- About
-
The Global ETD Search service is a free service for researchers
to find electronic theses and dissertations. This service is
provided by the
Networked Digital Library of Theses and Dissertations.
Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
Search results
Showing 1 to 3 of 3 (0.019 seconds)| 1 |
大型企業資訊安全實務研究 / A Research into Information Security Case Study of Large-Scale Firms金慶柏, Chin,Robert CP Unknown Date (has links)
本研究主要在探討大型企業的資訊安全案例。在二十一世紀的今天,資訊系統及電腦資產對組織的成功更加重要,所以務必防止它們遭受遺失、竄改或毀滅的風險。資訊安全是保護資料、資訊遭受意外或有意的誤用的一種過程,不論是被組織內或組織外的人,包括員工、外包的顧問或網路上的駭客。資訊安全是組織中很策略的一環,不光是也不應是資訊部門一己的責任。
依據Datamonitor的估計,美國企業一年在資訊安全漏洞上至少損失美金一百五十億元。根據電腦安全學院(Computer Security Institute, CSI)及聯邦調查局(Federal Bureau of Intelligence, FBI)2004年的問卷調查顯示百分之四十九的企業曾發生個人電腦失竊的案例。依據IronPort的估計,一年前每年約有三百億封垃圾郵件,現在則激增至五百五十億封垃圾郵件。時至今日,對於資訊安全的主要威脅不是來自於組織外的駭客、病毒或蠕蟲,而是組織內的個人。不論組織內的個人是有意或無意地違反資訊安全的政策和規定,其後果可能相當嚴重,小至組織形象受損、業務損失,大至官司纏身或巨額罰款。
根據紐約時報2006年的報導:臺灣的高科技公司佔有全球半導體晶圓專工產業百分之七十的市佔率,百分之四十的半導體封裝市場,百分之五十的半導體測試市場,百分之八十的電腦主機板市場,百分之七十二的筆記本電腦代工市場,百分之六十八的LCD螢幕市場。我們如何繼續保持在全球市場上的領先地位?我們仍然得繼續在研究發展、生產製造及全球運籌上加碼投資。然而,在全球經濟之下,如何透過執行一套安全的、全球的及穩定的資訊網路及基礎架構以提供客戶更好的服務更是必要的。
對每一位資訊長或資安長而言,資訊安全永遠是他最關心的前三大議題之一。資訊安全當然是說比做容易,正確導入與永續執行才是根本。花錢購買資訊安全設備是相對簡單的。知道要保護什麼,如何保護以及要控制什麼就沒有那麼簡單了。在真實的商業世界裡,基於家醜不外揚,鮮有公司願意分享或公佈它資訊安全上的弱點及缺點。本論文的主要目的有二:一是研究業界最新的資訊安全標準及資訊安全供應商的看法,例如:
1. 國際標準組織(International Standard Organization, ISO)17799。
2. 英國標準組織(British Standard Institute, BS)7799。
3. 國際商業機器股份有限公司(International Business Machines, IBM)的資訊安全計劃。
4. 惠普股份有限公司(HP)及Information Security System公司的資訊安全稽核機制。
5. 微軟股份有限公司(Microsoft)。
二是提供一些真實的成功案例以提供給其他有興趣的組織作為參考。從結論發現,我們可藉由改善核心業務流程,去建造新的資訊安全系統,去運營一個可長治久安的實體與虛擬的環境,並強化公司的知識管理及傳承 / In the twenty-first century, information system and computing assets are more critical to organization’s success, and as a result, must be protected from loss, modification or destruction. Information security is the process of protecting data / information from accidental or intentional misuse by person inside or outside of an organization, including employee, consultants, and hackers. Information security is a strategic part of an organization, not just the issue of Management Information System, MIS, or Information Technology, IT, department.
According to “Datamonitor”, US$ 15 billion, at least, cost of information security breaches to United States businesses in one year. From the survey of Computer Security Institute, CSI, and Federal Bureau of Intelligence, FBI, in 2004, 49% of companies experienced notebook Personal Computer theft. According to IronPort, there are 55 billion spam e-mail per year right now, compared with 30 billion spam e-mail yearly. Today, the largest threat to information security is not the typical hacker, virus or worm, but the corporate insider. Whether insiders violate data security policies in advertently or with maliciously, the result can expose the company to public embarrassment, lost business, costly lawsuit, and regulatory fines.
