• 沒有找到結果。

組織資訊安全管理策略之探討

N/A
N/A
Protected

Academic year: 2021

Share "組織資訊安全管理策略之探討"

Copied!
5
0
0

加載中.... (立即查看全文)

全文

(1)

"~"lt

W.Hi\~~fg!lmm2Iag

~1!1.·*~zp.·m~.

fl'9n1H!Utfil · Iltilnternetfl'9liiiteWEC9'iJiifj ·

1'~IIA~iUI~RMl.f!I.~fI'9iiUftB~ •

fl'9m~&W~m&;~a·~Xm~R&.~fI'9~~~~·~R·.~~.~~~

,

il6aiEiiW~9j.iEiifll[9'iJfFi~~M

Ms!~~~~?F~$'"

~"Rmf4f3i(Information

Technology)/Jirz

~

• •

ffla3ft3.·m.fi.m~M

tflnformation

System)l¥Jft<.~jHf!

EI

:6ii:jJDi~

,

f~1~ ~a.~~.mM~ ~ ~m~~I¥J~ o iMIJ~UIi1]IMHlnternet).fflft)~illi

~=rj§jf~

B• •

ff·~m~

••••

$ ' I• •

~~m.$~.'X-~~VA.~~~. ·~~.I¥J/Ji~&~~~a~~.*~

r:p

0 a~ff?H~.(Web Computing)~{--\;;

MI¥J~ffl~'B~~~~m.~$'&~~~ .~.fitt*I¥J~T

• •

j§j,®~.~~m~ 3~~M~l¥Jm.~@Aa~~m.OODI¥J~ -mfi.mM~~.EI~'RM~.~.EI '~ffl~.m~al¥J.~,~~m.l¥J.

3'::

OODM

r!T

I¥J#~~ (Schultz~

,

2001 ;

Eloff

&

Solms,

2000) 0

(2)

*~~§~,~~.~~m

••

~~~.~ ~.~'*7m.R~m~M

••

~~~~. M'~~'~OO'.~OOR.~OO'~Wfim .fIHjJE.~~~jij~ij(1J~B"l~~ 0

r---,

I

~m.m~,RM~-g~fi.~~.~~.R

I

I

~,R~.m~~.,~~~~8~

••

~.

I

I

.'m.~m

••

~~~.tt,OO~g$~~.

I

I

~,m~~K~~g$.~~¥.ft°

I

L. ____________

..J:

iUtl.:ti

~!Ii!_11

.~~~~~.~.B*H~~fflW~$m fIHTfi~mf)jj!fiH~JJ\!(Gollmann,

1999)

0

{=tim.

~~~~.~

..

§.,~.~~~.~~. ~*H*.:¥4~~~tE(Confidentiality)

,

1C1f

'11:(1ntegrity)R

Of

ffl

'11:(Availability) ,

fiPPJT~~

r

C.LA.

J

(Smith,

1989 ;

Schultz,

2001 ;

ISOIIEC

17799-1,2000;

Chapma,

1995 ;

~i§-

,

1999) :

( - ) IUf511(Confidentiality) ;

.~r.~JR~

• •

~m.~A'~~~

1&0

( =)

;ffigl1(lntegrity) ;

~.r.~Jffi~r

• •

1J$J~~.ttR 7t~'I1: 0 !

( .:::) trrffll1(Avaiiability) ;

Ii1H'

f:

*&H®

m.

~

fIe

ffl

'ff~ ~ JU( ~ J '

.il1zfIefflfl3lDl

r.~

••

J 0

r.

.~~~.~~~ff~R.B~IDl~.R~

~~'M

• •

m~R~~f)jj~tt

• •

ffl~~

1tI ...

lti.t1tlR.*4~*(Rusell &

Gangemi,

1992

1i:?'E:ifJll ,-_->::;S::.::...ecu,rity management) 1i:?'E: (Security) .llJjiifl,1i:?'E: 1¥Jt(1i:?'E: (Communication security) )o~M.@i'.~~-.A~.~~

• • •

• ••

,.~_ro~~~,~~~~&

•••

B"lJj;(. '

@.~fJl.~.B"l~.'11:

'

fiPfIe~1: .~'~Of~~Of~~~m~_~.~ (ISOfIEC

17799-1, 2000)

