臺灣博碩士論文加值系統

由於網路應用的普及，加上行動通訊技術的高速成長，使用者的個人隨身資訊裝置的普及度大幅提高，企業資安環境面臨的風險亦大幅提升。因此，端點防護(Endpoint Protection,EP) 是近年來資安市場的熱門主題之一。由於資訊安全是一種高度技術性的專業領域，其建置成本相當高。因此，企業組織為了有效運用現有資源及降低成本，委外成為一種普遍的現象與趨勢。然而，目前缺乏一套端點防護委外流程的評估指標供企業組織該評估其端點防護委外流程的成效。因此，本研究以委外流程相關文獻為基礎，推導出委外流程之4階段：需求分析與風險評估階段、承包商評選階段、契約協商與審查階段與關係管理階段。再透過資源依賴理論、交易成本理論、代理理論以及端點防護的架構以進行修正，得以提出端點防護委外流程之雛型指標。隨後採用修正式德菲法與資訊安全相關專家學者訪談，進行端點防護委外流程評估指標之指標修正。最後，本研究提出四個流程階段及37項端點防護委的評估指標，以供學術與實務上之參考。

Due to the availability of internet applications and rapid growth in the mobile telecommunication technology, the accessibility to personal information devices of users substantially increases, as well as the risks faced by the corporate information security. Hence, Endpoint Protection (EP) has become one of the popular issues for the information security market in recent years. However, information security is a highly technical professional field with considerably high building costs. To effectively implement existing resources and to lower costs for corporate organizations, outsourcing has become a popular phenomena and trend. Therefore, how do corporate organizations assess the effectiveness of endpoint outsourcing process? Currently there is a lack of evaluation indications for endpoint protection outsourcing process. The study is based on outsourcing process related literature with derivation to the 4 phases of the process: Needs analysis and risk assessment phase, contractor selection phase, contract negotiation and review phase, and relationship management phase. The study further adds transaction cost theory and agency theory related indicators in addition to the endpoint protection structure, in order to propose initial prototype of evaluation indicators for endpoint protection outsourcing process. Finally the study adopts modified Delphi method and information security related interview with experts and scholars, to modify the evaluation indicators for endpoint protection outsourcing process and to conduct indicator modification. The study then proposes the four process phases and 37 evaluation indicators for endpoint protection outsourcing after conducting analysis, as means of academic and practice references.

目錄 頁次
一、 緒論 1
1.1 研究背景與動機 1
1.2 研究目的 ….. 2
1.3 論文架構 ……………………………………………………………………… 2
二、 文獻探討 4
2.1委外流程 5
2.2委外流程評估指標理論之補充 8
2.2.1資源依賴理論 8
2.2.2交易成本理論 8
2.2.3代理理論 9
2.3 端點防護 10
2.3.1端點防護特性 10
2.3.2端點防護架構及解決方案 11
三、 研究方法 15
3.1研究架構 15
3.2問卷編製之流程 16
3.3問卷設計及研究變數 17
3.4專家學者群體. 17
3.5資料分析方法與工具 17
四、 端點防護委外流程評估指標之發展與結果 19
4.1 第一階段：文獻回顧及雛型指標設計之結果 19
4.2 第二階段：雛型指標修正與分析之結果 32
4.3 第三階段：雛型指標精簡之結果 39
4.4 個案範例......... 45
五、 結論 48
5.1 研究貢獻 48
5.2 管理意涵 49
5.3 研究限制與研究建議 50
參考文獻 51
附錄 56
附錄一 德菲法調查 專家學者名單 56
附錄二 第一次德菲法問卷 57
附錄三 第二次德菲法問卷 62

1.Akomode, O. J., Lees, B., & Irgens,C., 1998, “Constructing customised models and providing information to support IT outsourcing decisions”, Logistics Information Management, Vol. 11, No. 2, pp. 114-127.
2.Alner, M., 2001, “The Effects of Outsourcing on Information Security”, Information Systems Security, Vol. 10, No. 2, pp. 35-43.
3.Aubert, B. A., Rivard, S., & Patry, M., 2004, “A transaction cost model of IT outsourcing”, Information & Management, Vol. 41, No. 7, pp. 921-932.
4.Barringer, B. R., & Harrison, J. S., 2000, “Walking a tightrope: Creating value through interorganizational relationships”, Journal of Management, Vol. 26, No. 3, pp. 367-103.
5.Bergen, M., Dutta, S., & Waliker, O. C., 1992, “Agency Relationships in Marketing: A Review of the Implications and Applications of Agency and Related Theories”, Journal of Marketing, Vol. 56, No. 3, pp. 1-24.
6.Checkpoint, 2010, Check Point Endpoint Security Data Sheet, Check Point.
7.Chen, L. Y., & Wang, T. C., 2009, “Optimizing partners’ choice in IS/IT outsourcing projects: The strategic decision of fuzzy VIKOR”, International Journal of Production Economics, Vol. 120, No. 1, pp. 233-242.
