Title

雲端風險管理與保險規劃之研究

Translated Titles

Risk Management and Insurance Strategy for Utilizing Cloud Computing Services

DOI

10.6846/TKU.2013.00964

Authors

郭仁杰

Key Words

雲端運算 ; 風險管理 ; 德菲法 ; 網路層級分析法 ; Cloud computing ; Risk management ; Delphi study ; Analysis Network Process method

PublicationName

淡江大學保險學系保險經營碩士班學位論文

Volume or Term/Year and Month of Publication

2013年

Academic Degree Category

碩士

Advisor

高棟梁

Content Language

英文

Chinese Abstract

近年來,在科技及電子設備的快速進步下,傳統電腦設備已無法滿足人們快速成長的服務需求,因而促成雲端服務的崛起。雲端服務具有許多足以取代傳統設備的優點,尤其是以網路即可迅速取得高效率的服務,且以pay-as-you-go的計費方式也有助於企業節省支出,使其在全球廣為發展且漸受人們重視。 然而,雲端服務仍隱含著數種不同的潛在風險,例如:個人資料的隱私、儲存伺服器的中斷或機密資料遭駭客盜取等等。但目前各國並無專門為雲端服務所設計的保單,能夠完全承保所有的雲端風險,僅能以網路安全險(Network security coverage)或資訊業專業責任保險(Technology professional liability)去做部份承保。因此,本研究之目的為辨識及評估各種雲端服務的潛在風險,以提供企業決策者在風險管理時必要的資訊,並做出最適之風險管理計劃之建議。 本研究之第一階段會使用德菲法(Delphi Method),透過專家訪談去辨別出雲端服務之潛在風險,並依此做為風險評估之架構;第二階段則是以網路層級分析法(Analysis Network Process method)去辨別出雲端風險在損失頻率與損失幅度上的相對權重;第三階段會依前述得到之損失頻率與幅度,將各雲端風險列在風險管理矩陣中,以方便找出個別雲端風險最合適之應對方法;最後階段則是以歐美地區的專家訪談及保單資料彙整,找出目前此類保單對各雲端風險的承保狀況,並理解現行保單所能提供的保障與企業實際需求之間是否有保障缺口(Gap),及是否能透過保單來處理該雲端風險。 透過上述方法,我們將11種雲端風險分類到風險矩陣之四個象限後,就能依各象限的損失幅度與頻率找出相應的風險管理方法;另外,透過歐美專家訪談與保單整理之結果,亦能將各風險的實際承保狀況分為高度承保(Highly Insurable)與極少承保(Rarely Insurable)兩種,最終會綜合風險矩陣和承保狀況來彙總判斷各雲端風險最適合之風險管理方法。

English Abstract

Cloud computing is not only a brand-new conception of information technology, but also a service that can improve people’s life obviously. Enterprises can acquire the cloud services they need directly by internet. The system using pay-as-you-go as payment method also has advantage on both cost-efficiency and flexibility for cloud service users. Therefore, it seems an unavoidable trend that traditional computer facilities will be replaced by cloud computing recently. Cloud services may help the enterprise in many ways, but it also inevitably triggers some loss exposure. Unfortunately, there is little objective scientific research focused on identifying and evaluating the loss exposures that result from cloud computing. The major research objective is to identify the loss exposures of cloud computing services using scientific and objective methods, and measure loss exposures with regard to the application of cloud computing. Furthermore, using our finding to suggest essential risk management strategies that can be employed to control or reduce losses attributable to the application of cloud computing. In order to reach research’s purposes, the major employed methods are Delphi study, Analysis Network Process method (ANP), and expert interview. This study, first of all, conduct Delphi study and ANP method to identify the potential cloud risks and to find the relative weigh of each risk. Second, by locating the identified loss exposures in the risk management matrix, this research develop appropriate treatments to the risks of cloud computing. Finally, by interview the underwriters of insurance companies in U.S.A and Europe and comparing the identified risks of cloud computing, this study can find the gap between coverage providing and coverage needs. Combining those results, the findings of this study can help the enterprises or cloud users to manage those risks, and offer the insurers sufficient information to design a cloud policy.

