查詢結果分析
來源資料
頁籤選單縮合
題名 | 基植管理循環為基礎之社交工程事件鑑識分析研究=Applying an Iterative PDCA Management Process to the Forensic Analysis of Social Engineering Technique |
---|---|
作者 | 高大宇; 曾俊傑; 王旭正; Kao, Da-yu; Zeng, Jyun-jim; Wang, Shiuh-jeng; |
期刊 | 前瞻科技與管理 |
出版日期 | 20110500 |
卷期 | 1:1 2011.05[民100.05] |
頁次 | 頁85-98 |
分類號 | 448.6 |
語文 | chi |
關鍵詞 | 數位證據; 無罪推定; 紀錄分析; 管理循環; 社交工程; Digital evidence; Presumption of innocence; Log analysis; PDCA; Social engineering; |
中文摘要 | 許多資訊駭客沈浸於靜悄悄地入侵電腦系統,意圖竊取資料、破壞資訊隱私。資安事件調查的紀錄檔案是追查事件來源的最初指標,驗證稽核紀錄的可信度為評斷是非或論罪科刑的重要參考依據。本文透過計畫(Plan)、執行(Do)、檢查(Check)及行動(Act)等管理循環,從「被動資安防護」、「主動滲透測試」、「逆向追查紀錄」、「對象查訪驗證」及「使用習慣養成」等5面向檢討社交工程的資安演練事件。本文不僅歸納一些追蹤犯罪者的指引作法,也展示避免犯下錯誤結論的發現事實作法。藉由本文研究,處理資安事件的反應者,將能夠採用有效分析稽核紀錄的策略,降低資安鑑識事件過程的不當處置作為。 |
英文摘要 | Dozens of hackers are dedicated to silently invading computer system. They are making efforts directed toward destroying computer privacy and data. The auditing log is the initial source of tracing information security. To explore the fact, verifying reliability of related auditing record becomes an essential part of judging right from wrong. This paper proposes an iterative Plan-Do-Check-Act (PDCA) management process against external data intrusion incidents. A Social Engineering drill of 5-phase testing analysis is exhibited to strengthen computer defense system: Passive Data Security Protection, Proactive Penetration Testing, Reverse Record Tracking, Target Verification and User Habits. It not only summarizes some active follow-up guidelines to trace offenders but also demonstrates an accurate fact finding to prevent from erroneous conclusions. In response to the study in Social Engineering, the incident responders can have effective strategies of analyzing auditing record and reduce the possibilities of judicial misconduct in the forensic analysis of cybercrime event. |
本系統之摘要資訊系依該期刊論文摘要之資訊為主。