1 |
網路環境帳務稽核日誌系統之建置研究 / A Study on the Implementation of a model of Network Environment Accounting Auditing Log System歐文純, Ou, Wen-Chueng Unknown Date (has links)
網路環境中,電子商務上的帳務稽核系統,需要內部控制與內部稽核機制的輔助;尤其是在科技快速發展的今日,沒有人能保證百分百的安全,當安全的環境產生漏洞後,需要有一道最後的防線來偵測環境的漏洞,以減少公司的損失,Olden[2000] 認為稽核(Auditing)是網路環境下,電子商務安全基礎建設(Security Infrastructure)中最重要的功能,此稽核的工作包括:(1)促使公司追蹤網站上的活動。(2)產生交易日誌及相關的安全事件。(3)利用稽核日誌以證明某一活動或交易的執行,並且可以追蹤與重新建立因為安全入侵或詐欺等受到影響的事件。因此需要一個網路環境帳務稽核日誌系統,以利後續的審計軌跡的追蹤與查核。本研究試著提出適合在網路環境交易上的帳務稽核日誌系統架構,以解決網路環境交易上帳務稽核的需求,提供一個容易瞭解的稽核方式,幫助管理者更容易掌握網路上的相關問題,並且加以改進。對於日誌的稽核方面,提出重要的整體檢驗概念:(1)個別系統異常的檢查及異常的交互核對,以便找出不易發現的錯誤。(2)應用系統使用者主管角色檢查,以防止內部控制不當的缺失。
在系統雛型建置上,由於各系統所產生的日誌並非為了帳務稽核之目的而設計,難免無法完全滿足帳務稽核日誌所需要的欄位,尤其是無法支援由任一日誌交叉查詢至其他三種日誌所需要的欄位,及受限於研究資源及時間的限制,在雛型系統的實作上,本研究只實作當交易日誌找出異常資料時,再交叉查詢到其他三種日誌。同時,因為重點是放在交叉查詢的檢查,為了減少資料量,因此交易日誌的檢查只舉出經過簡化的十個例子來示範。 / It is hard to implement perfect safe systems in network environment for electronic commerce, so we need internal control and audit mechanism to help detecting unsafe events or error events. Olden[2000] claims that auditing is one of the most critical functions of an e-commerce security infrastructure. The auditing component, which enables an organization to track a Website's activities, should generate logs of transactions and relevant security events. Audit logs serve as proof that an activity or transaction was performed. The logs are often the best way to track and recreate events leading to a security breach or fraudulent activities. In an effective e-commerce security infrastructure, every activity should automatically generate a log entry that can be accessed later.
In this study, an implementation model of accounting auditing log system in network environment is proposed. It is essential for the auditing log system to integrate with, and leverage, existing technologies and environment platform logs for finding critical errors. The system should also perform user role conflict check for finding lack of user internal control.
This research implemented a prototype system (Network Accounting Auditing log system, NAA) in the environment of NT windows and SQL server database system, in which NT system log, IIS log, FTP log, SQL server log, program maintenance log, five logs are assumed to be kept. For simplification, only 10 scenarios are checked whether there are any abcdrmal transaction events. If any abcdrmal event is found, the NAA system will further cross-check the above logs to find the possible reasons.
|
Page generated in 0.0277 seconds