淡江大學機構典藏:Item 987654321/34156
English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 64178/96951 (66%)
造訪人次 : 9305245      線上人數 : 233
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
    •  進階搜尋


    請使用永久網址來引用或連結此文件: https://tkuir.lib.tku.edu.tw/dspace/handle/987654321/34156


    題名: 以共同準則落實資訊確保之探討 : 以S壽險公司之「旅行平安險網路投保系統」為例
    其他題名: Information assurance using common criteria : a case study of the information system of an insurance co
    作者: 楊麗貞;Yang, Li-chen
    貢獻者: 淡江大學資訊管理學系碩士班
    梁德昭;Liang, Te-chao
    關鍵詞: 共同準則;保護剖繪;安全標的;評估標的;資訊確保;Common Criteria;Protection profile;Security Target;Target of Evaluation;Information Assurance;ISO15408
    日期: 2006
    上傳時間: 2010-01-11 04:58:57 (UTC+8)
    摘要: 因應資訊安全標準的需求,財團法人電信技術中心於94年11月15日通過ISO/IEC17025認證,正式成立資通安全檢測實驗室,為一以共同準則為標準之測試實驗室。資安產品通過共同準則驗證提供安全性保證已是潮流所趨,唯較少提及系統的安全性保證。有鑑於此,本研究依共同準則之標準實作S壽險公司之「旅行平安險網路投保系統」之保護剖繪及安全標的,透過實作結果,提出下列建議:1.列出該系統之安全性規格,提供該企業主、系統開發者、網路管理者對該系統安全性衡量或改進的參考。2.資訊系統於開發生命週期中或系統上線後,也能導入共同準則,作為安全功能檢視與驗證之標準。3.所有網路交易系統導入共同準則之標準,以建置一個具有基本資訊確保的交易環境。
    In accordance with the demands of the information security standard, on November 15th, 2005, the information security inspection laboratory passed the ISO/IEC17025 authentication, and established the Telecom Technology Center, a commonwealth organization of Taiwan R.O.C. The lab use common criteria in the standardized tests. Security products must pass the Common Criteria verification for information assurance has become the trend. But seldom do they mention the information system security guarantee.
    This thesis performs a case study that establishes the protection profile and security target for a travel insurance information system using Common Criteria. Through the case study we conclude that:
    1.As a case study result, a list of the security specifications and recommends for security improvement can be served as suggestions to the business owner, system developers, and network attendants.
    2.It is recommend that within the system development life cycles and/or after information system being delivered, the Common Criteria shall be followed as security function of inspection and confirmation.
    3.Network transaction systems can employ Common Criteria as a standard to establish the base for a network transaction environment for information assurance.
    顯示於類別:[資訊管理學系暨研究所] 學位論文

    文件中的檔案:

    檔案 大小格式瀏覽次數
    0KbUnknown281檢視/開啟

    在機構典藏中所有的資料項目都受到原著作權保護.

    TAIR相關文章

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - 回饋