8.Clemons, E. K., & Weber, B., 1990, “Strategic Information Technology Investment: Guidelines for Decision Making”, Journal of Management Information Systems, Vol. 7, No. 6, pp. 9-28.
9.David, P., & Kathryn, B., 2002, “Outsourcing opportunities for data warehousing business usage”, Logistics Information Management, Vol. 15, No. 3, pp. 204-211.
10.Dibbern, J., Goles, T., Hirschheim, R., & Jayatilaka, B., 2004, “Information Systems Outsourcing: A Survey and Analysis of the Literature”, The DATA BASE for Advances in Information Systems, Vol. 35, No. 4, pp. 6-102.
11.Firstbrook, P., Girard, J., & MacDonald, N., 2010, “Magic Quadrant for Endpoint Protection Platforms,” Gartner RAS Core Research.
12.Gell, G., Madjaric, M., Leodolterc, W., Kole, W., & Leitnerc, H., 2000, “HIS purchase projects in public hospitals of Styria”, International Journal of Medical Informatics, Vol. 57, No. 2, pp. 47-155.
13.Goo, J., Kishore, R., Rao, H. R., & Nam, K., 2009, “The role of service level agreements in relational management of information technology outsourcing: an empirical study”, MIS Quarterly, Vol. 33, No.1 , pp. 119-145.
14.Grupe, F. H. , 1997, “Outsourcing The Help Desk Function”, Information System Management, Vol. 14, No. 2, pp. 15-22.
15.Henderson, J. C., 1990, “Plugging into strategic partnerships: the critical IS connection”, Sloan Management Review, Vol. 31, No. 3, pp. 7-18.
16.Hillman, A. J., Withers, M. C., & Collins, B. J., 2009, “Resource Dependence Theory: A Review”, Journal of Management, Vol. 35, No. 6, pp. 1404-1427.
17.Holden, M. C., & Wedman, J. F., 1993, “Future issues of computer-mediated communication: The results of a Delphi study”, Educational technology research and development, Vol. 41, No. 4, pp. 5-24.
18.Hong, K. S., Chi, Y. P., & Chao, L. R., 2003, “A Study of Hierarchical Structure of Information Security Valuation Criteria”, Journal of Library and Infornation Science, Vol. 29, No. 2, pp. 22-44.
19.Holcomb, T. R., & Hitt, M. A., 2007, “Toward a model of strategic outsourcing”, Journal of Operations Management, Vol. 25, No. 2, pp. 464-481.
20.Jensen, M. C., & Meckling, W. H., 1976, “Theory of the Firm：Managerial Behavior, Agency Costs and Ownership Structure”. Journal of Financial Economics, Vol. 3, No. 4, pp. 305-360.
21.Jarillo, J. C., 1988, “On strategic networks”, Strategic Management Journal, Vol. 9, No. 1, pp. 31-41.
22.Jones, C. , 1994, “Evaluating software outsourcing options”, Information Systems Management, Vol. 11, No. 4, pp. 28-33.
23.Kakouris, A. P., Polychronopoulos, G., & Binioris, S., 2006, “Outsourcing decisions and the purchasing process : a system-oriented approach”, Marketing Intelligence & Planning, Vol. 24, No. 7 , pp. 708-729.
24.Koong, K. S., Liu, C. L., & Yong, J. W., 2007, “Taxonomy development and assessment of global information technology outsourcing decisions”, Industrial Management & Data Systems, Vol. 107, No. 3, pp. 397-414.
25.Lacity, M. C., & Hirschheim, R., 1993, “The Information Systems Outsourcing Bandwagon”, Sloan Management Review, Vol. 34, No. 4, pp. 73-86.
26.Lewis, J. D., 1990, Partnerships for Profit: Structuring and Managing Strategic Alliances, The Free Press, New York.
27.Loh, L., 1994, “An organizational-Economic Blueprint for Information Technology Outsourcing: Concepts and Evidence”, One Chapter of Doctoral Theses, MIT, pp. 73-89.
28.Mahaney, R. C., & Lederer, A. L., 2003, “Information systems project management: anagency theory interpretation”, The Journal of Systems and Software, Vol. 68, No. 1, pp. 1-9.
29.Marshall, D., McIvor, R., & Lamming, R., 2007, “Influences and outcomes of outsourcing: Insights from the telecommunications industry”, Journal of Purchasing and Supply Management, Vol. 13, No. 4, pp. 245-260.
30.McAfee, 2010, “一個更合理的端點安全方法：五個簡化生活的理由,” McAfee Product Sheet., http://www.mcafee.com/tw/resources/solution-briefs/sb-endpoint-security-a-rational-approach-upgrade.pdf, 2011/07/05 02:00.
31.McAfee, 2011, “產品與解決方案: 端點保護”, http://www.mcafee.com/tw/products/system-protection/index.aspx, 2011/7/5 01:50.
32.McIvor, R., 2009, “How the transaction cost and resource-based theories of the firm inform outsourcing evaluation”, Journal of Operations Management, Vol. 27, No.1 , pp. 45-63.
