1 |
網路交易之風險分析與建議-以旅遊業為例 / Risk analysis & suggestion of Internet transaction呂雅麗, Lu, Ya Li Unknown Date (has links)
在網路環境日益成熟的今日,網路交易的安全性已被列為首要的課題,而「公開金鑰基礎建設(public key infrastructure, PKI)」被公認是在資訊安全應用領域中,少數能同時滿足「保護資料安全」、「身分驗證」、「訊息完整性」以及「交易不可否認性」的加密應用技術。
電子商務被運用於各行各業,其中旅遊產業是全球最大與成長最快的產業之ㄧ。許多網路旅行社已經在企業內部建置了企業資源規劃(enterprise resource planning, ERP)系統,使得幾乎全部的交易與旅遊的安排都可以在線上完成。為了確保資料交換的安全性,便可以使用PKI技術,使企業的ERP 成為受完整加密保護的服務網路。
網路旅遊業者是以網站營運的方式來進行與消費者的互動,除了基本的防護措施,如:防火牆、入侵偵測、弱點掃瞄等網路安全外,企業的資安政策的制定與執行都可減少企業所面臨的風險。
近年來資料外洩事件頻傳,客戶資料及公司智慧財產外洩可能導致罰鍰、訴訟、公司品牌形象的毀損等。政府積極推動個人資料保護法,為了提高約束力,立法、司法與行政部門決定聯手祭出「天文數字的重罰」加以遏止;加上惡意使用者偽卡盜刷、冒名使用,使得電子商務業者不得不審慎地去評估如何加強資訊安全,以維繫企業本身的利益及提高企業的競爭力。
PKI的技術是目前公認最可靠、最可被信任的方式,但建置的複雜性及高成本,使得PKI的推廣層面不夠普及;如何讓PKI由「技術」移轉成為成功的「應用」,故筆者在本論文中建議一個運作模式,讓網路旅行社可以在透過網際網路行銷擴大業務之餘,也能因應時勢所趨,提供給其客戶一個安全的網路交易環境。 / The safety of Internet transaction has been referred to as the most important task in this fully-developed world of Internet. And public key infrastructure, which can provide confidentiality, authentication, integrity and non-repudiation, is one of the most effective ways of encryption in the application of information security.
The travel agency has been one of the largest industries in e-commerce. There are many enterprise resource planning systems built in online travel agencies, so that almost every transaction and tours can be arranged through the Internet. To provide a well-protected environment, enterprises can use PKI technology to ensure the safety of online data exchanging.
Online travel agencies interact with consumers through the web-site. Not only the basic protection like firewall, intrusion detection, and vulnerability scanning but also the development and the executive of security policies can reduce the risk that enterprises may encounter.
Fines, litigations and the company's brand image damages may come after data leakages such as information of clients or intellectual property of companies. Government has actively promoted personal data protection law and huge amount of fines to improve the bindings. Coupled with many fraud credit cards used by the malicious users, companies have to assess how to reinforce information security to maintain its profit and upgrade its competitiveness.
PKI technology is recognized as the most reliable and trusted solution, but the complexities and high cost of implementation made it difficult to apply. So, the author here tries to provide a mode of operation for online travel agencies to not only extend its services by the Internet but also provide a safe Internet transaction environment for its clients.
|
2 |
政府採購入口網站功能架構與關鍵成功因素之研究 / A Study of the functional architecture and Key Success Factors for the Government Electronic Procurement Portal Website陳冠竹 Unknown Date (has links)
政府入口網站含蓋了眾多提供公共服務的網站,讓民眾或企業進行相關業務的辦理、資訊的查詢以及進行交易等行為。全國或是全球需要使用到政府服務,例如政府採購等之使用者皆是政府入口網站之服務對象。因此政府網站在資料流量含量方面較之於一般商業網站更為可觀,亦包含了電子商務性質。在此狀況下,政府角色亦已逐漸從管制調適為服務。就政府體策略或執行計畫而言,實施知識管理除可使行政單位的工作效率提昇,行政流程時間縮短,更可避免重覆錯誤及誤判訊息之可能。
本研究主要以行政院公共工程委員會目前所推行之『政府採購電子化』計畫為研究對象,冀於對未來五年能達到政府採購作業全面電子化提出建議。本研究之目標係分析研擬「政府電子採購入口網站」之關鍵成功因素,從而由「政府採購電子化」計畫現行系統歸納出具綜效之整合型「政府電子採購入口網站」功能架構,其工作內容如下:
1. 歸納、分析現行各系統及政府採購法推動之問題。
2. 瞭解國內政府入口網站之推動情形,分析企業資訊入口網站解決方案現況。
3. 利用分析層級程序法(Analytic Hierarchy Process,簡稱AHP)歸納出三分類專家,包括工程會內部專家、公部門專家、產業界及學界專家所認為的「政府電子採購入口網站」之關鍵成功因素,同時也分析資訊職務與非資訊職務專家觀點之相異點。
4. 根據歸納出來之關鍵成功因素與內部需求,提出具建設性之「政府電子採購入口網站」功能架構雛形,建議工程會推動「政府採購入口網站」提供之功能依據。
本研究AHP法研究結果如下:
1. 本研究中之各類專家一般認為內在因素比外在環境因素之權重大。
2. 第三層關鍵成功因素包括知識管理機制之健全化、政策及法制配合度、使用者服務機制、資訊系統與營運。整體而言,工程會內部專家與產業界及學界專家兩類專家較重視政策及法制配合度構面因素,而公部門專家比較重視資訊系統與營運構面因素。資訊職務專家較重視政策及法制配合度構面因素,非資訊職務專家比較重視資訊系統與營運構面因素。
3. 整體最底層關鍵成功因素排名前七項分別為高階長官的參與和支持並訂定明確的目標、即時配合實際狀況,修正、鬆綁法規、充裕的資源配合、提昇法令約束力之效力、提供快速回應問題之機制、介面具親和力、操作流程循序簡單、提供高度的可靠性與穩定性。
本研究最後逐一對專家深入訪談、工程會需求訪談、企業資訊入口網站解決方案及關鍵成功因素AHP之分析等結果提出結論與建議。 / An e-Government Portal should integrates numerous websites that offer public service, and provides individuals or enterprises with a platform for trafficking, searching information, and conducting transactions. Thus, all the users, that need to access government service and government procurement information, are potential customers of the e-Government Portal website. Hence, the e-Government Portal website, with e-Commerce quality, has more enormous data flow and database contents in comparison with simple e-Commerce sites. Last but not least, the role of e-Government Portal website is turned gradually into a service provider from its simple transition role of inspection.
From government's strategic aspect, actions regarding knowledge management can not only improve the efficiency and streamline the administrative procedures, but also avoid the crisis of repeating failures and misleadings of messages.
The object of this research is the Electronic Procurement Plan, which was established and promoted by the Public Construction Commission (PCC) of The Executive Yuan, R.O.C. The goal of the Electronic Procurement Plan is to accomplish the electronic commerce of the government procurement entirely in five years. This study aims to find out the critical success factors (CSF) for the Government Electronic Procurement Portal Website, and to carry out a functional architecture for the synergic Government Electronic Procurement Portal Website via the following working packages :
1. to analyze and formulate the problems of promoting the electronic government procurement system and the government procurement law.
2. to discuss the ongoing domestic promotion programs of the e-Government Portal websites and analyze the status quo cases of the Enterprise Information Portal (EIP) solution.
3. to analyze and compare the critical success factors of the Government Electronic Procurement Portal Website of various expert viewpoints through Analytic Hierarchy Process (AHP) method. The experts come from the PCC internal public servants, public servants from other government agencies as well as industrialists and scholars. On the other hand, the different viewpoints between the IT background experts and non-IT background experts are also compared.
4. to summarize constitutive functional architecture for the Government Electronic Procurement Portal Website according to the resulted CSF and the PCC internal requirements.
The results of AHP analysis can be stated as following:
1. The internal factors outweigh external factors.
2. The third-level of factors of AHP architecture includes the solidity of knowledge management, the compatibility of policies and laws, the user service mechanism and the information systems and operations. Generally, the PCC internal public servants, industrialists and scholars pay more attention to the compatibility of policies and laws than the other public servants that put a lot of emphasis on the information systems and operations. The IT background experts value the compatibility of policies and laws, whereas the non-IT background experts emphasize the information systems and operations.
3. The top seven priority factors of the rock-bottom level factors include the involvements and endorsements of the top executives and establish the clear goals, the instantaneous emendation and relaxation of the laws, the compatibility of abundant resource, the effectiveness of promoting the law's constraint force, friendly interface and easily sequential operation flow and high reliability and stability.
At last, this research leads to the conclusions and suggestions in regard to in-depth experts interviews,PCC internal requirement investigations, EIP solutions and the AHP CSF analysis.
|
Page generated in 0.0322 seconds