一個基於終端型DLP的資訊安全管理系統 -以IC設計公司為例

Abstract

現今產業在各種行業上競爭激烈，企業資料外流問題日趨嚴重，面對公司內部員工行為所帶來的威脅愈來愈多，針對層出不窮的資訊安全議題需更加格外重視，尤其是研發單位或部門的重要機密資料必須更加謹慎，避免造成資料外洩或其員工跳槽後而影響到公司的競爭優勢及產品運作。本論文基於案例研究方式，依據NIST SP800及ISO 27001的國際標準規範並參考資料外洩防護（Data Loss Prevention，DLP）文獻，透過建置終端型DLP技術控管建立完善的資訊安全管理機制及規範，以防範資訊外洩或遭受蓄意破壞或攻擊，進而有效降低可能之風險，確保個人或企業組織之資訊安全。 研究成果顯示E公司導入終端型DLP後，對於機密資料的保護、週邊設備的控管以及保護智慧財產皆有正面效益且大幅降低資料外洩之可能性，此系統可提供一般企業效仿建置的參考依據，資訊安全管理機制做的好就是企業最佳的競爭優勢。

Nowadays, All industries are very competitive. The problem of industry data leak and threat of employee behavior is becoming more serious. Because of the continual information security issues, Date security needs more attention, especially in the RD department. It must be more careful to avoid data loss and affection of competitive advantage of company operation after employee resignation. This thesis is based on ISO 27001 and NIST SP800 international standards and DLP (Data Loss Prevention). In order to lower the risk of potential risk and protect the security of personal information, it needs to establish and improve security management mechanisms and norms through building control terminal type DLP technology to prevent information leakage and purposely damage and attack. Research shows that the E company implemented terminal type DLP which is for the protection of confidential information, the control of peripherals and protection of intellectual property positive. This system can provide a general reference for enterprises to build. It is the best competitive advantage to reduce the likelihood leakage of data and information.