Department of Business Administration, National Central University; Department of Business Administration, National Central University; Department of Information Management, National Central University; Department of Public Policy and Management, Shih Hsin University
為因應網路詐騙之日新月異,導致企業商譽和內部管理流程及決策疏失,和一般消費者訂房與企業之間的差異性,來探討產學差距,資訊安全觀念不足及財務商譽損失等在法條中之賠償依據及損失來看企業經營的風險。 中小型企業在人力資源中大多缺乏責任分配及財管流程,在資訊流和網路財務金流蓬勃發展之下,對資訊流和金流經營管理標準流程儼然已是必備,分析如何藉由管理流程和監督放行權限核決權,以防止網路詐騙之發生有其必要性。 本案聚焦在了解企業管理之供應商審核、財務流程探討,資訊流和金流的基本概念及法規政策等討論,以期讓學員學習相關知識和概念並注意相關發展。
(149_M5fd863235917f_Abs.pdf(檔案不存在))網路詐騙、內部管理、企業風險
This case study is to explore the gap between industry and academia in response to the rapid changes in online fraud, which leads to the negligence of business reputation and internal management process and decision-making. Through the difference of room reservation between the general consumers and the enterprises, to explore the gap between industry and academia. The lack of information security concept and the compensation of financial and goodwill losses in the legal provisions look at the risks of business operations. However, most small and medium-sized enterprises lack of responsibility distribution and financial management process in human management and organization. In the current generation of rapid information circulation, under the rapid development of information flow and online financial flow, the standard process of information flow and financial flow management is already become an essential part.It is necessary to analyze how to prevent the occurrence of network fraud through management process and supervision and release authority. This case focuses on the understanding of usage practices of business operations in the industry, the discussion of financial processes for enterprise management, the study of basic concepts of information security and the discussion of laws, regulations and policies, etc. In order to let students and industry people understand and learn relevant knowledge and concepts, increase and adjust attention to relevant development.
(149_M5fd863235917f_Abs.pdf(檔案不存在))Internet Fraud, Internal Management, Corporate Risk
網路詐騙 (Internet fraud) 是指利用有網路連接的網際網路服務或者軟體,對受害者進行詐騙或其他利用的行為。研究顯示,網路詐騙可通過社交工程與社會影響力的管道發生。網路詐騙可能發生在聊天室、社交媒體、手機App、電子郵件、留言板、網站等地方(鄭燦堂,2019a)。 近年來國內諸多處理國際貿易的中小型企業,平時都以電子郵件聯繫與國外合作客戶做生意;專做出境 (Outbound) 的旅行業使用電子郵件聯繫國外合作客戶,早已是這類型企業溝通的主要聯絡方式;舉凡交易訂單、收據及匯款帳號等,尤其長期與海外合作公司的跨國交易,由於時差、語言等因素,以電子郵件為主要溝通途徑更是習以為常。 然而,這樣的業務操作慣例,卻也衍生出商業電子郵件詐騙 (Business E-mail Compromise,BEC) 的攻擊手法,顧名思義,就是以企業員工的電子郵件帳號,作為攻擊途徑的網路詐騙攻擊。尤其是時常進行跨國轉帳交易的企業,駭客冒用企業內部的高層主管或合作公司業務窗口,相關負責人因為對交易、金流有決定權與執行權的人,更容易成為駭客鎖定目標。不論企業規模大小,都有遇害的可能性。 本個案對於管理的意涵在於,網路詐騙的手法日新月異,個案企業遇到的是不同於詐騙個人的如簡訊APP、網路購物等一般型詐騙,而是海外最新的詐騙案例與手法;藉此個案非僅討論資訊安全議題,而是著重於尤以中小型企業主等對於資訊安全的問題考量,在面對網路資訊爆發的時代,不僅僅是IT人員應該留意資安問題,其實甚至應該是包含業務或是財務會計相關人員等,都應對資訊安全的基本概念具有思考的角度,更重要的是藉此發展出資訊管理、審核機制和金資流程的風險管理機制和流程才是。
吉鵬旅行社官方網站,2020,https://www.oktours.com.tw, accessed on Jun 4th, 2020. (OK Tours Official Website, 2020, https://www.oktours.com.tw, accessed on Jun 4th, 2020.)
林奐呈、邵蓓宣,2020,「阿喜法則(ARCI Model)–專案PM一定要會的溝通法則!設定4種團隊角色,再複雜的任務也能搞定」,
https://www.managertoday.com.tw/glossary/view/209, accessed on Jun 4th, 2020. (Lin, H. C. and Shao, P. H., 2020, “ARCI Model – A Communication Rule That Project PM Must Know! Set 4 Kinds of Team Roles, No Matter How Complex Tasks Can Be Done,” Manager Today, https://www.managertoday.com.tw/glossary/view/209, accessed on Jun 4th, 2020.)
品辰旅行社官方網站,2020,https://www.ezhotel.com.tw, accessed on Jun 4th, 2020. (PC Travel Official Website, 2020, https://www.ezhotel.com.tw, accessed on Jun 4th, 2020.)
翁田山,2019,採購與供應之商務實作,二版,臺北市:華魁科技顧問有限公司出版。(Weng, T. S., 2019, Commercial Implementation of Procurement and Supply, 2nd, Taipei City: Topchina Technology Consulting Co., Ltd Pulished.)
張文隆,2011,當責,初版,臺北市:商周出版社。(Chang, W. L., 2011, Accountable, 1st, Taipei City: Business Weekly Published.)
曾銘仁,2009,「消弭中小企業資安落差」,https://www.netadmin.com.tw/netadmin/zh-tw/trend/E5C3C39797B447699949E091480B8F5C, accessed on Aug 4th, 2020. (Tseng, M. J., 2009, Eliminate SMEs' capital security gap, https://www.netadmin.com.tw/netadmin/zh-tw/trend/E5C3C39797B447699949E091480B8F5C, accessed on Aug 4th, 2019)
萬同軒,2016,資通訊科技引入旅遊產業對台灣旅行業者之衝擊,台北市旅行商業同業公會委託調查研究報告。(Wan, T. H., 2016, “Survey Report on Travel Industry Talents of Tourism Bureau, Ministry of Transport,” Investigation Report commissioned by Taipei Association of Travel Agency.)
葉永騫,2011,「幽靈民宿行騙,消費者盼有管道求證」,自由時報電子報,4月6日,地方版。(Yeh, Y. C., 2011, “Consumers are Hoping for Channels to Verify that Ghost B&B is Cheating,” Liberty Times E-news, Published on April 6th, 2011)
維基百科,2019a,「網路詐騙」,https://zh.wikipedia.org/wiki/網路詐騙, accessed on September 15th, 2019. (Wikipedia, 2019a, “Internet Fraud, ”
https://zh.wikipedia.org/wiki/Internet fraud, accessed on September 15th, 2019)
維基百科,2019b,「聖托里尼」,https://zh.wikipedia.org/聖托里尼, accessed on September 16th , 2019. (Wikipedia, 2019b, “Santorini,” https://zh.wikipedia.org/聖托里尼, accessed on September 16th, 2019)
鄭燦堂,2019,風險管理-理論與實務,九版,臺北市:五南出版社。(Cheng, T. T., 2019, Risk Management-Theory and Practice, 9th, Taipei City: Wunan Publised.)
魏文政,2006,以知識管理進行新產品的開發之研究 -以 I 公司為例,國立交通大學管理學院碩士在職專班國際經貿組碩士論文。(Wei, W. C., 2006, A Study of Knowledge Management in New Product Development –A Case Study of I Company, National Chiao Tung University School of Management, Master’s Thesis in International Economics and Trade Group.)
MBA智庫百科,2019,「內部控制風險」,http://wiki.mbalib.com/zh-tw/內部控制風險,
accessed on July 24th , 2020. (MBAlib, 2019, “Internal Control Risks,” http://wiki.mbalib.com/zh-tw/ Internal control risk, accessed on July 24th, 2020)