Topic Category 商管學院 > 保險學系保險經營碩士班
社會科學 > 管理學
Reference
  1. 3. Aven, T. and Renn, O. (2009), The Role of Quantitative Risk Assessments for Characterizing Risk and Uncertainty and Delineating Appropriate Risk Management Options, with Special Emphasis on Terrorism Risk, Risk Analysis: An International Journal, 29(4), p.p.587-600.
    連結:
  2. 7. Cox, L. A. (2008), What’s wrong with risk Matrices? Risk Analysis, 28(2), p.p.497-515.
    連結:
  3. 9. Hand, J. D. (2007), Principles of Data Mining, Adis Data Information BV.
    連結:
  4. 13. Fowles, J. (1978), Handbook of futures research. Greenwood Press: Connecticut.
    連結:
  5. 14. Lackermair, G. (2011), Hybrid cloud architectures for the online commerce Original Research Article, Procedia Computer Science, 3, p.p.550-5.
    連結:
  6. 16. Gutierrez, O. (1989), Experimental Techniques for Information Requirement Analysis, Information and Management, 16, p.p.31-43.
    連結:
  7. 17. Jaeger, P. T.; Grimes, J. M.; Lin, J. and Simmons, S. N. (2009), Where is the Cloud? Geography, Economics, Environment, and Jurisdiction in Cloud Computing. First Monday, 14(5), p.p.4-15.
    連結:
  8. 18. Janssens, Pim M. W. and Cheung, K. S. (2009), Approaching risk analysis and risk management in the fertility laboratory and semen bank. International Journal of Andrology, 32(6), p.p.656-65.
    連結:
  9. 23. Leavitt, N. (2009), Is Cloud Computing really ready for prime time? Computer, 42(1),p.p.15–20.
    連結:
  10. 24. Lackennair, G. (2010), Hybrid Cloud Architectures for the Online Commerce, Procedia Computer Science,3, p.p.550-5.
    連結:
  11. 25. Lim, S.H. (2011), Risks in the North Korean Special Economic Zone: Context, Identification, and Assessment, Emerging Markets Finance & Trade, 47(1), p.p.50-66.
    連結:
  12. 28. Masser, I. and Foley, P. (1987), Delphi Revisited: Expert Opinion in Urban Analysis, Urban Studies, Vol. 24, p.p.217-25.
    連結:
  13. 29. Mac Crimmon K. R. and Wehrung, D. A. (1986), Taking Risks: The Management of Uncertainty, Free Press, New York.
    連結:
  14. 31. Picado, F.; Barmen, G.; Bengtsson, G. Cuadra, S.; Jakobsson, K.; and Mendoza, A. (2010), Ecological, Groundwater, and Human Health Risk Assessment in a Mining Region of Nicaragua, Risk Analysis: An International Journal, 30(6), p.p.916-33.
    連結:
  15. 32. Pintar, K. D. M.; Charron, D. F.;Fazil, A.; McEwen, S. A.; Pollari, F.; Waltner-Toews, D. (2010), A Risk Assessment Model to Evaluate the Role of Fecal Contamination in Recreational Water on the Incidence of Cryptosporidiosis at the Community Level in Ontario, Risk Analysis: An International Journal, Jan2010, 30(1), p.p.49-64.
    連結:
  16. 34. Reij, M. W. and Schothorst, M. (2000), Critical Notes on Microbiological Risk Assessment of Food. Brazilian Journal of Microbiology, 31(1), p.p.1-33.
    連結:
  17. 35. Rowe, G., Wright, G. and F. Bolger (1991), Delphi: A re-evaluation of Research and Theory, Technological Forecasting, 39, p.p.235-51.
    連結:
  18. 36. Saaty T. L. (1980), The Analytic Hierarchy Process, McGraw Hill Publications.
    連結:
  19. 38. Saaty T. L. (1999), Fundamentals of the analytic network process, ISAHP, Kobe Japan.
    連結:
  20. 39. Paquette, S.; Jaeger, P. T. and Wilson, S. C. (2010), Identifying the security risks associated with governmental use of Cloud Computing, Government Information Quarterly 27 , p.p. 245-53.
    連結:
  21. 40. Sinha, P. R.; Malzahn, D. and Whitman, L. E. (2004), Methodology to Mitigate Supplier Risk in an Aerospace Supply China, Supply Chain Management: An International Journal, 9 (2), p.p. 154-68.
    連結:
  22. 41. Singh, D. and Chandnary, F. S. (1986), Theory and analysis of sample survey designs. New York: John Wiley & Sons.
    連結:
  23. 42. Spears, J. L. and Barki, H. (2010), User Participation in Information Systems Security Risk Management, MIS Quarterly, 34(3), p.p.503-22.
    連結:
  24. 43. Subashini, S. and Kavitha, V. (2011), A survey on Security Issues in Service Delivery Models of Cloud computing, Journal of Network and Computer Applications, 34, p.p. 1-11.
    連結:
  25. 44. Svantesson, D. and Clarke, R. (2010), Privacy and Consumer Risks in Cloud Computing, Computer Law & Security Review, 26, p.p. 391-7.
    連結:
  26. 46. Ward, B. T. and Sipior, J. C. (2010), The Internet Jurisdiction Risk of Cloud Computing, Information Systems Management, 27, p.p. 334-9.
    連結:
