近年來,全球受新冠肺炎(COVID-19)疫情持續影響,如今早已改變人們原本生活的面貌,同時全球經濟、產業型態帶來非常大的變化,然而此迅速變化也讓許多產業尋求智慧及數位化生產,以減低疫情所帶來的影響,此結果不僅使高科技及數位化產業之發展,也導致生活型態之轉變,遠距工作比例增加,更帶來相應之資安風險,若管理不當可能會對組織的營運造成很深的影響並會帶來相當大的金錢損失。即使解決漏洞本身的問題後,將來也非常有可能造成長久且深遠的後續影響,甚至將影響組織名譽及品牌的形象。 本研究介紹網路風險之構成及所需參數,進而透過FAIR(factor analysis of information risk)與NIST (National Institute of Standards and Technology)資安框架探討台灣之金融產業其攻擊類型、損失大小等等,最後透過python模擬其保費計算。 ;In recent years, the world has been continuously affected by the new crown pneumonia (COVID-19) epidemic, which has already changed people′s original life. At the same time, the global economy and industrial patterns have brought great changes. However, this impact has also caused many industries to seek intelligent and digital production, trying to reduce the impact of the epidemic, not only unexpectedly accelerate the development of high-tech industries and digital industries, but also lead to changes in lifestyles, increasing the proportion of remote work, and bring corresponding information security risks. Improper management can severely impact an organization′s reputation to operate and result in considerable monetary losses. Even after solving the problem of the vulnerability itself, it may cause long-term and far-reaching follow-up effects, affecting the organization′s goodwill and brand image. This research introduces the composition and required parameters of network risk, and then discusses the types of attacks and the size of losses in Taiwan′s financial industry through FAIR (factor analysis of information risk) and NIST (National Institute of Standards and Technology) information security frameworks. Finally, assesses its premium calculation through a software developed using Python.
