摘要: | 網路服務改變人類的生活及消費習慣,使愈來愈多的企業投入網路經營,但亦隨著網路發展使資安事件新聞層出不窮。而5G、AI、雲端服務及萬物聯網等,使資安風險更加劇烈,因此資訊安全成為了迫切推動的重要議題。對於先進國家來說,做好資訊安全已屬於企業策略的標準配備,甚至可作為雙方合作的談判籌碼。反觀台灣,政府機關及科技產業在資安執行比率較高外,其他產業在資安需求上仍有很大的成長空間。 回顧過去論文,多數資安個案研究著重於使用者面,而較少以資安供給者為研究對象。本研究採用質性研究之深度訪談法,主要探討資安服務產業現今概況及發展趨勢,以經濟部資安整合服務平台為參考來源,選擇三家具備滲透測試開發技術之資安服務業者為訪談對象,藉由深度訪談瞭解資安服務業者對於資安現況之見解,及剖析各產業資安需求,並評估資安服務之發展趨勢。並根據訪談結果加以分析歸納為企業資安意識與需求、資安技術能力、資安人力及資安發展趨勢等四項。 訪談結果發現,多數企業雖然有資安意識,但對於資安防護有認知差異,且較願意購買低廉的資安產品,卻忽略更為重要的資安服務。本研究亦發現資安服務業者在協助企業導入資安前,需要強化雙方溝通,導入後企業更需加強員工的資安意識。再則台灣專業資安人力缺乏,產業規模小,較難投入資安核心技術研發,不利於開拓市場。 本研究針對跨足資安領域之產業應以資安產品服務專業化,以及產業規模限制的業者應尋求同業結盟,提出兩點建議,以作為產業評估資安服務發展之參考。;In this era, network services have changed human life and consumption habits, with more and more companies investing in network operations. However, the development of the Internet has also led to considerable news related to security incidents. Also, the 5G, AI, cloud services, and the Internet of Things, etc., all make the security risk more severe. Therefore, information security has become an important issue that is urgent to be promoted. For advanced countries, complete information security preparation is already standard equipment in corporate strategy, and can even be used as a trading condition for cooperation between both parties. On the other hand, for Taiwan, government agencies and the technology industry have a higher security implementation rate, but other industries still have a lot of room for growth in terms of information security needs. By reviewing and sorting out the past papers, it can be found that most information security case studies focus on users, and less on suppliers. In this research, in-depth interviewing of qualitative research is used to discuss the current situation and development trend of the information security service industry. Using the Security Platform as a Service (SECPAAS) of the Ministry of Economy Affairs as a reference source, the author selected three information security service providers with the development technology Penetration Test as the interview subjects. Through in-depth interviewing, this study further understands the information security service providers′ views on the current state of information security and analyzes the information security needs of various industries. Moreover, this the article evaluates the development trend of information security services and analyzes it based on the results of the interviews, which are summarized as enterprise information security awareness and needs, information security technology capabilities, information security manpower, and information security development trends, etc., a total of four main projects. It can be deduced from the interview results that although most enterprises have information security awareness, they have different perceptions of information security protection. Most enterprises are only willing to buy cheap information security products but ignore more important information security services. Meanwhile, this study also found that before information security service providers can help companies introduce information security mechanisms, communication between the two parties needs to be strengthened. Also, after the introduction of the mechanism, enterprises need to strengthen and train their employees′ information security awareness. Furthermore, in Taiwan, there is a lack of professional information security manpower and the industry scale is too small. It is more difficult to invest in the research and development of core information technology, which is not conducive to market development. For industries in need of information security, this study suggests that the goal should be to specialize in information security products and services, and those with limited industry size should seek peer alliances. This study puts forward these two suggestions and hopes to serve as a reference item when the industry evaluates the development of information security services. |