摘要 「全功能網路銀行系統」(簡稱「全網銀」)意指銀行將所有和客戶有關的服務,全面透過網路直接提供給客戶使用。但是客戶如何可以信賴「全網銀」是安全的?尤其是當威脅來自四面八方的網際網路環境時。安全在本質上是一種既抽象又難以具體衡量的表述,在資訊安全的領域中,資訊安全代表的是多重工程跨越時空的持續協同運作結果,它更難以衡量;幸好國際上已有一個評估資訊產品或系統安全的準則-「共同準則」(Common Criteria),該準則的功用即在使資訊安全變成可以共同的語言具體表達及評量。 本文依照「共同準則」的方法,建立「全網銀」之安全目標,其主要的特點有: 1.? 在極度威脅的網際網路環境中提供客戶非常暢通、安全的且不中止的服務,特別是為維持高度的可用性,對「全網銀」提供服務所必需之資源,包括通信架構與容量,伺服主機處理容量均應維持適當的彈性與多餘性,系統容量擴充與調整、備援、災難應變及持續運作之需要應於系統構建時整體考量。 2.? 建立可信賴的帳務處理機制,本文從傳統銀行的內部控制制度之分工牽制精神著眼,擬訂虛擬角色、虛擬交易憑證等相關安全目標。 3.? 支援顧客建立安全計算環境的技術或直接提供顧客安全的計算環境,此係基於考量網際網路上諸多威脅正方興未艾,決非一般客戶所能持續安全應對。 本論文最後列出全網銀之安全環境與安全目標交互參照表,此表滿足「共同準則」對每一個安全目標均能追蹤至其處理的安全環境之要求,亦具體呈現了安全環境及安全目標交互關係;本研究所建立之安全目標可供一般使用者瞭解銀行之「全網銀」是否安全之參考,若銀行擬建置一個符合「共同準則」之「全網銀」,亦可循此發展後續的安全需求文件,另主管機關亦可藉以評估銀行「全網銀」之安全考量是否周延。 Abstract The Full Functional Internet Banking System (FFIBS for short) provides all services to customer via Internet , but how could it be trusted ? Especially in the Internet environment that threats came from all direction. Security has abstract nature, and it is hard to describe with concrete measure. In the information technology (IT for short) domain, security is an effect of sustained corporate operations, and it is more difficult to measure. The Common Criteria is an international criteria for evaluating the security of an IT product or system. It was purposed to make that describing and evaluating the IT security with the common language become possible. This thesis proposes security objectives of FFIBS according to the Common Criteria methodology. The security objectives proposed here have the following features: 1.? To provide customer with smooth, secure and non-suspend services in the internet environment, especially keeping extreme high availability. The necessary resources for FFIBS to provide service should keep flexibility and redundancy appropriately, such as data communication capacity, process capacity of the servers. The requirements of extension and adjustment of system capacity, backup, disaster and contingency planning should be considered while system is constructed. 2.? To create reliable accounting process, we propose security objectives of virtual roles and virtual transaction evidences which based on traditional duty segregation approach of internal control. 3.? To continuing educate customer, Supporting customer to set up or directly provide customer with secure operating environment. Finally, to comply with the requirements of Common Criteria that each security objective should be able to be traced to corresponding security environments, we present a cross reference table of FFIBS security environments and security objectives. This table gives the relationships between security environment and security objective. The created security objectives could be used as reference by general customers to determinate if the bank’s FFIBS is secure. The banks could use it to develop the security requirements for constructing FFIBS which complies with the Common Criteria and the authorities also could use it to evaluate the soundness of a FFIBS.