臺灣博碩士論文加值系統

本論文在推導模糊經濟評估模式以評估企業資訊安全系統投資之經濟效益，並以淨現值法及效益成本比法為效益評估指標。模糊經濟指標之評估結果具有複雜之非線性特質因此需要將模糊效益指標去模糊化，本論文以密林轉換法求得模糊指標之均值及變異數，來比較不同投資方案之效益指標，作為投資決策之參考。本論文並以一實際之資訊安全投資規劃做為案例，以驗證推導模式之正確性及可用性。
現代企業之營運越來越依賴資訊系統之正常運作，企業經營電子化趨勢銳不可擋，然而企業的資訊系統必須以網路(有線與無線)與其他企業互聯，因此無法避免來自網路的惡意入侵、攻擊或癱瘓系統運作，尤其是高敏感度之資訊系統，如銀行體系，更必須有完整之資訊安全系統作為企業運作之保護。
為防止企業資訊系統漏失資料、停頓營運或商業交易資料被竊資訊安全系統應能確保系統之保密性、完整性及可用性。企業資訊安全系統應包含軟體及硬體兩部分，例如病毒檢測軟體、防火牆、自動數據後衛復原系統等。
為規劃適當的企業資訊系統必須考量企業欲保護之資訊資產值，並以風險管理之觀點決定欲投資之資訊安全設施理想的保護程度。由資訊系統投資金額、系統保護等級、系統達成保護目標所獲得之效益等資訊，並參酌經濟市場之利率、通貨膨脹率等影響經濟效益之因子，以評估資訊安全系統投資之效益，作為企業經營者決策之參考。

This thesis derives fuzzy economic models for the effectiveness evaluation of different Information System Security (ISS) alternatives. The Net Present Value (NPV) and Benefit/Cost Ratio (BCR) models are proposed for the execution of cost-benefit analysis. Since fuzzy results are in the form of a complex nonlinear representation, and do not always provide a totally ordered set in the same way that crisp numbers do, the current paper approximates the resulting fuzzy profitability indexes by a triangular fuzzy number initially, and then uses the Mellin Transform to obtain the means and variances of the approximated fuzzy numbers in order to determine their relative ranking in a decision-making process. The performance of the proposed models is verified by considering their application to a practical ISS program.
Given the information-intense characteristics of a modern economy, whatever kind, scale of firms they are undergoing electronic business activities. The continued growth in the use of information technologies makes firms increasingly dependent on their information systems. However, firm’s information assets are susceptible to risk by virtue of the fact that the information system is connected to third party networks, typically the Internet. Some people and firms deal with highly sensitive information that could potentially threaten a certain people or nation. Corporations have trade secrets and business processes they do not want publicly disclosed.
Any successful attack on information system and its eventual crash
could result in a serious loss of data, services and business operations. This is the main reason why modern organizations are investing in information security system (ISS). The ISS should protect the confidentiality, integrity, and availability of the information system. It should be no surprise to learn that ISS is a growing spending priority among most companies. This growth in ISS is occurring in a variety of areas including software to detect viruses, firewalls, sophisticated encryption techniques, intrusion detection systems, automated data backup, and hardware devices.
In order to determine how much an organization should spend on ISS and data protection it is important to know the value of the assets to be protected. This is usually done by risk management, which provides the organization with information about the consequences if appropriate protection and security solutions are not provided and about the potential losses in the case of security incident and the impact it may have on the company’s overall productivity. Nowadays, the question is not whether organizations need more security, but how much to spend for added security.

中文摘要 I
英文摘要 III
誌謝 V
目錄 VI
表目錄 VIII
圖目錄 IX
第一章、緒論 1
1-1、研究背景與動機 1
1-2、研究目的 1
1-3、研究方法 2
1-4、論文架構 5
第二章、資訊安全技術及其發展 7
2-1、網路系統 7
2-2、雲端運算 12
2-3、資訊安全產業概況 13
2-4、企業資訊安全技術 29
第三章、模糊數學理論 35
3-1、模糊集合與模糊數學概論 35
3-2、模糊數學與區間數學 41
3-3、模糊數學運算 42
第四章、模糊經濟效益分析模式 49
4-1、產業投資經濟效益評估概論 49
4-2、經濟效益分析模糊數及模糊排序 50
4-3、模糊財務收益模式 53
4-3.1最低成本分析法 53
4-3.2成本效益分析法 55
第五章、資訊安全投資方案模糊經濟效益範例分析58
第六章、結論與建議 61
6-1、研究結論 61
6-2、研究建議 62
參考文獻 64

