政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/124900
English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  Items with full text/Total items : 113311/144292 (79%)
Visitors : 50923871      Online Users : 932
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    Please use this identifier to cite or link to this item: https://nccur.lib.nccu.edu.tw/handle/140.119/124900


    Title: 我國資訊安全管理法律之探討: 以關鍵資訊基礎建設保護為核心
    The study on Taiwan`s Cybersecurity Management Act: Focus on Critical Information Infrastructure Protection
    Authors: 萬幼筠
    Wan, Youyen
    Contributors: 陳起行
    萬幼筠
    Wan, Youyen
    Keywords: 網際安全
    資訊安全
    關鍵資訊基礎建設保護
    風險管理
    資訊安全法律
    Cybersecurity
    Cybersecurity Law
    Critical Information Infrastructure Protection
    Risk management
    Digital governance
    Resilience
    Date: 2019
    Issue Date: 2019-08-07 16:41:08 (UTC+8)
    Abstract: 網路與資訊科技的發展,對於國家與社會或社群的發展,以及群己關係都出現典範移轉,近年來隨著資通訊與網路科技的便利性與效率逐步滲透入各公私領域,成為不可或缺的操作工具與能力,也因此進而影響到經濟發展、民生活動,甚且地緣政治與國際關係的角力。

    至近二十年來的網路與通訊革命,使得社會、國家和資訊網路緊密相依性改變了群己生活的面貌。此種趨勢使得虛擬社會(Cyberspace)概念的出現,也讓網路、資通訊技術以及多元應用,成為現代化國家競爭與經濟發展的基石之一。然基於此基石之保護,已成為國家未來競爭力環節的重要部份,我國總統蔡英文女士亦提出「資安即國安」的策略,冀引起政府與民間的通力合作,以期促成先進的數位化國家,帶給人民福祉。但是若無規畫完善的法制環境,還有社會理解,並無法形成一個穩定的網際空間,除此之外,足夠的資安人才的培育,並透過政府與民間合作的格局,促使網路虛擬世界 (Cyberspace) 與資訊法律(Cyberlaw)的完善規畫,吾人得以界定網路世界的安全與保護的方式。此所以我國隨全球先進國家之腳步,訂定資訊或網路安全法律(Cybersecurity Law)來保護國家資通訊環境之發展。

    基於歐盟資訊安全法律(Cybersecurity Act)的設計與建構可說是相對領先的法形成過程,且完整具備政策綱領,法規與執行規範,足為參考之外。歐盟以國家資通訊基礎建設保護(Critical Information Infrastructure Protection)作為立法理念,屏除過去資訊安全立法,不同於政府或國家安全與情報保護的保護想法,亦迴異於傳統資訊安全規管以國安或情報監察,或仰賴不具技術中立性技術保護規格的迷思。皆為相對洞見的立法內容,歐盟資訊安全法透過公私機構合作,落實情資交換、人才培育,與專責機構協力等方式,帶動美日亞洲各國紛紛起而仿效,因此本研究將針對歐盟,美國兩者以實施資訊安全法三年以上之國家,對我國甫通過之資訊安全法律(Cybersecurity Law)進行比較與分析,並嘗試以具落實發展效果之框架,比較法規內容架構,運作情形與可能運作問題等,提出我國資通訊安全法律未來調適或改進的可能方向。

    本研究的結果發現,我國目前的資通安全管理機制,較缺乏清楚的政策綱領僅以保護方法為要,缺乏如歐盟以「數位單一市場」(Digital Single Market)為發展資通訊法律之綱領作為政策選擇的依據,此外,目前之我國之資訊安全法律並缺乏整合跨產業CII(關鍵資訊基礎建設)具融合性的資訊安全治理方法 (歐盟以數位治理為準則),或與其他資料保護法律的連結,使得資訊安全的防護缺乏明確的連結。 除了強調公營機構與政府機關之外受該法之觀照之外,目前我國的經特許之民營金融,電信與部分醫療產業,作為民生與經濟基石的私部門資訊安全皆尚未完全妥善納入治理,並針對人才別,產業別與市場需要且法律落實(Law in Action)發展的實務與執行面上, 使的我國資通安全法律尚有相當大未來之調適空間。

    【關鍵字】 : 網際安全、資訊安全、關鍵資訊基礎建設保護、風險管理、資訊安全法律、Cybersecurity Law、Cyberspace、Interdependency、Resilience、Cyberethics
    Abstract

    This study examines and analyzes the information security laws (Cybersecurity Law) adopted by the European Union,the United States and Taiwan from the perspective of implementation effectiveness of the regulations by comparing their legal framework,contents of the regulations,implementation status as well as discussing relevant regulatory issues and challenges,and proposes approaches for future modification or improvement of Taiwan`s cybersecurity regulations.

    The European Union`s information security regulations were selected as the main subject of study in view of the characteristics of their design framework and implementation requirements are relatively effective. The European Union takes the protection of the Critical Information Infrastructure (CII) as the core issue of the information security regulations,which requires public-private partnerships in information exchange and personnel training,and demands the cooperation of the responsible organizations and competent authorities. The design of information security laws and regulations in the United States and Japan has also adopted such approaches.