Taiwanese high-technology companies have 70% market share of worldwide semiconductor foundry business, 40% share of semiconductor package segment, 50% share of semiconductor testing, 80% of computer motherboard, 72% share of notebook PC, 68% of LCD monitor --- New York Times, 2006. How can we keep maintaining the leading positions around the globe? To invest in R&D, manufacturing, and global logistics is key. However, how to implement a secure, global and reliable IT network and infrastructure to server customers better is a must under current global economy.
To every Chief Information Officer, CIO, or Chief Security Officer, CSO, Information security is always one of the top 3 to-do list. Information security is easy to talk about. But, implementations and executions are where talk must turn into action. Purchasing security device is easy. Knowing how and what to protect ad what controls to put in place is a bit more difficult. In the real commercial world, no one or company would like to share or release its weakness to the public. The objective of this thesis is to study most updated information security industry standard and information security suppliers’ view, like:
1. International Standard Organization, ISO, 17799.
2. British Standard Institute’s BS 7799.
3. IBM’s Information Security Program, ISP.
4. HP & Information Security Systems’ Information Security Audit Mechanism, ISAM.
5. Microsoft
Also to provide a real successful case / framework for other companies to ensure a consistent, enterprise-wide information security focus is maintained across organization boundaries. In conclusion, this information security study proposes to transfer core business process, to build information security new applications, to run a scalable, available, secure environment, and to leverage firms’ knowledge and information.
|
| 2 |
濫發商業電子郵件法制之研究-從比較法與人權保障觀點探討呂明訓 Unknown Date (has links)
隨著網路科技的發展,網路垃圾郵件的總量亦隨之快速成長,成為全球網路使用者的共同夢魘。目前大多數的國家均有以立法方式作為管制依據。然而,就憲法人權保障的觀點而言,相關立法是否能合於憲法原理原則的檢視?是否已逾越其界線?仍有待進一步商榷。
是以,本文分別從「比較法論」以及「人權保障論」二大部分出發。一方面藉著比較觀察各國立法,並作為我國立法參考借鏡;另一方面則從憲法的觀點,特別是基本權利的保障出發,分別從商業言論自由的觀點、秘密通訊自由的觀點與隱私權的觀點探討。就商業言論自由的觀點而言,將首先探究商業言論自由的意涵與憲法上的發展比較,再分別就美國法制與我國法制探討相關濫發商業電子郵件法制是否對於發信者的商業言論自由形成過度的限制。就秘密通訊自由的觀點而言,除了將說明秘密通訊自由在通訊服務自由化的時代,在憲法上具有的時代意義之外,亦將討論濫發商業電子郵件法制當中可能涉及干涉人民秘密通訊自由的制度與通訊服務提供業者攔截阻擋商業電子郵件的手法對秘密通訊自由的影響,另並試就我國立法參考最多的日本法制進行比較與分析。就隱私權的觀點而言,除了說明隱私權在憲法上的意義外,將討論重心置於在濫發商業電子郵件的行為對於收信者隱私權侵害的態樣,是否已能藉由現行的法制找到保障依據,另外則是討論我國濫發商業電子郵件法制對於隱私權的保障是否充分;最後則是嘗試就論者提出的商業電子郵件法制規範對於發信者的「網路匿名」侵害的見解,進行評論。
最後則提出結論,說明研究發現以及對我國規範之建議與未來展望。
|
| 3 |
數位時代下垃圾訊息法制之建置---以美國法為藍本蔡欣惠, Tsai, Hsin-huei Unknown Date (has links)
當您看到此份研究計畫書時,五分鐘內可能您的e-mail郵箱已湧進二十封垃圾郵件(通稱SPAM)。據Ferris Research指出,社會花費在圍堵垃圾郵件的成本開銷上一年高達一百億美元。而根據聯合國國際電信聯盟(International Telecommunication Union,ITU)統計, Spam每年更浪費全球各國250億美元。這個驚人的數據傳達出一個訊息:對多數人而言-聽到「You've Got Mail!」,已經不再是令人愉悅的聲音了。Spamhaus的調查報告顯示 ,台灣及HINET一直是垃圾郵件主要輸出來源,過去AOL曾封鎖由HINET 寄送的郵件,一度造成台灣HINET使用者相當大的困擾。隨著數位匯流(Digital Convergence)時代的來臨,除了Email Spam外,電話行銷、Mobile Spam、SMS簡訊SPAM及VoIP都是數位匯流時代下垃圾郵件客攻掠的戰場,而我國行政院所草擬之「濫發商業電子郵件管理條例」草案明文只規範垃圾「郵件」問題,而未及其它垃圾訊息,法律若未對此議題及早規範,可能草案還沒出立法院大門就已經被時代淘汰。
