| dc.contributor.advisor | 蕭瑞麟 | zh_TW |
| dc.contributor.author (Authors) | 詹小瑩 | zh_TW |
| dc.contributor.author (Authors) | Chan, Cathy | en_US |
| dc.creator (作者) | 詹小瑩 | zh_TW |
| dc.creator (作者) | Chan, Cathy | en_US |
| dc.date (日期) | 2007 | en_US |
| dc.date.accessioned | 14-Sep-2009 09:48:53 (UTC+8) | - |
| dc.date.available | 14-Sep-2009 09:48:53 (UTC+8) | - |
| dc.date.issued (上傳時間) | 14-Sep-2009 09:48:53 (UTC+8) | - |
| dc.identifier (Other Identifiers) | G0094933015 | en_US |
| dc.identifier.uri (URI) | https://nccur.lib.nccu.edu.tw/handle/140.119/31333 | - |
| dc.description (描述) | 碩士 | zh_TW |
| dc.description (描述) | 國立政治大學 | zh_TW |
| dc.description (描述) | 國際經營管理碩士班(IMBA) | zh_TW |
| dc.description (描述) | 94933015 | zh_TW |
| dc.description (描述) | 96 | zh_TW |
| dc.description.abstract (摘要) | 仕欽科技企業資訊系統安全研究報告 | zh_TW |
| dc.description.abstract (摘要) | Abstract Information System Security of Everskill Technology Co., Ltd. for OEM Electronics Industry by Cathy Chan OEM Electronics industry has been the foundation of Taiwan’s economy for the past few decades, and has made major contribution to foreign reserves for the country. However, entering into this millennium, with the rising of the BRIC countries (Brazil, Russia, India and China), Taiwan’s OEM electronics industry is gradually losing competitive advantages. Nowadays, to improve competitiveness is the most critical issue in the industry. According to MIC of III , the integration of information technology in OEM electronics industry is a major index of Taiwan’s competitiveness. The higher the information system is integrated, the more the system should be secured. Otherwise, in case of any abusage, the damage can sometimes beyond our imagination. The collapse of Barings Bank is a best lesson for all of us to learn. Therefore, we should put equal emphasis on information system security as well as information system integration. The scope of this paper is to analyze the information system security of Everskill Technology, an OEM electronics company, to find out the weakness of the existing IT framework, and better improvement for future information system security in the company and OEM electronics industry. This paper will thoroughly examine the existing structure of the information system of Everskill Technology, e.g. how the structure is built? Why it is built this way? How is the information system secured? What are the factors that affect information system security? How to modify the factors? The paper will also highlight some incidents, pin point the weakness of the system, and also provide suggestions for future improvements. My conclusion is that the successful implementation of information system security to an organization is not just about how advanced the products/technology are, or how complete the procedures/checklists are, the people(agents) in the organization also play an very important role. As a professional manager of the organization, I believe we should always be aware of the relations among products/technology, procedures/checklists and the people (agents). Only through perfect balance among the three factors, we can successfully implement and secure information system of the organization. Ultimately, this paper can provide an agenda for any other OEM electronics company who wishes to improve her information system security and hopefully can be a stimulation of improvement for the industry. | en_US |
| dc.description.abstract (摘要) | LIST OF FIGURES VIII LIST OF TABLES VIII CHAPTER 1 INTRODUCTION 9 1.1 Research Motive 9 1.2 Research Objective 10 1.3 Paper Outlines 11 CHAPTER 1 LITERATURE REVIEW 13 2.1 Principles of ISS 13 2.1.1 Principles of ISS for the Decade 13 2.2 Theories of ISS 15 2.2.1 Functionalism Theory 15 2.2.2 Methodology Theory 16 2.2.3 Institutionalization Theory 20 CHAPTER 3 THE CASE: EVERSKILL TECHNOLOGY CO.,LTD. 24 3.1 Background of OEM Electronics Industry 24 3.2 Introduction of Everskill Technology Co., Ltd. 25 3.3 Everskill’s ISS Policy 27 3.4 Everskill’s Information System 30 CHAPTER 4 ANALYSIS ON EVERSKILL INFORMATION SYSTEM SECURITY 32 4.1.1 Incident 1: External Virus Attack 32 4.1.2 Incident 2: Lightening Strike 33 4.1.3 Incident 3: Internal Virus Spreading 33 4.2 Analysis on Everskill’s Information System Security 34 4.2.1 Single-firewall Internet Protection 34 4.2.2 Incoherent IS Structure 35 4.2.3 Compromised Internet Access Control 36 CHAPTER 5 RECOMMENDATIONS & CONCLUSIONS 37 5.1 Proposition 1: Multi-layer Protection 37 5.2 Proposition 2: DMZ Application 38 5.3 Proposition 3: IPS Protection 39 5.4 Conclusions 41 REFERENCES 44 APPENDIX 45 1.仕欽科技(股)公司資通安全政策 45 2.仕欽科技(股)公司資訊部門管理辦法 51 3.仕欽科技(股)公司資訊部門工作職掌 53 4.仕欽科技(股)公司台北廠系統復原計畫 54 5.仕欽科技(股)公司資訊部門請購資料 57 List of Figures FIGURE 2.1 THE CIRCUITS OF POWER FRAMEWORK 11 FIGURE 3.1 EVERSKILL’S ORGANIZATION CHART 16 FIGURE 3.2 EVERSKILL TAIPEI’S EXISTING IT FRAMEWORK 21 FIGURE 3.3 EVERSKILL’S MIS EXPENDITURE 22 FIGURE 5.1 MULTI-LAYER PROTECTION 29 FIGURE 5.2 PROPOSED INTERNET FRAMEWORK 31 List of Tables TABLE 2.1 SUMMARY OF ISS RESEARCH 7 TABLE 2.2 THE CLASSES OF TRADITIONAL ISS METHODS 8 TABLE 2.3 FUNDAMENTAL OBJECTIVES RELATED TO ISS 10 TABLE 3.1 EVERSKILL’S CHRONOLOGIC EVENT 17 | - |
| dc.description.tableofcontents | LIST OF FIGURES VIII LIST OF TABLES VIII CHAPTER 1 INTRODUCTION 9 1.1 Research Motive 9 1.2 Research Objective 10 1.3 Paper Outlines 11 CHAPTER 1 LITERATURE REVIEW 13 2.1 Principles of ISS 13 2.1.1 Principles of ISS for the Decade 13 2.2 Theories of ISS 15 2.2.1 Functionalism Theory 15 2.2.2 Methodology Theory 16 2.2.3 Institutionalization Theory 20 CHAPTER 3 THE CASE: EVERSKILL TECHNOLOGY CO.,LTD. 24 3.1 Background of OEM Electronics Industry 24 3.2 Introduction of Everskill Technology Co., Ltd. 25 3.3 Everskill’s ISS Policy 27 3.4 Everskill’s Information System 30 CHAPTER 4 ANALYSIS ON EVERSKILL INFORMATION SYSTEM SECURITY 32 4.1.1 Incident 1: External Virus Attack 32 4.1.2 Incident 2: Lightening Strike 33 4.1.3 Incident 3: Internal Virus Spreading 33 4.2 Analysis on Everskill’s Information System Security 34 4.2.1 Single-firewall Internet Protection 34 4.2.2 Incoherent IS Structure 35 4.2.3 Compromised Internet Access Control 36 CHAPTER 5 RECOMMENDATIONS & CONCLUSIONS 37 5.1 Proposition 1: Multi-layer Protection 37 5.2 Proposition 2: DMZ Application 38 5.3 Proposition 3: IPS Protection 39 5.4 Conclusions 41 REFERENCES 44 APPENDIX 45 1.