    The network and information technology has shifted the paradigm of development for nations,societies,or communities,as well as the relationship between group and individual. Over the past two decades,with the convenience and efficiency of access to information and network technology,it has gradually permeated into every facet of everyday life,and have become indispensable tools and functions as the foundation of almost all public and private sectors,which in turn have impact on economic development,people`s livelihood,and even the geopolitical and international relations.

    Such trend and the ubiquity of the Internet have led to the emergence of the virtual community,"Cyberspace",and making Internet and communication technology one of the cornerstones of national competitiveness and economic development in modern countries. The protection of such cornerstones is critical for a country to stay competitive in the future and it is important that the government to work with the private sectors to secure the network services and infrastructure of information technology.
    In addition to the current protection measures of the information infrastructure and services,it is critical to take into account the trends that are defining the future of our societies and governance systems when planning the protection program of national information and communication. For example,the education of information security professionals should then not only consider the status quo but the needs of the future society,and Cybersecurity Law shall be enacted under the Network and Information Law (Cyberlaw) to protect the development of the information society.

    The results of this study show that Taiwan`s current control and management mechanism of information and communication security lacks a clear policy framework,and only adopts protection operations as the control measures. The European Union,however,has established the policy framework,"Digital Single Market",as the guideline for the development of information and communication regulations and the basis for policy formulation. In addition,Taiwan`s current information security regulations lacks an integrated information security regulatory regime,such as a cross-industry CII information security governing system,whereas the European Union adopts Digital Governance as the integrated system,and there is also a lack of connections with other data protection regulations,which makes the protection measures of information security without clear connection to the protection objectives.

    Taiwan`s public institutions and government agencies are subject to information security regulations by law,however,with respect to those private franchising financial institutions,telecommunications and medical industries,as these industries of the private sector also serve as the cornerstone of people`s livelihood and economic development,the current regulation of information security management for the private sectors shall be Retrieved and enhanced. In response to the revision and development of Taiwan`s Cybersecurity Law and Cyberlaw,it is suggested that to conduct a complete review and revision from the perspective of human resources and professional training,industries and sectors,market needs,law in action,and the implementation and practice of information security regulations.

    [Keywords] : Cybersecurity,Cybersecurity Law,Critical Information Infrastructure Protection,Digital Governance,Cyberethics,Interdependency,Risk Management
    Reference: 參考文獻
    中文部分
    書籍
    1.Bech, Ulrich著,汪浩譯,風險社會-通往另一個現代的路,台北: 巨流 出版社,2004年2月第一版。
    2.伯特蘭羅素,西方哲學史–以社會和政治視角考察哲學的一般歷史,重慶: 重慶出版社,2016年11月1日第三版。
    3.馬民虎,歐盟信息安全法律框架,北京: 法律出版社,2009年1月1日第一版。
    4.高宣揚,當代社會理論,台北: 五南出版社,1998年9月1日第一版。
    5.許耀明。歐盟法WTO法與科技法。台北: 元照出版社,2009年4月第一版。
    6.陳振楠、林永修、王瑞祥,資通安全法律教材,台北: 智勝出版社,2013年3月18日第一版。

    期刊論文
    1.吳齊殷、戴昀,虛擬空間的倫理議題─網路社會的社會秩序與信任,E社會的公共倫理-公民德行與公民養成研討會論文集【專刊】,2014年。
    2.周桂田,網際網路上的公共領域-在風險社會下的建構意義,第二屆資訊與社會研討會論文【專刊】,中央研究院社會學研究所,1997年。
    3.張道武,亞里士多德空間概念研究,科學技術與辯證法雜誌,Vol.19 No.2,2002年。
    4.郭良文,台灣網際網路興起之政治經濟學分析: 一個全球化發展的觀點【專刊】。第二屆資訊科技與社會轉型研討會論文集,1997年。
    5.陳偉、吳剛、祈志敏,浅析我国网络信息安全保险体系的建立与发展,信息安全等級保護技術研討會論文【專刊】,2016年。
    6.程威、周軍、羅凱,風險評估量化分析,信息網路安全期刊-公安部第三研究所,Vol:8 Issue: 10,2011年。
    7.劉金瑞,歐盟網路安全立法最近展及其意義,汕頭大學學報,Vol.1,2017年。
    8.應晨林,網路治理現代化視角下的網路安全立法之戰略定位,資訊安全研究,Vol. 2 Issue.9,2016年。

