臺灣博碩士論文加值系統

在2012年正式實施了個人資料保護法，若違反個人資料保護法洩漏敏感資料導致造成損害，賠償新台幣最高高達2億元。如果一個中小企業忽略了該法律，可能會導致破產。在台灣的中小企業對個人敏感資料保護不夠完善最為明顯，因為他們將個人資料和處理流程是分開的執行的，一旦取得資料後，便無法追蹤個資的流向。因此常發生個資外洩的資訊安全事件，可能造成客戶對企業失去信心。為了避免這種情況的發生，有效的應用結構行為合一 (SBC)方法論，以保護個人敏感資料。SBC整合的個人資料和資料流程的方法。在這種方法中，可以追蹤個人資料正確的使用。我們提出這個個人資料保護模型，幫助正修科技大學（CSU）在校園中施行該法，以保護個人資料。
我們的研究顯示了SBC模型增加了個資的安全性、增進效率、有效使用等。我們也提出三個安全建議：加化企業的資訊安全委員會的功能、建置個人資料保護系統並管理、及建立與管理回饋機制等，以降少資料洩漏並符合法律要求。我們的研究實現了企業個人資料有效的安全保護，研究成果也可做為其他企業界和學術界提供遵循和參考。

The Personal Information Protection Act (PIPA) was executed in 2012. It admits that disclosure of the personal sensitive data causes violation of the Act which in its turn results in the compensation for the damage up to NT$200 million. If a small-medium enterprise (SME) neglects the law, it might become a disaster lead to bankruptcy.
Personal sensitive data are not protected well enough by the most of the SMEs in Taiwan, because they treat personal information and processes separately.
Once the data are released, there is no way to figure out where it goes to. On the other hand, some information security incidents might cause the loss their credit and confidence of their customers. To avoid such destructive situations, it is effective to apply the structure-behavior coalescence (SBC) method in order to protect personal sensitive data. In fact, it is the SBC methodology that integrates personal information and data processes. In this way, personal data can be traced and used properly. We proposed this personal information protection model to implement the ACT in Chen Shiu University (CSU) campus to protect their personal data.
Our research has shown, the SBC model increases information security efficiency using three safe tips: the information security committee efficiency, personal information protection system establishment, and manage feedback mechanism. Only together these tips provide reduction of information leakage and legal safety.
Our research achieves a beneficial model for the personal information protection. This accomplishment may be valuable for the business and academic circles to follow and refer.

Chinese Abstract i
ABSTRACT ii
ACKNOWLEDGMENTS iii
DIRECTORY iv
LIST OF TABLES vii
LIST OF FIGUERES viii
1. Introduction 1
1.1. Motivation 1
1.2. Study Goal 2
1.3. Study Method 2
1.3.1. Research Processes Procedures 3
1.4 Organization of this Thesis 5
2. Literature Review 6
2.1. ISO 27001:2005 Information Security Management System, ISMS 6
2.2. ISO 10012:2009 Personal Information Management System 8
2.3. Personal Information Protection Act 9
2.4. Personal Data Protection Standards British BS10012: 2009 11
2.5. The Development of Enterprise Architecture Frameworks 20
2.5.1. Zachman Framework 22
2.5.2. DoDAF 22
2.5.3. The Open Group Architecture Framework 23
2.5.4. Federal Enterprise Architecture Framework 25
2.5.5. Structure-Behavior Coalescence Architecture 26
2.5.6 Comparisons between Current EAs 28
3. Personal Information Protection Act Architecture Modeling 30
3.1. Architecture Hierarchy Diagram 31
3.2. Framework Diagram 32
3.3. Component Services Diagram 32
3.4. Component Connection Diagram 36
3.5. Structure-Behavior Coalescence Diagram 37
3.6. Interaction Flow Diagram 43
4. Data Collections 72
4.1 Interviewing planning 72
4.2. Interview results for Vice Director Tsai 72
4.3 Interview results for Leader Luo 74
4.4 Summary of Interviews 75
5. Comparison between Process-oriented Models to Architecture-oriented Model 77
5.1 Comparison between Process-oriented Models to Architecture-oriented Model 77
5.2 Useful Findings 79
6. Conclusions and Recommendations 81
6.1. Conclusions 81
6.2. Managerial Implications 82
6.3. Recommendations 84
References 85

