簡易檢索 / 詳目顯示
| 研究生: |
賴欣瑩 LAI, SHIN-YING |
|---|---|
| 論文名稱: |
探討金融產業雲端資訊安全專業技術能力之研究 Research on the professional technical capabilities of cloud information security in the financial industry |
| 指導教授: |
蕭顯勝
Hsiao, Hsien-Sheng 康雅菁 Kang, Ya-Chin |
| 口試委員: |
蕭顯勝
Hsiao, Hsien-Sheng 康雅菁 Kang, Ya-Chin 丁玉成 Ting,Yu-Chen |
| 口試日期: | 2024/06/19 |
| 學位類別: |
碩士 Master |
| 系所名稱: |
科技應用與人力資源發展學系人力資源發展碩士在職專班 Department of Technology Application and Human Resource Development_Continuing Education Master's Program of Human Resource Development |
| 論文出版年: | 2024 |
| 畢業學年度: | 112 |
| 語文別: | 中文 |
| 論文頁數: | 85 |
| 中文關鍵詞: | 金融產業 、雲端資訊安全 、專業能力需求 、IPA分析法 |
| 英文關鍵詞: | Financial Industry, Cloud Information Security, Professional Capability Requirements, Importance-Performance Analysis |
| 研究方法: | 調查研究 、 內容分析法 |
| DOI URL: | http://doi.org/10.6345/NTNU202401517 |
| 論文種類: | 學術論文 |
| 相關次數: | 點閱:96 下載:5 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
本研究探討金融產業雲端資訊安全專業技術能力的需求背景與現狀,隨著數位化趨勢和疫情帶來的遠端辦公模式,資訊安全問題日益嚴重,特別是雲端安全領域的專業人才短缺。研究主要目的是分析金融產業在執行雲端資訊安全業務時所需的專業技術能力,並提出具體建議以供人力招募和教育訓練課程規劃參考。透過對金融產業資訊相關領域專業技術人員的問卷結果以IPA分析,發現金融產業雲端資訊安全專業技術能力的框架,指出現職人員於實務經驗和專業技能方面存在一定差距。建議建立完善的培訓計劃並制定雲端資訊安全人才專業能力發展計劃,針對不同職級和職能設計具體課程,以提升整體資訊安技術能力,以應對不斷增加的網路安全挑戰。
This study explores the demand background and current situation of professional technical capabilities in cloud information security within the financial industry. With the trend of digitalization and the remote working model brought about by the pandemic, information security issues have become increasingly severe, particularly with a shortage of professionals in the field of cloud security. The main objective of this study is to analyze the professional technical capabilities required for executing cloud information security tasks in the financial industry and to provide specific recommendations for reference in human resource recruitment and educational training program planning. Through the questionnaire results of professional technical personnel in related fields within the financial industry, analyzed using IPA (Importance-Performance Analysis), the study identifies the framework of professional technical capabilities in cloud information security for the financial industry and points out the existing gap in practical experience and professional skills among current employees. It is recommended to establish comprehensive training programs and formulate professional capability development plans with specific courses for different job levels and functions for cloud information security talents. This will enhance overall information security technical capabilities and address the increasing challenges of cybersecurity.
王文科、王智弘(2020)。教育研究法。臺北市:五南。
行政院國家資通安全會報(2021)。國家資通安全發展方案,國家資通安全發展方案,35。
沈大白、黃追(2020)。網路風險與資安之發展趨勢,會計研究月刊,(411),100-105。https://doi:10.6650/ARM.202002(411).0014
伶克(2023)。金融與銀行業平均每週遭受 4,664 次網路攻擊,如何強化資安免疫系統?,科技橘報。https://buzzorange.com/techorange/2023/02/08/cybersecurity-in-the-financial-services-industry/(瀏覽日期:2023/11/31)
吳明隆(2004)。SPSS 統計應用實務。松崗電腦圖書公司。
金融監督管理委員會(2020)。金融機構運用新興科技作業規範,金融監督管理委員會。https://www.ba.org.tw/PublicInformation/Detail/4374?enumtype=ImportantnormType&type=99537959-bc87-4d24-bcb7-83c8e7767e65
金融監督管理委員會(2022)。金融資安行動方案附件1「金融資安行動方案2.0」執行措施彙總表,金融監督管理委員會, A -1-A-13。https://www.fsc.gov.tw/uploaddowndoc?file=news/202212271650421.pdf&filedisplay=金融資安行動方案2.0_1227.pdf&flag=doc
金融監督管理委員會(2023)。金融業運用人工智慧(AI)之核心原則與相關推動政策,金融監督管理委員會。https://www.fsc.gov.tw/ch/home.jsp?id=96&parentpath=0,2&mcustomize=news_view.jsp&dataserno=202310170002&dtable=News
承立平(2018)。金融科技產業發展的金融資本市場條件,財金資訊季刊,93, 8-13。
姚惠茹(2022)。勒索病毒、金融詐騙與日俱增!國泰世華如何透過三道防線嚴守資安危機,財經新報。https://finance.technews.tw/2022/12/21/information-security-network/(瀏覽日期:2023/11/20)
張嘉伶(2022)。力拼數位轉型彎道超車。台灣銀行家,145,52-55。https://taiwanbanker.tabf.org.tw/paperDetail?id=3638
陳鴻達(2020)。2020 TABF金融趨勢關鍵議題 - 資安挑戰與金融業資安聯防之趨勢,台灣金融研訓院,2,1-3。https://www.tabf.org.tw/Article.aspx?id=1916&cid=8
陳雅莉(2023)。把關從嚴!金融業應用雲端首重資訊安全,台灣銀行家,3,80-83。
