(3.227.0.150) 您好!臺灣時間:2021/05/08 10:53
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

我願授權國圖
: 
twitterline
研究生:陳美君
研究生(外文):Mei-Chun Chen
論文名稱:資訊安全事件對銀行業市場價值之影響
論文名稱(外文):The Impact of Information Security Breaches on the Market Value of the Banking Industry
指導教授:陳國泰陳國泰引用關係
指導教授(外文):Kuo-Tay Chen
學位類別:碩士
校院名稱:國立臺灣大學
系所名稱:會計學研究所
學門:商業及管理學門
學類:會計學類
論文種類:學術論文
論文出版年:2004
畢業學年度:92
語文別:中文
論文頁數:66
中文關鍵詞:資訊安全外溢效果事件研究銀行業
外文關鍵詞:event studyinformation securitybanking industryspill-over effect
相關次數:
  • 被引用被引用:3
  • 點閱點閱:318
  • 評分評分:系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:3
自民國七十年代至今,我國銀行業已逐漸自動化,從自動提款機到網路銀行的建置,皆以滿足消費者多樣化的需求為目標。然而,在銀行以各項新穎服務來強化競爭力時,資訊安全的管理也愈加不易,釵h資訊安全事件,如:密碼外洩、電腦病毒、駭客攻擊、伺服器當機等,常係針對銀行而來。
儘管與銀行業相關之資訊安全事件頻傳,國內尚無人針對銀行業資訊安全事件之影響進行研究,因此,本研究將資訊安全事件分為三大類,利用事件研究法,分別探討其對銀行業之影響。第一類為財金資訊公司所引發之網路平台事件,探討其對銀行業整體市場價值之影響。第二類及第三類事件為個別銀行所引發之資訊安全事件,其目的為分別探討個別銀行所引發之資訊安全事件對其他銀行之外溢效果。研究結果顯示,由個別銀行所引發之資訊安全事件有十分明顯的外溢效果,而資訊安全事件對銀行業整體之影響,雖因財金資訊公司的中介角色不明,導致研究結果在統計檢定上不顯著,但在事件期間銀行之市值仍遭受相當大的損失。


The increase in information security breaches in the last few years has put the banking industry in Taiwan under pressure to intensify its information security. However, very little is known of the financial impact associated with these breaches. This study examines the impact of information security breaches on the market value of the banking industry in Taiwan. Event study methodology was used to conduct the study. Three types of information security breaches are investigated. The first are security incidents that have occurred on the network platform established by Financial Information Service Co. Ltd. The second types are incidents caused by outside intruders of various banks’ computer systems. The third types are those breaches committed by employees of various banks. The results show that information security breaches in each individual bank significantly affect the market value of other banks. The spill-over effect was proved significant in both of the second and the third types of incidents. Although the effects of the first type of incidents are not statistically significant, the banking industry still suffers great losses in stock market value.

目 錄

圖表目次-----------------------------------------------III
第一章 緒論
第一節 研究背景--------------------------------------1
第二節 研究動機與目的--------------------------------3
第三節 研究架構--------------------------------------6

第二章 資訊安全之範圍及相關文獻探討
第一節 資訊安全之意義--------------------------------9
第二節 資訊安全之相關標準、準則---------------------13
第三節 資訊安全實證研究文獻-------------------------18
第四節 我國銀行業資訊化之現況-----------------------24

第三章 研究方法
第一節 事件日與研究樣本之選擇-----------------------28
第二節 實證研究模型---------------------------------34
第三節 研究假說-------------------------------------39

第四章 實證研究結果與分析
第一節 資訊安全事件對銀行業整體之影響---------------41
第二節 個別銀行內部人為因素之影響-------------------43
第三節 個別銀行外部及系統因素之影響-----------------46

第五章 結論與建議
第一節 結論-----------------------------------------50
第二節 研究限制-------------------------------------51
第三節 建議-----------------------------------------52

參考文獻-----------------------------------------------54
附錄一-------------------------------------------------59
附錄二-------------------------------------------------60
附錄三-------------------------------------------------63


參考文獻

一、中文文獻
Lawrence D. Dietz,「二十一世紀的資訊安全管理」,賽門鐵克公司,民國92年3月7日。
沈中華、李建然,「事件研究法:財務與會計實證研究必備」,華泰文化事業公司,民國89年。
李逸元,「企業資訊安全風險管理趨勢介紹」,勤業會計師事務所,民國91年11月16日。
岸田 明,「學會資訊安全的第一本書」,博碩文化股份有限公司,民國92年。
林黛卿,「銀行業電腦安全控管政策之研究」,國立台灣大學會計學研究所碩士論文,民國81年6月。
唐俊華,「資訊技術在金融機構的應用與風險」,國立台灣大學財務金融學研究所碩士論文,民國90年6月。
陳永裕,「銀行業資訊安全管理之研究」,東海大學企業管理研究所碩士論文,民國83年6月。
陳彥學,「資訊安全理論與實務」,文魁資訊股份有限公司,民國89年。
經濟部標準檢驗局,CNS 17800:「資訊技術-資訊安全管理系統規範」,民國91年12月5日公布。
經濟部標準檢驗局,CNS 17799:「資訊技術-資訊安全管理之作業要點」,民國91年12月5日公布。

