"~"lt
W.Hi\~~fg!lmm2Iag
~1!1.·*~zp.·m~.
fl'9n1H!Utfil · Iltilnternetfl'9liiiteWEC9'iJiifj ·
1'~IIA~iUI~RMl.f!I.~fI'9iiUftB~ •
fl'9m~&W~m&;~a·~Xm~R&.~fI'9~~~~·~R·.~~.~~~
,
il6aiEiiW~9j.iEiifll[9'iJfFi~~M
•
Ms!~~~~?F~$'"
~"Rmf4f3i(Information
Technology)/Jirz
~
• •
ffla3ft3.·m.fi.m~Mtflnformation
System)l¥Jft<.~jHf!EI
:6ii:jJDi~,
f~1~ ~a.~~.mM~ ~ ~m~~I¥J~ o iMIJ~UIi1]IMHlnternet).fflft)~illi•
~=rj§jf~B• •
ff·~m~••••
$ ' I• •
•
~~m.$~.'X-~~VA.~~~. ·~~.I¥J/Ji~&~~~a~~.*~r:p
0 a~ff?H~.(Web Computing)~{--\;;•
MI¥J~ffl~'B~~~~m.~$'&~~~ .~.fitt*I¥J~T• •
j§j,®~.~~m~ 3~~M~l¥Jm.~@Aa~~m.OODI¥J~ -mfi.mM~~.EI~'RM~.~.EI '~ffl~.m~al¥J.~,~~m.l¥J.3'::
OODM
r!T
I¥J#~~ (Schultz~,
2001 ;
Eloff
&Solms,
2000) 0*~~§~,~~.~~m
••
~~~.~ ~.~'*7m.R~m~M••
~~~~. M'~~'~OO'.~OOR.~OO'~Wfim .fIHjJE.~~~jij~ij(1J~B"l~~ 0r---,
I
~m.m~,RM~-g~fi.~~.~~.RI
I
~,R~.m~~.,~~~~8~••
~.I
I
.'m.~m••
~~~.tt,OO~g$~~.I
I
~,m~~K~~g$.~~¥.ft°I
L. ____________
..J:
iUtl.:ti
~!Ii!_11
.~~~~~.~.B*H~~fflW~$m fIHTfi~mf)jj!fiH~JJ\!(Gollmann,1999)
0{=tim.
~~~~.~..
§.,~.~~~.~~. ~*H*.:¥4~~~tE(Confidentiality),
1C1f
'11:(1ntegrity)R
Of
ffl
'11:(Availability) ,
fiPPJT~~r
C.LA.
J(Smith,
1989 ;
Schultz,
2001 ;
ISOIIEC
17799-1,2000;
Chapma,
1995 ;
~i§-,
1999) :
( - ) IUf511(Confidentiality) ;
.~r.~JR~• •
~m.~A'~~~1&0
( =);ffigl1(lntegrity) ;
~.r.~Jffi~r• •
1J$J~~.ttR 7t~'I1: 0 !( .:::) trrffll1(Avaiiability) ;
Ii1H'
f:
*&H®
m.
~fIe
ffl
'ff~ ~ JU( ~ J '.il1zfIefflfl3lDl
r.~••
J 0r.
.~~~.~~~ff~R.B~IDl~.R~
~~'M
• •
m~R~~f)jj~tt• •
ffl~~1tI ...
lti.t1tlR.*4~*(Rusell &Gangemi,
1992
1i:?'E:ifJll ,-_->::;S::.::...ecu,rity management) 1i:?'E: (Security) .llJjiifl,1i:?'E: 1¥Jt(1i:?'E: (Communication security) )o~M.@i'.~~-.A~.~~
• • •
• ••
,.~_ro~~~,~~~~&•••
B"lJj;(. '
@.~fJl.~.B"l~.'11:'
fiPfIe~1: .~'~Of~~Of~~~m~_~.~ (ISOfIEC17799-1, 2000)
0 r.~*H~~Jl'J
lli-W~. ~*H• •
,~~:~1tI,. 1tI'.~$'~Wtt~~~~'~~&*m. ~ffl.~*H• •
~~~m~,~.~~~~filtfiRiRfJl.'JJI!OO
(~J*:fl'1996)
0O~m~~~.~fim
• •
~~~~.*~
fi~T~.'~~lmffi(.~.'~~.·2001)
0 l.P;,~(Content)3(~:
m~~.~M••
~~~·~~~~~Aa ~~~~MJf.R 0 2.ffJ&(Access)3(~:
~~~fflW~.~·~MJEA~M~~OO&ttl!JJi pq
~mJEW!¥4a"Jff* 0 3.jjm(Communication)3(~:
l*-~!H'~r:j:lfIkJ~Jt~&~~"
4:ti:~~JI(Securitymanagement) :
~~&Wm~~~W'E.~~ft,W~~~~*fIkJ&:JJ!"
r
;)(;.-;';;~;.;IR-;;';f§i;.-;
1
I
m.§~14IfHifjiUi' 8/~.BtBltj91J.~9'!JijiJI
=~,
;3~g~~SCft.~2GIDl~ftilJ(94.2%), J.I
:
iII~!itl!i!fII
(92.9 % )
J:.(
liUI.IiIJ<!it1!i!
iIlJ(
90. 9%) ,
:
L
~~=:::'~'::il~~~~o
____
.J .
