本研究之目的旨在探究日益重要的資料庫系統面對資料外洩的高度威脅，如何運用資料庫活動監控(Database Activity Monitors, DAM) 技術，以「事前」、「事中」及「事後」的稽核手段，恫嚇非法存取資料庫之行徑 (Inside Abuse)，進而達成「連續性」、「即時性」及「獨立性」的資料庫安全稽核作業。
本論文首先透過文獻的歸納整理，瞭解DAM的主要軟硬體功能特性與資料庫(Database, DB)主機端結構化查詢語言(Structured Query Language, SQL)執行紀錄的DAM技術。DAM系統主要是依據企業資訊系統的作業流程與網路安全規劃，從網路架構、資料庫應用系統平台以及終端設備等方面，來分析企業資料庫活動各系統的資訊科技構成要素，與根據SQL執行紀錄來決定哪些觸犯公司資安全政策，進而達到警示或阻的功效。本論文依據上述之步驟，比較、分析與評估適用DAM的系統，並輔以個案研究之方法，藉由實地的調查訪問與直接觀察，實徵個案應用DAM的發展過程，驗證DAM的適用性，及個案中運用DAM後符合個資法之不可否認性之相關法令。
最後本論文綜合文獻探討與個案研究及產業特性分析所獲得之結果，提供企業有更多的商業應用模式也讓相關參與者以及學術界，在導入DAM時有更深入的瞭解與認知，尤其是瞭解企業導入DAM後如何將人、事、時、地、物五大關鍵之使用者行為紀錄下來，以使公司在內稽與內控之資安防護作的更完善。

This thesis elaborates how to apply the technology of Database Activity Monitoring (DAM) to database security audit for the fulfillment of continuity, real-time and separation of duty. DMA can protect increasingly important database from the serious threat of data leakage and frighten unauthorized database access (inside abuse) through pre-audit, concurrent Audit and post-audit.
This study begins by focusing on a review of the literature concerning important hardware and software functions of the DAM system as well as the DAM techniques based on SQL administrator logs of the mainframe database. Network security schemes and workflows in corporate information systems form the basis of DAM systems. These systems analyze the structure of information of all actions occurring in the corporate information database at various locations, including the network, the database application system, and end user machines. The results of the analyses are used to determine which actions violate the company’s information security policies, after which the decision for appropriate notification or blocking actions may be taken. These important processes in the DAM system are taken into account in our comparisons, analyses, and assessments of the DAM system. Surveys and direct investigations from real case studies are also used in this study, encompassing empirical investigations of the development of the use of DAM applications, quantifications of its level of applicability, and laws concerning non-repudiation of personal information. Finally, after collating and reviewing the relevant literature, examining the results of our case studies, and analyzing industrial characteristics, we hope to provide enterprises with a wider range of commercial applications, as well as a deeper understanding about DAM applications to those in the academic fields. This information is especially relevant to logging who did what, when, where, and to which object (the five pieces of important information in a DAM log). The successful logging of these five pieces can help companies to better accomplish their internal auditing and control.

中文部分
【1】- 劉江彬，資訊法論，二版，國立台灣大學法律叢書編輯委員會，台北：三民，民國77年。
【2】- 楊亨利 and 邱顯貴 (2001). 台灣地區電子商務隱私權保護之現況探討.
_中華管理評論_, 4(1):101-118.
【3】-[ITHome 個人資料保護法特輯]:
http://www.ithome.com.tw/itadm/article.php?c=61306 "個資法風暴來襲”
【4】Cobrasonic White Paper 庫柏資訊白皮書
【5】2010聯合國際研討會第一屆「數位環境：數位科技、數位內容、數位產業、數位服務與數位安全」產學研討會，會議主題：雲端服務與安全管理－數位內容與數位服務之數位安全—資庫稽核技術新趨勢
【6】中華民國電腦稽核協會第22期刊
網站部分
【1】庫柏資訊軟體網站，http://cobrasonic.com/
【2】Wikipedia網站，http://en.wikipedia.org/
【3】CNET Life 網站，http://taiwan.cnet.com/
【4】IT HOME網站，http://www.ithome.com.tw/
【5】個人資料保護法對於金融業之衝擊與因應對策曾 韵／勤業眾信聯合會計師事務所企業風險服務經理http://www.fisc.com.tw/Upload/9678ffd1-2c9f-468f-b8cd-241fca1d5c8e/TC/03.%20%E6%9B%BE%E9%9F%B3%E5%8B%BB.pdf
英文部分
【1】http://www.gartner.com/newsroom/id/495173
【2】ITRC, www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml
【3】Verizon Business, http://securityblog.verizonbusiness.com
【4】http://www.gartner.com/DisplayDocument?doc_cd=164468&ref=g_rss
【5】http://www.ponemon.org/index.html
【6】http://en.wikipedia.org/wiki/Database_activity_monitoring
【7】Rich Mogull,“Understanding and Selecting a Database Activity Monitoring Solution”
【8】Gartner Research, “DAM Technology Provides Monitoring and Analytics With Less Overhead ”