仕欽科技(股)公司資通安全政策 45 2.仕欽科技(股)公司資訊部門管理辦法 51 3.仕欽科技(股)公司資訊部門工作職掌 53 4.仕欽科技(股)公司台北廠系統復原計畫 54 5.仕欽科技(股)公司資訊部門請購資料 57 List of Figures FIGURE 2.1 THE CIRCUITS OF POWER FRAMEWORK 11 FIGURE 3.1 EVERSKILL’S ORGANIZATION CHART 16 FIGURE 3.2 EVERSKILL TAIPEI’S EXISTING IT FRAMEWORK 21 FIGURE 3.3 EVERSKILL’S MIS EXPENDITURE 22 FIGURE 5.1 MULTI-LAYER PROTECTION 29 FIGURE 5.2 PROPOSED INTERNET FRAMEWORK 31 List of Tables TABLE 2.1 SUMMARY OF ISS RESEARCH 7 TABLE 2.2 THE CLASSES OF TRADITIONAL ISS METHODS 8 TABLE 2.3 FUNDAMENTAL OBJECTIVES RELATED TO ISS 10 TABLE 3.1 EVERSKILL’S CHRONOLOGIC EVENT 17 | zh_TW |
| dc.language.iso | en_US | - |
| dc.source.uri (資料來源) | http://thesis.lib.nccu.edu.tw/record/#G0094933015 | en_US |
| dc.subject (關鍵詞) | 安全研究報告 | zh_TW |
| dc.title (題名) | 仕欽科技企業資訊系統安全研究報告 | zh_TW |
| dc.title (題名) | Information System Security of Everskill Technology Co., Ltd. For OEM Electronics Industry | en_US |
| dc.type (資料類型) | thesis | en |
| dc.relation.reference (參考文獻) | Dhillon, G. & Backhouse, J. (1996). Risks in the Use of Information Technology Within Organizations. International Journal of Information Management, 16(1), 65-74. | zh_TW |
| dc.relation.reference (參考文獻) | Dhillon, G. & Backhouse, J. (2000). Information System Security Management in the new millennium. Comminucations of the ACM, 43(7), 125~128. | zh_TW |
| dc.relation.reference (參考文獻) | Dhillon, G. & Backhouse, J. (2001). Current Directions in IS Security research: Towards Socio-Organizational Perspectives. Information Systems Journal, 11, 127-153. | zh_TW |
| dc.relation.reference (參考文獻) | Dhillon, G..& Torkzadeh, G. (2006). Value-focused assessment of information system security in organizations. Information Systems Journal, 16, 293-314. | zh_TW |
| dc.relation.reference (參考文獻) | Heinlein, E. B. (1995 ). Principles of Information Systems Security Computers & Security 14(3), 197-198. | zh_TW |
| dc.relation.reference (參考文獻) | Hsu, C., Silva, L., & Backhouse, J. (2006). Circuits of Power in Creating De Jure Standards: Shaping An International Information Systems Security Standard. MIS Quarterly, 30(Special Issue), 413-438. | zh_TW |
| dc.relation.reference (參考文獻) | Silva, L., & Backhouse, J. (1997). Becoming part of the furniture, The Institutionalisation of Information Systems. Information Systems and Qualitative Research, 1-27. | zh_TW |
| dc.relation.reference (參考文獻) | Siponen, M. T. (2005). An analysis of the traditional IS security approaches: implications for research and practice. European Journal of Information Systems, 14, 303-315. | zh_TW |
| dc.relation.reference (參考文獻) | 張家維. (2007). 2006-2009年台灣中小型製造業資訊軟體與服務投資現況與未來趨勢. 1-28. | zh_TW |
| dc.relation.reference (參考文獻) | 仕欽科技企業股份有限公司九十五年度財務報告 | zh_TW |
| dc.relation.reference (參考文獻) | www.everskill.com.tw | zh_TW |
| dc.relation.reference (參考文獻) | www.google.com | zh_TW |
| dc.relation.reference (參考文獻) | www.mcafee.com | zh_TW |
| dc.relation.reference (參考文獻) | www.rca.com | zh_TW |
| dc.relation.reference (參考文獻) | www.symantec.com | zh_TW |
| dc.relation.reference (參考文獻) | www.wikipedia.com | zh_TW |
