English  |  正體中文  |  简体中文  |  Items with full text/Total items : 51258/86283 (59%)
Visitors : 8024854      Online Users : 77
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    Please use this identifier to cite or link to this item: http://tkuir.lib.tku.edu.tw:8080/dspace/handle/987654321/52148


    Title: 從資訊人員觀點探討企業導入資訊安全管理系統之影響 : 以金融業為例
    Other Titles: A study of the viewpoint on information professional for business implementing the information security : based on financial industry of Taiwan
    Authors: 陳秀蓉;Chen, Hsiu-jung
    Contributors: 淡江大學資訊管理學系碩士在職專班
    蕭瑞祥
    Keywords: 資訊安全;ISO27001;資訊人員;Information security;ISO27001;Information Professional
    Date: 2010
    Issue Date: 2010-09-23 16:56:57 (UTC+8)
    Abstract: 資訊安全無疑的是現今金融業內最重視的一環,且隨著資訊科技進步、個人電腦技術的精進及駭客手法分享的迅速,企業對於資安問題的防堵與解決疲於奔命,資訊安全不再是一個企業對外展現其附加價值的標籤,而是成為企業內的基本配備。金融業因為資訊安全問題所導致的損失,已經嚴重打擊到內部的營收,所以金融業逐年加重其於資訊安全的支出比例,但資安問題仍是層出不窮。資安問題從過去外部的攻擊事件逐漸轉為內部人員的不當行為竊取,而金融危機引發的經濟衰退,導致過去一年開始,許多公司大幅裁員,不僅資訊人力緊縮,離職員工在離開公司時會隨身帶走屬於公司的機密資料,而這其中的許多人將會在新公司使用這些資料,此舉將對企業的競爭力及營運造成很大的影響。因此企業加強對資安的需求,加上科技快速的演進,資訊人員的工作量不斷增加,精神壓力倍增,在兩項因素互相影響循環之下,將會降低企業執行資安工作的效能。

    本研究將以ISO27001為基礎,探討金融業在導入資訊安全管理系統後,資訊人員所屬組織性質、職務性質、個人性質對資安政策導入之必要性、工作量增減程度、實際提升資訊安全之看法及影響。本研究透過問卷的形式來蒐集資料,藉由金融專業人士協助二階段的問卷設計及前測作業,並經由敘述性統計、變異數分析 (One-way ANOVA)、平均數分析等統計方法進行分析,研究結果顯示企業導入資訊安全後,資訊人員之所屬「公司產業」、「公司規模」、「學歷」在資安『導入之必要程度』有顯著差異;資訊人員之所屬「公司產業」、「公司是否取得ISO27001」、「工作性質」、「性別」在資安導入後『工作量增減程度』有顯著差異;資訊人員之所屬「公司規模」、「學歷」在『資訊安全提升程度』有顯著差異,且在所有資安條項中,除了「資產管理」以外,資訊人員皆認同資安『導入之必要程度』高於『資訊安全提升程度』,更高於『工作量增減程度』。

    期望未來在企業導入的資安政策中,能運用本研究建議分析資訊人員認同其導入必要且實際改善資訊安全的條項,以提供企業思考其資安預算及人力之配置,及找出增加其工作量之原因,改善作業流程,尋求配套措施,以減輕其工作負擔,落實資安政策,收事半功倍之效。
    Information security is no doubt the most important part of current financial industry. Enterprises are always busy in solving the information security problems with the progress of information technology, the improvement of computer technology, and the quickness of spreading hack skills. Information security is no longer a label that enterprises show their added values, but the basic equipments within the enterprises. The income of the financial industry is impacted by the losses caused by information security problems. Therefore the financial industry increases its proportion of information security expenditures year by year, but more and more information security issues still exist. These information security issues change from the external attacking events to the internal employee thefts. The economic recession caused by financial crisis makes enterprises laying off employees started from last year. It also makes the lacking of information manpower, and even more worse, the leaving employees carry the employer''s confidential information away. Some of the leaving employees then use the stealing data in the new companies. This surely causes huge impacts to the capabilities of enterprises'' competition and operation. So enterprises strength the need of information security. Along with the progress of information technology, the Information Professionals'' workloads and mental pressure increase by times. In the interactions between these two factors, the efficiency of information security jobs is reducing.

    This research, based on the ISO27001 standard, discusses the viewpoints and influences of the financial industry about the organizations types, position types, and personal characteristics of Information Professionals to the necessity of information security policies, the extent of increasing workloads, and the level of improving the information security after implementing the information security management systems. The data was collected in the method of questionnaire proposed by this research with aided of 2-phase designing and fore testing by the financial professionals, and was analyzed in the method of statistics such as descriptive statistics, One-way ANOVA, and average analysis. The results of this research show that after implementing the information security policies there exists significant differences in the issues of Information Professionals: the "The Company''s Industry", "The Company''s Size", and "The Educational Background" issues exist significant differences in the "Whether the Company Needs to Implement Information Security Policies Or Not" factor; the "The Company''s Industry", "If the Company Gets a ISO27001 Standard", "The Job Type", and "The Gender" issues exist significant differences in the "The Extent of Increasing Workloads" factor; the "The Company''s Size", and "The Educational Background" issues exist significant differences in the "The Extent of Improvements of Information Security" factor. In addition, Information Professionals commonly agree with that the "Whether the Company Needs to Implement Information Security Policies Or Not" issue is more important than the "The Extent of Improvements of Information Security" one and much more important than the "The Extent of Increasing Workloads" one among all information security items except for the "The Assets Management" issue.

    This research expects that the enterprises will consider the results and analysis of this research about the items agreed by the Information Professionals which need to implement and surely can improve the security while implementing the information security policies. Enterprises using the results of this research to figure out their appropriate settings of information security budgets and human resources and to find out the reasons of increasing workloads can improve their operating process and seek the accompanying measures to lighten the burden on related jobs. So that enterprises can implement the policies on information security properly and gain more benefits and rewards.
    Appears in Collections:[資訊管理學系暨研究所] 學位論文

    Files in This Item:

    File SizeFormat
    index.html0KbHTML241View/Open

    All items in 機構典藏 are protected by copyright, with all rights reserved.


    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - Feedback