| dc.description.abstract | In this era, network services have changed human life and consumption habits, with more and more companies investing in network operations. However, the development of the Internet has also led to considerable news related to security incidents. Also, the 5G, AI, cloud services, and the Internet of Things, etc., all make the security risk more severe. Therefore, information security has become an important issue that is urgent to be promoted. For advanced countries, complete information security preparation is already standard equipment in corporate strategy, and can even be used as a trading condition for cooperation between both parties. On the other hand, for Taiwan, government agencies and the technology industry have a higher security implementation rate, but other industries still have a lot of room for growth in terms of information security needs.
By reviewing and sorting out the past papers, it can be found that most information security case studies focus on users, and less on suppliers. In this research, in-depth interviewing of qualitative research is used to discuss the current situation and development trend of the information security service industry. Using the Security Platform as a Service (SECPAAS) of the Ministry of Economy Affairs as a reference source, the author selected three information security service providers with the development technology Penetration Test as the interview subjects. Through in-depth interviewing, this study further understands the information security service providers′ views on the current state of information security and analyzes the information security needs of various industries. Moreover, this the article evaluates the development trend of information security services and analyzes it based on the results of the interviews, which are summarized as enterprise information security awareness and needs, information security technology capabilities, information security manpower, and information security development trends, etc., a total of four main projects.
It can be deduced from the interview results that although most enterprises have information security awareness, they have different perceptions of information security protection. Most enterprises are only willing to buy cheap information security products but ignore more important information security services. Meanwhile, this study also found that before information security service providers can help companies introduce information security mechanisms, communication between the two parties needs to be strengthened. Also, after the introduction of the mechanism, enterprises need to strengthen and train their employees′ information security awareness. Furthermore, in Taiwan, there is a lack of professional information security manpower and the industry scale is too small. It is more difficult to invest in the research and development of core information technology, which is not conducive to market development.
For industries in need of information security, this study suggests that the goal should be to specialize in information security products and services, and those with limited industry size should seek peer alliances. This study puts forward these two suggestions and hopes to serve as a reference item when the industry evaluates the development of information security services. | en_US |