English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  Items with full text/Total items : 113656/144643 (79%)
Visitors : 51728754      Online Users : 421
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    Please use this identifier to cite or link to this item: https://nccur.lib.nccu.edu.tw/handle/140.119/49601


    Title: 大型企業資訊安全實務研究
    A Research into Information Security Case Study of Large-Scale Firms
    Authors: 金慶柏
    Chin,Robert CP
    Contributors: 姜國輝
    Chiang,Johannes K.
    金慶柏
    Chin,Robert CP
    Keywords: 資訊安全
    大型企業
    垃圾郵件
    駭客、病毒或蠕蟲
    國際標準組織17799
    Information security
    spam
    hacker, virus or worm,
    International Standard Organization, ISO, 17799.
    Date: 2006
    Issue Date: 2010-12-08 14:55:32 (UTC+8)
    Abstract: 本研究主要在探討大型企業的資訊安全案例。在二十一世紀的今天,資訊系統及電腦資產對組織的成功更加重要,所以務必防止它們遭受遺失、竄改或毀滅的風險。資訊安全是保護資料、資訊遭受意外或有意的誤用的一種過程,不論是被組織內或組織外的人,包括員工、外包的顧問或網路上的駭客。資訊安全是組織中很策略的一環,不光是也不應是資訊部門一己的責任。
    依據Datamonitor的估計,美國企業一年在資訊安全漏洞上至少損失美金一百五十億元。根據電腦安全學院(Computer Security Institute, CSI)及聯邦調查局(Federal Bureau of Intelligence, FBI)2004年的問卷調查顯示百分之四十九的企業曾發生個人電腦失竊的案例。依據IronPort的估計,一年前每年約有三百億封垃圾郵件,現在則激增至五百五十億封垃圾郵件。時至今日,對於資訊安全的主要威脅不是來自於組織外的駭客、病毒或蠕蟲,而是組織內的個人。不論組織內的個人是有意或無意地違反資訊安全的政策和規定,其後果可能相當嚴重,小至組織形象受損、業務損失,大至官司纏身或巨額罰款。
    根據紐約時報2006年的報導:臺灣的高科技公司佔有全球半導體晶圓專工產業百分之七十的市佔率,百分之四十的半導體封裝市場,百分之五十的半導體測試市場,百分之八十的電腦主機板市場,百分之七十二的筆記本電腦代工市場,百分之六十八的LCD螢幕市場。我們如何繼續保持在全球市場上的領先地位?我們仍然得繼續在研究發展、生產製造及全球運籌上加碼投資。然而,在全球經濟之下,如何透過執行一套安全的、全球的及穩定的資訊網路及基礎架構以提供客戶更好的服務更是必要的。
    對每一位資訊長或資安長而言,資訊安全永遠是他最關心的前三大議題之一。資訊安全當然是說比做容易,正確導入與永續執行才是根本。花錢購買資訊安全設備是相對簡單的。知道要保護什麼,如何保護以及要控制什麼就沒有那麼簡單了。在真實的商業世界裡,基於家醜不外揚,鮮有公司願意分享或公佈它資訊安全上的弱點及缺點。本論文的主要目的有二:一是研究業界最新的資訊安全標準及資訊安全供應商的看法,例如:
    1. 國際標準組織(International Standard Organization, ISO)17799。
    2. 英國標準組織(British Standard Institute, BS)7799。
    3. 國際商業機器股份有限公司(International Business Machines, IBM)的資訊安全計劃。
    4. 惠普股份有限公司(HP)及Information Security System公司的資訊安全稽核機制。
    5. 微軟股份有限公司(Microsoft)。
    二是提供一些真實的成功案例以提供給其他有興趣的組織作為參考。從結論發現,我們可藉由改善核心業務流程,去建造新的資訊安全系統,去運營一個可長治久安的實體與虛擬的環境,並強化公司的知識管理及傳承
    In the twenty-first century, information system and computing assets are more critical to organization’s success, and as a result, must be protected from loss, modification or destruction. Information security is the process of protecting data / information from accidental or intentional misuse by person inside or outside of an organization, including employee, consultants, and hackers. Information security is a strategic part of an organization, not just the issue of Management Information System, MIS, or Information Technology, IT, department.
    According to “Datamonitor”, US$ 15 billion, at least, cost of information security breaches to United States businesses in one year. From the survey of Computer Security Institute, CSI, and Federal Bureau of Intelligence, FBI, in 2004, 49% of companies experienced notebook Personal Computer theft. According to IronPort, there are 55 billion spam e-mail per year right now, compared with 30 billion spam e-mail yearly. Today, the largest threat to information security is not the typical hacker, virus or worm, but the corporate insider. Whether insiders violate data security policies in advertently or with maliciously, the result can expose the company to public embarrassment, lost business, costly lawsuit, and regulatory fines.
    Taiwanese high-technology companies have 70% market share of worldwide semiconductor foundry business, 40% share of semiconductor package segment, 50% share of semiconductor testing, 80% of computer motherboard, 72% share of notebook PC, 68% of LCD monitor --- New York Times, 2006. How can we keep maintaining the leading positions around the globe? To invest in R&D, manufacturing, and global logistics is key. However, how to implement a secure, global and reliable IT network and infrastructure to server customers better is a must under current global economy.
    To every Chief Information Officer, CIO, or Chief Security Officer, CSO, Information security is always one of the top 3 to-do list. Information security is easy to talk about. But, implementations and executions are where talk must turn into action. Purchasing security device is easy. Knowing how and what to protect ad what controls to put in place is a bit more difficult. In the real commercial world, no one or company would like to share or release its weakness to the public. The objective of this thesis is to study most updated information security industry standard and information security suppliers’ view, like:
    1. International Standard Organization, ISO, 17799.
    2. British Standard Institute’s BS 7799.
    3. IBM’s Information Security Program, ISP.
    4. HP & Information Security Systems’ Information Security Audit Mechanism, ISAM.
    5. Microsoft
    Also to provide a real successful case / framework for other companies to ensure a consistent, enterprise-wide information security focus is maintained across organization boundaries. In conclusion, this information security study proposes to transfer core business process, to build information security new applications, to run a scalable, available, secure environment, and to leverage firms’ knowledge and information.
    Reference: Allen, Julia H. (2001). CERT Guide to System and Network Security Practices. Addison Wesley .
    Anderson, Rose J. (2001). Security Engineering: A Guide to building Dependable Distributed Systems. John Wiley & Sons
    Burke, Brian E. Kolodgy, Charles J. Christiansen, Christian A. Hudson, Sally. Carey, Allan. (2004). Worldwide IT Security Software, Hardware, and Services 2004-2008 Forecast: The Big Picture. IDC Market Analysis
    Egan, Mark, Mather, Tim. The Executive Guide to Information Security: Threats, Challenges, and Solution. Symantec.
    Fischer, Robert J. (2003). Introduction to Security. Butterworth Heinemann.
    Maiwald, Eric. (2004). Network Security: A Beginner’s Guide. McGraw-Hill
    McClure, Stuart. Scambray, Joel. Kurtz, George. (2001) Hacking Exposed: Network Security Secrets & Solutions. McGraw-Hill
    Schneier, Bruce. (2000). Secret & Lies: Digital Security in a Networked World. John Wiley & Sons.
    Whitman, Michael E. Mattord, Herbert J. (2004). Principles of Information Security. Course Technology.
    (2005) IDC Advices On a Holistic Approach to Security and Business Continuity: Research Press release. IDC
    Resources
    Microsoft Security Guidance Center
    http://www.microsoft.com/taiwan/security/guidance
    How Microsoft IT Secure Microsoft
    http://www.microsoft.com/taiwan/technet/itsolutions/msit
    Description: 碩士
    國立政治大學
    經營管理碩士學程(EMBA)
    91932601
    95
    Source URI: http://thesis.lib.nccu.edu.tw/record/#G0091932601
    Data Type: thesis
    Appears in Collections:[經營管理碩士學程EMBA] 學位論文

    Files in This Item:

    File Description SizeFormat
    93260101.pdf17KbAdobe PDF2569View/Open
    93260102.pdf17KbAdobe PDF2490View/Open
    93260103.pdf17KbAdobe PDF2591View/Open
    93260104.pdf102KbAdobe PDF2773View/Open
    93260105.pdf22KbAdobe PDF2642View/Open
    93260106.pdf40KbAdobe PDF2701View/Open
    93260107.pdf31KbAdobe PDF2714View/Open
    93260108.pdf96KbAdobe PDF2549View/Open
    93260109.pdf169KbAdobe PDF2726View/Open
    93260110.pdf67KbAdobe PDF2689View/Open
    93260111.pdf109KbAdobe PDF2724View/Open
    93260112.pdf29KbAdobe PDF2629View/Open
    93260113.pdf21KbAdobe PDF2612View/Open


    All items in 政大典藏 are protected by copyright, with all rights reserved.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback