透過您的圖書館登入 IP:3.133.12.172
透過您的圖書館登入
IP:3.133.12.172
  • 精確檢索 : 冠狀病毒
  • 模糊檢索 : 冠狀病毒
  • 冠狀病毒感染
    冠狀病毒疾病
  • 查詢出版品: 冠狀病毒
進階查詢
查詢歷史
主題瀏覽
  • 期刊

論美國資訊安全管理政策-從「數位空間國際策略」中之供應鏈風險管理標準化進程談起

A Study on US Information Security Management Policy - Based on Supply Chain Risk Management Standardization of Cyber International Strategy

樊國楨(Kwo-Jean Farn) 林惠芳(Hui-Fang Lin) 黃健誠(Chien-Cheng Huang) 林樹國(Shu-Kuo Lin)
《前瞻科技與管理》 2卷2期 (2012/11) Pp. 15-35
全文下載

摘要

標準可以累積知識與經驗,標準化則是冀求以系統的、共同的協調一致的方法來強化標準實作的知識及技術以供傳承。資訊安全之標準化歷程,自90年代的產品ISO/IEC15408(已調和為CNS 15408標準系列)、千禧年間之管理系統ISO/IEC 27000(已調和為CNS 27000標準系列),惟資訊安全管理的問題仍是全球共同面對之議題。自2007年起,根基於資訊安全內容自動化協定(Security Content Automation Protocol,簡稱SCAP)之有效性的軟體保證(Software Assurance)標準系列已逐漸成為事實標準(De facto Standards)並孕育資訊與通信技術供應鏈風險管理標準化的源池,本文闡述其歷程與布局,探討資訊安全管理標準化之未來展望及做為資訊安全護理系列報導的終篇。

關鍵字

雲端運算 資訊安全管理 軟體保證 標準化 供應鏈風險管理

並列摘要

Standards can be seen as the accumulation of knowledge and experience, while standadization aims at strengthening the knowledge and techniques of standard implementation by means of systematic and coherent methods. The standardization processes of information security vary from the products in the 90s to the management systems in the millenium. However, the problems of the information security management are still the common issues that the world has to encounter. Since 2007, according to information Security Content Automation Protocol (SCAP), a series of effective Software Assurance standards have become De facto Standards and have offered the standardization sources of Supply Chain Risk Management for Information and Communications Technology (ICT). In this paper, the standardization processes of Supply Chain Risk Management will be illustrated and the future prospects of Information Security Management standardization will be discussed.

並列關鍵字

cloud computing information security management software assurance standardization supply chain risk management

參考文獻

樊國楨(2012)。根基於2011-05-16 之「數位空間國際策略」中的供應鏈風險管理標準化進程探討美國資訊安全管理政策之實作。資訊安全通訊。18(2),69-91。
Bartol N, 2011, “ICT SCRM -- ISO Standards Update,” Build Security In, (accessed September 29, 2012)
Boyens JM et al., March, 2012, Draft NISTIR 7622: National Supply Chain Risk Management Practices for Federal Information Systems, (accessed September 29, 2012)
Chabrow E, February 2, 2010, “CNCI Budget Request Set at $3.6 Billion,” Gov Info Security, (accessed December 9, 2011)
CIO Council, November 2, 2010, Proposed Security Assessment & Authorization for U.S. Government Cloud Computing -- Draft Version 0.96, (accessed September 29, 2012)

延伸閱讀

全文下載