|
[1] 台灣協和珠山分廠(2014)。柴油機組控制盤操作手冊。臺灣,連江縣:台灣電力公司協和發電廠珠山分廠。 [2] 台灣電力公司企劃處(2015)。104年度風險管理計畫。臺灣,臺北市:台灣電力公司。 [3] 行政院國土辦公室(2014)。國家關鍵基礎設施安全防護指導綱要。臺灣,臺北市:行政院。P6-7 [4] 行政院國家資通安全會報(資安會報)(2016)。國家資通訊安全發展方案(102 年至 105 年)105年2月2日第2次修正。取自2016年2月20日,http://www.nicst.ey.gov.tw/News3.aspx?n=F7DE3E86444BC9A8&sms=FB4DC0329B2277CF [5] 林宜隆、陳帝仲(2015)。關鍵資訊基礎建設保護(CIIP)應用於戶役政電子系統安全控管之探討。2015年內部控制與風險管理論壇論文集,台灣,臺北市,國立臺北商業大學。 [6] 黃彥棻(2014年8月25日)。國家關鍵建設安全拉警報,油水電廠都可能受駭。iThome網站。取自2016年1月15 日,http://www.ithome.com.tw/article/903。 [7] 經濟部標準檢驗局(2016)。CNS 27000 x6101資訊技術-安全技術-資訊安全管理系統-概觀及詞彙,台灣,臺北市:經濟部標準檢驗局。 [8] 樊國楨、林樹國、林國水、楊中皇(2008)。重要民生基礎建設資訊技術缺陷功能控制措施初探--根基於台灣地區已發生事件。第十八屆資訊安全會議論文集,臺灣,台東市:國立東華大學。 [9] 樊國楨、黃健誠、林樹國、林惠芳、林國水(2012)。完備我國資訊安全管理法規之架構初探。第十六屆全國科技法律研討會論文集,台灣,新竹市。 [10] 樊國楨、黃健誠、林樹國、楊中皇、王演芳、林國水、蔡敦仁(2010)。資訊系統分類分級自主技術標準化之探討:根基於可信賴計算。資通安全分析專論T98030 (1~51)。臺灣,臺北市:國家實驗研究院科技政策研究與資訊中心。 [11] 單懷靈(2014)。初探ISO/IEC TR 27019。2014年第3及4季資訊安全管理系統標準化系列研討會,經濟部標準檢驗局,臺灣,臺北市。 [12] 蔡建興、林國水、莊賀喬(2016) 。資本預算為基礎的Cost-based FMEA應用於SCADA系統資安風險管理之個案實證研究。2016 國際大數據與ERP學術及實務研討會,大同大學,臺灣,臺台北市。 [13] 陳冠宏(2010)。結合TRIZ與FMEA之服務品質改善模式。臺灣,高雄市:正修科技大學 [14] AIAG (2008). Potential Failure Mode and Effect Analysis (FMEA): Reference Manual. 4th Edition. Automotive Industry Action Group, Chrysler Corporation, Ford Motor Company, General Motors Corporation, USA. [15] Alizadeh S.S. & Moshashaei P. (2015). The Bowtie method in safety management system: A literature review. Scientific Journal of Review, 4(9), 133-138 [16] Laurence Booth, Sean Cleary, & Pamela Patterson Drake (2013). Corporate Finance. New York: John Wiley & Sons [17] DOE (2007). 21 Steps to Improve Cyber Security of SCADA Networks .United States: Office of Energy Assurance, Department of Energy. Retrieved January 15, 2016, from http://www.oe.netl.doe.gov/docs/prepare/21stepsbooklet.pdf. [18] DOE (2014). Electricity Subsector Cyber security Capability Maturity Model(ES-C2M2).United States: Office of Energy Assurance, Department of Energy. Retrieved January 15, 2016, Retrieved March 10,2016,from http://energy.gov/sites/prod/files/2014/02/f7/ES-C2M2-v1-1-Feb2014.pdf [19] FAA and EUROCONTROL (2007). ATM Safety Techniques and Toolbox, Safety Action Plan – 15, Issue 2, October 3rd, 2007, Retrieved January 15, 2016, from http://www.eurocontrol.int/eec/gallery/content/public/document/eec/report/2007/023_Safety_techn iques_and_toolbox.pdf [20] Farn, K.J., Lin, S.K., Lin, K.S., & Yang, C.H. (2008).A Study on Critical Infrastructure Information Technology Malfunction Controls-- Illustration of Taiwan .Proceedings of the 2008 IEEE International Conference on Intelligence and Security Informatics, Taipei, Taiwan, 269-270 [21] FIPS 199 (2004, February). Federal Information Processing Standards Publication 199, Standards for security categorization of Federal information and information systems. (Report No. FIPS PUB 199). Gaithersburg, MD: National Institute of Standards and Technology. Retrieved January 15, 2016, from http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf [22] Gossen, H.H. (1854). The Laws of Human Relations and the Rules of Human Action Derived Therefrom. 