有鑒於企業資訊系統委外程度越來越高,本研究以觀察資訊服務業之資訊科技管理為主軸,企圖探討資訊服務業導入資訊安全管理後之資訊科技管理中的組織、流程、人員以及技術等四方面之影響,本研究採用個案研究法為主,以個案公司導入ISO/IEC 27001有成功經驗之資訊服務業為對象。藉由歸納發現,本研究提出四項結論: 1.導入ISO/IEC 27001促使資訊部門在組織中的角色有別於以往被動的功能,轉變為承上啟下的溝通橋樑,成為推動資訊安全管理的重要基礎。 2.導入ISO/IEC 27001促使組織改善及建立資訊科技管理流程,發揮有效的資訊安全管理,使資訊安全管理得以融合於PDCA的運作模式。 3.導入ISO/IEC 27001促使組織擁有資訊安全管理專業素質高的資訊人員,同時提高資訊人員發展資訊技術以外職能的可能性。 4.導入ISO/IEC 27001促使組織改變及引進資訊技術,大幅提升資訊安全管理流程自動化之程度,並降低人工作業,使資訊人力運用更加靈活。
Due to enterprise's information system the degree of outsourcing is getting higher then higher, the main objective of this research is take observes in the information technology management of information service industry. We attempt to examine what impact in the organization, the process, the personnel and the technology to the information technology management in information service industry. This thesis research focuses on implementing ISO/IEC 27001 in information service industry the successful case experience as the object through case study. According to induction of discovered from research, we are concluding in four arguments as below: 1.Inducted ISO/IEC 27001 to urge the IT department to be different with formerly the passive function in organization role for the transformed communication bridge which linked the preceding with the following, become the important basis of information security management. 2.Inducts ISO/IEC 27001 to urge the organization to improve and to establish the IT process, displays and enable the effective information security management to fuse in the PDCA operation pattern. 3.Inducts ISO/IEC 27001 to urge the organization to have specialized and high quality of IT personnel in the information security management and simultaneously enhances the IT personnel to develop outside the information technology the function possibility. 4.Inducts ISO/IEC 27001 to urge the organization to change and to introduce the information technology promotes degree of largely the information security management process automation, and reduces the artificial work, causes the information manpower utilization to be more nimble.