針對網路惡意程式攻擊探討電腦風險管理與資訊安全技術因應研究

The Study of Computer Risk Management and Information Security Technology for Modern Network Malicious Codes Attack

吳嘉龍
C. L. Wu

和春技術學院資訊工程學系專任教授
危機管理學會理事兼資訊安全主任委員


摘要

在享受資訊化便利性的同時,必須注意相關資訊資產是否受到妥善保護,並深思背後可能引發的風險問題。如何善用有限資源與有效落實資訊安全管理,是現代科技的重大挑戰。資訊安全機制必須妥善保護資訊相關處理設備、系統與網路的機密性、完整性與可用性,不受各種威脅的影響,並將可能的衝擊與損害降至最低,以確保單位組織的正常營運與發展。隨著網路技術與通訊科技不斷地推陳出新,無論是公營機關或私人企業,均有可能面臨資訊安全的衝擊,不僅是機關的正常運作、企業的永續經營受到影響,甚或國家的安全亦受到威脅,如何加強資訊安全工作,尤其是網路安全管理,為當前重要課題。面對時有所聞的網路攻擊事件,政府亦相當重視資安工作的推動,尤其當前兩岸經貿交流頻繁,互通訊息難以避免,然而各種不斷變化的網路駭客,以及網軍的無孔不入,造成之無形威脅,其危險程度絕對不亞於沿岸部署的飛彈,面對惡意程式攻擊威脅,我們應該更須具備高度警覺性,妥善採因應措施。

關鍵字:風險分析、資訊安全、網路管理、惡意程式碼攻擊、電腦緊急應變。

ABSTRACT

Under highly development of internet technology, the rapid transfer of information has become a key issue for today's world. With the host server, computer can be connected to Internet all over the world to become a huge information network, but the problem of Internet security vulnerabilities in the system which are derived from the transfer of information is making a secure bear a considerable threat. Internet has become a part of life, companies and government departments is dependent on the operation of the network at this time if the attacker or malware attack government units for the organization to make it paralyzed, then they have caused the loss will exceed traditional war. As modern information technology comes, the more in-depth information technology companies and civil organizations, information security and risk management have already become an important issue can’t be ignored. Security mechanisms must be properly protected information and related processing equipment, systems and network confidentiality, integrity and availability, is not affected by a variety of threats.

Keywords: Risk Analyses; Information Security; Network Management; Malicious Code Attack; Computer Emergency Response.