English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 49287/83828 (59%)
造訪人次 : 7149652      線上人數 : 59
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋
    請使用永久網址來引用或連結此文件: http://tkuir.lib.tku.edu.tw:8080/dspace/handle/987654321/77413


    題名: 外商銀行業資訊安全管理之研究 : 以A銀行為例
    其他題名: A study of information security management in foreign banks : an empirical examination on A bank
    作者: 陳盈成;Chen, Scott
    貢獻者: 淡江大學資訊管理學系碩士在職專班
    周清江;Jou, Chichang
    關鍵詞: 資訊安全管理;外商銀行業;Information Security Management;Foreign Banks;ISO/IEC 27001
    日期: 2012
    上傳時間: 2012-06-21 06:41:24 (UTC+8)
    摘要: 由於近年來金融法令限制的解除與市場開放的政策,本國銀行業面臨國外銀行來台的競爭威脅加劇,必須擴大其營運規模以因應所面臨的業務衝擊。台灣在2002年加入世界貿易組織WTO後,基於互惠原則,銀行業者也可對等設立分行。因此走向國際也成為多數國內本地銀行擴展規模的可行選項之一;而隨著營運版圖的擴大與人員的增加,跨國資訊處理/傳遞的安全以及各國資訊安全法規的遵循也就成為必須重視的課題之一。根據統計,截至2011年11月為止,國內銀行已有13家取得ISO/IEC 27001:2005資訊安全管理標準驗證,透過符合國際資安管理標準,確保客戶對於銀行在資訊處理與保管上的信賴感。相較於國內本地銀行以ISO國際資安管理標準為藍本來規劃資安管理作業程序,許多來台營業之大型外商銀行都發展出自有的資訊安全管理系統(ISMS)。就我們所知,過去探討銀行業資安管理文獻中,大多以區域性銀行或本國銀行為研究對象,尚未有針對大型外商銀行業的資安管理框架之研究,因此我們想要探討大型國際性銀行之資安管理實作相對於ISO/IEC 27001:2005國際標準是否有所差異或特出之處。本研究透過問卷調查與深度訪談的方式,發現 A 外商銀行的ISMS最著重於應用系統之安全需求、設計、開發、測試與維運等應用程式生命週期的安全強化;而在資安實作面上,則有內外部主動風險控管、深化資訊系統安全評鑑工作、簡化資訊資產分級標的、強化資訊安全組織及廣度等四項特色,可提供本國銀行進行國際化時之資安管理實作參考。
    Due to lifting of regulations in financial laws and market opening policies within recent years, the domestic banks face intensifying competition from foreign banks. They have expanded operation scales to cope with such business impact. In 2002, since Taiwan joined the World Trade Organization (WTO), domestic banks have been permitted to set up branches in WTO’s member countries based on the reciprocity treaty. For the first time, expanding their business worldwide became one of the feasible options to most of the domestic banks. In becoming internationalized, their operations and number of personnel have been tremendously increasing. That brings up the important security issues of cross-border information processing/transmission as well as inter-country regulatory security compliances. In order to gain the trust of information protection to the bank’s customers, 13 Taiwanese banks have earned ISO/IEC 27001:2005 ISMS certification. Nevertheless, instead of the approach of earning the certifications, major foreign banks have developed their own information security management systems (ISMS) and have customized it to meet their business requirements. As far as we know, most previous studies about information security on the financial sector were related to regional or domestic banks and focused on the implementation of ISO/IEC 27001 ISMS standard. The ISMS frameworks of the major international banks have not been studied. Therefore we would like to explore the ISMS framework of a major foreign bank and compare the bank’s practice with ISO/IEC 27001:2005 standard to address the gaps between them. In this study, through questionnaires and in-depth analysis of interviews, we found that A Bank’s security measurements are largely focus on the secure system development lifecycle (SSDLC) aspects such as system security requirements, design, development, testing and maintenance. In ISMS implementations, the bank emphasized the active internal/external risk management, deepened IT system security assessment, simplified assets classification, and strengthened the independence and breadth of information security organization.
    顯示於類別:[資訊管理學系暨研究所] 學位論文

    文件中的檔案:

    檔案 大小格式瀏覽次數
    index.html0KbHTML258檢視/開啟

    在機構典藏中所有的資料項目都受到原著作權保護.

    TAIR相關文章

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - 回饋