摘要: | 企業在目前網路的環境中,面臨的網路威脅、資訊安全議題的層面既深且廣,一方面要利用網路及資訊化所帶來的便利,一方面也要提防資訊科技帶來的威脅與恐懼,對於企業經營者來說,每項設備、資本的投資,都必須是為企業帶來效益,市面上的各種資訊安全方案在導入企業內使用後,其達到防範的效果為何? 防止外部入侵及阻止員工外洩資料途徑的方法有那些? 都是管理者在評估、規劃時需要深入了解的。 本研究透過個案研究的方式,深入探討個案公司在尚未導入資訊安全機制的網路架構,及所面臨的資訊安全相關威脅,剖析個案公司所導入之資訊安全機制的項目及成效。透過本研究針對個案公司導入資訊安全機制之研究及分析評估,提出改善及建議事項,而個案公司所提出之資訊安全機制,亦可做為其他企業導入之參考,可縮短導入資訊安全機制之時程。 經由研究分析本個案後,歸納的研究結論如下: (一) 先將攻擊的路徑減少到最低,才能有效的阻隔攻擊事件的發生。 (二) 企業內的資訊安全政策及員工教育訓練也是重要的課題,建立員工良好的使用資訊系統的習慣,才可大大降低因無知而造成的危機。 (三) 資訊安全的政策需明文規定,並且公佈讓全體員工皆能了解,透過資訊部門不定時的進行資訊安全宣導,都是可以協助資訊安全工作的行政手法。 In the environment of the network at present of enterprise, network threat, aspect of the topic of information safety faced are deep and wide, the facility that on one hand should utilize the network and informationization to bring, on the other hand will even watch out for the threat and frightened that information science and technology bring, to enterprise's operator, the investment of each equipment, capital, must bring benefit to enterprises, after the scheme of various kinds of information safety on the market is used in channelling enterprises into, why does it get the result of taking precautions against? Are there those in preventing the outside from invading and method to stop letting out way of the materials outside the staff? All what administrators need to understand in depth while assessing and planning. This research probes into the network structure that the case company has not been channelling into the mechanism of information safety yet thoroughly through case study way, and the relevant threats of information security faced, analyze the project and effect of the mechanism of information safety that the case company channels into. Assess to research and analysis which the case company channel into the mechanism of information safety through this research, propose improving and proposing the item, and the mechanism of information safety which the case company put forward, can also run it for the reference that other enterprises channel into, can shorten Cheng while channelling into the mechanism of information safety. Via researching and analysing a case, the research conclusion summed up is as follows: (1) Reduce route that attack to most low first, could effective to separate emergence of attack. (2) The policy of information safety and staff's education and training in enterprises are important subjects, set up the good habits of using the information system of staff, can just reduce the crisis caused by that ignorant greatly. (3) The policy of the information safety needs to express regulations, and announce that enables the staff to understand, carrying on information to declare and lead safely when through the information department is indefinite is all the administrative tactics of assisting information security in information security's work. |