题名

金融創新服務之風險管理分析

并列篇名

Risk Management Analysis of Financial Innovation Service

作者

邱安安(An-An Chiu);黃劭彥(Shaio-Yan Huang);劉福運(Fu-Yun Liu);鄭嫆琄(Jung-Chuan Cheng)

关键词

行動應用程式 ; 金融創新 ; APP ; 風險管控 ; Mobile App ; Financial Innovation ; Apps ; Risk Management

期刊名称

科技管理學刊

卷期/出版年月

28卷3期(2023 / 12 / 01)

页次

1 - 35

内容语文

繁體中文;英文
中文摘要

近年來各項科技瞬息萬變,讓各產業發生巨大變化,金融創新服務在數位化與商業模式改變中所帶來的影響,各種金融交易都能在行動APP完成,但同時也存在風險,本研究目的係探討金融業APP所面臨的風險,以提供管理團隊建構降低相關風險的管控機制,研究中依據NIST發布網路安全框架(CSF)為核心的設計框架,彙整金融業APP風險項目並對應至各構面下的控管要項,並經由業界專家的問巻結果排序APP風險重要性。本研究得出全體專家都認為重要程度最高之共同項目為「敏感性資料保護」、「傳輸敏感性資料時未加密傳輸」,這個結果顯示出機密資料防護的重要性。本研究共找出51個金融業APP所面臨的相關風險與威脅,使其在開發APP時能了解潛在與容易發生的風險,並透過專家問巻的分析結果得出風險項目重要性的排名,俾使金融業開發APP時能妥適規劃面對風險的因應流程,強化資安機制並有效降低資安事故的發生,並作為落實資通安全檢查機制和內控的參考依據。
英文摘要