33.McDowell, S. W., Wahl, R., & Michelson, J., 2003, “Herding Cats: The Challenges of EMR Vendor Selection”, Journal of Healthcare Information Management, Vol. 17, No. 3, pp. 63-71.
34.Microsoft, 2011, "Business Ready Security," http://www.microsoft.com/taiwan/security/Business-Ready-Security/?WT.mc_id=ff_productsite, 2011/07/05 02:05.
35.Michael, J. M., & Kotabe, W., 2010, “Overcoming Inertia: Drivers of the Outsourcing Process”, Long Range Planning, Vol. 44, No. 3, pp. 160-178.
36.Morgan, N. A., Kaleka, A., & Gooner, R. A., 2007, “Focal supplier opportunism in supermarket retailer category management”, Journal of Operations Management, Vol. 25, No. 2, pp. 512-527.
37.Mohammad, A. H., & Saleh, A., 2005, “A framework model for outsourcing asset management services”, Pro-Quest Science Journals, Vol. 23, No. 1, pp. 73-81.
38.Momme, J., 2001, “Framework for Outsourcing: based on theoretical review and empirical findings from Danish heavy industry”, The Fourth SMESME International Conference, Denmark, 14-16 May.
39.Murry, J. W. & Hammons, J. O., 1995, “Delphi: A versatile methodology for conducting qualitative research”, The Review of Higher Education, Vol. 18, No. 4, pp. 423-436.
40.Ngwenyama, O. K., & Bryson, N., 1999, “Making the Information Systems Outsourcing Decision: A Transaction Cost Approach to Analyzing Outsourcing Decision”, European Journal of Operational Research, Vol. 115, No. 2, pp. 351-367.
41.Pfeffer, J., & Salancik, G.. R., 2003, “The External Control of Organizations:A Resource Dependence Perspective”, 2nd edition , Harper & Row, New York.
42.Pinnington, A., & Woolcock, P., 1995, “How Far is IS/IT Outsourcing Enabling New Organizational Structure and Competencies? ”, International Journal of Information Management, Vol. 15, No. 5, pp. 353-365.
43.Qu, Z., & Brocklehurst, M., 2003, “What will it take for China to become a competitive force in offshore outsourcing? An analysis of the role of transaction costs in supplier selection”, Journal of Information Technology, Vol. 18, No. 1,
pp. 53-67.
44.Richardson, R., 2008, “CSI/FBI Computer Crime and Security Survey”, Computer Security Institute, CSI/FBI.
45.Schniederjans, M., & Zuckweiler, K., 2004, “A quantitative approach to the outsourcing-insourcing decision in an international context”, Management Decision, Vol. 42, No. 8, pp. 974-986 .
46.Schultz, E. E., Proctor, R. W., Lien, M. C., & Salvendy, G.., 2001, “Usability and security: An appraisal of usability issues in information security Methods”, Computers & Security, Vol. 20, No. 7, pp. 620-634.
47.Siponen, M., 2002, “Towards maturity of information security maturity criteria: Six lessons learned from software maturity criteria,＂ Information management & computer security , Vol. 10, No. 5, pp. 210-224.
48.Solms, B. & Solms, R., 2004, “The 10 deadly sins of information security management”, Computers & Security, Vol. 23, pp. 371-376.
49.Sudman, S., Bradburn, N. M., & Schwarz, N., 1996, Thinking About Answers: The application of cognitive processes to survey methodology, Jossey Bass Publishers, San Francisco.
50.Symantec, 2011, “Symantec Endpoint Protection,” http://www.symantec.com/zh/tw/business/endpoint-protection, 2011/7/4 19:15.
51.Thouin, M. F., Hoffman, J. J. & Ford, E. W., 2009, “IT outsourcing and firm-level performance: A transaction cost perspective,” Information & Management, Vol. 46, No. 8, pp. 463-469.
52.Tyler & Geoff, 1998, “Information technology-the take away version”, Management Services, Vol. 42, No. 1, pp. 28-30.
53.Watt, D. J., Kayis, B., & Willey, K., 2010, “The relative importance of tender evaluation and contractor selection criteria”, International Journal of Project Management, Vol. 28, No. 1, pp. 51-60.
54.Whang, S., 1992, “Contracting for software development”, Management Science, Vol. 38, No. 3, pp. 307-323.
55.Whitten, D., & Wakefield, R. L., 2006, “Measuring switching costs in IT outsourcing services”, Journal of Strategic Information Systems, Vol. 15, No. 3,
pp. 219-248.
56.Williamson, O. E., 1975, “Markets and Hierarchies: Analysis and Antitrust Implications”, The Economic Journal, Vol. 86, No. 343, pp. 619-621.
57.William, K., 2009, “Information security in China -A license to print money”, InfoSevurity, Vol. 6, No. 4, pp. 26-29.
58.Yang, C., & Huang, J., 2000, “A decision model for IS outsourcing”, International Journal of Information Management, Vol. 20, No. 3, pp. 225-239.