  • 學位論文


The Study on Security Protection of Customers’Information

指導教授 : 鄧盈嘉


雖然資訊數位化帶來釵h管理上的方便性,但安全的問題也開始備受挑戰。尤其近年來,發生多起顧客資料外洩事件,不但影響企業的形象,造成商譽的受損,更導致股票價格下跌等種種的傷害。本研究主要針對顧客資訊的保護作深入的探討,了解各種影響顧客資訊的威脅,以及了解實務界對顧客資訊的管理措施為何。 國際資訊安全稽核規範BS7799是建構企業安全機制的具體指標,目的在於確保企業組織資訊相關資產,包括實體、軟體和硬體設施、資料、資訊等安全,因此,本研究以BS7799中資訊安全管理系統的十大管控項目,分別為:安全政策、安全組織、資產分類與控制、人員安全、實體與環境安全、通訊與作業管理、存取控制、系統開發與維護、營運持續管理以及符合性作為訪談問題的主要架構。 本研究以質性研究中的深度訪談法,作為主要資料蒐集的方式。根據訪談對象在此領域上的豐富學識和資深經歷,來獲得本研究豐富資料的來源。然後由訪談內容及文獻探討的整理歸納,建構出六項命題。 本研究最後發現顧客資訊的保護所涉及的範圍相當廣泛,包括實體安全、人事安全、通訊安全與作業安全。四者彼此之間密切相關,相輔相成,無法單獨存在。而為了加強顧客資訊的安全防護,可從獲得高階主管的支持、加強教育訓練的宣導、強化人員安全的控管、建立以「人性本惡」為出發點及抱持「防範未然」的心態之管理機制等方面來進行。


質性研究 BS7799 資訊安全


Although the information digitalization bring many convenience for management,the problem of the security also starts subjecting a challenge.Take place several customer data to leak in recent years particularly affairs, influence the image of the enterprise not only, cause the damage of the goodwell,and more stock price decline various injury.This research mainly makes a thorough study to the protection of the customer information, understanding various threats that influences customer information, and the actual situation to the management policy of the customer information. BS7799 Code of Practice for Information Security is the concrete index that constructs the enterprise security mechanism, the purpose lies in insuring a related information property of the enterprise organization, including security of the entity, software and hardware facilities, data, information etc., therefore, this research of BS7799 in the ten control items of information security management systems:security policy, organizational security, asset classification and control, personnel security, physical and environmental security, communications and operations management, access control, systems development and maintenance, business continuity management and compliance are main structure of interview problem. In-depth interview in the qualitative study is the way of the main data collection in this research.According to interviewees’ abundant scholarship and experience in this realm, acquired rich source of the data. Finally sort and induce the interview content and the literature induces, to construct six propositions. Finally This research finds the scope that the protection involves of the customer information is rather extensive, including entity security, the personnel security, the communication security and operation security.Those are closely related each other, complement each other, can't exist alone.And for strengthening the security protection of the customer information, can from acquired the support of the top executive and strengthened a training to guided, enhance personnel control,establish the management mechanism that the aspect of"human nature originally bad" , and embraced the mindset of "provided against possible trouble".




