威脅情報已成為現代資訊安全防禦的不可或缺一環,組織和企業普遍依賴各種威脅情報來指導他們在資訊安全設備上進行事件調查。為了有效地追蹤事件並增強資訊安全防護能力,組織和企業通常在內部建置資訊安全維運中心(SOC)並在安全資訊與事件管理系統(SIEM)中應用威脅情報,以檢查組織內是否發生潛在的威脅事件,進而分析這些事件以提出改進的建議。然而,這種情資比對方式僅限於事件發生後,用於追蹤惡意活動的資訊設備日誌記錄痕跡,並不能直接阻止這些惡意行為和資安事件的發生。 本研究採用個案訪談法作為主要研究方法,通過深入訪談組織內的資訊安全部門人員,了解他們對於現有資訊安全措施的看法、遇到的挑戰以及對未來資訊安全策略的期望。此外,本研究還分析威脅情報的有效性,特別是評估入侵威脅指標(IOC)的有效性及時效性,作為判斷資訊安全措施效果的依據。 透過個案訪談法,本研究不僅能夠從實際操作者的角度理解資訊安全工作的現狀和需求,也能夠揭示影響資訊安全效果的關鍵因素。這些訪談結果將作為本研究的重要依據,幫助確定組織內資訊安全部門的關切點和困擾,並提供可參考的有效依據。 綜合以上研究成果,本研究將適當的IOC在網路閘道資安設備上設置為阻擋規則,以直接防止威脅進入組織的網路內,進一步提升資訊安全防護能力。本研究的結果旨在提供一套針對性的資訊安全策略,幫助組織和企業更有效地利用威脅情報,從而加強其資訊安全防禦能力。;Threat intelligence has become an indispensable part of modern cybersecurity defense, with organizations and companies widely relying on various types of threat intelligence to guide their investigations into security incidents on information security equipment. To effectively track events and enhance cybersecurity protection capabilities, organizations and companies typically establish internal Security Operations Centers (SOCs) and apply threat intelligence in Security Information and Event Management Systems (SIEM) to check for potential threats within the organization. This allows them to analyze these events and make recommendations for improvement. However, this approach to correlating intelligence is limited to post-event scenarios, tracking malicious activities through information equipment logs, and cannot directly prevent these malicious acts and cybersecurity incidents from occurring. This study adopts the case interview method as its primary research methodology. Through in-depth interviews with personnel within the organization′s information security departments, we gain insights into their views on existing cybersecurity measures, challenges faced, and expectations for future cybersecurity strategies. Additionally, the study analyzes the effectiveness of threat intelligence, particularly evaluating the validity and timeliness of Indicators of Compromise (IOCs) as criteria for assessing the effectiveness of cybersecurity measures. Through the case interview method, this study not only understands the status quo and needs of cybersecurity work from the perspective of actual operators but also reveals key factors affecting cybersecurity effectiveness. These interview results serve as important references for the study, helping to identify concerns and difficulties within the organization′s information security department and providing actionable recommendations.
