题名

資訊安全威脅與治理政策之探討

并列篇名

Discussion on Information Security Threats and Governance Policies

DOI

10.6285/MIC.202307/SP_01_12.0001

作者

陳仕弘(Shih-Hong Chen)

关键词

資訊安全 ; 零信任 ; 多因素身分認證 ; 紅隊演練 ; Information security ; Zero Trust Architecture ; Multi-Factor Authentication ; Red Team Assessment

期刊名称

管理資訊計算

卷期/出版年月

12卷特刊1(2023 / 07 / 01)

页次

1 - 12

内容语文

繁體中文;英文
中文摘要

隨著資訊科技的快速發展,資訊安全已成為當今數位時代中的重要問題。然而,資訊安全威脅不斷增加,對公、私部門之資訊安全造成嚴重威脅。因此,本研究分析了資訊安全威脅的種類及型態,包括網路釣魚、惡意軟體、入侵攻擊和阻斷服務等,並探討相應的治理政策。本研究提出網路資安威脅之治理政策,例如建置零信任架構、多因素身分認證授權、紅隊演練等,實施多層次的防護措施、強化安全管理、加強使用者認證和存取控制。
英文摘要

With the rapid development of information technology, information security has become an important issue in today's digital age. However, information security threats continue to increase, posing a serious threat to information security in public and private sectors. Therefore, this study analyzes the types and patterns of information security threats, including phishing, malware, intrusion attacks, and denial of service, etc., and discusses the corresponding governance policies. This study proposes governance policies for network information security threats, such as the establishment of zero trust architecture, multi-factor authentication and authorization, Red Army drills, etc., implements multi-level protection measures, strengthens security management, and strengthens user authentication and access control.
主题分类 基礎與應用科學 > 資訊科學
社會科學 > 管理學
参考文献
  1. 方仁威(2016)。論社交工程安全威脅之研究。發展與前瞻學報,11,33-52。
    連結:
  2. 吳嘉龍(2017)。針對網路惡意程式攻擊探討電腦風險管理與資訊安全技術因應研究。危機管理學刊,14(1),19-28。
    連結:
  3. 吳嘉龍(2017)。針對勒索病毒惡意程式攻擊網路風險管理與資訊安全防護技術研究。危機管理學刊,14(2),23-31。
    連結:
  4. 張宏昌(2017)。ccTLDs 在 DNSSEC 建置發展及推動現況之比較。資訊管理學報,24(2),185-208。
    連結:
  5. 張志汖,林宜隆(2016)。行動惡意程式攻擊數位證據鑑識調查處理程序之研究。電腦稽核,33,1-21。
    連結:
  6. 張腕純(2018)。個人資料外洩如何通知?參考歐盟 GDPR 之規範與指引。科技法律透析,30(2),33-42。
    連結:
  7. 楊慶裕,郭家祥,吳信德(2019)。資安日誌管理暨惡意程式分析平台系統建置-以學校系所為例。資訊安全通訊,25(4),17-28。
    連結:
  8. 劉祉君(2018)。基於瀏覽器之分散式阻斷服務攻擊防禦技術研究。資訊安全通訊,24(1),1-17。
    連結:
  9. 蔡旻諺,徐禾瀚,卓信宏(2020)。基於卷積神經網路的低速阻斷服務攻擊檢測。資訊安全通訊,26(3),51-62。
    連結:
  10. Aidan, J. S.,Verma, H. K.,Awasthi, L. K.(2017).Comprehensive survey on petya ransomware attack.2017 International Conference on Next Generation Computing and Information Systems (ICNGCIS)
  11. Aldhyani, T. H.,Alkahtani, H.(2023).Cyber Security for Detecting Distributed Denial of Service Attacks in Agriculture 4.0: Deep Learning Model.Mathematics,11(1),233.
  12. Alzahrani, A. O.,Alenazi, M. J.(2023).ML‐IDSDN: Machine learning based intrusion detection system for software‐defined network.Concurrency and Computation: Practice and Experience,35(1),1-19.
  13. Ashraf, I.,Park, Y.,Hur, S.,Kim, S. W.,Alroobaea, R.,Zikria, Y. B.,Nosheen, S(2022).A survey on cyber security threats in IoT-enabled maritime industry.Ieee Transactions on Intelligent Transportation Systems,2677-2690.
  14. Chaganti, R.,Suliman, W.,Ravi, V.,Dua, A.(2023).Deep Learning Approach for SDN-Enabled Intrusion Detection System in IoT Networks.Information,14(1),41.
  15. De Santis, G.,Lahmadi, A.,Francois, J.,Festor, O.(2016).Modeling of ip scanning activities with hidden markov models: Darknet case study.2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS)
