Please use this identifier to cite or link to this item: http://hdl.handle.net/11455/25007
標題: 台灣某一公司的整合性資訊安全管理之研究
The Study of Integrated Information Security for A Company in Taiwan
作者: 施弘彦
Shih, Hung-Yen
關鍵字: 整合性的資訊安全
Enterprise Architecture (EA)
企業方格架構
身份驗證管理(IAM)
資訊通訊技術(ICT)
Integrating information security
Identity and Access Management (IAM)
Information and Communication Technologies (ICT)
出版社: 高階經理人碩士在職專班
引用: 中文部分 黃士銘, 張碩毅, 和蘇耿弘. (2006). 企業導入 BS7799 資訊安全管理系統之關鍵成功因素-以石化產業為例. 資訊管理學報, 13(2), 171-192. 陳萬淇 (1995), 個案研究法, 台北, 華泰文化事業. 葉重新 (2001), 教育研究法, 台北, 心理出版社. 英文部分 Ambler, S. W. (2002), Introduction to the Enterprise Unified Process (EUP), A Ronin International. Inc, White Paper, 26. Andrews, P. W. (1951), Industrial Analysis in Economics, Oxford Studies in the Price Mechanism, 139-172. Bernus, P. (1999), Generalised Enterprise Reference Architecture and Methodology, Version 1.6. 3, IFIPIFAC Task Force on Architectures for Enterprise Integration. Birdwell, J., Horn, R., Icove, D., Wang, T., Yadav, P., and Niezgoda, S. (1999), A Hierarchical Database Design and Search Method for CODIS, Paper Presented at the Tenth International Symposium on Human Identification. Chalmeta, R., Campos, C., and Grangel, R. (2001), References Architectures for Enterprise Integration, Journal of Systems and Software, 57(3), 175-191. Ferraiolo, D. F., Kuhn, D. R., and Chandramouli, R. (2003), Role-Based Access Control, Artech House. Inc, Norwood, MA. Fowler, M. (2003), Patterns of Enterprise Application Architecture: Addison-Wesley Professional. Group, M. (2002), Enterprise Architecture Desk Reference, META Group Inc. GROUP, O (2002), The Open Group Architecture Framework TOGAF–Version 8, Enterprise Edition. Hatala, M., Eap, T. M., and Shah, A. (2005), Federated Security: Lightweight Security Infrastructure for Object Repositories and Web Services, Paper Presented at the Next Generation Web Services Practices, 2005, NWeSP 2005. International Conference on. HIRVONEN, A. (2005), Enterprise Architecture Planning in Practice, The Perspectives of Information and Communication Technology Service Provider and End-User, 135. Hirvonen, A. P., Oyj, T., and Pulkkinen, M. (2004), A Practical Approach to EA Planning and Development: the EA Management Grid, Paper Presented at the 7th International Conference on Business Information Systems. Jayaratna, N. (1994), Understanding and Evaluating Methodologies: NIMSAD, a Systematic Framework: McGraw-Hill, Inc. Kienzle, D. M., and Elder, M. C. (2002), Final Technical Report: Security Patterns for Web Application Development, DARPA, Washington DC. Lapkin, A. (2003), The Gartner Enterprise Architecture Framework, Paper Presented at the ITXPO Symposium, Gartner Inc. Lee, Y.-J. (2005), A Dynamic Virtual Organization Solution for Web-Services Based Grid Middleware, Paper Presented at the Database and Expert Systems Applications, 2005, Proceedings, Sixteenth International Workshop on. Lowe, G. (1997), A Hierarchy of Authentication Specifications, Paper Presented at the Computer Security Foundations Workshop, 1997, Proceedings., 10th. Perks, C., and Beveridge, T. (2003), Guide to Enterprise IT Architecture: Springer-Verlag New York Incorporated. Pulkkinen, M. (2006), Systemic Management of Architectural Decisions in Enterprise Architecture Planning, Four Dimensions and Three Abstraction Levels, Paper Presented at the System Sciences, 2006. HICSS''06, Proceedings of the 39th Annual Hawaii