    研究計畫
    1.中華民國資訊軟體協會,國家通訊傳播委員會資訊安全管理系統研究計畫期末報告, 台北:國家通訊傳播委員,2011年。
    2.王仁甫,數位經濟與我國網路安全保險之趨勢,台北: 行政院,2018年。
    3.朱斌妤,數位國家治理(2):國情追蹤與方法整合,台北:行政院國家發展委員會,2015年。
    4.行政院國土安全辦公室,國家關鍵基礎設施安全防護指導綱要,台北: 行政院,2014年。
    5.行政院資通安全處,行政院國家資通安全會報107年資通安全諮詢會議,台北: 行政院資訊安全處,2018年。
    6.行政院資通安全辦公室,建立我國通資訊基礎建設安全機制計畫(94 年至 97 年),台北: 行政院國家資通安全會報,2007年。
    7.我國資通安全發展藍圖,我國資訊安全產業發展計畫 (107年-114年),行政院資通安全會報,2018年。
    8.國安會-資通安全辦公室,國家資通安全戰略報告,台北:中華民國總統府,2019年。
    9.國家發展委員會,網路智慧新台灣政策白皮書,台北: 行政院,2016年。
    10.國家發展委員會,數位國家創新經濟發展方案DIGI+,台北: 行政院科技顧問會報,2016年。
    11.張承瑞,科技犯罪偵查暨數位鑑識出國參訪報告書,台中: 刑事警察局,2010年。
    12.萬幼筠,政府委外採購資訊安全計畫-104年政府資訊安全長會議專題,台北: 行政院資通安全會報,2015年。
    13.資策會科技法律研究所,我國資通安全法制研究-資通安全授權子法-資訊安全管理法施行細則,台北: 行政院資通安全處,2018年。
    14.資策會科技法律研究所,資通安全管理法子法發展計畫草案(第二階段北區公聽會),台北: 行政院資安處,2018年。
    15.蔡玉玲,虛擬世界發展法規調適規劃方案(核定本),台北:國家發展委員會,2016年。
    16.聯合行銷研究股份有限公司, 106年民眾數位機會調查報告, 台北: 行政院國家發展委員會,2017年。
    17.謝永江,网络空间安全法律法规研究子計畫-論網路安全法的基本原則, 北京: 中国工程院,2016年。

    博碩士學位論文
    1.王欣怡,殭屍網路之攻防架構與分析研究,未出版之博(碩)士論文,銘傳大學,資訊傳播研究所,台北,2011年。
    2.王泰銓,歐盟基本權利憲章之探討,未出版之博(碩)士論文,淡江大學,歐洲研究所, 新北市, 2002年。
    3.劉興浚,強化我國資訊安全管理法之研究,未出版之博(碩)士論文,東吳大學: 法律研究所,台北,2015年。
    4.鍾文魁,關鍵資訊基礎設施保護法制面建構與分析, 未出版之博(碩)士論文,東吳大學: 法律研究所,台北,2018年。

    網際網路
    1.TVBS - 金管會兩策略拚資安險保費,收入年增25% ,最後瀏覽日: June/25/2019, 檢自: https://news.tvbs.com.tw/world/949469
    2.vTaiwan 數位經濟法規線上諮詢, 最後瀏覽日: May/15/2019, 檢自: https://vtaiwan.tw/intro/
    3.中國如何獲取美國科研技術?權威學者關鍵報告:又偷又騙!是人類歷史上規模最大的財富轉移. 最後瀏覽日: June/1/2019, 檢自: https://www.storm.mg/article/669795?srcid=7777772e73746f726d2e6d675f66306361323834303833663465313432_1562583871
    4.中華民國總統府,資通電軍成軍 總統: 有形國土 捍衛到底. 無形國土 絕不讓步,最後瀏覽日: June/1/2016, 檢自: https://www.president.gov.tw/NEWS/21451
    5.石依華,中美駭客大戰-硝煙漸息 IT home 新聞,最後瀏覽日: May/31/2019, 檢自: https://www.ithome.com.tw/node/12783
    6.伍芬婕,政府開放資料,在世界第一之後?,天下雜誌,最後瀏覽日: May/31/ 2019,檢自: https://www.cw.com.tw/article/articleLogin.action?id=5073543
    7.自由時報電子報,國安法修法三讀 網際空間納入,最後瀏覽日: June/18/ 2019, 檢自 : https://news.ltn.com.tw/news/politics/breakingnews/2826946
    8.吳建興,瑞典首次發出阻斷連線禁制令,最後瀏覽日: April/10/2019, 檢自 : https://stli.iii.org.tw/article-detail.aspx?no=16&tp=1&i=0&d=7784
    9.國家級駭客橫行全球-行政院技服中心資安新聞,最後瀏覽日: April/5/2019,檢自: https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16182
    10.國家資通安全會報技術服務中心簡介,最後瀏覽日: June/10/2019,檢自: https://www.nccst.nat.gov.tw/About?lang=zh
    11.張雪峰,資訊安全概論-第三章資訊認證技術,最後瀏覽日2019/5/20 , 檢自: https://www.zip118.com/180187176_0814/6879.html
    12.陳慧菱,金管會將清查上市櫃公司投保資安險狀況,並納入公司治理評鑑”,鉅亨網,August/13/2018,最後瀏覽日: June/5/2019, 檢自: https://www.csronereporting.com/news/show/4992
    13.黃彥棻,立院通過廢止資安中心條例-親痛仇快,IThome 電腦報, 最後瀏覽日: May/4/2016, 檢自: https://www.ithome.com.tw/news/105714
    14.黃惠聆,企業資訊安全頻拉警報,資安險投保倍增,明年更旺,工商時報, November/27/2018,最後瀏覽日: Jun/12/2019, 檢自: https://www.chinatimes.com/newspapers/20181127000437-260208?chdtv
    15.意外發生!大量歐洲網路流量被導向中國長達2小時,最後瀏覽日: June/4/2019,檢自: https://netmag.tw/2019/06/14/量歐洲網路流量被導向中國長達2小時
    16.經濟部國營事業委員會年報,最後瀏覽: 2019/05/21,檢自: https://www.moea.gov.tw/Mns/CNC/content/wHandMenuFile.ashx?file_id=1548
    17.資通安全管理法之衝擊與影響,最後瀏覽日: June/ 19/ 2019,檢自: https://www.sgs.com.tw/zh-tw/news/2019/03/n_20190311_1
    18.網路民議: 翻牆罪,終於要落地了?,中國數字時代電子報,最後瀏覽日: April/21/2019, 檢自: https://chinadigitaltimes.net/chinese/2019/06/%E3%80%90%E7%BD%91%E7%BB%9C%E6%B0%91%E8%AE%AE%E3%80%91%E7%BF%BB%E5%A2%99%E7%BD%AA%E7%BB%88%E4%BA%8E%E8%A6%81%E8%90%BD%E5%9C%B0%E4%BA%86%EF%BC%9F/
    19.聯合國大會決議 (A/53/576)政府專家小組報告,最後瀏覽日: May/ 24/2019,檢自: https://s3.amazonaws.com/unoda-web/wp-content/uploads/2017/09/Information-Security-Fact-Sheet-Sep2017.pdf
    20.聯合國大會決議 UN (37/50)號,最後瀏覽日: May/24/2019,檢自: https://undocs.org/zh/A/RES/53/70
    21.鍾銘,中世紀間諜戰,最後瀏覽日: April/2/2019,檢自: https://kknews.cc/zh-tw/world/z96gbeg.html
    22.蘋果日報,中國31t.tw在台註冊宣傳,危害國安遭NCC火速斷網, 最後瀏覽日: April/10/2019, 檢自: https://tw.appledaily.com/new/realtime/20190315/1534035/

