政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/31333
English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  全文筆數/總筆數 : 113648/144635 (79%)
造訪人次 : 51683963      線上人數 : 635
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋
    請使用永久網址來引用或連結此文件: https://nccur.lib.nccu.edu.tw/handle/140.119/31333


    題名: 仕欽科技企業資訊系統安全研究報告
    Information System Security of Everskill Technology Co., Ltd. For OEM Electronics Industry
    作者: 詹小瑩
    Chan, Cathy
    貢獻者: 蕭瑞麟
    詹小瑩
    Chan, Cathy
    關鍵詞: 安全研究報告
    日期: 2007
    上傳時間: 2009-09-14 09:48:53 (UTC+8)
    摘要: 仕欽科技企業資訊系統安全研究報告
    Abstract
    Information System Security of
    Everskill Technology Co., Ltd. for
    OEM Electronics Industry
    by
    Cathy Chan
    OEM Electronics industry has been the foundation of Taiwan’s economy for the past few decades, and has made major contribution to foreign reserves for the country. However, entering into this millennium, with the rising of the BRIC countries (Brazil, Russia, India and China), Taiwan’s OEM electronics industry is gradually losing competitive advantages. Nowadays, to improve competitiveness is the most critical issue in the industry. According to MIC of III , the integration of information technology in OEM electronics industry is a major index of Taiwan’s competitiveness.
    The higher the information system is integrated, the more the system should be secured. Otherwise, in case of any abusage, the damage can sometimes beyond our imagination. The collapse of Barings Bank is a best lesson for all of us to learn. Therefore, we should put equal emphasis on information system security as well as information system integration.
    The scope of this paper is to analyze the information system security of Everskill Technology, an OEM electronics company, to find out the weakness of the existing IT framework, and better improvement for future information system security in the company and OEM electronics industry.
    This paper will thoroughly examine the existing structure of the information system of Everskill Technology, e.g. how the structure is built? Why it is built this way? How is the information system secured? What are the factors that affect information system security? How to modify the factors? The paper will also highlight some incidents, pin point the weakness of the system, and also provide suggestions for future improvements.
    My conclusion is that the successful implementation of information system security to an organization is not just about how advanced the products/technology are, or how complete the procedures/checklists are, the people(agents) in the organization also play an very important role. As a professional manager of the organization, I believe we should always be aware of the relations among products/technology, procedures/checklists and the people (agents). Only through perfect balance among the three factors, we can successfully implement and secure information system of the organization.
    Ultimately, this paper can provide an agenda for any other OEM electronics company who wishes to improve her information system security and hopefully can be a stimulation of improvement for the industry.
    LIST OF FIGURES VIII
    LIST OF TABLES VIII
    CHAPTER 1 INTRODUCTION 9
    1.1 Research Motive 9
    1.2 Research Objective 10
    1.3 Paper Outlines 11
    CHAPTER 1 LITERATURE REVIEW 13
    2.1 Principles of ISS 13
    2.1.1 Principles of ISS for the Decade 13
    2.2 Theories of ISS 15
    2.2.1 Functionalism Theory 15
    2.2.2 Methodology Theory 16
    2.2.3 Institutionalization Theory 20
    CHAPTER 3 THE CASE: EVERSKILL TECHNOLOGY CO.,LTD. 24
    3.1 Background of OEM Electronics Industry 24
    3.2 Introduction of Everskill Technology Co., Ltd. 25
    3.3 Everskill’s ISS Policy 27
    3.4 Everskill’s Information System 30
    CHAPTER 4 ANALYSIS ON EVERSKILL INFORMATION SYSTEM SECURITY 32
    4.1.1 Incident 1: External Virus Attack 32
    4.1.2 Incident 2: Lightening Strike 33
    4.1.3 Incident 3: Internal Virus Spreading 33
    4.2 Analysis on Everskill’s Information System Security 34
    4.2.1 Single-firewall Internet Protection 34
    4.2.2 Incoherent IS Structure 35
    4.2.3 Compromised Internet Access Control 36
    CHAPTER 5 RECOMMENDATIONS & CONCLUSIONS 37
    5.1 Proposition 1: Multi-layer Protection 37
    5.2 Proposition 2: DMZ Application 38
    5.3 Proposition 3: IPS Protection 39
    5.4 Conclusions 41
    REFERENCES 44
    APPENDIX 45
    1.仕欽科技(股)公司資通安全政策 45
    2.仕欽科技(股)公司資訊部門管理辦法 51
    3.仕欽科技(股)公司資訊部門工作職掌 53
    4.仕欽科技(股)公司台北廠系統復原計畫 54
    5.仕欽科技(股)公司資訊部門請購資料 57







    List of Figures
    FIGURE 2.1 THE CIRCUITS OF POWER FRAMEWORK 11
    FIGURE 3.1 EVERSKILL’S ORGANIZATION CHART 16
    FIGURE 3.2 EVERSKILL TAIPEI’S EXISTING IT FRAMEWORK 21
    FIGURE 3.3 EVERSKILL’S MIS EXPENDITURE 22
    FIGURE 5.1 MULTI-LAYER PROTECTION 29
    FIGURE 5.2 PROPOSED INTERNET FRAMEWORK 31

    List of Tables
    TABLE 2.1 SUMMARY OF ISS RESEARCH 7
    TABLE 2.2 THE CLASSES OF TRADITIONAL ISS METHODS 8
    TABLE 2.3 FUNDAMENTAL OBJECTIVES RELATED TO ISS 10
    TABLE 3.1 EVERSKILL’S CHRONOLOGIC EVENT 17
    參考文獻: Dhillon, G. & Backhouse, J. (1996). Risks in the Use of Information Technology Within Organizations. International Journal of Information Management, 16(1), 65-74.
    Dhillon, G. & Backhouse, J. (2000). Information System Security Management in the new millennium. Comminucations of the ACM, 43(7), 125~128.
    Dhillon, G. & Backhouse, J. (2001). Current Directions in IS Security research: Towards Socio-Organizational Perspectives. Information Systems Journal, 11, 127-153.
    Dhillon, G..& Torkzadeh, G. (2006). Value-focused assessment of information system security in organizations. Information Systems Journal, 16, 293-314.
    Heinlein, E. B. (1995 ). Principles of Information Systems Security Computers & Security 14(3), 197-198.
    Hsu, C., Silva, L., & Backhouse, J. (2006). Circuits of Power in Creating De Jure Standards: Shaping An International Information Systems Security Standard. MIS Quarterly, 30(Special Issue), 413-438.
    Silva, L., & Backhouse, J. (1997). Becoming part of the furniture, The Institutionalisation of Information Systems. Information Systems and Qualitative Research, 1-27.
    Siponen, M. T. (2005). An analysis of the traditional IS security approaches: implications for research and practice. European Journal of Information Systems, 14, 303-315.
    張家維. (2007). 2006-2009年台灣中小型製造業資訊軟體與服務投資現況與未來趨勢. 1-28.
    仕欽科技企業股份有限公司九十五年度財務報告
    www.everskill.com.tw
    www.google.com
    www.mcafee.com
    www.rca.com
    www.symantec.com
    www.wikipedia.com
    描述: 碩士
    國立政治大學
    國際經營管理碩士班(IMBA)
    94933015
    96
    資料來源: http://thesis.lib.nccu.edu.tw/record/#G0094933015
    資料類型: thesis
    顯示於類別:[國際經營管理英語碩士學程IMBA] 學位論文

    文件中的檔案:

    檔案 大小格式瀏覽次數
    index.html0KbHTML2621檢視/開啟


    在政大典藏中所有的資料項目都受到原著作權保護.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 回饋