企業營業秘密外洩資安事件之防範機制 —以N公司EIM導入個案為例

Abstract

根據2007年普華永道(PwC)與CIO、CSO共同舉行的全球資訊安全調查顯示，中國智慧財產權盜竊比例高達18%，且內部員工首次被列為最有可能製造資訊安全事件的主要因素。 縱觀近年來國內知名企業所發生的營業秘密被竊取等重大資安事件層出不窮，甚至某些國家為培植樣版企業或同業競爭對手期能在短期之內大幅突破技術門檻進而超越對方，而採取高報酬利誘方式及有計劃收買競爭對手員工，以不當手段竊取營業秘密達到跳躍式的競爭優勢。現今越來越多的企業意識到，營業秘密洩漏對企業的危害之巨，它不僅給企業帶來法律風險、商譽受損、巨額的經濟損失，還可能危及企業的生存，更影響國家整體性的經濟發展；也因此帶動員工上網行為管理系統(EIM)市場自2005年開始爆發成長，很多企業組織不約而同的採用EIM資訊系統作為企業內部員工資安事件防範機制之管理工具，以達到有效保護企業資訊資產之目的。 本論文主要是透過個案研究方法來探討企業組織如何結合IT技術建立一套有效杜絕內部資安事件之防範制度，從IT管理對組織影響的觀點來探討Leavitt鑽石模型理論應用在上網行為管理電子化系統導入的關鍵因素，期能透過本個案研究之實務經驗，作為同業或異業企業導入EIM電子化管理之參考與評估。

According to the Global Information Security Survey jointly held by Price Waterhouse Coopers (PwC) and CIO, CSO in 2007, Chinese intellectual property theft was disclosed as high as 18%, and internal employees have been listed for the first time as the major factors most likely to make information security incidents. Throughout recent years, trade secrets from known domestic enterprises have been stolen and other major information security incidents after another. Some countries even cultivate patterns of business or horizontal competition try to overcome technical barriers in the short term and even significantly outdo rivals, and take high-paying inducements way and there are plans to corrupt rival staff by improper means to steal trade secrets to achieve leaping competitive advantage. Today more and more companies realize that leaking trade secrets could cause a corporate great damage, it is not only a legal risk to the enterprise, goodwill impairment, the huge economic losses, and may endanger the survival of enterprises, but also affect the national integrity economic development; Therefore, bringing the Employee Internet Management (EIM) to market began a speedy growth from 2005, many companies spontaneously adopted EIM information systems as a preventive mechanism for insider information security incident, in order to achieve effective protection of the purpose of corporate information assets.

This paper is to explore through case studies how organizations approach to IT management combined with the establishment of an effective prevention system, prevent incidents of internal information security. IT management from the organization's perspective to explore the impact of Leavitt Diamond model theory on the critical success factors for the implementation of EIM information system, and expect to dedicate to similar / different enterprises that implement an EIM information systems for reference and assessment through practical experience in this case study.