中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/95500
English  |  正體中文  |  简体中文  |  全文笔数/总笔数 : 80990/80990 (100%)
造访人次 : 42683562      在线人数 : 1374
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
  • 进阶搜寻


    jsp.display-item.identifier=請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/95500


    题名: 威脅情報應用在阻擋惡意威脅執行之研究;Research on Threat Intelligence in Blocking Malicious Threat Executions
    作者: 邱上峯;Chiu, Shang-Feng
    贡献者: 資訊管理學系在職專班
    关键词: 威脅情報;入侵威脅指標;資訊安全維運中心;安全資訊與事件管理系統;Threat intelligence;indicators of compromise;Security Operations Center;Security Information and Event Management system
    日期: 2024-07-22
    上传时间: 2024-10-09 16:54:29 (UTC+8)
    出版者: 國立中央大學
    摘要: 威脅情報已成為現代資訊安全防禦的不可或缺一環,組織和企業普遍依賴各種威脅情報來指導他們在資訊安全設備上進行事件調查。為了有效地追蹤事件並增強資訊安全防護能力,組織和企業通常在內部建置資訊安全維運中心(SOC)並在安全資訊與事件管理系統(SIEM)中應用威脅情報,以檢查組織內是否發生潛在的威脅事件,進而分析這些事件以提出改進的建議。然而,這種情資比對方式僅限於事件發生後,用於追蹤惡意活動的資訊設備日誌記錄痕跡,並不能直接阻止這些惡意行為和資安事件的發生。
    本研究採用個案訪談法作為主要研究方法,通過深入訪談組織內的資訊安全部門人員,了解他們對於現有資訊安全措施的看法、遇到的挑戰以及對未來資訊安全策略的期望。此外,本研究還分析威脅情報的有效性,特別是評估入侵威脅指標(IOC)的有效性及時效性,作為判斷資訊安全措施效果的依據。
    透過個案訪談法,本研究不僅能夠從實際操作者的角度理解資訊安全工作的現狀和需求,也能夠揭示影響資訊安全效果的關鍵因素。這些訪談結果將作為本研究的重要依據,幫助確定組織內資訊安全部門的關切點和困擾,並提供可參考的有效依據。
    綜合以上研究成果,本研究將適當的IOC在網路閘道資安設備上設置為阻擋規則,以直接防止威脅進入組織的網路內,進一步提升資訊安全防護能力。本研究的結果旨在提供一套針對性的資訊安全策略,幫助組織和企業更有效地利用威脅情報,從而加強其資訊安全防禦能力。;Threat intelligence has become an indispensable part of modern cybersecurity defense, with organizations and companies widely relying on various types of threat intelligence to guide their investigations into security incidents on information security equipment. To effectively track events and enhance cybersecurity protection capabilities, organizations and companies typically establish internal Security Operations Centers (SOCs) and apply threat intelligence in Security Information and Event Management Systems (SIEM) to check for potential threats within the organization. This allows them to analyze these events and make recommendations for improvement. However, this approach to correlating intelligence is limited to post-event scenarios, tracking malicious activities through information equipment logs, and cannot directly prevent these malicious acts and cybersecurity incidents from occurring.
    This study adopts the case interview method as its primary research methodology. Through in-depth interviews with personnel within the organization′s information security departments, we gain insights into their views on existing cybersecurity measures, challenges faced, and expectations for future cybersecurity strategies. Additionally, the study analyzes the effectiveness of threat intelligence, particularly evaluating the validity and timeliness of Indicators of Compromise (IOCs) as criteria for assessing the effectiveness of cybersecurity measures.
    Through the case interview method, this study not only understands the status quo and needs of cybersecurity work from the perspective of actual operators but also reveals key factors affecting cybersecurity effectiveness. These interview results serve as important references for the study, helping to identify concerns and difficulties within the organization′s information security department and providing actionable recommendations.
    显示于类别:[資訊管理學系碩士在職專班 ] 博碩士論文

    文件中的档案:

    档案 描述 大小格式浏览次数
    index.html0KbHTML61检视/开启


    在NCUIR中所有的数据项都受到原著作权保护.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明