~.M~'~B.m~wm~~fIkJ~.'
ftfHF7:tmtJ5t
]J'H;t~~WJJl!(SecurityManagem
ent) ,
~SWI~(Productsand Tools) ,
W~9f. ~1i:m(Outsourcing)~-=- @Jt1ITfi~1i"
::$::)(tJitJ
B~~W,~r:j:l.R_wm.JJI!Ag*'r:j:l ~~wmJJ!ffl~~g.z.~'&~~WmW m~W.R
• •
~~ ,.a.$ffi9f.,~ft ~E: '~2002~1l rd]tJE-mail'*tfjr",~W650f)1 ,
~~r",'W159{51'
tD.~~r",'W5f51'
fi~ rl'l~~154f51'
fi~tJ;~*23.69% 0(-)
~~ftJl~1J§ *:)(~.mg:)(.~~.Wm~~WmITfiz "1.ftIi~§~14~~1i~E:' E/tWW1.ftlittf7'Jm:
•
fIkJM=~,5t~~: r~HWW~Zff*~ltljJ (94.2%)'
r~~~ ~ffi'JJ(92.9%) ,
r~H~ ~ffiIJJ (90.9%)~, milf
rffJfJl~ ~J' r~M~~J&r~H~~J~~~Bti::kfIkJam
0 m:f~a"JM-
~,
5t]J'j~: r~1iJifi1.i!h:WmJ (33.1%)'
r~1ioo.~5t;fJT (~lt,112
SlfiMl3..jilR:ti~esJ~a51i
m 17:
~,
•
pq~1i~{.fllX1i~
I
jMm17:~ 1i~~3'!Il,
,
1lJj~ Btll 17:~:'l'16
PKI VPN
no*,
1lJ:J:k1li
AfjH~lIllj1iN*imt :
m:~~,
Ilt'f~(2001)rt3'!ll§Ovum '1iJfH!r
MIC~ifHlflITISn. 0 fJ~!~~)
J (36.4%)' r
~tlt!filijmMffiIJJ(39.6%)
'milf~.~roo.~wmJ' r~ttl!.mM ~J*.~wm~~fIkJ§.zW~~*.&" ~ftfffiB '
~~14~tigJ\,~~WJJl!ITfizWIii!!~
§,
/tWWIii!!~
1.9% '
**"~.1itR~
21.2% '
::f9;[]~~~6.9%" milffJlB:llifflwm
~~WJJl!.M'• •
~~~~mIii!!E~~.::ka"J
1t!
m·
~::f~o~ ~JJ! fi
Nij,ffaT1ft '
~E:~,~~~m.::f7m;~=~::f9;[]~B
,
fi::f~O**~~• •
1ii!! '
~ttWIJ~f~
•
#ij~~m 0(=)~~~a5I~~1J§
~.~::f~fIkJtim~~.*'~ffl::f~fIkJ
•
m~~i!iSWI~
, tm[l/2rjflf
0::$::)(~~.wm~~~S.a.9~'~ft ~ml
' E / tW
Iii!! ttf7U m:
fIkJ~IJ
~,
5t]JIj
~: r~n~~J:J1lJ
(Anti-Virus)(98.1%)'
r~*1II
J (Firewall)(96.8%)W r
lSi
II
fL.
~MJ
(Virtual Private Network, VPN)(67.5%)
0milf
r • •
~.Jwr~*~J~~.~d• • M
~~~«~~,m~*fi~,m~~••
ffl~ M~~~~*M.(.~~W.~.'2002) ,
vPNtl:riE~JEg@:~ 0 .B®~'~~~• •
M~~.~OO~.~.§
'B/~.~~.61.5%' **M~.1M~.28.1% '
1'~[Jill~.l0.4% 0 D7f.M~~. ~WI~,mm• •
ffl~.d.M~~§.~1I:• •
q'~~**R.~~~mlli=d'D 7f.M~~.~~ffi.m~.~'~~.M~ ~!fiX~£Bfft1J!!r1i
p;'ija~11:tJi
Q( =:) it~~91-D~~~M ffi~.M~~~W~&~~M*1'~m*· ~m
••
~••
ft~fi~~*~~A~,~ft•
M~~~~mMIJ!~®~o.M~~~~m MI!ip;'ijJ5JTm1fta~~~Mfi~jfi(FennW ' 2002 ;
:lI~f4t~'2002) :
1.~ *~!Mi:~W ~:OO~~M(Fire
Monitoring)
02.A.
~f~i1lIj~M!Mi: ~W :OO~~M(IntrusionDetection Monitoring)
03.
~~tt ~ ~lfaJiffflIJtU~M(VulnerabilityAssessment)
0 4.~~i1l11~il:ij~M(PenetrationTesting)
0 5.m.fffllJtljij~M(Anti-Virus)
0 6.VPN~:OO~~M 07.
~J{
!Mi:
~W
~n n~ii
Jjj(
ij~M ( Web P age
Monitoring
&Recovery)
08.
~j:1I:~71Iij~M(URLFiltering)
09.
~ ~ff
~Jl.fiIi ¥IH~M(Security Intelligence
Alert)
010J~~5tffin~M(Reporting &
Analysis)
011.~~$1tf@]1J!
'
1~/W:i1!iWJ1HiEH~M(IncidentResponse
&Forensics)
012.• M
~ifj( •*11
n
n~M (Securi ty Policy
Development)
013.
M~~¥;iCf!fij~M(SecurityEducation and
Training)
Q 14.1~fffj~l.l(PatchManagement)
0 *~R.M~~~~.~.~d=• • •
~ §~ft.~,~~ /~• •
tt~.~~. r~§~Jjjrp~H~MJ(20.1%) ,
**M~.~tti§lJ~ ~~. r~fS~flij~MJ(56.5%)
Q.BffiH§ ,
B/
~.~~a~tt1§1j.17.3%'
**R.~~tt{9l1.52.8% '
1'~[Jill~tt19IJ.29.9%' ElMfJ3..fi
.*~ffl.M~~~~mM~.q,m**M .~~tt~W~.lid~~'D7f.M~~•
~mM**fi.*~ffi.H~~M,~m.~ n~Ml!iitij~mm 0(1m)
jU~it~~M2.fJ.~• •
a.~.M~~~~m~'• • •
M~ ~.~B.~.I~'~.M~~~~mMW ~.'~• • •
M~~~• •
,.~ft.~, ~7Rm~7f~~1'~.~~~~.'.~~ .~a~. r.B.~Jl.~~*IX'.il:mftJ (5.86) ,
:!t=
*
r~ M~~$~@~d~.~.fiJ(5.84) ,
:jI};X.
r.M~~$~~1&~1iJjj(n~rt'l' ~9;flJ(5.82) , gZP1r!t • •
1if~. r.M~~$~ a~;xlXtJ91(yJ (5.74) ,
.f.ljW.1iflJifll~0.12'
D7f.B@~'• •
~~~~:OOOO'.~IA OO~.P~~MOO~.M~~~~W.,~mff .~Jl.~~*1X'.il:1J!1*filEOO~MiIJJ 0~Idti
••
m~ffl~ M~~.Mm5t.=m.-j
~I
100'
:~~• •
'&~WI~'.~~. ~o~*X£~~'~~~~~&~WI~m••
~m~ttm.~,.~m• • •
m.m~ ~.~wI~~.m,mW.fiZ*h@M' ~~••m.z
m~~••
~~$~." • o~~~~~• •m~,~~••
m~.~$IJ
:fJl'
f*
Wj(:tr.::~~m~thH!f(BSI)~iBS 7799~itIJJEW~I)~HI~~iEI.(lSO)~ISO/IEC17799SkJ0HIi '
TIU~~!7q~:g~fI~tgflj$.pffrn*tJT31
,:1t~i&Jff~5$hir AW1~1t'
f~ ~m.~~m~~••
~~oo.mo.~.~• •
m~~rrM~~~,~~*rri&Jff~*h .~ZT,• • •
~o~:tr.::~m~~mM.ff ~~~,*~.~m.~M~OO~.$'•••
m~~.,mm~*.m~m~~mM rnm.m.,&~wmm.~JE~m~~m~ rn~~ 0!"I
(
w=ff7}7jIJmEi~~**ittJlIIJif: '
i&m
*.~m
• • •
*~ft~~&.rr*• • •M
¥liJf3"Cpffft~
)
• •
~3ZJf
l.Chapman, D.B. and Zwicky, E.D.(1995),
Building Internet Firewalls. O'Reilly &
Associates.
2.Eloff, M.M. &
Solms, S.H. V.(2000),
"Information Security Management: An
Approach to Combine Process Certification And
Product Evaluation", Computers & Security.
Vo1.19, NO.8, PP.698-709.
3.Fenn, C.& Shooter, R(2002), "IT Security
Outsourcing", Computer Law Security Report.
Vo1.18, No.2, PP. 109-11
1.4.Gollmann, D.(1999) Computer Security, John
Wiley & Sons Ltd, 1999.
5.ISO/IEC
17799-1 (2000),
Information
technology-code of practice for information
security management, 2000.
6.Rusel1, D. & Gangemi, G.T.(1992), Computer
Security Basics, California, U.S.A., O'Reilly &
Associates Inc, 1992.
7.Schultz,
E.E.,
Proctor,
R.W.,
Lien,
M.C.(200l),"Usability and Security An
Appraisal of Usability Issues in Information
Security Methods", Computer & Security, Y.20,
NO.7, PP.620-634.
8.Smith, M.( 1989), "Computer Security-Threats,
Vulnerabilities and Countermeasures",
Information Age, October, PP.205-210.
9.1L~MtS{(2002)' "~YI. ~.~HEl.1iJf ~"