  16. Elamathi, M. U.,Aruna, M. A.(2023).An Effective Secure Mechanism For Phishing Attacks Using Machine Learning Approach.Journal of Pharmaceutical Negative Results,2724-2732.
  17. Elkhail, A. A.,Lachtar, N.,Ibdah, D.,Aslam, R.,Khan, H.,Bacha, A.,Malik, H(2023).Seamlessly Safeguarding Data Against Ransomware Attacks.IEEE Transactions on Dependable and Secure Computing,20(1),1-16.
  18. Gaylah, K. D.,Vaghela, R. S.(2023).Mitigation and Prevention Methods for Distributed Denial-of-Service Attacks on Network Servers.Advancements in Smart Computing and Information Security: First International Conference, ASCIS 2022,Rajkot, India:
  19. Gupta, B. B.,Tewari, A.,Jain, A. K.,Agrawal, D. P.(2017).Fighting against phishing attacks: state of the art and future challenges.Neural Computing and Applications,28,3629-3654.
  20. Hasan, M. K.,Ghazal, T. M.,Saeed, R. A.,Pandey, B.,Gohel, H.,Eshmawi,Alkhassawneh, H. M.(2022).A review on security threats, vulnerabilities, and counter measures of 5G enabled Internet‐of‐Medical‐Things.IET Communications,16(5),421-432.
  21. Jain, A. K.,Gupta, B.(2022).A survey of phishing attack techniques, defence mechanisms and open research challenges.Enterprise Information Systems,16(4),527-565.
  22. Khouzani, M.,Sarkar, S.,Altman, E.(2012).Maximum damage malware attack in mobile wireless networks.IEEE/ACM Transactions on Networking,20(5),1347-1360.
  23. Lee, Y. Y.,Gan, C. L.,Liew, T. W.(2023).Thwarting Instant Messaging Phishing Attacks: The Role of Self-Efficacy and the Mediating Effect of Attitude towards Online Sharing of Personal Information.International Journal of Environmental Research and Public Health,20(4),3514.
  24. Mohurle, S.,Patil, M.(2017).A brief study of wannacry threat: Ransomware attack 2017.International Journal of Advanced Research in Computer Science,8(5),1938-1940.
  25. OMB. (2022). M-22-09: Zero Trust Security Practices for Federal Government Retrieved from https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf
  26. Ometov, A.,Bezzateev, S.,Mäkitalo, N.,Andreev, S.,Mikkonen, T.,Koucheryavy, Y.(2018).Multi-factor authentication: A survey.Cryptography,2(1),1.
  27. Pittman, J. M.(2023).,未出版
  28. Rose, S.,Borchert, O.,Mitchell, S.,Connelly, S.(2020).,未出版
  29. Talaei Khoei, T.,Kaabouch, N.(2023).A Comparative Analysis of Supervised and Unsupervised Models for Detecting Attacks on the Intrusion Detection Systems.Information,14(2),103.
  30. WEF(2023).,World Economic Forum.
  31. Yaseen, H. S.,Al-Saadi, A.(2023).Q-learning based distributed denial of service detection.International Journal of Electrical and Computer Engineering,13(1),972-986.
  32. 王平,劉佳琪(2015)。網路威脅分析與防禦評估。崑山科技大學學報,10,61-71。
  33. 余政倫(2022)。淺談新型態「資訊戰」及網路攻防結合。海軍學術雙月刊,56(2),68-83。
  34. 沈大白,黃追(2021)。審視 COVID-19 疫情下的網路威脅。會計研究月刊,425,69-74。
  35. 林宜隆(2022)。區域資安威脅-區塊鏈資安與安全防護管理。展望與探索月刊,20(10),49-64。
  36. 陳建智,蔡雨龍,周國森(2021)。開放網路架構異常流量之檢測技術。電工通訊季刊,2021(第 4 季),81-92。
  37. 楊昇原(2020)。淡江大資訊管理學系碩士在職專班。
  38. 楊英伸(2014)。小心默默窺剌著您的敵人因應全球惡意軟體攻擊新趨勢之技術及管理。證券服務,632,35-38。
  39. 劉嘉偉,張家瑍(2021)。面對中共網軍威脅國軍資訊網路安全之探討。海軍學術雙月刊,55(3),118-131。
  40. 蔡一郎(2019)。數位時代下的多層次防禦。國土及公共治理季刊,7(4),40-49。
  41. 蔡在昇(2020)。淺談科技與網路安全防護趨勢發展。海軍學術雙月刊,54(2),56-69。
  42. 蔡佳君(2020)。5G 網路安全與資安防護。臺灣經濟研究月刊,43(12),33-41。
  43. 蔡孟哲(2022)。淡江大學資訊工程學系碩士班。
  44. 蔡婉婷(2017)。網購個資外洩商家應負擔賠償之責。消費者報導雜誌,438,7-9。
print cancel