淡江大學機構典藏:Item 987654321/105527
English  |  正體中文  |  简体中文  |  全文笔数/总笔数 : 62805/95882 (66%)
造访人次 : 3991480      在线人数 : 501
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
    •  进阶搜寻


    jsp.display-item.identifier=請使用永久網址來引用或連結此文件: https://tkuir.lib.tku.edu.tw/dspace/handle/987654321/105527


    题名: 個人資料檔案風險評鑑威脅與弱點項目之研究
    其它题名: A study of the threat and vulnerability items for risk evaluation of personal information files
    作者: 陳俊谷;Chen, Jun-Gu
    贡献者: 淡江大學資訊管理學系碩士在職專班
    蕭瑞祥;Shaw, Ruey-Shiang
    关键词: 個人資料保護;個資管理;風險評鑑;personal data protection;Personal Information Management;Risk Evaluation
    日期: 2015
    上传时间: 2016-01-22 14:58:19 (UTC+8)
    摘要: 本研究旨在整合資安風險評鑑與個資風險評鑑之作法,進而探討個資檔案於風險評鑑時,可以用以評估風險之威脅項目與對應之弱點項目。本研究以文獻分析法彙整資訊資產風險評鑑之威脅與弱點配對項目,再經二次專家訪談,蒐集專家對於資訊資產與個資風險評鑑之觀點,以及資訊資產威脅與弱點配對項目用於個資檔案風險評鑑之建議,進而得出適用於個資檔案風險評鑑之威脅與弱點項目。

    研究結果發現,已導入資安管理系統ISMS的組織,可整合資訊資產風險評鑑與個資檔案風險評鑑,以一致的評估方式,減少風險評鑑重複執行。若導入「個人資料保護參考指引」之風險評鑑架構,可加入詳細風險評鑑方法,以配合企業原有ISMS之作法。本研究並由68個資訊資產威脅與弱點項目,彙整出38項主要個資檔案威脅與弱點評估項目,及12項次要評估項目,提供企業進行個資檔案詳細風險評鑑之基礎,並可節省時間與成本。
    This study would explore the risk evaluation integration of information security and personal information files, and then explore the threat and vulnerability items for risk evaluation of personal information files. This study collected the threat and vulnerability items for information asset risk evaluation by literature analysis method.

    Through the expert interview and options collection for integration of information security and personal information files, and the suggestion of the threat and vulnerability items for personal information files risk evaluation, the result shows that enterprise should integrate the information security risk evaluation and personal information file risk evaluation to reduce the effort. If companies implement the “Personal Data Protection Reference Guide", the findings recommend to practice with detail risk evaluation method. This study also organized 38 threat and vulnerability items to reduce the loading of personal information file risk evaluation and to support the integration of risk evaluation for information security and personal information files.
    显示于类别:[資訊管理學系暨研究所] 學位論文

    文件中的档案:

    档案 描述 大小格式浏览次数
    index.html0KbHTML232检视/开启

    在機構典藏中所有的数据项都受到原著作权保护.

    TAIR相关文章

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - 回馈