政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/95263
English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  全文笔数/总笔数 : 113324/144300 (79%)
造访人次 : 51142005      在线人数 : 908
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
  • 进阶搜寻
    政大機構典藏 > 資訊學院 > 資訊科學系 > 學位論文 >  Item 140.119/95263


    请使用永久网址来引用或连结此文件: https://nccur.lib.nccu.edu.tw/handle/140.119/95263


    题名: 資料外洩稽核工具之設計與實作
    Design and implementation of an audit tool for data leakage
    作者: 高華志
    Kao, Hua Chih
    贡献者: 陳恭
    Cheng, Kung
    高華志
    Kao, Hua Chih
    关键词: 資料外洩
    稽核工具
    資訊安全
    隱碼攻擊
    ISO27002
    ISO 13569
    Data Leakage Prevention
    Audit Tools
    Information Security
    ISO27002
    ISO 13569
    Injection Flaws
    SQL Injection
    DLP
    日期: 2009
    上传时间: 2016-05-09 15:28:56 (UTC+8)
    摘要: 隨著國內法令規範對於隱私政策更加重視,國內外企業組織因應鉅額罰款與政策的施行,再加上個人資料外洩事件頻傳,各企業無不擔心客戶資料的保護與落實內部資料控制。而大型政府機關或企業,由於服務範圍廣大,應用系統繁多,針對資料外洩的保護與落實,將更加的複雜。大部份的組織針對實體文件、安全性儲存設備管制、使用採購防火牆設備等,皆有進行相關的管理與設備的採購,但上述機制未能解決應用系統的資料外洩問題。對稽核人員而言稽查應用程式是否有資料外洩之虞,由應用程式原始程式碼相當實為不易,而新制定一套更安全存取控管的介面更需投入相當高的成本與時間。
    The rapid spread of information technologies into every facet of our life results in a surge in attention to privacy recently. Bills are enacted and a comprehensive privacy policy becomes a sign of a responsible corporation. However, the complexity and diversity of application systems of information makes it very difficult to ensure that the information systems conform to all the privacy regulations and polices. Although most corporations have established some privacy policies for controlling physical documents and various hardware devices, the main problem for data leakage is at application layer. Application developers could retrieve sensitive data by exploiting application flaws. This poses great challenges to information system auditors. Firstly, it is rather difficult for auditors to review the code to spot the flaws. Secondly, it is impractical to make a new coding standard and re-write the legacy applications accordingly. Thirdly, application developers lack the motivation to improve the protection level of existing systems.
    參考文獻: 【1】 個人資料保護法, 行政院, 2008
    【2】 CNS 17799-資訊安全管理之作業要點, 經濟部標準檢驗局, 2002
    【3】 ISO-IEC 27002 Information technology- Security techniques- Code of practice for information security management, ISO, 2005
    【4】 ISO/TR 13569 Banking and related financial services — Information security guidelines, ISO, 2003
    【5】 More Than Half of Ex-Employees Admit to Stealing Company Data According to New Study, http://www.symantec.com/about/news/release/article.jsp?prid=20090223_01
    【6】 Introducing SQL Server Profiler, http://msdn.microsoft.com/en-us/library/ms181091.aspx
    【7】 RadControls for ASP.NET AJAX, http://www.telerik.com/help/aspnet-ajax/introduction.html
    【8】 Role-based access control,
    http://en.wikipedia.org/wiki/Role-based_access_control
    【9】 AJAX,
    http://zh.wikipedia.org/wiki/AJAX
    【10】 Avoid The SQL Injection,
    http://www.microsoft.com/taiwan/sql/SQL_Injection.htm
    【11】 SQL Injection,
    http://en.wikipedia.org/wiki/SQL_injection
    【12】 Injection Flaws,
    http://www.owasp.org/index.php/Injection_Flaws
    【13】 OWASP Top 10 Project,
    http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
    【14】 SQL Server Books online,
    http://msdn.microsoft.com/en-us/library/ms130214.aspx
    【15】 IS Standards, Guidelines and Procedures for Auditing and Control Professionals, ISACA, 2008
    描述: 碩士
    國立政治大學
    資訊科學學系
    95971014
    資料來源: http://thesis.lib.nccu.edu.tw/record/#G0095971014
    数据类型: thesis
    显示于类别:[資訊科學系] 學位論文

    文件中的档案:

    档案 大小格式浏览次数
    index.html0KbHTML2281检视/开启


    在政大典藏中所有的数据项都受到原著作权保护.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 回馈