0 r.~*H~~J

l'J

lli-W~. ~*H

• •

,~~:~1tI,. 1tI'.~$'~Wtt~~~~'~~&*m. ~ffl.~*H

• •

~~~m~,~.~~~~

filtfiRiRfJl.'JJI!OO

(~J*:fl'

1996)

0

O~m~~~.~fim

• •

~~~~.*~

fi~T~.'~~lmffi(.~.'~~.·

2001)

0 l.P;,~(Content)3(~

:

m~~.~M

••

~~~·~~~~~Aa ~~~~MJf.R 0 2.ffJ&(Access)3(~

:

~~~fflW~.~·~MJEA~M~~OO&

(3)

ttl!JJi pq

~mJEW!¥4a"Jff* 0 3.jjm(Communication)3(~

:

l*-~!H'~r:j:lfIkJ~Jt~&~~

"

4:ti:~~JI(Security

management) :

~~&Wm~~~W'E.~~ft,W~~

~~*fIkJ&:JJ!"

r

;)(;.-;';;~;.;IR-;;';f§i;.-;

1

I

m.§~14IfHifjiUi' 8/~.BtBltj91J.~9'!JijiJ

I

=~

,

;3~g~~SCft.~2GIDl~ftilJ(94.2%)

, J.I

:

iII~!itl!i!fII

(92.9 % )

J:.(

liUI.IiIJ<!it1!i!

iIlJ(

90. 9%) ,

:

L

~~=:::'~'::il~~~~o

____

.J .

~.M~'~B.m~wm~~fIkJ~.'

ftfHF7:tmtJ5t

]J'H;t~~WJJl!(Security

Managem­

ent) ,

~SWI~(Products

and Tools) ,

W~9f. ~1i:m(Outsourcing)~-=- @Jt1ITfi~1i

"

::$::)(tJitJ

B~~W,~r:j:l.R_wm.JJI!Ag*'r:j:l ~~wmJJ!ffl~~g.z.~'&~~WmW m~W.R

• •

~~ ,.a.$ffi9f.,~ft ~E: '~2002~1l rd]tJE-mail'*tfjr",~W650

f)1 ,

~~r",'W159{51

'

tD.~~r",'W5f51

'

fi~ rl'l~~154f51

'

fi~tJ;~*23.69% 0

(-)

~~ftJl~1J§ *:)(~.mg:)(.~~.Wm~~WmITfiz "1.ftIi~§~14~~1i~E:

' E/tWW1.ftlittf7'Jm:

fIkJM=~,5t~~: r~HWW~Zff*~

ltljJ (94.2%)'

r~~~ ~ffi'JJ

(92.9%) ,

r~H~ ~ffiIJJ (90.9%)~

, milf

rffJfJl~ ~J' r~M~~J&r~H~~J~~~B

ti::kfIkJam

0 m:f~a"JM

-

~

,

5t]J'j~: r~1i

Jifi1.i!h:WmJ (33.1%)'

r~1ioo.~5t;fJT (~lt,

112

SlfiMl3..jilR:ti~esJ~a5

1i

m 17:

~

,

pq~1i~

{.fllX1i~

I

jMm17:~ 1i~~3'!Il

,

,

1lJj~ Btll 17:~:'l'16

PKI VPN

no*,

1lJ:J:k1li

AfjH~lIllj

1iN*imt :

m:~~

,

Ilt'f~(2001)rt3'!ll§Ovum '

1iJfH!r

MIC~ifHlflITISn. 0 fJ~!~~)

J (36.4%)' r

~tlt!filijmMffiIJJ

(39.6%)

'milf~.~roo.~wmJ' r~ttl!.mM ~J*.~wm~~fIkJ§.zW~~*.&" ~ftfffi

B '

~~14~tigJ\,~~WJJl!ITfizWIii!!

~

§,

/tWWIii!!~

1.9% '

**"~.1itR~

21.2% '

::f9;[]~~~6.9%

" milffJlB:llifflwm

~~WJJl!.M'

• •

~~~~mIii!!E~~.::k

a"J

1t!

~::f~o~ ~

JJ! fi

Nij

,ffaT1ft '

~E:~,~~~m.::f7m;~=~::f9;[]~B

,

fi::f~O**~~

• •

1ii!! '

~ttWIJ

~f~

#ij~~m 0

(=)~~~a5I~~1J§

~.~::f~fIkJtim~~.*'~ffl::f~fIkJ

m~~i!iSWI~

, tm[l/2rjflf

0

::$::)(~~.wm~~~S.a.9~'~ft ~ml

' E / tW

Iii!! ttf7U m:

fIkJ~IJ

­

~

,

5t]J

Ij

~: r~n~~J:J1lJ

(Anti-Virus)(98.1%)'

r~*

1II

J (Firewall)(96.8%)W r

lSi

II

fL.

~M

J

(Virtual Private Network, VPN)(67.5%)

0

milf

(4)

r • •

~.Jwr~*~J~~.~d

• • M

~~~«~~,m~*fi~,m~~

••

ffl~ M~~~~*M.(.~~W.~.'

2002) ,

vPNtl:riE~JEg@:~ 0 .B®~'~~~

• •

M~~.~OO~.~

'B/~.~~.61.5%' **M~.1M~

.28.1% '

1'~[Jill~.l0.4% 0 D7f.M~~. ~WI~,mm

• •

ffl~.d.M~~§.~

1I:• •

q'~~**R.~~~mlli=d'D 7f.M~~.~~ffi.m~.~'~~.M~ ~!fiX~£B

fft1J!!r1i

p;'ija~

11:tJi

Q

( =:) it~~91-D~~~M ffi~.M~~~W~&~~M*1'~m*· ~m

••

~

••

ft~fi~~*~~A~,~ft

M~~~~mMIJ!~®~o.M~~~~m MI!ip;'ijJ5JTm1fta~~~Mfi~jfi

(FennW ' 2002 ;

:lI~f4t~

'2002) :

1.~ *~!Mi:~W ~:OO~~M(Fire

Monitoring)

0

2.A.

~f~i1lIj~M!Mi: ~W :OO~~M(Intrusion

Detection Monitoring)

0

3.

~~tt ~ ~lfaJiffflIJtU~M(Vulnerability

Assessment)

0 4.~~i1l11~il:ij~M(Penetration

Testing)

0 5.m.fffllJtljij~M(Anti-

Virus)

0 6.VPN~:OO~~M 0

7.

~

J{

!Mi:

~

W

~n n~

ii

Jjj(

ij~

M ( Web P age

Monitoring

&

Recovery)

0

8.

~j:1I:~71Iij~M(URL

Filtering)

0

9.

~ ~

ff

~Jl.fiIi ¥IH~

M(Security Intelligence

Alert)

0

10J~~5tffin~M(Reporting &

Analysis)

0

11.~~$1tf@]1J!

'

1~/W:i1!iWJ1HiEH~M(Incident

Response

&

Forensics)

0

12.• M

~ifj( •

*11

n

n~

M (Securi ty Policy

Development)

0

13.

M~~¥;iCf!fij~M(Security

Education and

Training)

Q 14.1~fffj~l.l(Patch

Management)

0 *~R.M~~~~.~.~d=

• • •

~ §~ft.~,~~ /~

• •

tt~.~~. r~§~Jjjrp~H~MJ

(20.1%) ,

**M~.~tti§lJ~ ~~. r~fS~flij~MJ

(56.5%)

Q

.BffiH§ ,

B/

~.~~a~tt1§1j.17.3%

'

**R.~~tt{9l1

.52.8% '

1'~[Jill~tt19IJ.29.9%

' ElMfJ3..fi

.*~ffl.M~~~~mM~.q,m**M .~~tt~W~.lid~~'D7f.M~~

~mM**fi.*~ffi.H~~M,~m.~ n~Ml!iitij~mm 0

(1m)

jU~it~~M2.fJ.~

• •

a.~.M~~~~m~'

• • •

M~ ~.~B.~.I~'~.M~~~~mMW ~.'~

• • •

M~~~

• •

,.~ft.~, ~7Rm~7f~~1'~.~~~~.'.~~ .~a~. r.B.~Jl.~~*IX'.il:mft

J (5.86) ,

:!t=

*

r~ M~~$~@~d~.~.fiJ

(5.84) ,

:jI};X.

r.M~~$~~1&~1iJjj(n~rt'l' ~9;flJ

(5.82) , gZP1r!t • •

1if~. r.M~~$~ a~;xlXtJ91(y

J (5.74) ,

.f.ljW.1iflJifll~0.12

'

D7f.B@~'

