Basic Search / Detailed Display

Author: 吳翊郡
I-chun Wu
Thesis Title: 資料庫活動監控系統之企業應用與商機擴展之研究
A Study on the Business Application and Expansion of Database Activity Monitoring
Advisor: 黃世禎
Shih-chen Huang
Committee: 盧希鵬
Hsi-peng Lu
李國光
Gwo-guang Lee
黃世禎
Shih-chen Huang
Degree: 碩士
Master
Department: 管理學院 - 管理研究所
Graduate Institute of Management
Thesis Publication Year: 2013
Graduation Academic Year: 101
Language: 中文
Pages: 47
Keywords (in Chinese): 資料庫活動監控個資法網路安全資訊安全內稽內控
Keywords (in other languages): Database Activity Monitoring, Personal Information Act, network security, information security, internal auditing and control
Reference times: Clicks: 289Downloads: 1
Share:
School Collection Retrieve National Library Collection Retrieve Error Report
  • 本研究之目的旨在探究日益重要的資料庫系統面對資料外洩的高度威脅,如何運用資料庫活動監控(Database Activity Monitors, DAM) 技術,以「事前」、「事中」及「事後」的稽核手段,恫嚇非法存取資料庫之行徑 (Inside Abuse),進而達成「連續性」、「即時性」及「獨立性」的資料庫安全稽核作業。
    本論文首先透過文獻的歸納整理,瞭解DAM的主要軟硬體功能特性與資料庫(Database, DB)主機端結構化查詢語言(Structured Query Language, SQL)執行紀錄的DAM技術。DAM系統主要是依據企業資訊系統的作業流程與網路安全規劃,從網路架構、資料庫應用系統平台以及終端設備等方面,來分析企業資料庫活動各系統的資訊科技構成要素,與根據SQL執行紀錄來決定哪些觸犯公司資安全政策,進而達到警示或阻的功效。本論文依據上述之步驟,比較、分析與評估適用DAM的系統,並輔以個案研究之方法,藉由實地的調查訪問與直接觀察,實徵個案應用DAM的發展過程,驗證DAM的適用性,及個案中運用DAM後符合個資法之不可否認性之相關法令。
    最後本論文綜合文獻探討與個案研究及產業特性分析所獲得之結果,提供企業有更多的商業應用模式也讓相關參與者以及學術界,在導入DAM時有更深入的瞭解與認知,尤其是瞭解企業導入DAM後如何將人、事、時、地、物五大關鍵之使用者行為紀錄下來,以使公司在內稽與內控之資安防護作的更完善。


    This thesis elaborates how to apply the technology of Database Activity Monitoring (DAM) to database security audit for the fulfillment of continuity, real-time and separation of duty. DMA can protect increasingly important database from the serious threat of data leakage and frighten unauthorized database access (inside abuse) through pre-audit, concurrent Audit and post-audit.
    This study begins by focusing on a review of the literature concerning important hardware and software functions of the DAM system as well as the DAM techniques based on SQL administrator logs of the mainframe database. Network security schemes and workflows in corporate information systems form the basis of DAM systems. These systems analyze the structure of information of all actions occurring in the corporate information database at various locations, including the network, the database application system, and end user machines. The results of the analyses are used to determine which actions violate the company’s information security policies, after which the decision for appropriate notification or blocking actions may be taken. These important processes in the DAM system are taken into account in our comparisons, analyses, and assessments of the DAM system. Surveys and direct investigations from real case studies are also used in this study, encompassing empirical investigations of the development of the use of DAM applications, quantifications of its level of applicability, and laws concerning non-repudiation of personal information. Finally, after collating and reviewing the relevant literature, examining the results of our case studies, and analyzing industrial characteristics, we hope to provide enterprises with a wider range of commercial applications, as well as a deeper understanding about DAM applications to those in the academic fields. This information is especially relevant to logging who did what, when, where, and to which object (the five pieces of important information in a DAM log). The successful logging of these five pieces can help companies to better accomplish their internal auditing and control.

    摘要 I Abstract II 誌謝 III 目錄 I 表目錄 圖目錄 IV 第一章 緒論 5 1.1 研究背景 5 1.2 研究動機與目的 5 1.3 研究流程與研究架構 6 1.4 論文架構 8 1.5 研究方法 9 第二章 文獻探討 10 2.1 DAM (Database Activity Monitoring System) 10 2.1.1 DAM之定義 10 2.1.2 DAM之技術特徵及優勢 11 2.1.3 DAM之功能特色 11 2.1.4 DAM之技術架構 12 2.2 個資法對金融產業之衝擊與風險 14 第三章 個案分析 17 3.1 廠商公司簡介 17 3.2 個案背景及特色 18 3.3 個案產品軟硬體規格 22 3.4 導入個案公司內部評估過程 23 3.5 個案公司導入DAM過程 25 3.5.1 導入目標 25 3.5.2 建置計畫範圍 26 3.5.3 效益分析 28 3.5.4 未來期許 29 第四章 DAM的應用與商機發展 30 4.1 依產業需求 30 4.2 新IT之雲端服務架構 35 4.3 雲端服務應用商業模式 38 4.4 微型企業營運模式 41 第五章 結論與建議 43 5.1 研究結論 43 5.2 研究範圍與限制 43 5.3 未來研究方向與建議 44 參考文獻 46 中文部分 46 網站部份 46 英文部分 47

    中文部分
    【1】- 劉江彬,資訊法論,二版,國立台灣大學法律叢書編輯委員會,台北:三民,民國77年。
    【2】- 楊亨利 and 邱顯貴 (2001). 台灣地區電子商務隱私權保護之現況探討.
    _中華管理評論_, 4(1):101-118.
    【3】-[ITHome 個人資料保護法特輯]:
    http://www.ithome.com.tw/itadm/article.php?c=61306 "個資法風暴來襲”
    【4】Cobrasonic White Paper 庫柏資訊白皮書
    【5】2010聯合國際研討會第一屆「數位環境:數位科技、數位內容、數位產業、數位服務與數位安全」產學研討會,會議主題:雲端服務與安全管理-數位內容與數位服務之數位安全—資庫稽核技術新趨勢
    【6】中華民國電腦稽核協會第22期刊
    網站部分
    【1】庫柏資訊軟體網站,http://cobrasonic.com/
    【2】Wikipedia網站,http://en.wikipedia.org/
    【3】CNET Life 網站,http://taiwan.cnet.com/
    【4】IT HOME網站,http://www.ithome.com.tw/
    【5】個人資料保護法對於金融業之衝擊與因應對策曾 韵/勤業眾信聯合會計師事務所企業風險服務經理http://www.fisc.com.tw/Upload/9678ffd1-2c9f-468f-b8cd-241fca1d5c8e/TC/03.%20%E6%9B%BE%E9%9F%B3%E5%8B%BB.pdf
    英文部分
    【1】http://www.gartner.com/newsroom/id/495173
    【2】ITRC, www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml
    【3】Verizon Business, http://securityblog.verizonbusiness.com
    【4】http://www.gartner.com/DisplayDocument?doc_cd=164468&ref=g_rss
    【5】http://www.ponemon.org/index.html
    【6】http://en.wikipedia.org/wiki/Database_activity_monitoring
    【7】Rich Mogull,“Understanding and Selecting a Database Activity Monitoring Solution”
    【8】Gartner Research, “DAM Technology Provides Monitoring and Analytics With Less Overhead ”

    無法下載圖示 Full text public date 2018/01/28 (Intranet public)
    Full text public date This full text is not authorized to be published. (Internet public)
    Full text public date This full text is not authorized to be published. (National library)
    QR CODE