| 摘要: | 近年來企業普遍使用網路提昇相互溝通的便捷性,但也突顯許多軟硬體系統存在許多漏洞,增加企業在資訊安全所面臨的威脅,企業資訊系統一旦發生安全問題,甚至可能危及企業的生存。然而,許多中小企業因資源有限,無法自行建立完善的資安體系,許多企業因應網路時代的趨勢,會考慮尋求資訊安全廠商的服務。由於目前尚無有效的評估方案供企業選擇較佳的資安廠商,因此,本研究目的將探討中小企業資訊人員對於資訊安全委外的觀點,期望能幫助中小企業建構選擇資訊安全服務廠商的模式。研究方法將採用文獻探討、專家訪談及實例研究,再利用層級分析法探討企業選擇資訊安全服務委外的評估指標,再計算其權重。研究結果顯示中小企業資訊安全委外服務最重視的構面為規劃分析,整體評估指標權重最高的為考量營業機密流失的風險;最後經實例探討本研究所建構的中小企業資安委外評估模式,可協助中小企業規劃其資訊安全的服務需求與評選委外廠商參考,期望能為中小企業及資訊安全服務廠商創造雙贏的契機。
In recent years, companies generally use the Internet to enhance the convenience to communicate with each other, but also highlights the many hardware and software systems, there are many loopholes, increasing the threat faced by the enterprises in the information security, enterprise information systems in the event of security problems and may even endanger the survival of the enterprise. However, many SMEs due to limited resources, unable to establish a sound information security systems, many companies due to the trend of the Internet era, it will consider seeking the services of information security vendors. Because there is no effective assessment program for the enterprise to better information security vendors, therefore, the purpose of this study will explore the SME information employees viewpoint for the information security outsourcing, hoping to help SMEs to construct the choice of mode of information security services vendors . Research methods will be used literature review, expert interviews and case studies, re-use the Analytic Hierarchy Process (AHP) to investigate the companies have chosen the evaluation indicators of the security services outsourcing, and then calculate its weight. The results show that the SMEs managed security services, the most important aspects of planning, analysis, the overall assessment of the index weights the highest risk of turnover for the consideration of business secrets; last instance explore this research regarding the SME security outsourcing evaluation model demand for services to assist SMEs in planning their IT security reference and selection of outsourcing vendors, hoping to create a win-win opportunity for small and medium-sized enterprises and IT security services vendors. |