1984 translation. Cambridge, Mass: M.I.T. Press. [23] Hollnagel, E. (2008). Risk + barriers = safety? .Safety Science, 46(2), 221-229 [24] IEC-812. (1985). Analysis Technique for System Reliability - Procedures for Failure Mode and Effect Analysis(FMEA). Geneve Switzerland: International Electrotechnical Commission Press. [25] ISO/IEC 13335-1 (2004).Information technology-Security techniques-Management of information and communications technology security-Part 1: Concepts and models for information and communications technology security management. Geneva, Switzerland: ISO [26] ISO/IEC TR 27019:2013 (E).Information technology-Security techniques-Information security management guidelines based on ISO/IEC 27002 for process control system of the energy utility industry. Geneva, Switzerland: ISO [27] Kogan A. (2014). The Criticism of Net Present Value and Equivalent Annual Cost, Journal of Advanced Research in Law and Economics, 1(9), 15-22 [28] Marhavilas P., Koulouriotis D., & Mitrakas C. (2014). Fault and event-tree techniques in occupational health-safety systems – part I: Integrated risk-evaluation scheme. Environmental engineering and management journal, 13(8), 2097-2108 [29] McDermott, Robin E., Raymond J. Mikulak, & Michael R. Beauregard (2008).The Basics of FMEA(2nd Edition).United States: Productivity Inc [30] MIL-STD-1692A (1980). Military Standard Procedures for Performing a Failure Mode, Effects, and Critical Analysis . U.S. Department of Defense, Washington, DC, November 1980. [31] National Electric Sector Cybersecurity Organization Resource(NESCOR) Technical Working Group 1(TWG1),Electric Sector failure Scenarios and Impact Analyses Version 2.0. Electric Power Research Institute. (EPRI).California, June 2014. [32] NCCIC/ICS-CERT(2016),ICS-CERT Year in Review 2015.,Retrieved May 22,2016, from https://ics-cert.us-cert.gov/sites/default/files/Annual_Reports/Year_in_review_FY2015.Final_S508C.pdf [33] Nilsson J., & Bertling L.(2007). Maintenance management of wind power systems using Condition Monitoring Systems –Life Cycle Cost analysis for two case studies in the Nordic system. IEEE Transactions on Energy Conversion, 22(1), 223- 229 [34] SP 800-82(2015). Guide to industrial control systems security. Report No. SP 800-82 Rev. 2. Gaithersburg, MD: National Institute of Standards and Technology. Retrieved January 15, 2016, from, http://csrc.nist.gov/publications/PubsSPs.html#SP 800 [35] Stephen Coty, Tyler Borland, Mukul Gupta, Arvin Hagad, Patrick Snyder, & Kevin Stevens(2013),Information Security in the Energy sector, Alert Logic, Inc. USA
|