(3.238.249.17) 您好!臺灣時間:2021/04/12 12:44
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

我願授權國圖
: 
twitterline
研究生:宋品慧
研究生(外文):Pin-Hui Sung
論文名稱:供應鏈資訊安全風險評估-結合Fuzzy FMEA與TOPSIS法
論文名稱(外文):An Assessment of Information Security Risk in Supply Chains: Based on the Fuzzy FMEA and TOPSIS Methods
指導教授:徐淑如徐淑如引用關係
指導教授(外文):Shu-Lu Hsu
學位類別:碩士
校院名稱:國立嘉義大學
系所名稱:資訊管理學系碩士班
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2011
畢業學年度:99
語文別:中文
中文關鍵詞:供應鏈資訊安全風險管理模糊德爾菲法失效模式與效應分析模糊多評準決策
相關次數:
  • 被引用被引用:1
  • 點閱點閱:327
  • 評分評分:系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
資訊系統的運作攸關供應鏈的正常營運與利益,隨著企業對交易夥伴間依賴度的增加,提高企業間資訊系統連結的緊密程度,企業資訊的風險也隨之提升,使得資訊安全成為供應鏈管理不可忽視的重要議題。
目前有關供應鏈資訊安全風險管理議題的研究仍不多見,在管控風險時,須針對風險項目進行評估與分級,決定各項風險處理的優先順序。針對供應鏈資安風險之評量,本研究透過問卷調查,採取模糊德爾菲法驗證所歸納風險項的重要性,之後運用失效模式與效應分析 (Failure Mode and Effects Analysis, FMEA)方法,就風險項之發生率、嚴重性與難檢度三項評準,結合模糊多評準決策 (Fuzzy Multiple Criteria Decision Making, FMCDM)方法,發展一風險評量與分級方法,提供決策者控管供應鏈資安風險項目優先順序之參考。研究中亦透過系統實作與個案應用,驗證提出方法之易用性、有用性與使用意願等應用狀況。
第一章 緒論 1
第二章 文獻探討 4
第一節 供應鏈資安風險管理 4
第二節 失效模式與效應分析 6
第三節 模糊理論與失效模式與效應分析 11
第四節 模糊德爾菲 14
第五節 多評準決策分析 15
第三章 研究方法 19
第四章 案例驗證 26
第一節 風險辨識 26
第二節 個案驗證 34
第三節 供應商面個案分析 35
第四節 客戶面個案分析 44
第五章 結論與建議 53
第一節 討論與結論 53
第二節 研究限制與建議 56
參考文獻 57
附錄 64
附錄一 供應鏈資訊安全評估系統畫面 64
附錄二 供應商面供應鏈資訊安全評估結果 70
附錄三 客戶面供應鏈資訊安全評估結果 73
附錄四 供應鏈與客戶面供應鏈資訊安全風險排名比較 75
中文部份
1. 李孟訓與郭羽真,從價值鏈的觀點探討建構農業生物科技園區關鍵成功因素-以屏東農業生技園區為例,中小企業發展季刊,2008,第7期,第 17-48頁。
2. 簡志郎,模糊理論與TOPSIS 法於失效模式與效應分析之應用,逢甲大學工業工程研究所碩士論文,2003。
3. 徐村和,模糊德菲層級分析法,模糊系統學刊,2008,第4卷第1期,第59-72頁。
4. 張浩鈞,質化多準則評估方法及其有效性之衡量,華梵大學工業工程研究所碩士論文,2000。
5. 張淙筆,資訊系統開發專案風險評估方法之研究,國立嘉義大學資訊管理研究所碩士論文,2010。
6. 陳慧儀,ISO 28000應用於供應鏈安全管理之探討,東吳大學資訊管理研究所碩士論文,2010。
7. 陳昭宏,亞太港埠競爭力與核心能力指標之研究,運輸學刊,2001,第13卷第1期,第1-25頁。
8. 陳武正與王琪,高速鐵路路線方案評估—多準則決策之應用,交通運輸,2004,第16 期,第53-64 頁。
9. 曾國雄與歐嘉瑞,平衡小汽車成長可行性措施之模糊多準則決策—羅吉斯特模型模糊TOPSIS 法之應用,中國行政評論,1994,第3 卷第4 期,第49-80頁。
10. 楊錦洲、陳建誠、陳百盛,建立醫藥物流作業流程FMEA 模式,中華民國品質學會第四十二屆年會,2006。
11. 吳貴彬、陳相如,失效模式與效應分析之應用,中華民國品質學會第39 屆年會暨第9 屆全國品質管理研討會,2003。
12. 衛萬里與張文智,應用模糊德爾菲與分析網路程序法選擇最佳產品設計方案之研究,設計學報,2005,第10卷第3期,第59-80頁。
13. 王文俊,認識FUZZY,台北:全華圖書公司,2005。

英文部份
1. Abdelgawad, M. and Fayek, A.R., “Risk Management in the Construction Industry Using Combined Fuzzy FMEA and Fuzzy AHP,” Journal of Construction Enginerring and Management, 2010, Vol. 136, No. 9, pp. 1028-1036.
2. Aven, T., Vinnem, J.E. and Wiencke, H.S., “A Decision Framework for Risk Management, with Application to the Offshore Oil and Gas Industry”, Reliability Engineering and System Safety, 2007, Vol. 92, No. 4, pp. 433-448.
3. Bailey, D., Goonetilleke, A. and Campbell, D., “A New Fuzzy Multicriteria Evaluation Method for Group Site Selection in GIS,” Journal of Multi-criteria Decision Analysis, 2003, Vol. 12, No.6, pp. 337-347.
4. Baker, W.H., Smith, G.H., and Watson, K.J., “Information Security Risk in the E-Supply Chain,” IGI Global, 2007, pp.142-161.
5. Bhattacharya, S., Behara, R.S. and Gundersen D.E., “Business Risk Perspectives on Information Systems Outsourcing,” International Journal of Accounting Information Systems, 2003, Vol. 4, No. 1, pp. 75-93.
6. Biehl, M., “Selecting Internal and External Supply Chain Functionality: The Case of ERP Systems Versus Electronic Marketplaces,” Journal of Enterprise Information Management, 2005, Vol. 18, No. 4, pp. 441-457.
7. Bowles, J.B. and Pelaez, C.E., “Fuzzy Logic Prioritization of Failures in a System Failure Mode, Effects and Criticality Analysis,” Reliability Engineering and System Safety, 1995, Vol. 50, No.2, pp. 303-213.
8. Chen, S.J. and Hwang, C.L., “Fuzzy Multiple Attribute Decision Making Methods and Applications”, Springer-Verlag, New York, 1992.
9. Christopher, J.A. and Audrey, J.D., “Managing Information Security Risks: The OCTAVE Approach,” Pearson Education, Inc, 2002.
10. Cooper, R. and Slagmulder, R., “Interorganizational Cost Management and Relational Context,” Accounting Organizations and Society, 2004, Vol. 29, No. 1, pp. 1-26.
11. Dalkey, N. and Helmer, O., “An Experimental Application of the Delphi Method to the Use of Experts.” Management Science, 1963, Vol. 9, No.3, pp.458-467.
12. Delgado, M., Herrera, F., Herrera-Viedma, E., and Martinez, L., “Combining Numerical and Linguistic Information in Group Decision Making,” Journal of Information Sciences, 1998 , Vol.107, No. 1-4, pp. 177-194.
13. Faisal, M.N., Banwet, D.K. and Shankar, R., “Information Risks Management in Supply Chain: An Assessment and Mitigation Framework,” Journal of Enterprise Information Management, 2007, Vol. 20, No. 6, pp.677-699.
14. Farahmand, F., Navathe, S.B., Sharp, G.P. and Enslow P.H., “A Management Perspective on Risk of Security Threats to Information Systems,” Information Technology and Management, 2005, Vol. 6, No. 2-3, pp. 203–225.
15. Giunipero, L.C. and Eltantawy, R.A., “Securing the Upstream Supply Chain: A Risk Management Approach” International Journal of Physical Distribution and Logistics Management, 2004, Vol. 34, No. 9, pp. 698-713.
16. Guimaraes, A.C.F. and Lapa, C.M.F., “Fuzzy FMEA Applied to PWR Chemical and Volume Control System”, Progress in Nuclear Energy, 2004, Vol. 44, No.3, pp. 191-213.
17. Hwang, C.L. and Yoon, K., “Multiple Attribute Decision Making: Methods and Application,” Springer-Verlag, New York, 1981.
18. Hwang, C. L. and Lin, M. J., “Group Decision Marking Under Multiple Criteria: Methods and Applications,” Springer-Verlag, New York, 1987.
19. Ishikawa, A., Amagasa, T., Tamizawa, G., Totsuta, R. and Mieno, H., “The Max-Min Delphi Method and Fuzzy Delphi Method via Fuzzy Integration,” Fuzzy Sets and Systems, 1993, Vol. 55, No.3, pp.241-253.