• •

~~~~:OOOO'.~IA OO~.P~~MOO~.M~~~~W.,~mff .~Jl.~~*1X'.il:1J!1*filEOO~MiIJJ 0

~Idti

••

m~ffl~ M~~.Mm5t.=m.

-j

~

I

1

(5)

00'

:~~

• •

'&~WI~'.~~. ~o~*X£~~'~~~~~&~WI~m

••

~m~ttm.~,.~m

• • •

m.m~ ~.~wI~~.m,mW.fiZ*h@M' ~~

••m.z

m~~

••

~~$~." • o~~~~~• •m~,~~

••

m~.~

$IJ

:fJl'

f*

Wj(:tr.::~~m~thH!f(BSI)~iBS 7799~itIJJEW~I)~HI~~iEI.(lSO)~ISO/IEC

17799SkJ0HIi '

TIU~~!7q~:g~fI~tgflj$.pff

rn*tJT31

,:1t~i&Jff~5$hir AW1~1t

'

f~ ~m.~~m~~

••

~~oo.mo.~.~

• •

m~~rrM~~~,~~*rri&Jff~*h .~ZT,

• • •

~o~:tr.::~m~~mM.ff ~~~,*~.~m.~M~OO~.$'

•••

m~~.,mm~*.m~m~~mM rnm.m.,&~wmm.~JE~m~~m~ rn~~ 0

!"I

(

w=ff7}7jIJmEi~~**ittJlIIJ

if: '

i&m

*.~m

• • •

*~ft~~&.rr*

• • •M

¥liJf3"Cpffft~

)

• •

~3ZJf

l.Chapman, D.B. and Zwicky, E.D.(1995),

Building Internet Firewalls. O'Reilly &

Associates.

2.Eloff, M.M. &

Solms, S.H. V.(2000),

"Information Security Management: An

Approach to Combine Process Certification And

Product Evaluation", Computers & Security.

Vo1.19, NO.8, PP.698-709.

3.Fenn, C.& Shooter, R(2002), "IT Security

Outsourcing", Computer Law Security Report.

Vo1.18, No.2, PP. 109-11

1.

4.Gollmann, D.(1999) Computer Security, John

Wiley & Sons Ltd, 1999.

5.ISO/IEC

17799-1 (2000),

Information

technology-code of practice for information

security management, 2000.

6.Rusel1, D. & Gangemi, G.T.(1992), Computer

Security Basics, California, U.S.A., O'Reilly &

Associates Inc, 1992.

7.Schultz,

E.E.,

Proctor,

R.W.,

Lien,

M.C.(200l),"Usability and Security An

Appraisal of Usability Issues in Information

Security Methods", Computer & Security, Y.20,

NO.7, PP.620-634.

8.Smith, M.( 1989), "Computer Security-Threats,

Vulnerabilities and Countermeasures",

Information Age, October, PP.205-210.

9.1L~MtS{(2002)' "~YI. ~.~HEl.1iJf ~"

,

.MtW1tIf~

, 12)1 , PP.33-38 "

1O.~:f*Ji(1996)' "~~i-i&Jfftmf~~~Jl.*MC~ ~mtt<itljf!t"

, ffffliiillii"i'm!¥fli '

10~2

M '

PP.21-40

0 11 J~*~

,

~*{~(2002)'

"IVJ

:Jdtli~~.:f-'

ZWlilli" ,

"i'mW1tBfi ' 200.10, PP.94-97

0 12.JlI~~

,

~H+Jm(2001)

,

"i'ijJl.x~1$tJmm. WM.mgn~.m'M~$A~mI.m

13.tIHi3-(l999) ,

:fJlf-tif*;;i'mx~£ilBl*m

~'~.*

•••

M.liJf~Mm±.xo

,ti , ~j Jli§2741Ufi9JIIJ 93f1:9Fi1 93

參考文獻

相關文件

1、存放機密性及敏感性資料之大型主機或伺服器主機(如Domain Name

First, this research integrates academic literature from management information systems, strategic management, knowledge management, and organizational theories, based on

初中科技教育學習領域課程資源 課題: 商業、營商環境和全球一體化 策略和管理— 核心學習元素.. 單元 K7

探討:香港學生資訊素養 類別二:一般的資訊素養能力 識別和定義對資訊的需求.. VLE Platform – Discussion 討論列表 Discussion

除了上述的議題外,今日的資訊倫理還包含了提 高使用者的倫理道德或社會使命感、建立正確價 值觀、建立自律自重的守法美德等。這些議題可 參考美國電腦倫理協會( Computer Ethics

自 1998 年起,教育局制訂了一系列資訊科技教育策略,促進學 校將資訊科技融入學與教當中。於 2000

[r]

資訊和通訊科技 物料和結構 營運和製造 策略和管理 系統和控制