    參考文獻
    英文部分
    書籍
    1.Bauer, Craig P., Secret History: The Story of Cryptology, Florida USA: CRC Press, (2016).
    2.Bellia, Patricia L., Cyberlaw: Problems of Policy and Jurisprudence in the Information Age, Minnesota: WEST: Thomason Reuters Business, (2007).
    3.Bodeau, Deborah J., Cyber Threat Modeling: Survey, Assessment, and Representative Framework and legal study. The Homeland Security Systems Engineering and Development Institute (HSSEDI)™ Operated by The MITRE Corporation. Pittsburgh: MITRE,(2012).
    4.Christakis, Theodore, The Relations Between Cybersecurity, Data Protection and Privacy: A European Perspective, Berlin Germany: The Alexander von Humboldt Institute for Internet and Society (HIIG) , (2017).
    5.Clemente, Dave, Cybersecurity and Global Interdependence: What is Critical? Royal Institute of International Affairs, British: CHATHAM HOUSE, (2013).
    6.Dähn, Marie-Christine, Cyber Security: Public Responsibility and Fundamental Rights, or Shared Responsibility and Regulatory Challenge? Berlin Germany, Berlin Germany: The Alexander von Humboldt Institute for Internet and Society (HIIG) , (2017).
    7.ENISA, , Good Practices for identifying and assessing cybersecurity interdependencies, Athen: ENISA (2018).
    8.Friedman, Thomas, The world is flat, U.S.A: Farrar Straus Giroux.(2006).
    9.Gibson, William, (1982), “Burning Chrome”, Omni Magazine, (2005).
    10 Government of Netherlands, International Cyber Strategy: Towards an integrated international cyber policy, Netherland: Government of Netherland, (2017).
    11 Habermas, Jurgen, Strukturwandel der Offentlichkeit, Suhrkamp: Frankfurt am Main, (1990).
    12 Harrop, Wayne, Cyber Resilience: A Review of Critical National Infrastructure and Cybersecurity Protection Measures: Applied in the UK and USA, London: Palgrave Macrmillan, (2015).
    13 International Telecommunication Union, International Standard: ITU-T X.1051 Overview of Cybersecurity. Swiss: ITU, (2016).
    14 Koepsell, David R., The Ontology of Cyberspace: Philosophy, Law and the future of Intellectual Property, Chicago: Open Court, (2003).
    15 Kosseff, Jeff, Cybersecurity Law, New Jersey: John Wiley & Sons, (2017).
    16.Lee, Michael J., Toward Industrial Cybersecurity Resilience of Multinational Cooperation. IFAC Conference on Technology, (2018).
    17.Lessig, Lawrence The Code Version 2.0, Boston: Basic Books Publish, (2006),.
    18.Lemieux, Frederic, Current and Emerging Trends in Cyber Operations, London: Palgrave Macmillan, (2015).
    19.Lipton, Jacqueline, Rethinking Cyberlaw, Northampton: Edward Elgar Publishing, (2015).
    20.McNicholas, Edward R. Cybersecurity: A Practical Guide to the Law of Cyber Risk,New York: Practising Law Institute, (2015),.
    21.Mitnik, Kevin D., William L., Simon The Art of Deception: Controlling the Human Element of Security, New Jersey: John Wiley & Sons, (2002),.
    22.O’Connell, Marchy Ellen, Cyber Security and International Law, Royal Institute of International Affairs, British: CHATHAM HOUSE, (2012).
    23.Ohlin, Jens David, Cyber War: Law and Ethics for Virtual Conflicts, Oxford University Press, (2013).
    24.Orji, Uchenna Jerome, Cybersecurity Law and Regulation, Netherland: Wolf Legal Publishers (WLP), (2012).
    25.Pieprzyk, Josef, Fundamentals of Computer Security, Sydney Australia: Springer, (2003).
    26.Raul, Alan Charles, Privacy Law and Cybersecurity Law Review, London: Sidley Austin, (2018).
    27.Sigfusson, T. & Harris S., Cyberspace: A Paradigm Shift for International Entrepreneurs’ Relationships? In: Harris S., Kuivalainen O., Stoyanova V. (eds) International Business. The Academy of International Business. London: Palgrave Macmillan, London, (2012).
    28.Simon, Herbert A., The new Science of Management Decemberision, Prentice Hall,(1977).

