淡江大學機構典藏:Item 987654321/102410
English  |  正體中文  |  简体中文  |  全文笔数/总笔数 : 62830/95882 (66%)
造访人次 : 4051672      在线人数 : 986
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
    •  进阶搜寻


    jsp.display-item.identifier=請使用永久網址來引用或連結此文件: https://tkuir.lib.tku.edu.tw/dspace/handle/987654321/102410


    题名: 資訊安全健診之研究 : 以政府機關為例
    其它题名: A study of information security diagnostic : three cases of government organizations
    作者: 高敏書;Kao, Min-Shu
    贡献者: 淡江大學資訊管理學系碩士在職專班
    黃明達;Hwang, Ming-Dar
    关键词: 資安健診;網站安全;更新管理;Information Security Diagnostic;ISO27001;Web Security;Patch Management
    日期: 2014
    上传时间: 2015-05-04 09:55:04 (UTC+8)
    摘要: 國內關於資安相關的個案研究,大多針對單一組織管理面進行探討,而本研究係透過A公司執行三個政府機關技術面的資安健診專案所得到結果,進行交叉分析,希望透過三個個案的執行結果,進行比較,找出機關間共同存在的問題。透過問題的發現及評估可能的風險,進而提出降低風險的方式。

    本研究針對三個個案結果進行比較分析後,發現針對網站安全、網路架構、內部網路防護機制、個人電腦與伺服器惡意程式防護與更新管理; 系統、資料庫與網路安全設定等五個構面存在類似的問題,如三個機關網站均存在OWASP 2013 TOP 10的問題,有兩個機關存在相同的惡意程式,使用者電腦與伺服器更新管控機制及內部網路存取管控均較弱等問題。兩個機關在資料庫重要資料加密與稽核機制均缺乏管控機制,三個機關對外服務使用之通訊協定均有未加密而產生可能洩露重要資訊的風險。行政院國家資通安全會報雖針對上述五個構面有訂定相關規範且不定期執行稽核,但由於各機關執行的範圍與落實度不盡相同,導致無法顯示真實的防護情況。例如X機關ISO27001驗證的範圍較其他機關廣泛,所以在資安健診結果上整體資安的強度較其他機關高。本研究提出幾個改善的建議,期望透過這些建議可改善政府的整體資安現況。
    The majority of regional case studies on information security focus on the management of individual organizations, this study however cross an analysis diagnosis results from “Company A” on the information security (technology-wise) of three government agencies. Through this study, common mistakes among organizations can be identified, risks can be evaluated, and approaches to reduce such risks will be proposed.
    It is found in this study that similar problems on web security, network architecture, internal network protection mechanisms, update management, databases security were identified in all three cases. Meaning that although regulations and guidelines on information security for all government divisions are set by the National Information and Communication Security Taskforce, and audits are carried out irregularly, the extent of accomplishments of each and individual divisions vary significantly, resulting their true security level not fully reflected. For instance, “Organization A” gets best mark on over all information security only because it has a wider inspection range on ISO27001. Several recommendations are proposed in this study for future improvements. It is expected that the information security level of our government will be enhanced through these suggestions.
    显示于类别:[資訊管理學系暨研究所] 學位論文

    文件中的档案:

    档案 大小格式浏览次数
    index.html0KbHTML244检视/开启

    在機構典藏中所有的数据项都受到原著作权保护.

    TAIR相关文章

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - 回馈