| Abstract: | 隨著網際網路技術的成熟與普及,資訊安全已成為重要的議題。目前相關資安產品繁多,如:防毒軟體、入侵偵測系統、入侵防禦系統。但事實上,單一個資安產品並無法解決資安問題,故應將資安視為一服務流程而非單一產品。因此整合相關資安產品以形成資安監控中心(Security Operation Center,SOC)已成為整體資安防護的新趨勢。由於SOC為新興產業,企業在評選SOC廠商時之考量因素究竟為何仍然未明,因此本研究探討企業在評選委外資訊安全監控中心考量的因素。首先參考過去研究對於委外廠商評選準則的建議,並參酌資訊安全監控中心本身的特性,將評選因素分為六個構面,分別是:「專業能力構面」、「廠商特性構面」、「支援能力構面」、「風險管控構面」、「實體管控構面」與「成本構面」。本研究採問卷調查方式,問卷內容以上述六個構面為設計依據,問卷回收後進行統計分析,根據分析結果對SOC服務的廠商提出三項建議,分別為:聚焦於營業額較小的企業、以分期付款方式收取費用與提供客製化的服務,以作為資訊安全監控中心廠商進行業務推廣時的參考。
As the fast grow of Internet and its application,information security has become a critical issue.There are many types of information security products,such as Antivirus,Firewall,Intrusion Detection System,Intrusion Prevention.However,problems in information security could not be solved by a single product.Security Operation Center(SOC) considers information security as a integrated process that contains various information security products for solving security problems.The SOC is a new service,and what are the concerns of a company when selecting its SOC vendors are still unclear.Thus,the purpose of this research is to investigate the critical factors that a business may consider when seleting its Security Operation Center(SOC) vendors.The design of the questionnaire is first based on previous studies outsourcing selection criteria,and then consider the Security Operation center''s characteristic.The present study divides all factors into six aspects,including proficiency,vendors characters,maintenance,risk control,physical control,and costs.Based on a statistical analysis on the data collected form the investigation,three suggestions to SOC vendors are:(1)concentrating marketing efforts on smaller enterprises,(2)allowing installment payment method,and providing customized services. |
