| Summary: | 碩士 === 中國文化大學 === 資訊管理研究所碩士在職專班 === 94 === Enterprise Information outsourcing can be proceed in 4 stages. Stage 1, plan and preparation; stage 2, selecting vendor; stage 3, contract execution and management; stage 4, operating and maintenance. However, usually people forget the importance of information security.
This study used questionnaires and interviews based on the standard of Information Technology-Code of Practice (CNS 17799). Trying to find information security management focuses in enterprise outsourcing.
This study integrates the analysis results from the questionnaires with the 4-staged information technology outsourcing methodology. The results show the main points on information security best practice in every stage as follows:
Stage 1, plan and preparation: information security policy.
Stage 2, selecting vendor: identification of risks from third party access, identification of security from third party access, security requirements in third party contracts, personnel screening and policy, physical security perimeter, cabling security, controls against malicious software, information back-up, sensitive system isolation, key management and Intellectual property rights (IPR).
Stage 3, contract execution and management: review information security policy, reporting security incidents, information security education and training, physical entry controls, defense against malicious software, information back-up, information protection and safeguarding of organizational records.
Stage 4, works and maintenance: Business continuity management.
|
|---|
