商業夥伴影響、安全事件處理、員工參與、電腦化程度、高階主管支持、組織規模及安全風險程度等因素。

並列摘要


Due to the rapid development of electronic commerce, maintaining information security in order to protect information assets is a key concern for every enterprise today. The BS7799 administrated by the British Standards Institute (BSI) since 1995, is a comprehensive system for implementing effective Internet security, by far, it is the most appropriate approach to best practices for information security management. By gaining the BS7799 certification, companies may assure customers and partners that their data, which being kept on the enterprise networks, will be secure and that the overall security of the enterprise is trustworthy. In the case of Petrochemical manufacturing industry, in Taiwan, many companies try to minimize the cost and achieve their gross profit margin by implementing e-commerce and applying vendors' supply chain management technology. The purpose of this study is to explore the critical success factors for the implementation of information security management system in the Petrochemical Industry. The results reveal that factors such as information security protection, information security skill, supplier, industrial regulations, competitive pressure, the interdependence among business partners, occupational health and safety practice, degree of computerization, top management support, scale of organization and tolerant of risk are crucial to the success for implementing the business electronically.

參考文獻


BSI.(2000).Information security management- Part 1: Code of practice for information security management.(BS 7799-1).
BSI.(2002).Information security management- Part 2: Specification for information security management systems.(BS 7799-2).
Caminada, M.(1998).Internet security incidents, a survey within Dutch organizations.Computers & Security.17(1),417-433.
Chau, Jacqui.(2005).Skimming the technical and legal aspects of BS7799 can give a false sense of security.Computer Fraud & Security.9,8-10.
Cohen, F.(1998).A cause and effect model of attacks on information systems.Computers & Security.17(1),221-226.

被引用紀錄


徐忠生(2014)。物流運輸業導入全球定位車隊管理系統之關鍵因素-以P公司為例〔碩士論文,中原大學〕。華藝線上圖書館。https://doi.org/10.6840%2fcycu201400637
Kuo, J. H. (2014). 雲端運算資訊安全之研究 [doctoral dissertation, Chang Jung Chrisian University]. Airiti Library. https://doi.org/10.6833%2fCJCU.2014.00001
許雪蓮(2006)。以BS7799為基礎評估軍事單位資訊安全環境之研究:以國軍M單位為例〔碩士論文,大同大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0081-0607200917240436
施碧蘭(2007)。建置ISMS認知與實施之研究-以某署立醫院為例〔碩士論文,元智大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0009-2905200709210100
蘇仲杰(2013)。個人資料作業風險評鑑機制之建構與實證〔碩士論文,國立中正大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0033-2110201613550652

延伸閱讀