    期刊論文
    1.Adams, Samantha A., The Governance of Cybersecurity ,TILT – Tilburg Institute for Law, Technology, and Society - Tilburg University, (2015).
    2.Atkinson, Sean, Cybersecurity Tech Basics: Vulnerability Management: Overview, Thomson Reuters Practical Law Vol: W-013-3774, (2018).
    3.Bauer, Johannes M. & Dutton, William H., “The New Cybersecurity Agenda: Economic and Social Challenges to a Secure Internet”, The World Development Report 2016: Digital Dividends, (2016).
    4.Bodeau, Deborah J. et.al., Cyber Threat Modeling: Survey, Assessment, and Representative Framework and Legal Study, The Homeland Security Systems Engineering and Development Institute (HSSEDI)™ Operated by The MITRE Corporation, Case Number 18-1174 / DHS reference number 16-J-00184-01, (2012).
    5.Bomse, Amy Lynne, “The Independence of Cyberspace”, Duke Law Review Vol.50, (2001).
    6.Brilingaite, Agne et. al, “Environment for Cybersecurity Tabletop Exercise”, 2017 The European Conference on Game-Based Learning, (2017).
    7.Castells, Manuel, “An Introduction to the Information Age”, Oxford University CITY Journal vol. 7, (1997).
    8.Cavelty, Myriam Dunn, From Cyberwar to Cybersecurity: Proportionality of Fear and Countermeasures, Academia.edu, (2011).
    9.Danezis, George, “Privacy and Data Protection by Design – From Policy to Engineering”, ATHEN: ENISA, (2015).
    10.ENISA, Cybersecurity Culture Guidelines: Behavioural Aspects of Cybersecurity, ENISA Publishing,(2018).
    11.Enocson, Juia, Prevention of Cybersecurity Incidents within the Public Sector, Linköping University | Department of Management and Engineering, Master Thesis, (2018).
    12.Fichtner, Laura, What kind of cyber security? Theorising cyber security and mapping approaches, Journal on Internet Regulation, Vol:7 Issues:2 , (2018).
    13.Fogleman, Ronald R., Information Operations: The Fifth Domain Dimension of Warfare, IWS Vol.10 No.47, (1995).
    14.Goldsmith, Jack L., “Against Cyberanarchy”, Chicago Law Review, Vol.65 Issue.1199, (1996).
    15.Goldsmith, Jack L., Cybersecurity Treaties: A Skeptical View. Koret-Taube Task Force on National Security and Law, Stanford University: Hoover Institution Press, (2013).
    16.Grobler C.P., Digital Forensic Readiness as a Component of Information Security Best Practice. IFIP International Federation for Information Processing, Vol 232, (2007).
    17.González-Sancho, Miguel, European Commission Strategy-Cybersecurity, EU Digital Single Market Policy, Belgium, (2019).
    18.Habermas, Jurgen.,” Drei normative Modelle der Demokratie: Zum Begriff deliberativer Politik”, in: Munkler, H.(Hg), Die Chancen der Freiheit. Grundprobleme der Demokratie, Munchen: Piper Verlag,(1992),.
    19.Helmbrecht, Udo, “Speech on ENISA – Cybersecurity Best Practices”, (2018).
    20.International Telecommunication Union, International Standard: ITU-T X.1051 Overview of Cybersecurity, Swiss: ITU, (2016).
    21.Jaycox, Mark, EFF Opposes Cybersecurity Bill Added to Congressional End of Year Budget Package, EFF Legislative Analysis, (2015).
    22.Jakobsen, Bettina, “Challenges to effective EU Cybersecurity Policy – Brief Paper”, European Court of Auditors, (2019).
    23.Karp, Brad S., Federal Guidance on Cybersecurity Information Sharing Act of 2015, Harvard Law School Forum on Corporate Governance and Financial Regulation, (2016).
    24.Krassni, Christian, European Programme on Critical Infrastructure Protection (EPCIP), 1st international Workshop on Regional Critical infrastructures Protection Programmes, (2011).
    25.Koseff, Jeff, Defining Cybersecurity Law, Iowa Law Review Vol.2 Issue.3, (2018).
