Please use this identifier to cite or link to this item:
Information System Security of Everskill Technology Co., Ltd. For OEM Electronics Industry
|Issue Date: ||2009-09-14 09:48:53 (UTC+8)|
Information System Security of
Everskill Technology Co., Ltd. for
OEM Electronics Industry
OEM Electronics industry has been the foundation of Taiwan’s economy for the past few decades, and has made major contribution to foreign reserves for the country. However, entering into this millennium, with the rising of the BRIC countries (Brazil, Russia, India and China), Taiwan’s OEM electronics industry is gradually losing competitive advantages. Nowadays, to improve competitiveness is the most critical issue in the industry. According to MIC of III , the integration of information technology in OEM electronics industry is a major index of Taiwan’s competitiveness.
The higher the information system is integrated, the more the system should be secured. Otherwise, in case of any abusage, the damage can sometimes beyond our imagination. The collapse of Barings Bank is a best lesson for all of us to learn. Therefore, we should put equal emphasis on information system security as well as information system integration.
The scope of this paper is to analyze the information system security of Everskill Technology, an OEM electronics company, to find out the weakness of the existing IT framework, and better improvement for future information system security in the company and OEM electronics industry.
This paper will thoroughly examine the existing structure of the information system of Everskill Technology, e.g. how the structure is built? Why it is built this way? How is the information system secured? What are the factors that affect information system security? How to modify the factors? The paper will also highlight some incidents, pin point the weakness of the system, and also provide suggestions for future improvements.
My conclusion is that the successful implementation of information system security to an organization is not just about how advanced the products/technology are, or how complete the procedures/checklists are, the people(agents) in the organization also play an very important role. As a professional manager of the organization, I believe we should always be aware of the relations among products/technology, procedures/checklists and the people (agents). Only through perfect balance among the three factors, we can successfully implement and secure information system of the organization.
Ultimately, this paper can provide an agenda for any other OEM electronics company who wishes to improve her information system security and hopefully can be a stimulation of improvement for the industry.
LIST OF FIGURES VIII
LIST OF TABLES VIII
CHAPTER 1 INTRODUCTION 9
1.1 Research Motive 9
1.2 Research Objective 10
1.3 Paper Outlines 11
CHAPTER 1 LITERATURE REVIEW 13
2.1 Principles of ISS 13
2.1.1 Principles of ISS for the Decade 13
2.2 Theories of ISS 15
2.2.1 Functionalism Theory 15
2.2.2 Methodology Theory 16
2.2.3 Institutionalization Theory 20
CHAPTER 3 THE CASE: EVERSKILL TECHNOLOGY CO.,LTD. 24
3.1 Background of OEM Electronics Industry 24
3.2 Introduction of Everskill Technology Co., Ltd. 25
3.3 Everskill’s ISS Policy 27
3.4 Everskill’s Information System 30
CHAPTER 4 ANALYSIS ON EVERSKILL INFORMATION SYSTEM SECURITY 32
4.1.1 Incident 1: External Virus Attack 32
4.1.2 Incident 2: Lightening Strike 33
4.1.3 Incident 3: Internal Virus Spreading 33
4.2 Analysis on Everskill’s Information System Security 34
4.2.1 Single-firewall Internet Protection 34
4.2.2 Incoherent IS Structure 35
4.2.3 Compromised Internet Access Control 36
CHAPTER 5 RECOMMENDATIONS & CONCLUSIONS 37
5.1 Proposition 1: Multi-layer Protection 37
5.2 Proposition 2: DMZ Application 38
5.3 Proposition 3: IPS Protection 39
5.4 Conclusions 41
List of Figures
FIGURE 2.1 THE CIRCUITS OF POWER FRAMEWORK 11
FIGURE 3.1 EVERSKILL’S ORGANIZATION CHART 16
FIGURE 3.2 EVERSKILL TAIPEI’S EXISTING IT FRAMEWORK 21
FIGURE 3.3 EVERSKILL’S MIS EXPENDITURE 22
FIGURE 5.1 MULTI-LAYER PROTECTION 29
FIGURE 5.2 PROPOSED INTERNET FRAMEWORK 31
List of Tables
TABLE 2.1 SUMMARY OF ISS RESEARCH 7
TABLE 2.2 THE CLASSES OF TRADITIONAL ISS METHODS 8
TABLE 2.3 FUNDAMENTAL OBJECTIVES RELATED TO ISS 10
TABLE 3.1 EVERSKILL’S CHRONOLOGIC EVENT 17
|Reference: ||Dhillon, G. & Backhouse, J. (1996). Risks in the Use of Information Technology Within Organizations. International Journal of Information Management, 16(1), 65-74.|
Dhillon, G. & Backhouse, J. (2000). Information System Security Management in the new millennium. Comminucations of the ACM, 43(7), 125~128.
Dhillon, G. & Backhouse, J. (2001). Current Directions in IS Security research: Towards Socio-Organizational Perspectives. Information Systems Journal, 11, 127-153.
Dhillon, G..& Torkzadeh, G. (2006). Value-focused assessment of information system security in organizations. Information Systems Journal, 16, 293-314.
Heinlein, E. B. (1995 ). Principles of Information Systems Security Computers & Security 14(3), 197-198.
Hsu, C., Silva, L., & Backhouse, J. (2006). Circuits of Power in Creating De Jure Standards: Shaping An International Information Systems Security Standard. MIS Quarterly, 30(Special Issue), 413-438.
Silva, L., & Backhouse, J. (1997). Becoming part of the furniture, The Institutionalisation of Information Systems. Information Systems and Qualitative Research, 1-27.
Siponen, M. T. (2005). An analysis of the traditional IS security approaches: implications for research and practice. European Journal of Information Systems, 14, 303-315.
張家維. (2007). 2006-2009年台灣中小型製造業資訊軟體與服務投資現況與未來趨勢. 1-28.
|Source URI: ||http://thesis.lib.nccu.edu.tw/record/#G0094933015|
|Data Type: ||thesis|
|Appears in Collections:||[國際經營管理英語碩士學程IMBA] 學位論文|
Files in This Item:
All items in 政大典藏 are protected by copyright, with all rights reserved.