中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/88972
English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 80990/80990 (100%)
造訪人次 : 42729594      線上人數 : 1247
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋


    請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/88972


    題名: 結合FAIR與NIST資安框架分析資安風險: 以資訊與科技服務業為例
    作者: 莊岳穎;CHUANG, YUEH-YING
    貢獻者: 土木工程學系
    關鍵詞: 網路風險評估;FAIR模型;NIST網路安全框架;蒙地卡羅模擬分析;資訊與科技服務業;危險保費;資料外洩;cyber risk assessment;FAIR model;cybersecurity framework;Monte Carlo simulation analysis;information and technology services;premiums;Data breach
    日期: 2022-07-27
    上傳時間: 2022-10-04 10:45:45 (UTC+8)
    出版者: 國立中央大學
    摘要: 為了面對網路威脅所產生不易掌控的風險、持續鞏固台灣半導體在全球領先的地位,我們將著手建立有關於我國資訊與科技服務業的資訊安全風險的評估,並量化風險值、計算投保時之保費參考依據,以便於企業組織將風險做適當轉移。
    本研究首先會說明資安損失的型態,將各種損失型態做統整及歸納;本篇選擇關注在資料外洩的型態,研究採用Jack Freund & Jack Jones發展之Factor Analysis of Information Risk模型,並結合美國國家標準暨技術研究院(NIST)制定的Cybersecurity Framework作為探討之基礎,經由蒙地卡羅模擬並量化當資訊與科技服務業遭遇網路攻擊時的風險值,後續可以藉此推估出保險公司所需的危險保費。
    研究結果發現,當我國資訊與科技服務業遭遇資料外洩時,若是提升了FAIR模型中的抵抗能力,則危險保費也會下降,內文具不同抵抗能力所得之風險平均值、標準差和危險保費。
    這些經過蒙地卡羅模擬分析及專家估算所得到的風險值,提供保險公司為資訊與科技服務業計算保費的基準、企業本身風險管理時的良好指標。本研究所提出之流程、架構可以依使用對象的實際資料和參數分析。
    ;In order to face the unmanageable risks arising from cyber threats and continue to consolidate Taiwan′s leading position in the world of semiconductors, we establish an assessment of information security risks in Taiwan′s information and technology service industry, quantify the risk value. The insurance premium basis is used to facilitate the organization to transfer risks appropriately.
    We will first explain the types of information security losses, then integrate and summarize various types of losses; choose to focus on the types of Data breach, and adopts the Factor Analysis of Information Risk model developed by Jack Freund & Jack Jones, and combine with the Cybersecurity Framework established by the National Institute of Standards and Technology (NIST) as the basis for the study. Through Monte Carlo simulation and quantification of the risk value when the information and technology service company encounter a cyber threat, the simulation results can be used to promote estimate the premiums required by the insurance company.
    The results of the research finds that when Taiwan′s information and technology service industry encounters Data breach, if the resistance in the Factor Analysis of Information Risk model is improved, the risk premium will also decrease accordingly.
    These risk values is obtained through Monte Carlo simulation analysis and expert estimation provide insurance companies with a benchmark for calculating premiums for the information and technology service industry and a good indicator for company risk management. However, we suggest that under this process and framework the real parameter analysis can be input according to the actual data of the company considered.
    顯示於類別:[土木工程研究所] 博碩士論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    index.html0KbHTML45檢視/開啟


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明