鹽塵害之風險分析與防阻--以台電雲林區處為例

白銀隆

Unknown Date

台灣地區因受海島型地理環境影響，鹽塵（霧）害普遍存在，長期危害電力設備，並造成電力系統不穩定導致事故停電。九十年三月十八日核三電力出口因急速鹽霧出現不穩定，引發一連串廠內控制機制失序現象，導致台電核三廠318 3A事故，觸動本論文之研究動機。 電力設備遭受鹽塵（霧）危害對發電部分因台灣地區電力系統結構，電力調度視負載情況而定，利用備用電源調度，對整個系統的影響不大故予以排除。就輸配電部分，依據85~89年各該系統事故停電原因分析統計資料庫所擷取數據，選取配電系統一台電雲林區處作為個案分析，但因國內外相關論述及研究並不多見，乃從實務面切入，訪談專家及具有現場實際工作經驗者，並經參酌日本、韓國電業及我國台塑公司麥寮發電廠之鹽塵害防治的作法與經驗，並作相關文獻回顧，提供防治可行對策供電業經營者參考。 在研究過程中，發現沿海地區如雲林縣等地配電系統鹽塵（霧）害極為嚴重，維護工作所投入人力、物力頗為可觀。而台電內部作業規章準則僅就原則或活線注掃礙子規定，但因現場自主性高及鹽塵害事故停電比例偏高，以目前現有人力在排除停電事故已不勝負荷，故目前做法多為治標性工作。反觀日本、韓國及麥寮發電廠，自規劃、設計開始即要求標準化、制度化，使用於鹽塵害地區器材設備有統一標準規範，平時做「等效鹽著量密度」ESDD定義值之測定，長期監控鹽塵（霧）害測定資料之嚴重程度及發生週期之判讀，並作成對策，足供參考。 此次鹽塵（霧）害肇致核三廠318 3A事故，除造成電業營運鉅額損失外，核電經營管理能力及核電風險再受質疑，核電廠竟會因鹽霧害而險釀巨災，政府單住及電業主管機關指責與批評，國營事業組織與人性之核對又再次出現，有形、無形損失不可謂不大。基於用電高品質要求之聲浪、高科技產業對系統供電穩定度之期待，長效性鹽塵害維護應有長期性的計畫，並予以落實，在觀念上改變傳統作法，以高科技導入礙子新產品及預防性損害防阻風險理念，雖然核三廠鹽塵（霧）害318 3A事故代價很高，但在經驗上相信它是值得的。 / The salt contamination caused a series of problems on the control systems of the 3^rd nuclear power plant in the 318 3A Accident. In a more general case, the salt contamination would result in the instability of power system and might cause the power system to shut down. Although salt contamination problem prevails in Taiwan due to geographic condition, statistical data and relevant research salt contamination severity does not exist. This research will systematically analyze the impact of salt contamination and then suggest corresponding solutions. This study focus on the salt contamination on the transmission and distribution system rather than the power generating system, since the utility distribution can utilize the back up system when overloaded. To provide concrete descriptions and solutions for salt contamination problem, we choose the distribution system ofYun-Lin district office as our case study subject. We first collect the practical operation and experience of other utility companies (e.g. Formosa, Japan utility company, and Korea utility company) as our general references. To seek for practical suggestions of the problem, we then interview with field experts. We find that the distribution systems along the sea shore incur serious salt contamination problem and Yun-Lin County is the most serious area in which much manpower and money have been invested in related maintenance. The internal rule ofTaipower Company (TPC) however prescribe the general cleaning frequency and method only. Such common rule is not suitable for every kind of environments. The accident rate caused by the salt contamination hence is quite high. On the other hand, the Mai-Liew power plant and other utility companies in Japan and Korea use the anti-contamination equipments and tools as well as standardizing monitoring mechanism to deal with the salt contamination problem. They regularly measure the "Equivalent Salt Deposit Density" values to monitor the severity of salt contamination. The periodical data is then analyzed for necessary prompt actions. The 318 3A Accident of the 3----- nuclear power plant had evoked the attention of the society. All parties recognize the fact that the instability of utility system could result in serious accident. The society demands the good power supply quality that is stable and adequate. TPC should adopt the loss and prevention management by using high tech products and other risk controlling method to avoid the occurrence of similar accidents of the 3^rd nuclear event in the future.