表目錄
第二章、資訊安全技術及其發展 7
表2-1、網路系統的類型 8
表2-2、企業資訊安全風險類別 - 30
第三章、模糊數學理論 35
表3-1、模糊集合與模糊測度的基本區別 38
表3-2、實數信賴區間之乘法運算 45
第五章、資訊安全投資方案模糊經濟效益範例分析 58
表5-1、資訊安全投資方案之經濟效益 58
表5-2、兩種不同資訊安全方案之效益分析 59

圖目錄

第二章、資訊安全技術及其發展 7
圖2-1、主動式截毒技術 27
第三章、模糊數學理論 35
圖3-1、處理不確定性資訊之理論沿革 36
表3-1、模糊集合與模糊測度的基本區別 38
圖3-2、正規凸面模糊集合 40
圖3-3、模糊樹及其特性函數圖形 41
第四章、模糊經濟效益分析模式 49
圖4-1、提供相同需求之負載管理方案現金流量 53
圖4-2、成本效益分析法之現金流量 56

[1] L.A. Zadeh, The concepts of a linguistic variable and its application to approximate reasoning, Part1,2 and 3, Information Sciences, Vol.8, pp.199-249, Vol.8, pp.301-357, and Vol.9 pp.43-80,1975.
[2] D.Dubois and H. Prade, Fuzzy Sets and Systems: Theory and Applications, Academic Press, New York, 1980.
[3] A. Kaufmann and M.M. Gupta, Introduction to Fuzzy Arithmetic: Theory and Applications, Van Nostrand Reinhold, New York, 1985.
[4] C.Y. Chiu and C.S. Park, Fuzzy Cash Flow Analysis using Present Worth Criterion, The Engineering Economist, 39 , pp.113-137.，1994.
[5] J.J. Buckley, The Fuzzy Mathematics of Finance, Fuzzy Sets And Systems, 21 , pp.257-273.，1987.
[6] T.L. Ward, Discounted fuzzy cash flow analysis, Proceedings of 1985 Fall Industrial Engineering Conference, Institute of Industrial Engineers, pp.476-481.，1985.
[7] K.P. Yoon, A Probabilistic approach to rank complex fuzzy numbers, Fuzzy Sets and Systems, 80, pp.167-176.，1996.
[8] C.S. Park, The Mellin Transform in Probabilistic Cash Flow Modeling, The Engineering Economist, 32 (2), pp.115-134.，1987.
[9] R. Bojanc and B. J.erman-Blazic, An economic modeling approach to information security risk management, International Journal of Information Management, Vol.28, pp.413-422, 2008.

I、書籍雜誌
【1】 小丸,SOHO創業寶典－網路資訊業私房接案密技,碁峰資訊出版社,2009.5.6.
【2】 我識編輯群,一小時兼差致富,我識出版社,2006.12.19.
【3】 典馥眉,靠兼差賺到100萬,雲國際出版社,2013.8.21.

II、期刊論文
【4】 丘宏昌,部落格資訊分享行為之研究,國立中興大學科技管理研究所碩士論文,2009.
【5】 謝旻樺、謝宜瑄、劉佳倫、陳宛暄、孫志瑛, Web 2.0 服務與技術研究探討, 修平技術學院資訊管理系專題論文,2009.
【6】 鍾采霏,智慧型手機應用程式之商業模式分析,國立政治大學商管專業學院碩士論文,2013.
【7】 李書賢, 破壞性創新模式之研究,國立政治大學企業管理研究所碩士論文,2007.
【8】 鄭啓錕,從國家機密保護法探討空軍現行保密督檢機制,國防大學陸軍指揮參謀學院正規班軍事專題研究,2012.
【9】 徐文龍, 國軍機密程序處理之研究,國防大學陸軍指揮參謀學院正規班軍事專題研究, 2015.