20. ISO 27001: 2005, “Information Technology - Security Techniques - Information Security Management Systems – Requirements,” on http://www.securitycn.net/img/uploadimg/20070924/183844756.pdf, access on 2010/4/12.
21. Jiang, H. and Yang J., “Information Technology Support System of Supply Chain Management,” Proceedings of the 11th WSEAS International Conference on Applied Mathematics, 2007, pp. 138-142.
22. Kaplan, S. and Garrick, B.J., “On the Quantitative Definition of Risk,” Risk Analysis, 1981, Vol. 1, No. 1, pp. 11-27.
23. Khazanchi, D. and Sutton, S.G., “Assurance Services for Business-to-Business Electronic Commerce: A Framework and Implications,” Journal of the Association for Information Systems, 2001, Vol. 1, No. 1, pp.1-53.
24. Kim, K. and Park, K.S., “Ranking Fuzzy Number with Index of Optimism,” Fuzzy Sets and Systems, 1990, Vol. 35, No. 2, pp. 143-150.
25. Kmenta, S. and Ishii, K., “Scenario-Based FMEA: A Life Cycle Cost Perspective,” 2000 ASME Design Engineering Technical Conferences, September 10 - 14, 2000, Baltimore, Maryland.
26. Kosasih, W., Sukania, I.W., and Tambrin, W., “Applied Fuzzy Assessment of FMEA for Production Plant of Paper Cutting knives (Case Study: PT. XYZ),” International Seminar on Industrial Engineering and Management, 2009, pp. 85-95.
27. Lee, S.C., Pak, B.Y. and Lee, H.G., “Business Value of B2B Electronic Commerce: The Critical Role of Inter-Firm Collaboration,” Electronic Commerce Research and Applications, 2003, Vol. 2, No. 4, pp. 350-361.
28. Liang, G.S. and Wang, M.J., “A Fuzzy Multicriteria Decision Making Method for Facility Site Selection,” International Journal of Production Research, 1991, Vol. 29, No.11, pp. 2313-2330.
29. Liang, G.S. and Wang, M.J.J., “A Fuzzy Multi-Criteria Decision-Making Approach for Robot Selection,” Robotics and Computer-Integrated Manufacturing, 1993, Vol. 10, No. 4, pp.267-274.
30. Liang, G.S., “Fuzzy MCDM Based on Ideal and Anti-Ideal Concepts,” European Journal of Operational Research, 1999, Vol. 112, No. 3, pp. 682-691.
31. McIvor, R., Humphreys, P. and McCurry, L., “Electronic Commerce: Supporting Collaboration in the Supply Chain?” Journal of Materials Processing Technology, 2003, Vo. 139, No. 1, pp. 147-152.
32. Maxtor Basics Personal Storage 3200, on http://seagate.custkb.com/seagate/crm/selfservice/search.jsp?DocId=205131andNewLang=cm, access on 2010/8/12.
33. Murry, T.J., Pipino, L.L. and Gigch, J.P., “A Pilot Study of Fuzzy Set Modification of Delphi,” Human Systems Management, 1985, Vol. 5, No. 1, pp. 76-80.
34. Norrman, A. and Jansson, U., “Ericsson's Proactive Supply Chain Risk Management Approach after a Serious Sub-Supplier Accident.” International Journal of Physical Distribution and Logistics Management, 2004, Vol. 34, No. 5, pp. 434-456.
35. Palmer, J.W., Kilewer, J. and Sweat, M., “Security Risk Assessment and Electronic Commerce: A Cross-Industry Analysis,” Internet and Intranet Security Management: Risk and Solutions, Idea Group Publishing, 2000.
36. Pillay, A. and Wang, J., “Modified Failure Mode and Effects Analysis Using Approximate Reasoning,” Reliability Engineering and System Safety, 2003, Vol.79, No. 1, pp. 69-85.
37. Ree, J. and Allen, J., “The State of Risk Assessment Practices in Information Security: An Exploratory Investigation,” Journal of Organizational Computing and Electronic Commerce, 2008, Vol. 18, No. 4, pp. 255-277.
38. Rook, P.S., Software Reliability Handbook, Crown, American, 1984.
39. Sachdeva, A. Kumar, P. and Kumar, D., “Maintenance Criticality Analysis Using TOPSIS” Industrial Engineering and Engineering Management, 2009a, pp. 199-203.
