English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  Items with full text/Total items : 113318/144297 (79%)
Visitors : 50965563      Online Users : 960
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
    •  Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    政大機構典藏 > 商學院 > 資訊管理學系 > 學位論文 >  Item 140.119/57045


    Please use this identifier to cite or link to this item: https://nccur.lib.nccu.edu.tw/handle/140.119/57045


    Title: 雲端服務風險評估模式建立之研究
    A study on developing a cloud service risk assessment model
    Authors: 羅邵晏
    Lo, Shao Yen
    Contributors: 林我聰
    羅邵晏
    Lo, Shao Yen
    Keywords: 雲端運算
    雲端服務風險
    風險評估
    服務商評選
    皮爾森相關
    Cloud Computing
    Cloud Service Risk,
    Risk Assessment
    Service Provider Selection
    Pearson Correlation
    Date: 2012
    Issue Date: 2013-03-01 09:24:53 (UTC+8)
    Abstract: 「雲端運算」(Cloud Computing)及其相關應用服務受到業界相當重視。同時各國政府也相繼推出國家型計劃發展雲端運算產業。然而許多文獻告訴我們,雲端運算在資訊安全議題上也需要被重視。在雲端運算架構下的資訊安全又與過去有些許不同,值得被提出來研究。歐洲網路與資訊安全機構(European Network and Information Security Agency, ENISA)在2009年已經提出一份雲端服務風險評估報告(CCSRA, Cloud Computing Security Risk Assessment),此份報告也被推出業界第一套雲端服務風險標準(CCSK, Certificate of Cloud Security Knowledge)的雲端安全聯盟(CSA, Cloud Security Alliance)所引用。這份評估報告已經相當完整定義各風險和其前因後果,但卻沒有完整的量化模式供組織進行量化評估、或預測整個雲端服務風險系統運作。因此本研究目的如下:1.建立一個量化模式,預測雲端服務風險相關風險,供企業主及早採取因應措施。2.以皮爾森相關係數法(Pearson Correlation Coefficient)分析各個風險、弱點、和資產間因果影響程度,讓組織在分配資源時作為參考。
    “Cloud Computing” and its application services are considered important by industries. Governments have also launched plans to develop the cloud computing industry. However, the literature tells us that cloud computing security issues also need to be noticed. Security issues in the cloud computing architecture are different from those in traditional information system, so they are worth to be studied. In2009, European Network and Information Security Agency(ENISA) has announced a report named "Cloud Computing Security Risk Assessment", and this report was referenced by Cloud Security Alliance(CSA). The report is quite complete for the definition of each risk, its causes and effects. But there does not exist a complete quantitative model for the organization to assess or predict its cloud service risk. Therefore, the purposes of this study are as follows: 1. developing a cloud service risk assessment model to predict cloud service risks, 2. use Pearson Correlation Coefficient to analyze the impact between risks, vulnerabilities and assets for allocation of resources.
    Reference: 林育震(2010),『掌控風險 發揮雲端效益』,Communications of the CCISA,16卷4期,138~149頁
    張春雄、林顯達、黃新宗、劉美芳(2003),『風險管理』,吉田出版社
    陳瑞&周林毅(2007),『風險評估與決策管理』,五南圖書出版公司
    黃清賢(2003),『危害分析與風險評估操作手冊』,新文京開發出版股份有限公司
    蔡一郎(2010),『雲端運算與雲端服務風險架構』,Communications of the CCISA,16卷4期,84~93頁
    賴世培、詹志禹(2011),『應用統計(全)』,中華電視股份有限公司
    A.Avizienis, J.Laprie, B.Randell.(2000), ‘Fundamental concepts of dependability’, In Proceedings of the 3rd Information Survivability Workshop
    A.Rosenthal, P.Mork, M.H.Li, J.Stanford, D.Koester, P.Reynolds(2010), ‘A new business paradigm for biomedical information sharing’, Journal of Biomedical Informatics(43:2), pp.324-353.
    IBM(2009), ‘Red Book ─ Cloud Security Guidance ─ IBM Recommendations for the Implementation of Cloud Security’, IBM
    C.S.Yoo(2011), ‘Cloud Computing: Architectural and Policy Implications’, Rev Ind Organ(38:4), pp.405-421.
