透過您的圖書館登入
IP:3.147.77.159
  • 學位論文

公務機構公文自動化管理作業流程資訊安全之研究-以國軍單位為例

A Study of The Information Security of Office Automatic Procedure of Management for Government -A Military Case Study

指導教授 : 曾章瑞
若您是本文的作者,可授權文章由華藝線上圖書館中協助推廣。

摘要


近年來政府致力於電子化公文,為的是促進政府單位與政府單位(G2G)之間或政府單位與民間企業(G2B)彼此之間的流通管道。電子公文是電子化政府作業的基礎工作,更是重要的一環節。惟政府機關或企業的機密資料外洩事件層出不窮,已造成政府或企業的資訊安全隱憂之一;另外加上中共網軍不斷使用「間諜程式」、「蠕蟲程式」、「釣魚程式」、「電腦病毒」與「木馬程式」,透過網路來入侵台灣及西方國家政經中心電腦系統,伺機竊密,讓政府及國軍網路無形之安全威脅更趨嚴重。 基於透過網際網路來傳送的電子公文,均需考慮公文完整性、公文機密性及身分驗證等安全機制,以防止公文被偽造、洩密、竄改、遺失、損毀,以及收發文單位否認簽發等總總安全問題,此均為國軍自動化作業必須正視的問題。 一個安全的電子公文作業流程必須具備機密性(Confidentiality)、完整性(Integrity)與不可否認性(Availability),本研究係針對公文系統之網路安全、人員作業及管理安全、資料分類與儲存等總總安全性加以說明與分析,亦參考ISO/IEEC 17799、BS779-2、行政院所屬各機關資訊安全管理規範、行政院資通安全訪視表並參考一般企業採行之安全措施等,詳列影響公文管理作業流程資訊安全的因素,利用問卷調查法,將國軍人員對電子公文作業流程及其安全防護機制之認知程度加以分析,再經層級分析法(Analytic Hierarchy Process, AHP)作為決定相對權重的方法,試圖找出安全漏洞及未被採行的安全措施,作為加強公文作業流程之環境、管理面、技術面等資訊安全防護機制的參考。

並列摘要


In recent years, The government is devoted to the electronic official document, in order to promote the government unit and government unit (G2G) During or government unit with folk enterprise (G2B) Circulation between each other. The electronic official document is a element task of the electronic government's homework, a more important link. Only the secret materials of government bodies or enterprise let out the incident and emerge in an endless stream, have already caused one of the secret worries of information safety of the government or enterprises; In addition in addition, the Communist Party of China net army is using ' spy's procedure , worm's procedure , fishing procedure , electronic virus and hobbyhorse procedure constantly, invade the computer system of the political economy centre of Taiwan and western countries by network, wait for an opportunity to steal secret information, let the invisible safe threat of army's network of government and country more serious. Convey electronic official document by internet network because of this, need, consider official document integrality, safe mechanism, confidentiality of official document and person who prove of identity, in order to prevent the official document from being forged, divulged a secret, altered, lost, damaged, and receive and dispatch the gentle unit and deny the always total safe problem of issuing etc.. And a safe electronic official document homework procedure must possess the confidentiality (Confidentiality), the integrality (Integrity) With the undeniable (Availability) ,Research this department classify, prove and analyze with total total security of storing etc. to official document online security, personnel homework and management security, materials of system, consult ISO/IEEC 17799, BS779-2, every organ information safety standardard management under executive organ, executive organ money coherent to visit form of looking at and consult general enterprise adopt the safety measure of the conduct safely, it influences the official document to manage the factor of the information safety of homework procedure to tabulate in details, utilize the investigation method of the questionnaire, analyze the personnel of army of country to the cognitive intensity of the homework procedure of the electronic official document and safe protection mechanism, pass the analytic approach of the level (Analytic Hierarchy Process, AHP) As determine relative method of weight, attempt, find out safe loophole and the safety measure of adopting conduct, regarded as the environment of strengthening the homework procedure of the official document, reference of the information safe protection mechanisms of the chain of command, technological side.

參考文獻


[8] 行政院秘書處,"文書處理檔案管理手冊",2003年。
[19]建立我國通資訊基礎建設安全機制計畫(94年至97年),網站:行政院
[38] CSI/FBI 2006 Computer Crime and Security Survey, Posted on Friday, January 5th, 2007.
Charles P.,Prentice-Hall, 1997.
[40] Stallings,W., Cryptography and Network Security: Principles and Practice, 2nd Ed. Prentice-Hall, Inc.,1999, pp. 520.

延伸閱讀