40. Sachdeva, A. Kumar, P. and Kumar, D., ”Multi-Factor Failure Mode Critically Analysis Using TOPSIS” Journal of Industrial Engineering International, 2009b, Vol. 5, No. 8, pp. 1-9.
41. Sankar, N.R. and Prabhu, B.S., “Application of Fuzzy Logic to Matrix FMECA,” Review of Progress in Quantitative Nondestructive Evaluation, 2001, Vol. 557, No. 1, pp. 1987-1994.
42. Saaty, T.L., “Decision Making in Economic, Political, Social and Technological Environments: The Analytic Hierarchy Process,” University of Pittsburgh: RWS Publications, 1994.
43. Sharma, R.K., Kumar, D., and Kumar, P., “Systematic Failure Mode Effect Analysis (FMEA) Using Fuzzy Linguistic Modeling,” International Journal of Quality and Reliability Management, 2005, Vol. 22, No. 9, pp. 986-1004.
44. Sharma, P.K., Kumar, D. and Kumar, P., “Fuzzy Decision Support System (FDSS) for Conducting FMEA” IE(I) Journal-MC, 2007, Vol. 88, No. 3, pp. 39-44.
45. Smith, G.E., Watson, K.J., Baker, W.H. and Pokorski, J.A., “A Critical Balance: Collaboration and Security in the IT-enabled Supply Chain,” International Journal of Production Research, 2007, Vol. 45, No. 11, pp. 2595-2613.
46. Smith, G.E., Watson, K.J. and Baker, W.H., “Perception and Reality: An Introspective Study on Supply Chain Information Security Risk,” Issues in Information Systems, 2008, Vol. 9, No. 2, pp. 272-278.
47. Speakman, R.E. and Davis, E.W., “Risky Business: Expanding the Discussion on Risk and the Extended Enterprise,” International Tournal of Physical Distribution and Logistics Management, 2004, Vol. 34, No. 5, pp. 414-433.
48. Sutton, S.G. and Hampton. C., “Risk Assessment in an Extended Enterprise Environment: Redefining the Audit Model.” International Journal of Accounting Information Systems, 2003, Vol. 4, No. 1, pp. 57-73.
49. Sutton S.G., Khazanchi, D., Hampton, C. and Arnold, V., “Risk Analysis in Extended Enterprise Environments: Identification of Critical Risk Factors in B2B E-Commerce Relationships,” Journal of the Association for Information Systems, 2008, Vol. 9, No. 3/4, pp. 151-174.
50. Symantec Corporation, “IT Risk Management Report,” 2008, Vol. 2, on http://eval.symantec.com/mktginfo/enterprise/other_resources/b-it_risk_management_report_2_01-2008_12818026.en-us.pdf, access on 2010/8/16.
51. Tay, K.M. and Lim, C.P., “Fuzzy FMEA with a Guided Rules Reduction System for Prioritization of Failures,” International Journal of Quality and Reliability Management, 2006, Vol. 23, No. 8, pp.1047-1066.
52. Teng, S.G., Ho, S.M., Shumar, D. and Liu, P.C., “Implementing FMEA in a Collaborative Supply Chain Environment,” The International Journal of Quality and Reliability Management, 2006, Vol. 23, No. 2/3, pp. 179-196.
53. Wadhwa, S., Prakash, A., Deshmukh, S.G. and Wadhwa, B., “Information Security in Flexible Supply Chain Network: A Decision Information Security (DIS) Model,” Global Journal of Enterprise Information System, 2009, Vol. 1, No. 2, pp. 25-31.
54. Wang, Y.M., Chin, K.S., Poon, G.K.K. and Yang, Y.B., ”Risk Evaluation in Failure Mode and Effects Analysis Using Fuzzy Weighted Geometric Mean,” Expert Systems with Applications, 2009, Vol. 36, No. 2, pp. 1195-1207.
55. Welborn, C., “Using FMEA to Assess Outsourcing Risk,” Quality Progress, 2007, Vol. 40, No. 8, pp.17-21.
56. Zadeh, L., “Fuzzy Sets,” IEEE Information and Control, 1965, Vol. 8, No. 3, pp. 338-353.
57. Zsidisin, G.A., “Managerial Perceptions of Supply Risk,” Journal of Supply Chain Management, 2003, Vol. 39, No. 1, pp. 14-26.
連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供,不一定有電子全文可供下載,若連結有誤,請點選上方之〝勘誤回報〞功能,我們會盡快修正,謝謝!
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
系統版面圖檔 系統版面圖檔