    CSA(2010), ‘Top Threats To Cloud Computing’, Cloud Security Alliance
    ENISA(2009), ‘Cloud Computing Security Risk Assessment’, European Network and Information Security Agency
    D.Zissis & D.Lekkas(2011), ‘Securing e-Government and e-Voting with an open cloud computing architecture’, Government Information Quarterly(28), pp.239-251.
    European Parliament(1995), ‘Directive 95/46/EC of the European Parliament’, European Parliament
    L.Iuga(2010), ‘The Analysis Of The Correlation Between The Level Of The Bank Fees For Cards And The Number Of Active Cards, Conducted With The Help Of The Pearson Coefficient’, Annales Universitatis Apulensis Series Oeconomica(12:1), pp.397-404.
    L.Egghe, L.Leydesdorff(2009), ‘The Relation Between Pearson`s Correlation Coefficient r and Salton`s Cosine Measure." Journal Of The American Society For Information Science And Technology(60:5), pp.1027-1036.
    L.M.Vaquero, L.Rodero-Merino, D.Morán(2011), ‘Locking the sky: a survey on IaaS cloud Security’ Computing(91:1), pp.93-118.
    L.M.Vaquero, L.Rodero-Merino, J.Caceres, M.Lindner(2009), ‘A Break in the Clouds: Towards a Cloud Definition’, ACM SIGCOMM Computer Communication Review(39:1), 2009, pp.50-55.
    N.Mayer, P.Heymans, R.Matulevičius(2007), ‘Design of a Modelling Language for Information System Security Risk Management’, Proceedings of the 1st International Conference on Research Challenges in Information Science(RCIS 2007), Ouarzazate, Morocco, April
    NIST SAJACC and BUC Working Groups(2011), ‘NIST US Government Cloud Computing Technology Roadmap Volume III - Technical Considerations for USG Cloud Computer Deployment Decisions’, National Institute of Standards and Technology
    OWASP Cloud Top Ten Project(2012), ‘Cloud Top 10 Security Risks", The Open Web Application Security Project
    NIST(2011), ‘NIST Definition of Cloud Computing’, National Institute of Standard and Technology
    G.Purdy(2010), ‘ISO 31000:2009—Setting a New Standard for Risk Management." Risk Analysis(30:6), pp.881-886
    R.K.Chellappa & A.Gupta(2002), ‘Managing computing resources in active intranets’, International Journal Of Network Management(12:2), pp.117-128.
    S.Paquette, P.T.Jaeger, S.C.Wilson(2010), ‘Identifying the security risks associated with governmental use of cloud computing’, Government Information Quarterly(27:3), pp.245-253.
    T.Schoenherr(2009), ‘LOGISTICS AND SUPPLY CHAIN MANAGEMENT APPLICATIONS WITHIN A GLOBAL CONTEXT: AN OVERVIEW’, Journal of Business Logistics(30:2), pp.1-IVV.
    Y.C.Stamatiou, E.Henriksen, M.S.Lund, E.Mantzouranis, M.Psarros, E.Skipenes, N.Stathiakis, K.Stølen(2002), ‘Experiences from using model-based risk assessment to evaluate the security of a telemedicine application’, Proceedings of Telemedicine in Care Delivery(TICD)
    L.O.Yusuf, O.Folorunso, A.Akinwale,I.A.Adejumobi(2011), ‘Visualizing and Assessing a Compositional Approach to Service-Oriented Business Process Design Using Unified Modelling Language(UML) ‘, Computer and Information Science(4:3), pp.43-59.
    Description: 碩士
    國立政治大學
    資訊管理研究所
    98356027
    101
    Source URI: http://thesis.lib.nccu.edu.tw/record/#G0983560271
    Data Type: thesis
    Appears in Collections:[資訊管理學系] 學位論文

    Files in This Item:

    File SizeFormat
    027101.pdf2109KbAdobe PDF22711View/Open


    All items in 政大典藏 are protected by copyright, with all rights reserved.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback