中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/88972
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 80990/80990 (100%)
Visitors : 42717424      Online Users : 1479
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
    •  Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/88972


    Title: 結合FAIR與NIST資安框架分析資安風險: 以資訊與科技服務業為例
    Authors: 莊岳穎;CHUANG, YUEH-YING
    Contributors: 土木工程學系
    Keywords: 網路風險評估;FAIR模型;NIST網路安全框架;蒙地卡羅模擬分析;資訊與科技服務業;危險保費;資料外洩;cyber risk assessment;FAIR model;cybersecurity framework;Monte Carlo simulation analysis;information and technology services;premiums;Data breach
    Date: 2022-07-27
    Issue Date: 2022-10-04 10:45:45 (UTC+8)
    Publisher: 國立中央大學
    Abstract: 為了面對網路威脅所產生不易掌控的風險、持續鞏固台灣半導體在全球領先的地位,我們將著手建立有關於我國資訊與科技服務業的資訊安全風險的評估,並量化風險值、計算投保時之保費參考依據,以便於企業組織將風險做適當轉移。
    本研究首先會說明資安損失的型態,將各種損失型態做統整及歸納;本篇選擇關注在資料外洩的型態,研究採用Jack Freund & Jack Jones發展之Factor Analysis of Information Risk模型,並結合美國國家標準暨技術研究院(NIST)制定的Cybersecurity Framework作為探討之基礎,經由蒙地卡羅模擬並量化當資訊與科技服務業遭遇網路攻擊時的風險值,後續可以藉此推估出保險公司所需的危險保費。
    研究結果發現,當我國資訊與科技服務業遭遇資料外洩時,若是提升了FAIR模型中的抵抗能力,則危險保費也會下降,內文具不同抵抗能力所得之風險平均值、標準差和危險保費。
    這些經過蒙地卡羅模擬分析及專家估算所得到的風險值,提供保險公司為資訊與科技服務業計算保費的基準、企業本身風險管理時的良好指標。本研究所提出之流程、架構可以依使用對象的實際資料和參數分析。
    ;In order to face the unmanageable risks arising from cyber threats and continue to consolidate Taiwan′s leading position in the world of semiconductors, we establish an assessment of information security risks in Taiwan′s information and technology service industry, quantify the risk value. The insurance premium basis is used to facilitate the organization to transfer risks appropriately.
    We will first explain the types of information security losses, then integrate and summarize various types of losses; choose to focus on the types of Data breach, and adopts the Factor Analysis of Information Risk model developed by Jack Freund & Jack Jones, and combine with the Cybersecurity Framework established by the National Institute of Standards and Technology (NIST) as the basis for the study. Through Monte Carlo simulation and quantification of the risk value when the information and technology service company encounter a cyber threat, the simulation results can be used to promote estimate the premiums required by the insurance company.
    The results of the research finds that when Taiwan′s information and technology service industry encounters Data breach, if the resistance in the Factor Analysis of Information Risk model is improved, the risk premium will also decrease accordingly.
    These risk values is obtained through Monte Carlo simulation analysis and expert estimation provide insurance companies with a benchmark for calculating premiums for the information and technology service industry and a good indicator for company risk management. However, we suggest that under this process and framework the real parameter analysis can be input according to the actual data of the company considered.
    Appears in Collections:[Graduate Institute of Civil Engineering] Electronic Thesis & Dissertation

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML45View/Open


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明