因此,本文欲針對數位時代下可能興起之垃圾訊息型態作全面性的檢討,以建構一更為完善的垃圾訊息法制已未雨綢繆。本文之研究方法如下:
第一,針對美國之垃圾訊息法制的內容與立法背景,進行比較法研究。台灣的濫發商業電子郵件管制條例草案,內容主要係參考美國法,但在若干立法例仍有所不同,例如於是否需要標示主旨欄(Subject Line Labeling)則有不同選擇。對此,筆者曾於在律師雜誌發表對美國聯邦貿易委員會(FTC)研究報告反對強制行銷業者寄送廣告信必需標示主旨欄的不同意見,且建議台灣的「濫發商業電子郵件管制條例」草案做相反規定 。此外,在處罰對象及門檻之設計亦大相逕庭,例如沒有刑罰規定。而在於規制主體上,我國草案的內容明文只限於垃圾『郵件』之規範,對於日益惡化的的新型態未經邀約的商業訊息,像是透過無線傳輸設備或是行動設備所接收的未經邀約之商業訊息等,草案並無法可管。因此,本文並將針對垃圾電子郵件以外的其它新興垃圾訊息法制進行說明與分析,以供未來立法及執法的參考。
再者,本文將藉由國內外的實務案例研究了解法律實際操作情況。因為台灣法律目尚前無法處理垃圾郵件這個新興法律問題,導致檢察官無法可用,之後通過草案亦可能會面臨到法律不足的問題,因此實有必要針對實際案例操作深入了解。
第三,本文擬就我國之「濫發商業電子郵件管理條例草案」內容進行通盤檢討,提出更符合數位匯流時代之法制架構,以更有效防堵垃圾訊息。美國史丹佛教授Dr. Dan Boneh在「the Difficulties of Tracing Spam Email」 一文中提及垃圾郵件客技術日新月異,防不勝防。可預見SPAM這個議題將隨著科技演進而日益嚴重。隨著數位匯流(Digital Convergence)時代的來臨,除了垃圾郵件外,電話行銷、行動簡訊(Mobile Spam)、簡短訊息服務SMS 及網路語音(Voice over Internet Protocal)、多媒體圖片訊息(MMS)都是數位匯流時代下垃圾郵件客攻掠的戰場,實有必要針對此些新興類型之Spam進行防範。 / Within the five minutes it takes for you to read this essay, your e-mail box may have already received 20 spam mails. Ferris Research has pointed out that the costs incurred to society in blocking spam has reached US$10 billion per year. And according to International Telecommunication Union (ITU), the annual global cost of spam is US$2.5 billion. These startling figures convey a bit of information: for most people, the message “You’ve got mail!” is no longer welcome.. Based on a survey conducted by Spamhaus, Taiwan is a leading source of spam messages. AOL once blocked all e-mail messages coming from Hinet, which at one blow caused huge difficulties for Taiwanese Internet users. With the coming of the Digital Convergence era, besides e-mail spam, new forms are emerging such as mobile spam, telemarketing calls, SMS messaging spam, and VoIP spam. The Digital Convergence era will provide all kinds of opportunities for spammers to attack. However, Taiwan’s draft Anti-UCE Act addresses only e-mail spam. If the law does not address the broader issue early on, it may be outmoded even before it is passed.
The US remains the main source of reference for Taiwan in the area of technology law. Long ago, before the US enacted the “Can-Spam Act,” there was “Shiksaa.” I would like to do in-depth research on American cyber and technology law so I can develop a suitable legal solution to Taiwan’s very serious UCE problem, to reduce the losses to society and to business productivity that are caused by spam, to eliminate Taiwan’s bad reputation for being a main spam exporter, and to spur e-commerce development. My research project would be as follows.
1. To examine the inner traits of various SPAM regulation and do interdisciplinary research
2. Deploy case-based and comparative law study to gather practical material
3. Combine the research results from technology and law to contribute to the ultimate resolution of SPAM.
|
Page generated in 0.0255 seconds