以Q-方法論探討IT人員對資訊安全委外採用因素之分析

淡江大學機構典藏 > 商管學院 > 資訊管理學系暨研究所 > 學位論文 > Item 987654321/87734

jsp.display-item.identifier=請使用永久網址來引用或連結此文件: https://tkuir.lib.tku.edu.tw/dspace/handle/987654321/87734

题名:	以Q-方法論探討IT人員對資訊安全委外採用因素之分析
其它题名:	A Q methodology study of IT staff's factors analysis of managed security services
作者:	朱金松;Chu, Chine-Sung
贡献者:	淡江大學資訊管理學系碩士在職專班吳錦波
关键词:	SOC (Security Operation Center);Q Methodology;MSS (Managed Security Service);MSSP (Managed Security Service Provider);Q-方法論;Q-分類;Q classification
日期:	2012
上传时间:	2013-04-13 11:37:12 (UTC+8)
摘要:	隨著全球安全事件的層出不窮與資訊化深度的與日俱增，企業在面臨多變詭譎的網路環境，除了希望能建立資訊系統的穩定度，以維持持續性商業化營運外；同時也希望能兼顧投資成本的效益，因此資訊安全委外服務的模式逐漸興起。一項新興資安服務產業-資安監控中心(SOC, Security Operation Center)應運而生。而提供資安監控委外服務廠商(MSSP, Managed Security Service Provider)的產業也因此產生。根據資策會MIC調查，全球2005年資安軟體市場產值是65億美元，至2009年全年資安軟體市場產值將達到100億美元。資安儼然成為目前所有產業刻不容緩的資訊投資。有別以往過去探討資訊安全產業之研究，大部份都致力於資安技術的探討，即便是對於資安委外的研究，大部份也是著重於類型的研討與介紹。本研究乃透過文獻與產業實務經驗的參考，運用Q方法理論，針對資訊安全委外採購的主要因素，發展出二十五句陳述句，四種不同構面，分析三十位受測IT人員的結果報告，使用Q-分類，並深入研討分析報告，將受測IT人員分為三類型，分別定義為專業技術類，成本法規類暨服務水準流程類。專業技術類的IT人員多處於政府單位公營機關，同時採用資安委外的經驗比較豐富，所面臨的資安事件也比較針對性，對資安專業技術重視也實事求是；成本法規類則重視法律規範，強調資安事件訊息共享，更重視資安投資，成本控制，此類型之IT人員也多處理管理高層；服務水準類之IT人員多為資訊服務公司成員，如專案經理、資訊顧問等，比較重視服務水準的要求。此分類的結果，呈現出對於不同產業，不同職務，不同的工作內容，對於資安委外採用的主要選擇有明顯的不同。本研究結果可供目前已採用資安服務，或即將採用資安委外的廠商，提供給企業或組織單位一些參考。 Under incessant global security events and increasing information depth, enterprises want information system stability to keep continuous commercial operation in changeable network environment. At the same time, they also focus on investment cost effects. This has led to booming outsourced information security services. A new information security service industry--, Security Operation Center (SOC) was born, followed by Managed Security Service Provider (MSSP). According to a survey by MIC, Institute for Information Industry, global market value in 2005 is USD6.5 billion, which jumped to over USD10 billion in 2009. Information security has become an urgent investment in all industries. Different from earlier studies on information security industry focusing on exploration of information security technologies or discussions and introduction to outsourcing of information security, this study aims at key purchase factors of outsourcing of information security through literature and industry practical experiences and use of Q methodology. Twenty-five statement sentences and four dimensions are developed to analyze result reports of 30 IT personnel in Q classification. The IT personnel are divided into three types, defined as professional technology, cost regulations and service level procedure. Most of professional technology IT personnel work at government institutes, having more experiences in outsourcing of information security and encountered more information security events. They tend to seek truth from facts. In cost regulation type, they focus on laws and regulations, emphasizing sharing of information security messages. They also pay attention to information security investments, cost control. These IT personnel are often in top management. Service level IT personnel are often employees such as project managers or information consultants at information service companies. They focus on service level requirements. The results of classification show differences of using outsourcing of information security in different industries, positions, and job descriptions. The findings of the study will serve as reference of companies or organizations that have already adopted or are going to adopt information security services.
显示于类别:	[資訊管理學系暨研究所] 學位論文

文件中的档案:

档案	大小	格式	浏览次数
index.html	0Kb	HTML	164	检视/开启

在機構典藏中所有的数据项都受到原著作权保护.

TAIR相关文章

数据加载中.....