查詢結果分析
來源資料
頁籤選單縮合
題名 | 企業導入雲端服務專案之風險評估=Risk Assessment of Cloud Services Project for Enterprises |
---|---|
作者 | 王平; 柯文長; 蕭雅文; Wang, Ping; Ko, Wen-chang; Shiau, Ya-wen; |
期刊 | 商管科技季刊 |
出版日期 | 20130600 |
卷期 | 14:2 2013.06[民102.06] |
頁次 | 頁143-164 |
分類號 | 312.76、312.76 |
語文 | chi |
關鍵詞 | 風險評估; 雲端運算; 模糊集合; 模糊層級分析法; Risk assessment; Cloud computing; Fuzzy sets; Fuzzy analytic hierarchy process; FAHP; |
中文摘要 | 雲端運算給資訊科技產業帶來商機,但亦帶來重大的挑戰。客戶願意採用雲端服務的前題是須確保客戶資訊安全。近期發生的網路進階持續性滲透攻擊(advanced persistent threat,APT)已導致客戶對導入雲端服務產生心理障礙。針對導入雲端服務所面臨的潛在風險問題,本研究提出一套風險評估方法,參考雲端安全聯盟(cloud security alliance,CSA)與歐洲網路與資訊安全局(European network and information security agency,ENISA)所提出的雲端服務之資訊安全架構,已決定導入雲端服務之風險項目,利用模糊層級分析法(fuzzy analytic hierarchy process,FAHP)合理評估與分析雲端服務之風險項目優先順序。所研提的方法與案例分析,有助於企業了解轉移應用程式至雲端服務的風險項目及控管優先順序,以利決定資安資源分配及降低系統導入後之潛在衝擊。 |
英文摘要 | Cloud computing presents the IT industry not only with exciting opportunities, but also with significant challenges since consumers are reluctant to adopt cloud computing solutions in the absence of firm guarantees regarding the security of their information. Network attacks such as APT attacks present a serious obstacle to consumer acceptance of cloud service project nowadays. Accordingly, the present study proposes a project risk assessment scheme and constructs a risk evaluation matrix based on the security framework followed by both Cloud Security Alliance (CSA) and European Network and Information Security Agency (ENISA). In addition, the risk priorities of attributes are rationally evaluated by fuzzy analytic hierarchy process (FAHP) method in the risk assessment process. Overall, the results confirm that the proposed method provides an effective means of recognizing the risk attributes and their risk priorities, deciding the allocation of risk budget, and reducing the impact of potential risk for enterprises. |
本系統之摘要資訊系依該期刊論文摘要之資訊為主。