鹽塵害

風險分析

台電公司

The process-wide methodology for investigating the information security of a business process

洪妙如, Hung, Miao-Ju

Unknown Date

為落實現行企業的資訊安全評估，研究一創新的方法論，從企業流程的角度做分析評估，將企業要面臨的風險降低到可接受的等級。我們提出的發法論主要分為: (1) 發展企業流程表，找出此流程中要完成的所有功能(2) 指出各功能中對應需運作的接觸點/資訊管道/資訊資源，並評估可能面臨的風險 (3) 將這些面臨的風險，依據風險的可能性、風險的影響性，決定出各風險的風險等級　(4)提出在需建議的風險等級以上的接觸點/資訊管道/資訊資源的控制措施　(5) 確認現行企業是否有落實建議之控制措施。並實際訪談個案公司，完成此方法論的案例雛型。 / We are interested in evaluating the information security of a critical business process and its relevant issues. We try to provide a new security investigation method which is concerned with ensuring the continuity of business essential processes even the whole organization. This study will provide a methodology for analyzing the risk of each component of a process to replace the original information security method which was too widespread or too tiny. Base on such investigation, we can realize the security implements in the process and discover what component is needed to changed such as reduce risk or enhance security of that process to an acceptable level within the limited budget. In our methodology for each decisive business process., the following steps are proposed: (1) to develop the business process table, (2) to figure out all practices of CP/IC/IR corresponding to each function and the related risks, (3) to classify the risk likelihood, risk impact, and security level for each CP/IC/IR of the critical process, (4) to propose the corresponding controls for each CP/IC/IR, and (5) to check the installed controls: The last column, installed check, is took down if the proposed controls are installed or not. A case study of the loan process in a financial institution will be conducted here to illustrate the proposed methodology. We find that here are a number of benefits offered by the PWIO security investigation approach. It is designed from the higher level view point. It involves more members. It is easier to be supported by managers. It makes systematic analysis and check for the security controls in the business process. It costs less than the conventional risk analysis which is adopted for the whole enterprise. The PWIO security investigation methodology can be used in one of the processes and be modified to fit the unique enterprise, and then it can be followed out by the other processes. It can save time and money via try-and-modify steps.

資訊安全

風險分析管理

企業流程

information security

risk analysis and management

business process

產業相依下的停電風險分析 / Risk Analysis of Interdependent Industries

林佩琪

Unknown Date

行政院國土安全辦公室(2010)於國家關鍵基礎設施防護計畫中，將我國的關鍵基礎設施分為8大部門。本研究將對此8大部門關鍵基礎建設進行經濟面的分析比較，將此8大部門關鍵基礎建設對應到產業關聯表中18個產業，應用需求面投入產出停轉模型比較各關鍵基礎產業對整體產業需求的依賴程度以及說明各關鍵基礎產業如何相互影響。此外，由於我國關鍵基礎防護優先順序第一者為能源，因此進一步以電力為代表能源，分析近年來因天然災害衝擊和產業需求增加而面臨供應不足且對整體產業需求依賴程度排名第一的電力及蒸汽產業，應用線性規劃投入產出停轉模型模擬在電力供應短缺之下，若同時考慮極小化整體經濟損失與民生基本需求的電力配置策略。在本研究中，維持民生基本需求是假設各關鍵基礎產業其最終需求變動不大於50%。 需求面投入產出停轉模型是Leontief投入產出模型的線性轉換，主要透過分配係數進行衝擊的傳遞。若某關鍵基礎產業具有以下兩特性，當各產業投入需求皆減少10%，此關鍵基礎產業的停轉性則大，可藉此說明某關鍵基礎產業對整體產業需求的依賴程度：一、產出主要當作中間投入使用；二、為一集中分配型產業供應鏈的重要上游產業，即此產業供應鏈之產出分配集中，且主要下游產業產出皆主要當中間投入使用。其中依賴程度前三名依序為電力及蒸汽、自來水、石油化工原料。若細部分析各關鍵基礎產業停轉性的主要來源，可了解關鍵基礎產業間明顯的需求依賴關係。而在模擬電力供應不足時的電力配置策略方面，產品單位內含電力投入減少對整體經濟造成的停轉性越小者優先分擔供電缺口。其中若僅以極小化整體經濟損失為目標，將使部分關鍵基礎產業的最終需求完全無法被滿足，而加入維持民生基本需求的考量儘管會提高整體經濟損失且分擔供電缺口的產品增加，但與未進行電力配置的結果相比，仍有效減少42.5%的整體經濟損失，同時更貼近社會需求與期待。 關鍵詞：限制用電、關鍵基礎產業、需求面投入產出停轉模型、線性規劃投入產出停轉模型、風險分析