資安人(2023)。Check Point:全球網路攻擊年增 38%,台灣各組織平均每週受攻擊逾 3,000 次,資安人。https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10295(瀏覽日期:2023/11/23)
潘世鳴(2023)。因應智慧資安時代,淺談NIST CSF網路安全框架2.0概念文件帶來的新改變,BSI。https://www.bsigroup.com/zh-TW/blog/Cybersecurity-and-Information-Resilience-Blog/2023/nist-csf-2/(瀏覽日期:2023/12/6)
編輯部(2024)。Gartner發佈2024年網路安全重要趨勢,資安人。https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11068(瀏覽日期:2024/05/01)
蕭俊傑(2019)。人工智慧與金融應用,財金資訊季刊,95,26-26。https://www.fisc.com.tw/Upload/d56378d2-ff51-4552-9ab2-12ff1dd64a84/TC/9504.pdf
點點簽(2023),Fintech 概念為何?關鍵技術、應用案例一次看!,點點簽。https://www.dottedsign.com/zh-tw/blog/product/fintech
蘇柏鳴(2021)。淺談資安政策與資安治理成熟度評估。金融聯合徵信,38,44-46。
iThome(2023)。雲端資安課程推薦:CCSP雲端資安專家認證,具深度與廣度的資安管理證照,IThome。(瀏覽日期:2024/05/31)https://www.ithome.com.tw/pr/155091
iThome(2024)。iThome 2024資安大調查系列1:金融業未來一年資安態勢大剖析,IThome。(瀏覽日期:2024/07/18)https://ithome.com.tw/article/162261
Oracle(2023)。什麼是雲端安全性?,Oracle。https://www.oracle.com/tw/security/cloud-security/what-is-cloud-security/(瀏覽日期:2023/12/05)
PiPi Lin(2023)。ChatGPT 引爆「生成式 AI 元年」,2023 年金融業要知道哪些趨勢?,科技橘報。https://buzzorange.com/techorange/2023/02/16/nvidia-ai-2023-trends/(瀏覽日期:2023/11/25)
Wikipedia(2023)。雲端安全,Wikipeia。 https://zh.wikipedia.org/wiki/雲端安全(瀏覽日期:2023/11/18)
Ashenhurst, R. R. (1972). Curriculum recommendations for graduate professional programs in information systems. Communications of the ACM, 15(5), 364-384. https://doi.org/10.1145/355602.361320
Cloud Security Alliance. (2021). Cloud Control Matrix (CCM) (4th ed.). CCM Implementation Guidelines. 26-115.https://cloudsecurityalliance.org/research/cloud-controls-matrix/
European Union Agency for Cybersecurity (ENISA). (2022). European Cybersecurity Skills Framework. EU publication, 6-24. https://doi.org/10.2824/859537
Flynn, N. L. (2001). The e Policy Handbook: Designing and Implementing Effective E-Mail, Internet, and Software Policies, American Management. https://dl.acm.org/doi/10.5555/517481
Fortinet. (2022). 2022 Cybersecurity Skills Gap Global Research Report, Fortinet.
Galasi, P. (2008). The effect of educational mismatch on wages for 25 countries, Institute of Economics, Hungarian Academy of Sciences, Budapest, Working Papers on the Labor Market.
Hartog, J. (2000). Over-education and earnings: Where are we and where should we go? , Economics of Education Review, 19, 131-147.
Hollenhorst, S., Olson, D., & Fortney, R. (1992). Use of importance-performance analysis to evaluate stat e park cabins: The case of the West Virginia state park system. Journal of Park and Recreation Administration, 10(1), 1-11. https://js.sagamorepub.com/index.php/jpra/article/view/1823
Höne, K. & Eloff , J.H.P. (2002). Information Security Policy - What do International Information Security Standards Say? , Computer & Security, 22(5), 402-409. https://blogs.nvidia.com/blog/financial-industry-ai-survey/
ISACA. (2022). State of Cybersecurity 2022:Global Update on Workforce Efforts, Resources and Cyberoperations, ISACA.https://www.isaca.org/resources/reports/state-of-cybersecurity-2022
Jarvis, P. (2004). Adult Education and Lifelong Learning (3rd ed.) London. https://doi.org/10.4324/9780203561560
Levitt, K. (2023). Survey Reveals Financial Industry’s Top 4 AI Priorities for 2023, State of AI in Financial Services: 2023 Trends.
Martilla, J.A. and James J.C. (1977). Importance-performance analysis, Journal of Marketing, 41(1), 77-79. https://doi.org/10.2307/1250495
Newhouse, W., Keith S., Scribner B., Witte G. (2020). NIST SP 800-181 Rev. 1, Workforce Framework for Cybersecurity (NICE Framework), 7-11.https://doi.org/10.6028/NIST.SP.800-181r1
Sampson, S. E., and Showalter, M. J. (1999). The performance-importance response function : Observations and implications, The Service Industries Journal, 19 , 1-25. https://doi.org/10.1080/02642069900000027
Tarrant, M. A. & Smith, E. K. (2010). The use of a modified importance of outdoor recreation settings, Management Leisure, 7, 69-82.https://doi.org/10.1080/13606710210137246
