頁籤選單縮合
題 名 | Study of Implementation of Enterprise Database Activity Monitoring Based on Agile Project Management=運用敏捷專案管理導入企業資料庫活動監控研究 |
---|---|
作 者 | 馬維銘; 李志賢; | 書刊名 | 全球商業經營管理學報 |
卷 期 | 7 2015.09[民104.09] |
頁 次 | 頁95-108 |
分類號 | 584.1414 |
關鍵詞 | 個人資料保護法; 資料庫活動監控; 資訊安全政策; 符合法規; Personal Data Protection Act; Database activity monitoring; Information security policies; Regulatory compliance; |
語 文 | 英文(English) |
中文摘要 | 近年來越來越多的個人資訊被犯罪集團用來當成詐騙的工具。為了確保個人資料不被企業外洩, 我國頒布實施「個人資料保護法」,目的在於讓企業必須善盡保護客戶資料的義務,達到『合規免責』 的目標。本研究因應個人資料保護法,導入資料庫安全稽核機制,結合企業原有的管理機制、個人資 料風險評估及落實個資法宣導與資安教育訓練,使得企業更加符合法規。 本研究運用敏捷專案管理導入資料庫活動監控產品工具,在不需要額外修改程式碼,也不需要改 變網路架構下,擷取使用者與伺服器的連線紀錄,進而比對後端資料庫使用者與伺服器的查詢語言執 行紀錄,決定哪些違反公司資訊安全政策,執行警示或阻擋的功效,以達到追蹤事件是何人所為。可 即時並持續監控分析資料庫活動,針對違反資訊安全政策的資料庫活動可進行即時警示,可記錄所有 軌跡供事後分析,辨識終端使用者與責任追究,並且可以解決企業資料庫安全稽核等問題。本研究證 實資料庫活動監控,可達成資料庫存取之事前、事中、事後之全面保全,為企業之資料存取加上一層 安全的防護網,保護公司所擁有的重要資產。 |
英文摘要 | In recent years, more and more personal information to be used as a fraud syndicate tools. In order to ensure that personal information will not be leaked by enterprises, "Personal Data Protection Act" was promulgated and implemented by Taiwan, ROC, and its purpose is to allow companies to fulfill the obligation to protect customer data, and then achieve the goal "of compliance exemption". This study is response to data audit mechanism, and combined with existing enterprise management mechanisms, personal risk assessment and implement a data-owned law advocacy and information security education and training, making the business in line with the law and regulations. Database Activity Monitoring (DAM) tools have been implemented to capture the records from user and server connections of Application server and then compared that to user and the server side database SQL execution record. From the records, the company can determine which violates the information security policy to executive warning or blocking invasions and track events. It can be instantly and continuously monitor and analyze database activity, for violating the policy database activity can send alerts immediately. All the tracks can be recorded for later analysis, identification of end-users and accountability, and can solve enterprise database security audit and other issues. This study also confirms DAM can be reached the goal all the time to protect enterprise’s data forming a layer of safety nets to protect critical assets owned by the company. |
本系統中英文摘要資訊取自各篇刊載內容。