    26.Kurniawan, Engdan, Security Level Analysis of academic information systems based on Standard ISO 27002:2013 using SSE-CMM, ArXiv,abs/1802.03613, (2018).
    27.Langner, Ralph, Stuxnet: Discussing a Cyberwarfare weapon, IEEE: Security and Privacy, Vol.9 Issues:3, (2011).
    28.Lazari, Alessandro, European Critical Infrastructure Protection, Italy: Springer, (2014).
    29.Lessig, Lawrence, The path of Cyberlaw, The Yale Law Journal Vol.104. Issue.1743, (1995),.
    30.essig, Lawrence, “Reading the Constitution in Cyberspace”, SSRN Electronic Journal Vol.45 Issues:3, (1997).
    31.Lessig, Lawrence, The Law of the Horse: What Cyberlaw might teach, Harvard Law Review, Vol.113. Issues:501, (1999).
    32.Liu, Edward C., “Cybersecurity: Selected Legal Issues”, Congressional Research Service R40429, (2013).
    33.Neutze, January & Nicholas, J. Paul, Cyber Insecurity: Competition, Conflict, and In Innovation Demand Effective Cyber Security Norms, Georgetown Journal of International Affairs, (2013).
    34.Nieto, Ana, Mobile Networks and Application, (2018).
    35.O’Connell, Marchy Ellen, Cyber Security and International Law, London: Chatcham House, (2012).
    36.Osula, Anna-Marchia, Mutual legal assistance & other mechanisms for accessing extraterritorially located data,Masaryk University Journal of Law and Technology Vol. 9 Issues.1, (2015).
    37.Post, David G., Against against Cyberanarchy, Berkeley Law Review Vol.17, (2002).
    38.Rosenzweig, Paul, THE International Governance Framework for Cybersecurity, Canada-United States Law Journal -Vol.37 Issue.2, (2012).
    39.Rothchild, John Protecting the Digital Consumer: The Limits of Cyberspace Utopianism, Indiana Law Journal,Vol.4 Issue.3, (1999),.
    40.Rowland, Diana, Electronic Datasets and Access to Legal Information, 15th BILETA Conference, (2000).
    41.Shackelford, Scott, Estonia two-and-a-half years later: A Progress Report on Combating Cyber Attacks, Journal of Internet Law SSRN: 1499849, (2010).
    42.Shackelford, Scott J. et, al., Unpacking the International Law on Cybersecurity Due Diligence: Lessons from the Public and Private Sectors, Chicago Journal of International Law,Vol.17 No.1, (2016).
    43.Shank, Sean, Cybersecurity: Domestic and Legislative Issues, National Security Law Brief Vol.1 No.1, (2011)
    44.Shgapiro, Sidney A., Risk Regulation at Risk, San Francisco: Stanford University Press, (2002).
    45.Shoebridge, Michael, Chinese Cyber Espionage and the National Security Risks Huawei Poses to 5G Networks, Commentary NLI, (2018).
    46.Solms, Rossouw von From Information Security to Cyber Security, Computers and Security Journal Vol. 38 Issues:3, (2013),.
    47.Stevens, Tim, “Global Cybersecurity: New Directions in Theory and Methods”, Politics and Governance Vol.6 Issue 2, (2018).
    48.Tanczer, Leonie Maria & Brass, Irina & Carr, Madeline, CSIRTS and Global Cybersecurity: How Technical Experts Support Science Diplomacy, Global Policy Vol. 9 Supplement. 3,pp60-62, (2018).
    49.Tanyildizi, Emrah, State Responsibility in Cyberspace, The problem of Attribution of Cyberattacks Conducted by Non-State-Actors”, Law & Justice Review Vol.8 Issue.14, (2017).
    50.Wamala, Frederick National Cybersecurity Strategy Guide, Swiss: International Telecommunication Union, Swiss: ITU, (2012),.
    51.White, Daniel M., The Federal Information Security Management Act of 2002: A Potemkin Village, 79 Fordham L. Rev. 369, (2011).
    52.Xu, Shouhuai, Cybersecurity Dynamics, Proceedings of The 2014 Symposium and Bootcamp on The Science of Security Article No.14, (2014).

