資訊安全委外服務模式探討-以高科技產業為例

Abstract

隨著全球資訊化深度與日俱增與高科技產業資訊安全事件問題層出不窮，企業在面臨詭譎多變的資訊科技環境，除了希望能建立資訊系統的穩定度與彈性度，以維持持續性商業化營運外；同時也希望能兼顧投資成本的效益與保護企業重要資訊資產，以維持企業競爭力，因此資訊安全委外服務的模式因應而起。專業技術素養、服務能力、機密保護能力、資訊稽核認證、流程標準化與客戶的信賴是資訊安全委外服務的必要條件。本研究進行資訊安全委外服務建構策略是以客戶價值的理論為基礎：從供需之角度來探討，藉由四家高科技產業個案，分析其資訊委外之需求與現況;兩家資訊委外服務供應商，分析其資訊委外服務之項目與現況，再總結探討整個營運策略對資訊安全委外服務的影響，進而確立資訊安全委外服務的營運策略。經由本研究的探討，本論文提出服務供應商在營運策略上的建議與高科技公司在執行資安服務委外時，選擇服務廠商的評估要件。唯有資訊安全委外服務建構上的成功，才會促使資訊安全服務產業的成長，達到永續經營目的；同時也有助於服務委外之企業資訊環境的防禦能力。

Under the pressure of global economic recession and global competition, all organizations without exception have started to implement cost-deduction projects to fully utilize the available resources. In addition, with the advent of more and more security events, information security is essential for most organizations to keep its leadership. Given this highly competitive and dynamic business environment, how to leverage external capability to completely protect corporate information assets to increase business advantages is getting important. Security outsourcing service therefore is an option to not only lower costs but also protect information assets. Although there are many researches on IT outsourcing service, few studies were given on information security outsourcing services. The approach of this research is to examine the relationship between recipients and service providers from holistic view. This research therefore selects 4 high technology recipients and 2 security outsourcing service providers to accomplish the objective of this dissertation. From this research, it was found that high technology companies hesitated in the decision of outsourcing their security tasks, as security service providers may be a possible vulnerable party. Through Five Forces and SWOT models, this research provides recipients with the key elements to manage information security, and offers service providers with the construction strategy in business operations.