  27. 47. Wang, J.; Liu, J.; Liao, Z. and Tang, P. (2009), Identification of Key Liability Risks of supervision Engineers in China, Construction Management & Economics, 27(12), p.p.1157-73.
    連結:
  28. 50. Zou, P. X. W. and Li, J. (2010), Risk Identification and Assessment in Subway Project : Case Study of Nanjing Subway Line 2, Construction Management & Economics, 28(12), p.p.1219-38.
    連結:
  29. 51. Zissis, D. and Lekkas, D. (2011), Addressing Cloud Computing Security Issues, Future Generation Computer Systems, 28, p.p. 583-92.
    連結:
  30. REFERENCE
  31. 1. Adler, M. and Ziglio, E. (1996), Gazing into the oracle, Jessica Kingsley Publishers: Bristol, PA.
  32. 2. Armburst, M.; Fox, A.; Griffith, R.; Joseph, A. D.; Katz, R. and Konwinski, A. et al. (2009), Above the clouds: a Berkley view of Cloud Computing. Retrieved on Dec 5, 2011 from http://radlab.cs.berkekey.edu/
  33. 4. Awati, K. (2009), Cox’s risk matrix theorem and its implications for project risk management. Retrieved on Dec 18, 2011 from http://eight2late.wordpress.com/2009/07/01/cox%E2%80%99s-risk-matrix-theorem-and-its-implications-for-project-risk-management/
  34. 5. Buyya R. and Parashar M. (2010), User Requirements for Cloud Computing Architecture, Proc. 10th IEEE/ACM International Conference on Cluster, Cloud and Grid Computing, Melbourne, Australia, 17-20 May 2010, p.p. 625-30.
  35. 6. Carothers, D. C. (2008), Risk Identification Methods - From Checklists to Experts. Retrieved on Dec 5, 2011 from http://praxiom.hubpages.com/hub/From-Checklists-to-Experts-The-Risk-Identificaton-Phase
  36. 8. Cornish, E. (1977), The study of the future. World Future Society: Washington, D.C.
  37. 10. Dalkey, N. C. (1969), The Delphi Method: An Experimental Study of Group Opinion, prepared for United States Air Force Project Rand, Santa Monica.
  38. 11. Bublitz, E. (2010),Catching The Cloud: Managing Risk When Utilizing Cloud Computing, National Underwriter Property & Casualty November 8, 2010, p.12, p.13, p.16 .
  39. 12. Freeman, E. Q. (2000), Identification of Cyber Risks, Financial Executive, 16(3), p.p.32-48.
  40. 15. GAIA Project Governance Seminars (2010), Workshops & Training/ Impact/Probability Matrix, GAIA R&D Limited, Dublin City University. Retrieved on Dec 20, 2011 from http://www.gaiainvent.com/services.html
  41. 19. Casale, J. (2010), Business Insurance; 9/27/2010, 44(38), p.17.
  42. 20. Johnson, B. and Christensen, L. (2000), Educational research. Boston, MA: Allyn and Bacon.
  43. 21. Knorr, E. and Gruman, G. (2011), What Cloud Computing Really Means. Retrieved on Dec 5, 2011 from http://www.infoworld.com/d/cloud-computing/wht-cloud-computing-really-means-031
  44. 22. Kloss-Grote, B. and Moss, M. A. (2008), How to Measure the Effectiveness of Risk Management in Engineering Design Projects? Researches Engineering Design, 19(2/3), p.p. 71-100.
  45. 26. Mandal, S. (2011), Supply Chain Risk Identification and Elimination: A Theoretical Perspective, IUP Journal of Supply Chain Management, 8(1), pp.68-86.
  46. 27. Marshall, M. I. and Alexander, C., Using a contingency plant to combat human resource risk" Journal of Extension [On-line], 44(2) Article 2IAW 1. Retrieved on Dec 5, 2011 from http://www.joe.org/joe/2006april/iw1.shtml (2006).
  47. 30. Naughton, J. (2009), There's a silver lining to Google's Cloud Computing glitch, Retrieved on 15 Aug 2011 from http://www.guardian.co.uk/technology/2009/mar/01/gmail-outage-cloud-computing
  48. 33. Rejda, G. E. (2011), Principles of Risk Management and Insurance. 11th Edition, New Jersey: Prentice Hall.
  49. 37. Saaty T. L. (1996), Decision making with dependence and feedback: The analytic network process, RWS Publications, Pittsburgh.
  50. 45. Tisnovsky, R. (2010), Risk versus Value in Outsourced Cloud computing, Financial Executive, November, p.p. 64-5.
  51. 48. Williams, B. (1978), A sampler on sampling. New York: John Wiley & Sons.
  52. 49. Woudenberg, F. (1991), An Evaluation of Delphi, Technological Forecasting and Social Change, Vol. 40, p.p.131-50.
Times Cited
  1. 陳奕全(2011)。運用商業年金保險補足勞工階級法定退休體制下所得缺口之探討。朝陽科技大學保險金融管理系學位論文。2011。1-71。
  2. 陳峻聰(2014)。影響汽車新車型開發的關鍵因素-以K公司為例。中原大學企業管理研究所學位論文。2014。1-104。
  3. 賴秋粉(2016)。伺服器製造業之機殼海運成本關鍵因素分析 –以國內I公司為例。中原大學企業管理研究所學位論文。2016。1-107。
  4. 黃黛玲(2016)。心理契約中影響員工留任之關鍵因素-以藍寶石基板製造業研發人員為例。中原大學企業管理研究所學位論文。2016。1-142。
  5. 許碧玉(2017)。影響壽險業品牌形象之關鍵因素分析-以Y公司為例。中原大學企業管理研究所學位論文。2017。1-97。