    博碩士學位論文
    1.Martino, Mariano Di, Social profiling of users through information leakages, Master Degree Thesis Universiteit Hasselt, (2018).
    2.Backman, Sarah, The Institutionalization of Cybersecurity Management at EU-Level, Master Thesis, Swedish Defense University, (2016)
    3.Thaw, David Bernard, Characterizing, Classifying, and Understanding Information Security Laws and Regulations: Considerations for Policymakers and Organizations Protecting Sensitive Information Assets”, Dissertation of Doctor of Philosophy, of University of California, Berkeley, (2011).

    網際網路
    1.Adams, Samantha A. et. al., “The Governance of Cybersecurity - ”, TILT – Tilburg Institute for Law, Technology, and Society - Tilburg University, Retrieved by: May/1/2019, From: https://pdfs.semanticscholar.org/9f4c/b321bd2ca3a3c2f253066ccab7c49098ef.pdf
    2.Ansip, Andrus, Leading the Digital Single Market and fighting Cybersecurity, Open Access Government, Retrieved by : June/27/2019, From: https://www.openaccessgovernment.org/fighting-cybersecurity/67544/
    3.ATT&CK Matrix for Enterprise, MITRE, Retrieved by : June/28/2019,From: https://attack.mitre.org/?fbclid=IwAR3wrwjGtuXIWdEuwJAk3vY-7wmv5DWS1CKH8hwRozfjUCoHTZAoNDmHnIs
    4.Barlow, John Perry, (1996), Retrieved by : June/5/2019,From: https://www.eff.org/cyberspace-independence
    5.BBC News , May,27,2019, Retrieved by : June/5/2019,From: https://www.bbc.com/zhongwen/trad/world-48421224
    6.Chalk, William, Privacy by Design: Cybersecurity and the future of 5G, CSOonLine. Retrieved by: June/20/2019, From: https://www.csoonline.com/article/3399000/privacy-by-design-cybersecurity-and-the-future-of-5g.html
    7.CISA, “About CISA”, Retrieved by : June/1/2019, From: https://www.dhs.gov/cisa/about-cisa
    8.Cole, James M., Deputy Attorney General, Addresses the Georgetown Cybersecurity Law Institute, Justice News - Department of Justice USA, May/23/2013,from : https://www.justice.gov/opa/speech/deputy-attorney-general-james-m-cole-addresses-georgetown-cybersecurity-law-institute
    9.Computer Hope: Robert T. Morris, Retrieved by : June/1/2019,From: https://www.computerhope.com/people/robert_morris.htm
    10.Cyber Defense Magazine Media Team, Cybersecurity Statics for 2019,Cyber Defense Magazine, March/2019,Retrieved by : June/3/2019,From: https://www.cyberdefensemagazine.com/cyber-security-statistics-for-2019
    11.Digital Economy - Critical information Infrastructure Protection (CIIP), Retrieved by : June/1/2019,From: https://www.oecd.org/sti/ieconomy/ciip.htm
    12.European Cybercrime Center – EC3, Retrieved by : June/20/2019, From: https://www.europol.europa.eu/about-europol/european-cybercrime-centre-ec3
    13.ENISA Cybersecurity Resilience Portal, Retrieved by : June/7/2019, From: https://resilience.enisa.europa.eu/article-19
    14.ENISA, EC3, ”Workshop on CISRT-LE Cooperation of Digital Forensics”, Retrieved by : June/1/2019,From: https://c4e.cz/news/enisaec3-workshop?lang=en
    15.ENISA Information Risk Management Methodology, Retrieved by : May/7/2019,From: https://www.enisa.europa.eu/publications/nlra-analysis-report
    16.ENISA, Public Private Partnerships, Retrieved by : April/4/2019,From: https://www.enisa.europa.eu/topics/national-cyber-security-strategies/ppps
    17.EuroDIG 2019, “Making norms work – Pursuing effective Cybersecurity – PL 04 2019”, June,2019, Retrieved by : Jun/5/2019,From: https://eurodigwiki.org/wiki/Making_norms_work_%E2%80%93_Pursuing_effective_cybersecurity_%E2%80%93_PL_04_2019
    18.Haran,Varun, AI-Augmented Security : Can Cyberattackers Counter it ?,ISMG Network, Retrieved by : June/28/2019,from : https://www.bankinfosecurity.com/ai-augmented-security-cyberattackers-counter-it-a-11283
    19.ISO 27000 Standard Family, IT Governance website, Retrieved by : April/2/2019, From: https://www.itgovernance.co.uk/iso27000-family
    20.Lipner, Steven B. & Lampson, Butler W., ” Risk Management and the Cybersecurity of the U.S. Government”, Retrieved by : June/22/016, From: https://www.nist.gov/sites/default/files/documents/2016/09/16/s.lipner-b.lampson_rfi_response.pdf
    21.McAfee Research Report, Cyber-Responsibility Report, Retrieved by : May/20/2019, From: https://www.mcafee.com/enterprise/en-us/assets/reports/rp-cyber-responsibility.pdf
    22.Merisalo, Taija, Cybersecurity is a fusion of man and machine, F-Secure Blog, May,2018, Retrieved by : June/15/2019.From: https://blog.f-secure.com/cyber-security-is-a-fusion-of-man-and-machine/,
    23.National Infrastructure Protection Plan, Retrieved by : May/7/2019, From: https://www.dhs.gov/cisa/national-infrastructure-protection-plan
