資訊管理學報
黃士銘;張碩毅;蘇耿弘;
頁: 171-192
日期: 2006/04
摘要: 隨著電子交易的發展,資訊安全逐漸受到企業重視。「BS 7799」是由英國國家標準協會(BSI)於1995年所制定;企業只要做到BS 7799的要求,並通過獨立稽核機構評鑑,便可獲頒BS7799資訊安全認證。因此,可向其客戶與合作夥伴宣告,該企業網路內與他們相關的資料都受到適當的保護,而且該企業整體的安全度也值得信任。國外許多石化公司紛紛建立供應鏈體系及電子市集,以期降低交易成本、掌握市場趨勢及交換市場訊息。而國內由經濟部工業局推動「石化產業電子化標準推動計劃」,積極輔導業者成立電子化產銷體系,以因應國際化之電子交易趨勢。另外石化業者為即時掌握生產狀況及監控工廠運作情形,利用網路、控制介面及數據擷取等技術將程控資訊與管理資訊系統整合,為管理上帶來極大的便利。但相對地因資訊安全問題所造成的風險會更加嚴重,由於石化原料及產品多屬易燃物,其所造成的影響不僅是資訊及經濟的損失,嚴重時可能造成公共安全問題,使得石化產業的資訊安全更應受到重視。本研究以BS 7799為基礎,針對國內石化產業的資訊安全議題及現況進行調查,以瞭解該產業資訊安全狀況及其差異。並利用區別分析找出影響石化產業導入資訊安全管理機制的關鍵成功因素。研究發現其關鍵成功因素分別為安全防護、資訊安全技能、供應商、法令規章、競爭壓力、商業夥伴影響、安全事件處理、員工參與、電腦化程度、高階主管支持、組織規模及安全風險程度等因素。
關鍵字: BS7799;ISO17799;資訊安全管理;關鍵因素;石化產業;
Abstract: Due to the rapid development of electronic commerce, maintaining information security in order to protect information assets is a key concern for every enterprise today. The BS7799 administrated by the British Standards Institute (BSI) since 1995, is a comprehensive system for implementing effective Internet security, by far, it is the most appropriate approach to best practices for information security management. By gaining the BS7799 certification, companies may assure customers and partners that their data, which being kept on the enterprise networks, will be secure and that the overall security of the enterprise is trustworthy. In the case of Petrochemical manufacturing industry, in Taiwan, many companies try to minimize the cost and achieve their gross profit margin by implementing e-commerce and applying vendors' supply chain management technology. The purpose of this study is to explore the critical success factors for the implementation of information security management system in the Petrochemical Industry. The results reveal that factors such as information security protection, information security skill, supplier, industrial regulations, competitive pressure, the interdependence among business partners, occupational health and safety practice, degree of computerization, top management support, scale of organization and tolerant of risk are crucial to the success for implementing the business electronically.
Keywords: BS7799;ISO17799;Information Security Management;Critical Success Factors;Petrochemical Industry;
瀏覽次數: 15174 下載次數: 92
引用 導入Endnote
頁: 171-192
日期: 2006/04
摘要: 隨著電子交易的發展,資訊安全逐漸受到企業重視。「BS 7799」是由英國國家標準協會(BSI)於1995年所制定;企業只要做到BS 7799的要求,並通過獨立稽核機構評鑑,便可獲頒BS7799資訊安全認證。因此,可向其客戶與合作夥伴宣告,該企業網路內與他們相關的資料都受到適當的保護,而且該企業整體的安全度也值得信任。國外許多石化公司紛紛建立供應鏈體系及電子市集,以期降低交易成本、掌握市場趨勢及交換市場訊息。而國內由經濟部工業局推動「石化產業電子化標準推動計劃」,積極輔導業者成立電子化產銷體系,以因應國際化之電子交易趨勢。另外石化業者為即時掌握生產狀況及監控工廠運作情形,利用網路、控制介面及數據擷取等技術將程控資訊與管理資訊系統整合,為管理上帶來極大的便利。但相對地因資訊安全問題所造成的風險會更加嚴重,由於石化原料及產品多屬易燃物,其所造成的影響不僅是資訊及經濟的損失,嚴重時可能造成公共安全問題,使得石化產業的資訊安全更應受到重視。本研究以BS 7799為基礎,針對國內石化產業的資訊安全議題及現況進行調查,以瞭解該產業資訊安全狀況及其差異。並利用區別分析找出影響石化產業導入資訊安全管理機制的關鍵成功因素。研究發現其關鍵成功因素分別為安全防護、資訊安全技能、供應商、法令規章、競爭壓力、商業夥伴影響、安全事件處理、員工參與、電腦化程度、高階主管支持、組織規模及安全風險程度等因素。
關鍵字: BS7799;ISO17799;資訊安全管理;關鍵因素;石化產業;
Critical Success Factors for Implementing BS7799 Information Security Management System-Based on Petrochemical Industry
Abstract: Due to the rapid development of electronic commerce, maintaining information security in order to protect information assets is a key concern for every enterprise today. The BS7799 administrated by the British Standards Institute (BSI) since 1995, is a comprehensive system for implementing effective Internet security, by far, it is the most appropriate approach to best practices for information security management. By gaining the BS7799 certification, companies may assure customers and partners that their data, which being kept on the enterprise networks, will be secure and that the overall security of the enterprise is trustworthy. In the case of Petrochemical manufacturing industry, in Taiwan, many companies try to minimize the cost and achieve their gross profit margin by implementing e-commerce and applying vendors' supply chain management technology. The purpose of this study is to explore the critical success factors for the implementation of information security management system in the Petrochemical Industry. The results reveal that factors such as information security protection, information security skill, supplier, industrial regulations, competitive pressure, the interdependence among business partners, occupational health and safety practice, degree of computerization, top management support, scale of organization and tolerant of risk are crucial to the success for implementing the business electronically.
Keywords: BS7799;ISO17799;Information Security Management;Critical Success Factors;Petrochemical Industry;
瀏覽次數: 15174 下載次數: 92
引用 導入Endnote