篇名 | 資訊安全威脅與治理政策之探討 |
---|---|
卷期 | 12特刊1 |
並列篇名 | Discussion on Information Security Threats and Governance Policies |
作者 | 陳仕弘 |
頁次 | 001-012 |
關鍵字 | 資訊安全 、 零信任 、 多因素身分認證 、 紅隊演練 、 Information security 、 Zero Trust Architecture 、 Multi-Factor Authentication 、 Red Team Assessment |
出刊日期 | 202307 |
DOI | 10.6285/MIC.202307/SP_01_12.0001 |
隨著資訊科技的快速發展,資訊安全已成為當今數位時代中的重要問題。然而,資訊安全威脅不斷增加,對公、私部門之資訊安全造成嚴重威脅。因此,本研究分析了資訊安全威脅的種類及型態,包括網路釣魚、惡意軟體、入侵攻擊和阻斷服務等,並探討相應的治理政策。本研究提出網路資安威脅之治理政策,例如建置零信任架構、多因素身分認證授權、紅隊演練等,實施多層次的防護措施、強化安全管理、加強使用者認證和存取控制。
With the rapid development of information technology, information security has become an important issue in today's digital age. However, information security threats continue to increase, posing a serious threat to information security in public and private sectors. Therefore, this study analyzes the types and patterns of information security threats, including phishing, malware, intrusion attacks, and denial of service, etc., and discusses the corresponding governance policies. This study proposes governance policies for network information security threats, such as the establishment of zero trust architecture, multi-factor authentication and authorization, Red Army drills, etc., implements multi-level protection measures, strengthens security management, and strengthens user authentication and access control.