限制用電

關鍵基礎產業

需求面投入產出停轉模型

線性規劃投入產出停轉模型

風險分析

授信風險分析方法對企業財務危機預測能力之研究--以logit模型驗證

吳樂山

Unknown Date

授信風險分析是決定授信品質的關鍵。不管是聯合貸款、企業授信或消費性貸款，所有申貸案件必定經過徵信程序(credit analysis)來評估授信風險，再決定是否准予貸放。尤其企業授信一般貸放金額甚高，必須藉著嚴謹的審查過程來分析授信戶的借款用途是否合理、還款來源是否無虞。而這又必須瞭解其財務狀況、產銷情形、產業前景、研發創新、營運模式、經營者專業素養、管理能力等構面來分析風險成分。 傳統授信風險分析方法、理論，如五P分析、產業分析、財務分析等已行之多年，亦是國內商業銀行最普遍採用。然而隨著統計學、計量工具的發展，各種衡量信用風險的模型model被架構推出，世界知名銀行亦投注人力物力發展計量分析為主的風險管理部門，建立授信風險量化指標。除消費金融業務已藉著評分(credit scoring)作為准駁依據外，企業授信則因basel II即將公佈實施，亦使銀行業近幾年亦積極投入發展計量模型以建立IRB。然而計量分析與專家分析目前在國內銀行並未結合。我們將在文中探討主要授信分析工具並以89-92年間發生下市及打入全額交割股事件之公司為選樣範圍作為倒帳率分析基礎。

授信風險分析

財務危機

信用風險衡量

財務預警模式

logit

multiple discriminant analysis

liner probability model

網路交易之風險分析與建議-以旅遊業為例 / Risk analysis & suggestion of Internet transaction

呂雅麗, Lu, Ya Li

Unknown Date

在網路環境日益成熟的今日，網路交易的安全性已被列為首要的課題，而「公開金鑰基礎建設(public key infrastructure, PKI)」被公認是在資訊安全應用領域中，少數能同時滿足「保護資料安全」、「身分驗證」、「訊息完整性」以及「交易不可否認性」的加密應用技術。 電子商務被運用於各行各業，其中旅遊產業是全球最大與成長最快的產業之ㄧ。許多網路旅行社已經在企業內部建置了企業資源規劃(enterprise resource planning, ERP)系統，使得幾乎全部的交易與旅遊的安排都可以在線上完成。為了確保資料交換的安全性，便可以使用PKI技術，使企業的ERP 成為受完整加密保護的服務網路。 網路旅遊業者是以網站營運的方式來進行與消費者的互動，除了基本的防護措施，如：防火牆、入侵偵測、弱點掃瞄等網路安全外，企業的資安政策的制定與執行都可減少企業所面臨的風險。 近年來資料外洩事件頻傳，客戶資料及公司智慧財產外洩可能導致罰鍰、訴訟、公司品牌形象的毀損等。政府積極推動個人資料保護法，為了提高約束力，立法、司法與行政部門決定聯手祭出「天文數字的重罰」加以遏止；加上惡意使用者偽卡盜刷、冒名使用，使得電子商務業者不得不審慎地去評估如何加強資訊安全，以維繫企業本身的利益及提高企業的競爭力。 PKI的技術是目前公認最可靠、最可被信任的方式，但建置的複雜性及高成本，使得PKI的推廣層面不夠普及；如何讓PKI由「技術」移轉成為成功的「應用」，故筆者在本論文中建議一個運作模式，讓網路旅行社可以在透過網際網路行銷擴大業務之餘，也能因應時勢所趨，提供給其客戶一個安全的網路交易環境。 / The safety of Internet transaction has been referred to as the most important task in this fully-developed world of Internet. And public key infrastructure, which can provide confidentiality, authentication, integrity and non-repudiation, is one of the most effective ways of encryption in the application of information security. The travel agency has been one of the largest industries in e-commerce. There are many enterprise resource planning systems built in online travel agencies, so that almost every transaction and tours can be arranged through the Internet. To provide a well-protected environment, enterprises can use PKI technology to ensure the safety of online data exchanging. Online travel agencies interact with consumers through the web-site. Not only the basic protection like firewall, intrusion detection, and vulnerability scanning but also the development and the executive of security policies can reduce the risk that enterprises may encounter. Fines, litigations and the company's brand image damages may come after data leakages such as information of clients or intellectual property of companies. Government has actively promoted personal data protection law and huge amount of fines to improve the bindings. Coupled with many fraud credit cards used by the malicious users, companies have to assess how to reinforce information security to maintain its profit and upgrade its competitiveness. PKI technology is recognized as the most reliable and trusted solution, but the complexities and high cost of implementation made it difficult to apply. So, the author here tries to provide a mode of operation for online travel agencies to not only extend its services by the Internet but also provide a safe Internet transaction environment for its clients.

