淡江大學機構典藏:Item 987654321/34156
English  |  正體中文  |  简体中文  |  全文笔数/总笔数 : 64191/96979 (66%)
造访人次 : 8568388      在线人数 : 7630
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
    •  进阶搜寻


    jsp.display-item.identifier=請使用永久網址來引用或連結此文件: https://tkuir.lib.tku.edu.tw/dspace/handle/987654321/34156


    题名: 以共同準則落實資訊確保之探討 : 以S壽險公司之「旅行平安險網路投保系統」為例
    其它题名: Information assurance using common criteria : a case study of the information system of an insurance co
    作者: 楊麗貞;Yang, Li-chen
    贡献者: 淡江大學資訊管理學系碩士班
    梁德昭;Liang, Te-chao
    关键词: 共同準則;保護剖繪;安全標的;評估標的;資訊確保;Common Criteria;Protection profile;Security Target;Target of Evaluation;Information Assurance;ISO15408
    日期: 2006
    上传时间: 2010-01-11 04:58:57 (UTC+8)
    摘要: 因應資訊安全標準的需求,財團法人電信技術中心於94年11月15日通過ISO/IEC17025認證,正式成立資通安全檢測實驗室,為一以共同準則為標準之測試實驗室。資安產品通過共同準則驗證提供安全性保證已是潮流所趨,唯較少提及系統的安全性保證。有鑑於此,本研究依共同準則之標準實作S壽險公司之「旅行平安險網路投保系統」之保護剖繪及安全標的,透過實作結果,提出下列建議:1.列出該系統之安全性規格,提供該企業主、系統開發者、網路管理者對該系統安全性衡量或改進的參考。2.資訊系統於開發生命週期中或系統上線後,也能導入共同準則,作為安全功能檢視與驗證之標準。3.所有網路交易系統導入共同準則之標準,以建置一個具有基本資訊確保的交易環境。
    In accordance with the demands of the information security standard, on November 15th, 2005, the information security inspection laboratory passed the ISO/IEC17025 authentication, and established the Telecom Technology Center, a commonwealth organization of Taiwan R.O.C. The lab use common criteria in the standardized tests. Security products must pass the Common Criteria verification for information assurance has become the trend. But seldom do they mention the information system security guarantee.
    This thesis performs a case study that establishes the protection profile and security target for a travel insurance information system using Common Criteria. Through the case study we conclude that:
    1.As a case study result, a list of the security specifications and recommends for security improvement can be served as suggestions to the business owner, system developers, and network attendants.
    2.It is recommend that within the system development life cycles and/or after information system being delivered, the Common Criteria shall be followed as security function of inspection and confirmation.
    3.Network transaction systems can employ Common Criteria as a standard to establish the base for a network transaction environment for information assurance.
    显示于类别:[資訊管理學系暨研究所] 學位論文

    文件中的档案:

    档案 大小格式浏览次数
    0KbUnknown278检视/开启

    在機構典藏中所有的数据项都受到原著作权保护.

    TAIR相关文章

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - 回馈