In recent years, the rapid changes in various technologies have led to breakthrough growth in the development of information in various industries. Mobile APPs have a strong impact on business digitalization and the changes in the business model. Various banking transactions can be completed in mobile APPs, but it also comes with risks. The purpose of this research is to discuss the risks faced by financial APPs which can assist the management team to construct a control mechanism to reduce related risks. The paper uses the Cyber Security Framework (CSF) released by NIST as the control element of the design structure and summarizes a list of financial APP risk items. Each risk item corresponds to the control and management mechanism under each aspect. Subsequently, the importance of risk items is ranked through expert questionnaires. This study shows that all experts consider "sensitive data protection" and "unencrypted transmission during transmission of sensitive data" to be the two most important risk items. This result shows the importance of confidential data protection. This research suggests that there are 51 relevant risks and threats faced by financial APPs. Banks can understand the potential and easy-to-occur risks when developing APP by obtaining the rank of the importance of risk items through the analysis results of the expert questionnaire. This enables the banks to properly plan the response process to risks when developing APPs, strengthen the information security mechanism and effectively reduce the occurrence of information security accidents. The results can serve as a reference for the implementation of the information security inspection mechanism and internal control.
主题分类 社會科學 > 管理學
参考文献
  1. 王仁聖、林冠仲 (2019),「金融科技 (FinTech) 商業模式策略優化研究:以法遵科技 (RegTech) 為例」,科技管理學刊,第 24 卷 2 期,頁 1-30。
  2. 林士平、王任聖、阮紅玉、孫薇捷 (2020) ,「從眾行為對於行為意圖之影響:以具有擴增實境技術之手機應用程式為例」,科技管理學刊,第 24 卷 3 期,頁 77-106。
  3. 林亭汝、王仁聖 (2021),「金融領域數位轉型賦能技術:嵌入區塊鏈和數位身份之簽章」,科技管理學刊,第 26 卷 2 期,頁 1-24。
  4. 財團法人台灣網路資訊中心(2020),「2020 台灣網路報告」,財團法人台灣網路資訊中心,取自: https://report.twnic.tw/2020/assets/download/TWNIC_TaiwanInternetReport_2020_CH.pdf。
  5. 溫紹群、舒世明、陳威棋 (2016),「打造 APP 資安防護網有訣竅」,勤業眾信通信,第 1 卷8 期,頁 35。
  6. 歐素華(2022),「價值鏈結: 由設計思考創新金融服務」,科技管理學刊,第 27 卷 2 期,頁63-91。
  7. 蔡均璋(2015),「金融創新浪潮下的資訊安全防禦變革」,會計研究月刊,第 361 期,頁 99-103。
  8. 羅正漢 (2021),「安華聯網揭露臺灣 APP 常見 3 大風險,不安全的資料儲存與傳輸,是開發人員最容易疏忽的問題」,iThome,取自: https://www.ithome.com.tw/news/145196。
  9. 賈蓉生、許世豪、林金池、賈敏原 (2014),「資訊與網路安全-基礎系統資訊安全技術與實務」,初版,台北:博碩文化,頁 7-11。
  10. 勤業眾信資安科技暨鑑識分析中心 (2016) ,「滑世代,你的 APP 安全嗎? 」,勤業眾信通信,第 6 期,頁 6-8。
  11. iThome (2020),「2020 資安大調查企業今年資安採購重點?熱門 CSF 資安框架有誰用?」,iThome,取自 https://www.ithome.com.tw/article/136557。
  12. Balapour, A., Nikkhah, H. R., & Sabherwal, R. (2020), “Mobile application security: Role of perceived privacy as the predictor of security perceptions”, International Journal of Information Management, Vol.52, pp.102063.
  13. Holden, M. C., & Wedman, J. F. (1993), “Future issues of computer-mediated communication: the results of a Delphi study”, Educational technology research and development, Vol.41(4), pp.5-24.
  14. Lawshe. C. H. (1975), “A quantitative approach to content validity”, Personnel Psychology, Vol.28, pp.563-575.
  15. Adarkar, A., Hyde, P., Maxwell, M. N., & Sridharan, A. (2020), “Leading a consumer bank through the coronavirus pandemic”, McKinsey & Company, Financial Services Practice, March.
  16. CACI report (2019), “2019 annual report: expertise and technology for national security”, From : 2019-Annual-Report.pdf (q4cdn.com)
  17. EY. (2019), “Global FinTech Adoption Index 2019”, From https://assets.ey.com/content/dam/ey-sites/ey-com/en_gl/topics/banking-and-capital-markets/ey-global-fintech-adoption-index.pdf
  18. Gomber, P., Kauffman, R.J., Parker, C., & Weber, B.W. (2018), “On the Fintech revolution: Interpreting the forces of innovation, disruption and transformation in financial services”, J. Manag. Inf. Syst. Vol.35(1), pp.220–265.
  19. Novak, J. D., & Gowin, D. B. (1984), “Learning how to learn”, Cambridge University press
  20. Padmanaban, P., & Soo, H. K. Y. (2016), “Catching the Fintech Wave A survey on FinTech in Malaysia”, Retrieved from https://www.pwc.com/my/en/publications/catching-the-fintech-wave.html
  21. Shackelford, S. J., Proia, A. A., Martell, B., & Craig, A. N. (2015), “Toward a global cybersecurity standard of care: Exploring the implications of the 2014 NIST cybersecurity framework on shaping reasonable national and international cybersecurity practices”, Tex. Int@@$$l LJ, Vol.50, pp.305.
  22. Shahid, F. & Khan, A. (2020), “Smart Digital Signatures (SDS): A post-quantum digital signature scheme for distributed ledgers”, Future Generation Computer Systems, Vol.111, pp.241-253.
  23. Toivonen, M., & Tuominen, T. (2009), “Emergence of innovations in services”, The Service Industries Journal, Vol.29(7), pp.887-902.
  24. Walker-Roberts, S., Hammoudeh, M., Aldabbas, O., Aydin, M., & Dehghantanha, A. (2020), “Threats on the horizon: Understanding security threats in the era of cyber-physical systems”, the Journal of Supercomputing, Vol.76(4), pp.2643-2664
  25. Yang, P. Y. S., Wang, J. H., & Ruan, W. Y. (2013), “Service innovation strategies in financial service industry: The perspective of reverse product cycle and innovation type”, Chia Tung Management Review, Vol.2, pp.31-74.
  26. Zhang, L., & Kim, H. (2020), “The influence of financial service characteristics on use intention through customer satisfaction with mobile fintech”, Journal of System and Management Sciences, Vol.10(2), pp.82-94.
print cancel