隨著中華民國政府在101年10月份所頒布的個人資料保護法施行細則後,無論是企業、醫療、學校或是政府機關,都開始正視個人資料安全保護的施行方針,然而在各個單位中,關聯式資料庫已儼然成為儲存最主要核心資料的位置,因此為了保障這些核心資料不會被有心人士取得,資料庫稽核系統(Database Active Monitor,簡稱DAM)將成為保護資料庫資訊安全的重要方針之一。 而目前為因應各單位中資訊環境架構、應用系統的不同,在建置上會使用多種架構來達成實行方式。在本研究中會針對以下四種模式進行探討,包含:1.側錄模式;2.代理人模式;3.穿透模式;4.閘道模式。並且針對市售的DAM系統進行功能比較分析,如:IBM、IMPERVA、Warevalley等等多家廠商的DAM系統,以提供企業在採購時的參考。 最後為符合國內個人資料庫保護法的法規條文,本研究將針對條文中所規範的保護細則,提出利用資料庫稽核系統的功能,如何達成符合法規中條文的施行方式,這方式必須包含:建立稽核政策、建立法規報表、建立告警機制、建立阻斷方法。以確保資料庫稽核系統可符合並適用於國內法規之規範。
With the Enforcement Rules of the Personal Information Protection Act announced by Republic of China in October 2012, buinesses, health carefacilities, education facilities, educational facilities, or departments of government focus more on the personal information protection. Furthermore, among those organizations, Relational Database becomes the main place to store core data and personal information. So, to prevent those database and personal information from being breached and illegally used, Database Active Monitor, DAM, is becoming one of main means to keep database information safe. Currently, because networking and application systems of organizations are different, several sorts of structures are used to accomplish system implementation. This study discusses the following four models: 1.Sniffing mode, 2.Agent mode, 3.Inline mode, 4.Gateway mode. Meanwhile, for businesses and organization to refer, when they are adopting DAM system, the analysis and comparison of various system are conducted here, such as IBM, IMPERVA, Warevalley. Finally, this study reveals how to use DAM appropriately according to the requirement of Taiwanese Personal Information Protection; in this way, following steps are adopted to achieve that: policy, report, alert and block.