International Conference on. Pulkkinen, M., and Hirvonen, A. (2005), Ea Planning, Development and Management Process for Agile Enterprise Development, Paper Presented at the System Sciences, 2005. HICSS''05. Proceedings of the 38th Annual Hawaii International Conference on. Pulkkinen, M., Naumenko, A., and Luostarinen, K. (2007), Managing Information Security in a Business Network of Machinery Maintenance Services Business–Enterprise Architecture as a Coordination Tool, Journal of Systems and Software, 80(10), 1607-1620. Putman, J. (2001), Architecting with Rm-odp: Prentice Hall PTR. Rosenfeld, S. A. (1995), Industrial-Strength Strategies, Regional Business Clusters and Public Policy, Washington, DC. Russell, D., and Gangemi, G. (1991), Computer Security Basics: O''Reilly Media, Inc. Shaikh, R. A., Rajput, S., Zaidi, S., and Sharif, K. (2005), Comparative Analysis and Design Philosophy of Next Generation Unified Enterprise Application Security, Paper Presented at the Emerging Technologies, 2005, Proceedings of the IEEE Symposium on. Sowa, J. F., and Zachman, J. A. (1992), Extending and Formalizing the Framework for Information Systems Architecture, IBM systems journal, 31(3), 590-616. Vermeulen, C., and Von Solms, R. (2002), The Information Security Management Toolbox–Taking the Pain out of Security Management. Information Management and Computer security, 10(3), 119-125. Weiss, M. (2003), Patterns for Web Applications, Paper Presented at the Proc, PLOP 2003. Whitman, L., Ramachandran, K., and Ketkar, V. (2001), A Taxonomy of a Living model of the Enterprise, Paper Presented at the Proceedings of the 33nd Conference on Winter Simulation. Witty, R. (2003). The Identity and Access Management Market Landscape: Gartner Research Note COM-21-4534. Yin, R. K. (1994), Case Study Research: Design And methods, California: SAGE Publications, Inc. Zachman, J. A. (1987), A Framework for Information Systems Architecture, IBM systems journal, 26(3), 276-292.
摘要: 藉由資訊科技的協助,企業能提供更方便及容易的資訊存取,但在此的同時,延伸出包含隱私權及資訊安全等問題。本研究展示整合性的資訊安全管理藍圖,包含以下四個觀點:系統、平台、基礎建設及安全政策。企業方格架構(Enterprise Architecture,EA)提供了企業在不同階層中如何運用身份驗證管理(IAM)進行整合性及相互協調的資訊通訊技術 (ICT) 系統管理及規劃。本研究係採用深度個案研究,A輪胎製造廠為主要研究對象,以企業方格架構來探討資訊安全架構規劃的整合性藍圖建立。
Nowadays, with the help of technologies, organizations are able to provide easy access to information across its boundaries. Along the road, the questions are merged in the prospective of privacy and information security. The study demonstrated a roadmap for integrating information security management solutions within a business setting approaching from four aspects: system, Platforms, infrastructures and security policies. The application of Enterprise Architecture (EA) is practiced for comprehensive and coordinated planning and management of organizational Information and Communication Technologies (ICT) and the security infrastructure in different levels of the business structure. An in-depth case study within a leading tire manufacture is conducted based on EA framework. Security architecture planning includes Identity and Access Management (IAM) and security policy are structured to deliver an integrated security management roadmap.
URI: http://hdl.handle.net/11455/25007
其他識別: U0005-2106201314595500
文章連結: http://www.airitilibrary.com/Publication/alDetailedMesh1?DocID=U0005-2106201314595500
Appears in Collections:高階經理人碩士在職專班

文件中的檔案:

取得全文請前往華藝線上圖書館



Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.