請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/40998
標題: | 影響雲端運算服務使用意願之資安與風險因素探討 Impact of Security and Risk Factors on Intention to Use Cloud-based Services |
作者: | Wei-Cheng Chang 張瑋宬 |
指導教授: | 曹承礎(Seng-Cho Chou) |
關鍵字: | 雲端運算,雲端運算服務,資訊安全,風險控管, cloud computing,cloud-based services,information systems security,risk management, |
出版年 : | 2011 |
學位: | 碩士 |
摘要: | 近年來雲端運算的興起引起各大業界的關注,紛紛成為業界討論的焦點,然儘管雲端運算替產業界創造機會,它同時也面臨了許多挑戰,由資策會針對台灣大型企業對雲端服務的採用疑慮調查中顯示,「資訊安全問題揮之不去」占了38.5%,名列8大疑慮之首,顯示企業對於資訊安全的保障仍缺乏信心,成為影響使用者使用雲端運算服務意願的首要因素。
為此本研究的研究目的便是要找出「哪些資安及風險因素會影響使用者採用或建置雲端運算服務的使用意願」以及「因素是如何對使用者產生影響」。在影響因素部分,本研究採用雲端安全聯盟所提出之七大資安威脅(不安全的介面與應用程式介面、惡意的內部員工、共享環境所造成的議題、資料遺失或外洩、帳號或服務被竊取、稽核與蒐證、其他未知的風險)以及Benaroch et al.(2006)在其研究中匯整之IT投資面臨的八大風險因素(成本、效益、專案、功能、組織、競爭對手、環境、技術),統整共十五項資安威脅及風險假設因素。 本研究採用個案研究的研究方法,以國內七間企業和一間學校為個案研究對象,衡量其對於雲端運算的資安考量,並驗證這些資安威脅和風險因素會影響雲端服務的採用意願。研究結果顯示,惡意的內部員工、共享環境所造成的議題、資料遺失或外洩、帳號或服務被竊取、其他未知的風險、功能風險等六項因素會嚴重影響雲端運算服務的採用意願;專案風險、環境風險、技術風險等三項因素對於雲端運算服務的採用意願負面影響程度是中等;稽核與蒐證、不安全的介面與應用程式介面、成本風險、效益風險、組織風險、競爭對手風險對於雲端運算服務採用意願的負面影響程度是低的。最後,本研究亦透過整合的觀點替雲端運算的環境建立一套風險管控的依循步驟,依照採用服務的使用流程,分別針對合約前、合約中、與合約後提出資安威脅與風險的評估步驟與建議,提供企業做為採用此項新科技的風險評估參考。 Recently, the rising of cloud computing has drawn each industry’s attention. While cloud computing creates some opportunities for industries, it also encounters many challenges. According to the result of Institute for Information Industry’s research about large company’s concern when considering using cloud-based services in Taiwan, “the existence of information systems security problem” accounts for 38.5%, being the top 1 of all of the concerns. It shows that many corporations have little confidence in security protection provided by cloud service provider, thus information systems security problem becomes the primary factor affecting user’s will to adopt cloud-based services This study’s objective is to find out which security and risk factors will affect user’s will to use or establish cloud-based services and how these factors affect users in their unique contexts. For the influence factors, this study adopts “Top 7 Threats to Cloud Computing” introduced by Cloud Security Alliance: insecure interfaces and APIs, malicious insiders, shared technology issues, data loss or leakage, account or service hijacking, auditing and evidence gathering, unknown risk profile, and 8 risk fields for information technology investment collected by Benaroch et al.(2006): costs, benefits, project, function, organizational, competition, environmental, technological. There are overall 15 security and risk factors proposed. This study use multiple case studies as methodology, choose 7 companies and 1 school as our case study subjects, and judge their security concerns as for cloud computing. We also justify our selection of factors influencing the willingness to adopt cloud-based services. The results of analyses show that malicious insiders, shared technology issues, data loss or leakage, account or service hijacking, unknown risk profile, and function risk factors will severely and negatively affect users’ willingness, which means their affecting level is high. The negative affecting level of project risk, environmental risk, and technological risk is medium. The negative affecting level of auditing and evidence gathering, insecure interfaces and APIs, costs, benefits, environmental risk, and competition risk is relatively low. Last, with an integration view, this study constructs some recommended steps in risk management for cloud computing environment. Based on the service adopting process, we propose a three-stage (before a contract, period of signing a contract, after a contract) security and risk assessing steps and come up with some suggestions. We hope the risk assessments provided by this study can be a useful reference for those companies that are willing to use this new IT. |
URI: | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/40998 |
全文授權: | 有償授權 |
顯示於系所單位: | 資訊管理學系 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-100-1.pdf 目前未授權公開取用 | 1.26 MB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。