二、外文文獻
Anderson, J.M., 2003, Why We Need a New Definition of Information Security, Computers & Security, Vol. 22, Iss. 4: 308-313.
Baginski, S., 1987, Intra-industry Information Transfer Associated With Management Forecasts of Earnings, Journal of Accounting Research, Autumn: 196-219.
Bottom, N.R., 2000, The Human Face of Information Loss, Security Management, Vol. 44, Iss. 6: 50-56.
British Standards Institution, 2002, BS 7799-2: 2002 Information security management Systems, Part 2: Specification with guidance for use.
Campbell, K., L.A. Gordon, M.P. Loeb and L. Zhou, 2003, The Economic Cost of Publicly Announced Information Security Breaches: Empirical Evidences From the Stock Market, Journal of Computer Security, 11: 431-448.
Cheswick, W.R., and S.M. Bellovin, 1994, Firewalls and Internet Security: Repelling the Wily Hacker, Addison-Wesley Publishing Company, MA.
Computer Security Institute, 2003, The Computer Crime and Security Survey.
Deloitte Touche Tohmatsu, 2003, Global Security Survey.
Dullum, J., 2003, With Information Security, Assessing Risk Is Fundamental, The Financial Review, August 1, 2003: 10.
Ernst & Young LLP., 2003, Global Information Security Survey.
Ettredge, M.L., and V.J. Richardson, 2003, Information Transfer Among Internet Firms: The Case of Hacker Attacks, Journal of Information Systems, Vol. 17, No. 2: 71-82.
Fama, E., 1976, Foundations of Finance, New York: Basic Books.
Foster, G., 1981, Intra-industry Information Transfers Associated With Earnings Releases, Journal of Accounting and Economics, March: 201-232.
Garg, A., J. Curtis and H. Halper, 2003, Quantifying the Financial Impact of IT Security Breaches, Information Management & Computer Security, 11/2: 74-83.
Glover, S., S. Liddle, and D. Prawitt, 2001, Electronic Commerce: Security, Risk Management, and Control (Upper Saddle River, NL: Prentice Hall).
Hovav, A., and J. D,Arcy, 2003, The Impact of Denial-of-Service Attack Announcements on the Market Value of Firms, Risk Management and Insurance Review, Vol.6, No.2: 97-121.
Howard, J.D., 1997, An Analysis of Security Incidents on the Internet 1989-1995, PhD Thesis, Department of Engineering and Public Policy, Carnegie Mellon University, Pittsburgh, PA.
Hulme, G.V., 2003, Security Handoff, Informationweek, July: 26-28.
International Organization for Standardization (ISO) & International Electrotechnical Commission (IEC), 2000, ISO/IEC 17799: Information Technology-Code of Practice for Information Security Management.
Lee, E., 2002, Combating Cyberthreats-Partnership Between Public and Private Entities, Information Systems Control Journal, Vol. 3: 38-43.
Lux, A.G., and S. Fitiani, 2002, Fighting Internal Crime Before It Happens, Information Systems Control Journal, Vol. 3: 50-51.
Organisation for Economic Co-operation and Development (OECD), 2002, Guidelines of the Security of Information Systems and Networks—Towards a Culture of Security, July, Paris.
Pollitt, M.M., 2002, Insuring Information Security: Commercial Insurance as an Information Security Driver, Information Systems Control Journal, Vol. 1: 44-47.
Redman, R., 1998, On-line Financial Services Market Readying to Heat Up, Poll Says, Bank Systems + Technology, November: 14.
Sanderson, E., and K.A. Forcht, 1996, Information Security in Business Environments, Information Management & Computer Security, Vol. 4, Iss. 1: 32.
Schultz, E., 2002, Security Views, Computer & Security, 21(5): 385-391.
Schweitzer, J.A., 1992, Information Security: Defining the Mission, Security Management, Vol. 36, Iss. 2: 53-55.
Tedeschi, B., 2000, Giving Consumers Access to the Data Collected About Them Online, New York Times, July 3: 6.



QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關期刊
 
系統版面圖檔 系統版面圖檔