    24.NIST, Computer Forensic Tools and Techniques Catalog, Retrieved by : June/28/2019,From: https://toolcatalog.nist.gov
    25.NIST Small Business Cybersecurity Act becomes Law, Retrieved by : June/21/2019,From: https://www.securityweek.com/nist-small-business-cybersecurity-act-becomes-law
    26.North Korea’s Foreign Currency earning & Financial Hacking activity on the Cyber Area from Southern Korea Cybersecurity Team – Simon Choi, Retrieved by : April/10/2019, From: https://drive.google.com/file/d/0B_tRQHq1vrtxbzdrWnJoWjR1VGc/view
    27.Petit, Frédéric, et,al., Analysis of Critical Infrastructure dependency and interdependency, Argonne National Laboratory, Retrieved by : June/20/2016,From: https://publications.anl.gov/anlpubs/2015/06/111906.pdf
    28.President Policy Directive 21, Homeland Security PPD-21 Archives, Retrieved by : Jun/12/2019, From: https://www.dhs.gov/taxonomy/term/2586/all/feed
    29.Presidential Policy Directive, Critical Infrastructure Security and Resilience, whitehouse.gov, Retrieved March/12/2019,From: https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil
    30.Roberto Viola, A safe and trustworthy digital world – our shared responsibility, Retrieved by : May/1/2019,From: https://ec.europa.eu/digital-single-Marchket/en/blogposts/safe-and-trustworthy-digital-world-our-shared-responsibility
    31.Secure by Default, National Cybersecurity Center – United Kingdom, Retrieved by: June/20/2019, From: https://www.ncsc.gov.uk/information/secure-default
    32.Segovia, Antonio Jose, “Main Difference between ISO 27001 and ISO 27032”, Aug, 25,2015, Retrieved by : May/28/2019,From: https://advisera.com/27001academy/blog/2015/08/25/iso-27001-vs-iso-27032-cybersecurity-standard/
    33.Stückelberger, Christoph, Cyber Ethics 4.0 Saving Humanity with Values,Globalethics.net, Retrieved by : June/3/2019 From: https://www.globethics.net/documents/4289936/13403236/Ge_Global_17_web_isbn9782889312641.pdf/
    34.The Biggest to Cybersecurity is organization complexity, Retrieved by : June/3/2019,From: https://www.bralin.com/the-biggest-threat-to-cybersecurity-is-organization-complexity
    35.The Cybersecurity of Supply Chain: Who is real Risk, Man or Machine? Retrieved by : May/18/2019,From: https://kodiakrating.com/2017/08/16/the-cyber-security-of-supply-chains-whos-the-real-risk-man-or-machine/
    36.The Evolution of U.S Cyberpower, Retrieved by : May/30/2019,From: https://www.afcea.org/committees/cyber/documents/theevolutionofuscyberpower.pdf
    37.The NSA Files December – Edward Snowden, The Guardian Newspaper - British, Retrieved by : March/10/2019,From: https://www.theguardian.com/us-news/the-nsa-files
    38.The Story of Operation Orchard, Retrieved by : March/5/2019,From: http://www.jmhinternational.com/news/news/selectednews/files/2009/11/20091103_SpiegelOnline_TheStoryOfOperationOrchard.pdf
    39.The World Economic Forum Global Risk Report 2013, Retrieved by : April/4/2019, From: http://www3.weforum.org/docs/WEF_GlobalRisks_Report_2013.pdf.
    40.Three Layers of Cyberspace, Cyberspace Operations Concept Capability Plan, Retrieved by : May/24/2019,From: https://www.researchgate.net/figure/The-three-layers-of-cyberspace-Adapted-from-Cyberspace-Operations-Concept-Capability_fig1_267363551
    41.Thomson, Ian, US Congress quietly slips cloud-spying powers into page 2,201 of spending mega-bill, Retrieved by: June/20/2019, From: https://www.theregister.co.uk/2018/03/23/cloud_act_spending_bill/
    42.Vault 7 : CIA Hacking Database- WIRED Magazine, Feb/12/2019,From: https://www.wired.com/tag/vault-7/
    43.What we need to know about PRISM-Electronic Frontier Foundation, Retrieved by : June/12/2016,From: https://www.eff.org/deeplinks/2013/06/what-we-need-to-know-about-prism
    44.Zion Marchket Research, “Digital Forensics Marchket Report”, Retrieved by : March/7/2019,From: https://www.globenewswire.com/news-release/2019/05/13/1822215/0/en/Global-Digital-Forensics-Marchket-Will-Reach-Over-USD-14-215-Million-by-2027-Zion-Marchket-Research.html
    Description: 碩士
    國立政治大學
    法學院碩士在職專班
    101961009
    Source URI: http://thesis.lib.nccu.edu.tw/record/#G0101961009
    Data Type: thesis
    DOI: 10.6814/NCCU201900557
    Appears in Collections:[Master of Laws Program for Executives] Theses

    Files in This Item:

    File SizeFormat
    100901.pdf2853KbAdobe PDF21View/Open


    All items in 政大典藏 are protected by copyright, with all rights reserved.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback