淡江大學機構典藏:Item 987654321/105527
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 62805/95882 (66%)
Visitors : 3928731      Online Users : 749
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
    •  Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: https://tkuir.lib.tku.edu.tw/dspace/handle/987654321/105527


    Title: 個人資料檔案風險評鑑威脅與弱點項目之研究
    Other Titles: A study of the threat and vulnerability items for risk evaluation of personal information files
    Authors: 陳俊谷;Chen, Jun-Gu
    Contributors: 淡江大學資訊管理學系碩士在職專班
    蕭瑞祥;Shaw, Ruey-Shiang
    Keywords: 個人資料保護;個資管理;風險評鑑;personal data protection;Personal Information Management;Risk Evaluation
    Date: 2015
    Issue Date: 2016-01-22 14:58:19 (UTC+8)
    Abstract: 本研究旨在整合資安風險評鑑與個資風險評鑑之作法,進而探討個資檔案於風險評鑑時,可以用以評估風險之威脅項目與對應之弱點項目。本研究以文獻分析法彙整資訊資產風險評鑑之威脅與弱點配對項目,再經二次專家訪談,蒐集專家對於資訊資產與個資風險評鑑之觀點,以及資訊資產威脅與弱點配對項目用於個資檔案風險評鑑之建議,進而得出適用於個資檔案風險評鑑之威脅與弱點項目。

    研究結果發現,已導入資安管理系統ISMS的組織,可整合資訊資產風險評鑑與個資檔案風險評鑑,以一致的評估方式,減少風險評鑑重複執行。若導入「個人資料保護參考指引」之風險評鑑架構,可加入詳細風險評鑑方法,以配合企業原有ISMS之作法。本研究並由68個資訊資產威脅與弱點項目,彙整出38項主要個資檔案威脅與弱點評估項目,及12項次要評估項目,提供企業進行個資檔案詳細風險評鑑之基礎,並可節省時間與成本。
    This study would explore the risk evaluation integration of information security and personal information files, and then explore the threat and vulnerability items for risk evaluation of personal information files. This study collected the threat and vulnerability items for information asset risk evaluation by literature analysis method.

    Through the expert interview and options collection for integration of information security and personal information files, and the suggestion of the threat and vulnerability items for personal information files risk evaluation, the result shows that enterprise should integrate the information security risk evaluation and personal information file risk evaluation to reduce the effort. If companies implement the “Personal Data Protection Reference Guide", the findings recommend to practice with detail risk evaluation method. This study also organized 38 threat and vulnerability items to reduce the loading of personal information file risk evaluation and to support the integration of risk evaluation for information security and personal information files.
    Appears in Collections:[Graduate Institute & Department of Information Management] Thesis

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML231View/Open

    All items in 機構典藏 are protected by copyright, with all rights reserved.

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - Feedback