English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 80990/80990 (100%)
造訪人次 : 42673022      線上人數 : 1239
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋


    請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/95500


    題名: 威脅情報應用在阻擋惡意威脅執行之研究;Research on Threat Intelligence in Blocking Malicious Threat Executions
    作者: 邱上峯;Chiu, Shang-Feng
    貢獻者: 資訊管理學系在職專班
    關鍵詞: 威脅情報;入侵威脅指標;資訊安全維運中心;安全資訊與事件管理系統;Threat intelligence;indicators of compromise;Security Operations Center;Security Information and Event Management system
    日期: 2024-07-22
    上傳時間: 2024-10-09 16:54:29 (UTC+8)
    出版者: 國立中央大學
    摘要: 威脅情報已成為現代資訊安全防禦的不可或缺一環,組織和企業普遍依賴各種威脅情報來指導他們在資訊安全設備上進行事件調查。為了有效地追蹤事件並增強資訊安全防護能力,組織和企業通常在內部建置資訊安全維運中心(SOC)並在安全資訊與事件管理系統(SIEM)中應用威脅情報,以檢查組織內是否發生潛在的威脅事件,進而分析這些事件以提出改進的建議。然而,這種情資比對方式僅限於事件發生後,用於追蹤惡意活動的資訊設備日誌記錄痕跡,並不能直接阻止這些惡意行為和資安事件的發生。
    本研究採用個案訪談法作為主要研究方法,通過深入訪談組織內的資訊安全部門人員,了解他們對於現有資訊安全措施的看法、遇到的挑戰以及對未來資訊安全策略的期望。此外,本研究還分析威脅情報的有效性,特別是評估入侵威脅指標(IOC)的有效性及時效性,作為判斷資訊安全措施效果的依據。
    透過個案訪談法,本研究不僅能夠從實際操作者的角度理解資訊安全工作的現狀和需求,也能夠揭示影響資訊安全效果的關鍵因素。這些訪談結果將作為本研究的重要依據,幫助確定組織內資訊安全部門的關切點和困擾,並提供可參考的有效依據。
    綜合以上研究成果,本研究將適當的IOC在網路閘道資安設備上設置為阻擋規則,以直接防止威脅進入組織的網路內,進一步提升資訊安全防護能力。本研究的結果旨在提供一套針對性的資訊安全策略,幫助組織和企業更有效地利用威脅情報,從而加強其資訊安全防禦能力。;Threat intelligence has become an indispensable part of modern cybersecurity defense, with organizations and companies widely relying on various types of threat intelligence to guide their investigations into security incidents on information security equipment. To effectively track events and enhance cybersecurity protection capabilities, organizations and companies typically establish internal Security Operations Centers (SOCs) and apply threat intelligence in Security Information and Event Management Systems (SIEM) to check for potential threats within the organization. This allows them to analyze these events and make recommendations for improvement. However, this approach to correlating intelligence is limited to post-event scenarios, tracking malicious activities through information equipment logs, and cannot directly prevent these malicious acts and cybersecurity incidents from occurring.
    This study adopts the case interview method as its primary research methodology. Through in-depth interviews with personnel within the organization′s information security departments, we gain insights into their views on existing cybersecurity measures, challenges faced, and expectations for future cybersecurity strategies. Additionally, the study analyzes the effectiveness of threat intelligence, particularly evaluating the validity and timeliness of Indicators of Compromise (IOCs) as criteria for assessing the effectiveness of cybersecurity measures.
    Through the case interview method, this study not only understands the status quo and needs of cybersecurity work from the perspective of actual operators but also reveals key factors affecting cybersecurity effectiveness. These interview results serve as important references for the study, helping to identify concerns and difficulties within the organization′s information security department and providing actionable recommendations.
    顯示於類別:[資訊管理學系碩士在職專班 ] 博碩士論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    index.html0KbHTML60檢視/開啟


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明