旅遊業

風險分析

資訊安全

公開金鑰基礎建設(PKI)

travel agency

risk analysis

information security

public key infrastructure

我國食品安全管制及法執行之研究 / Regulation and Law Enforcement of Food Safety in Taiwan

姜至剛, Chiang, Chih Kang

Unknown Date

我國向以「美食王國」享譽國際，各種美食不但曾為國人共同驕傲，亦帶來大量觀光人潮與經濟收入。未料，2011年5月「塑化劑事件」揭開我國食安風暴之黑幕，此後毒澱粉事件、黑心油事件等一連串黑心事件爆發，不但使國人對政府食品安全行政管制失去信心，亦讓我國美食商譽嚴重受創。 政府雖於每次食安事件爆發後，隨即召開相應之各種食安會議，提出相關管制改革措施；更透過數次修改食安法，不斷提高對違反法規黑心食品相關業者之罰則。然而食安事件仍不斷爆發，黑心食品不但數量未曾減少，反而製造、加工方法更趨黑心；顯示我國食品安全行政管制完全失靈，傳統法執行制度陷入困境，亟需改革。 我國食安法於2013年6月進行重大修正，此次修正納入以預防原則為前提之風險分析模式，風險分析模式係由歐盟開始發展，主要包括風險評估、風險管理及風險溝通。我國雖擬納入風險分析模式革新食品安全管制，惟食安法似僅將核心置於風險評估之制度設計，有關風險管理措施著墨不多，風險溝通更是付之闕如。因此，修法2年多以來，食品安全仍未能有效管制，食安事件爆發後，更是主管機關手忙腳亂，消費者人心惶惶。 有鑑於傳統法執行制度陷入困境，無法完成食安管制之任務，食安法除納入風險分析模式外，尚設立三級管理機制，亦即採取公私協力與自主規制之手段，主要透過業者自我管理、建立通報系統等措施強化食安管制。藉由與私部門之合作，固可提高食安管制之專業與效率，惟因我國未能體察社會民情與企業文化之差異，徒使自主規制成為政府卸責之藉口，有待進一步檢討。 因此，我國應就食品安全管制應就立法政策、風險分析及供應鏈管制等三方面，徹底檢討並提出解決辦法。 / In Taiwan, “Delicious Food” is well known world wide, and is one of the most proud of issue for Taiwanese. Small eats, and a lot of them, are the big things in Taiwan, and attracted a lot of tourists and brought a favorable income. Unfortunately, the Taiwan food scandal was started by the overuse one of plasticizer as a clouding agent in numerous food and beverage. It followed by “Toxic starch” and “Evil oil event”, which led to lose confidence and ruin administrative regulation of food safety to Taiwan government. Furthermore, there was a huge impact on Taiwan delicious food goodwill in the world. After uncovered each food scandal, Taiwan government tried to organize numerous food safety conferences, and has taken measures to restrain food safety regulation. In addition to food safety law revision, the penalty provision has been enhanced for unscrupulous vendors of food industry. However, food scandal is keeping on going, and the events are increasing in numbers these years. The food manufacturing and refining processes has become more evil. It means that food safety administrative regulation is run out of order, and the traditional law enforcement has faced the difficulty in this changing era. Since June 2013, food safety law revision included the brand new “Risk Analysis” model into “Precautionary Principle” concept. Risk analysis started over by European Union (EU), which is a politico-economic union of 28 member states that are located primarily in Europe. “Risk Analysis” model has three components, including risk evaluation, risk management and risk communication. In Taiwan, we have already taken “Risk Analysis” model on board for the innovation of food safety regulation, but Food Safety Law focused in the accounting system design of risk evaluation. There is only few in the risk management, and no statements in risk communication. Two years after food safety law revision, we still found the administration office has difficulty in facing the new food scandal, and the general populations are still worry about food safety issue. In order to reform the traditional law enforcement in food safety, the Act Governing Food Safety and Sanitation Taiwan included the risk analysis model first. Furthermore, in Taiwan’s food safety regime, the three-tier quality control system refers to self-management by food businesses, testing by independent institutions, and inspections by the government. It means that public-private partnerships (PPP) and self-regulation become a part of new regulation system. Through the cooperation between Taiwan Food and Drug Administration (TFDA) and private industrial association, the professionalism and efficiency of food safety regulation will be enhanced, but this kind of cooperation might be become the reasons of shirking the responsibility of government. Further investigation is mandatory.

食品安全

食品安全衛生管理法

風險分析

風險評估

公私協力

黑心食品

food safety

risk analysis

risk evaluation

public-private partnerships

evil food event