1.Buckl, S., Alexander M. Ernst, Florian Matthes, Rene Ramacher, Christian M. Schweda, 2009. Using Enterprise Architecture Management Patterns to complement TOGAF, Enterprise Distributed Object Computing Conference, EDOC 209. IEEE International.
2.BS 10012:2009, 2009. Data protection – Specification for a personal information management system, BSI.
3.Chao, S. William, Fu-tien Wang, Wei-ming Ma, 2007. Establish Knowledge Architecture - First Step to Knowledge Management, Architecture international management Consulting, Kaohsiung.
4.Chao, S. William, Fu-tien Wang, Wei-ming Ma, 2007. General Manager! Enterprise Architecture needs to transform but Business Process, Architecture international management Consulting, Kaohsiung.
5.Calder, Alan, Watkins, Steve, 2008. IT Governance: A Manager’s Guide to Data Security and ISO 27001 / ISO 27002, Kogan Page, London.
6.Chang, Shu-Ming and M.D. Hwang, 2011. A Study of Introducing Organizational Personal Information Management System Based on BS 10012, Computer Audit 24, 11-28.
7.Chao, W. S., Moore, J. M., Chang, C.S., 2009. System Analysis and Design, Lambert, New York.
8.Chao and Chuang, 2011. Enterprise Architecture of Purchasing Management -- SBC Architecture in Practice, Kindle Edition, Amazon, p.195.
9.Chao and Chuang, 2011. Enterprise Architecture of Purchasing Management -- SBC Architecture in Practice, Kindle Edition, Amazon, p.195.
10.Chao, 2011. Enterprise Architecture of Sales Management -- SBC Architecture in Practice, Kindle Edition, Amazon, p.190.
11.Chao, 2012. Systems Architecture: SBC Architecture at Work, Taipei, LAP LAMBERT Academic Publishing, p. 344.
12.International Organization for Standardization, ISO/IEC 27001 Information technology -- Security techniques -- Information security management systems -- Requirements, ISO/IEC, http://www.iso.org/iso
13.J.A., 2008. John Zachman’s Concise Definition of the Enterprise Framework, Zachman International.
14.Josey, Andrew, 2009. TOGAF Version 9 Enterprise Edition: An Introduction, The Open Group, p. 25.
15.Laws & Regulations database of the republic of China website, 2013 http://law.moj.gov.tw/Eng/LawClass/LawAll.aspx?PCode=I0050021, browsed on March 29, 2013.
16.Lankhorst, Marc, 2013. Enterprise Architecture at Work: Modeling, Communication and Analysis, 3rd ed., New York, Springer, p.364.
17.Li, Fu-Shiau, Wei-Ming Ma, A. Chao, 2008. Architecture Centric Approach to Enhance Software Testing Management, Intelligent Systems Design and Applications, 2008. ISDA '08. Eighth International Conference on 26-28 Nov. 2008, Vol. (1), pp. 654 - 659.
18.Ma, Wei-ming, 2013. Study on Enterprise Architecture Development, 2013 Symposium on Global Business Services and Management, Kaohsiung.
19.Ma, Wei-Ming, 2010. Study on Architecture-Oriented Information Security Risk Assessment Model, Computational Collective Intelligence Technologies and Applications, Volume 6423/2010, pp. 218-226.
20.Ma, Wei-Ming, 2009. Study of Consulting Service in Implementation of Information Security Management, Journal of Global Business Services and Management, Vol. (1), pp. 23-33.
21.Ma, Wei-Ming and Cheng-Fu Tsai, 2012. Study of Implementation of the Personal Information Protection Act Architecture on CSU Campus, 2012 Symposium on Global Business Services and Management, Kaohsiung, pp.594-605.
22.Minoli, Daniel, 2008. Enterprise Architecture A to Z, CRC Press, pp. 83-88.
23.Prekop, Paul, Gina Kingston, Moira Chin and Anna McCarthy, 2001. A Review of Architecture Tools for the Australian Defense Force, Report, DSTO-TR-1139, pp. 74.
24.Raj, P., 2013. Cloud Enterprise Architecture, Boca Raton, CRC Press, pp. 108-111.
25.Schekkerman, J., 2004. How to survive in the jungle of Enterprise Architecture Frameworks, 2nd ed., Canada, Trafford Publishing.
26.Schekkerman, J., 2006. Extended Enterprise Architecture Framework Essentials Guide Version 1.5, Institute for enterprise architecture developments, p. 21.
27.Schekkerman, J., 2008. Enterprise Architecture Good Practices Guide, Canada, Trafford Publishing.
28.Schekkerman, J., 2011. Enterprise Architecture Tool Selection Guide, Version 6.3, Institute for enterprise architecture developments, p. 25.
29.Software Testing Management, 2008. Eighth International Conference on Intelligent Systems Design and Applications.
30.TOGAF, 2007. The Open Group Architecture Framework TOGAF –Edition (Incorporating 8.1.1).
31.TOGAF, 2008. Open Group, TOGAF Version 9.1 - A Manual (TOGAF Series), Van Haren Publishing, 9th Ed.
32.Tzou, Wan-Lian and M.D. Hwang, 2012. A Study of Introducing College Personal Information Management System Based on BS 10012, Computer Audit 25, 72-87.