跨國零售業導入雲交付資安防護之個案研究

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：102

、訪客IP：3.12.123.41

姓名

林裕祥(Yu-Hsiang Lin) 查詢紙本館藏

畢業系所

資訊管理學系在職專班

論文名稱

跨國零售業導入雲交付資安防護之個案研究
(Case Study of Cloud-Delivered Cybersecurity Protection in Cross-Border Retail Industry)

相關論文

★ 技術商品銷售之技術人員關鍵職能探討	★ 資訊委外之承包商能力、信任及溝通與委外成效關係之個案研究
★ 兵工技術軍官職能需求分析-以某軍事工廠為例	★ 不同楷模學習模式對VB程式語言學習之影響
★ 影響採購「網路資料中心產品」因素之探討	★ 資訊人員績效評估之研究—以陸軍某資訊單位為例
★ 高職資料處理科學生網路成癮相關因素及其影響之探討	★ 資訊服務委外對資訊部門及人員之衝擊-某大型外商公司之個案研究
★ 二次導入ERP系統之研究-以某個案公司為例	★ 資料倉儲於證券產業應用之個案研究
★ 影響消費者採用創新數位產品之因素---以整合式手機為例	★ 企業合併下資訊系統整合過程之個案研究
★ 資料倉儲系統建置之個案研究	★ 電子表單系統導入之探討 - 以 A 公司為例
★ 企業資訊安全機制導入與評估–以H公司為例	★ 從人力網站探討國內資訊人力現況–以104銀行資料為例

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

至系統瀏覽論文 (2029-7-1以後開放)

摘要(中)

在數位轉型和全球擴張的時代，跨國零售企業在網路安全方面面臨前所未有的挑戰。COVID-19大流行進一步加速了遠端工作和線上銷售的商業模式，使企業面臨更高的網路風險，傳統的安全架構已不足以保護跨地域分散網路中不斷演變的網路威脅。本研究探討跨國零售業導入雲交付資安防護架構，特別是安全存取服務邊緣，(Secure Access Service Edge, SASE)，如何有效解決跨國零售企業的網路安全挑戰。
透過案例研究方法，本研究調查了跨國零售企業中SASE的實施情況。對關鍵利益相關者進行了深入訪談，包括一名安全架構師、一名Help Desk支援和來自不同國家的三名終端用戶。研究結果表明，SASE顯著簡化了跨國零售企業的IT管理，降低了成本，增強了安全性，改善了用戶體驗。透過將網路和安全功能整合到統一的雲平台中，SASE有效解決了傳統架構的複雜性、不一致性和性能瓶頸等問題。它使企業能夠在所有地點執行一致的安全政策，同時為遠端用戶提供無差異和安全的應用程序和數據存取。
然而，研究也發現企業在實施SASE時需要仔細解決合規性、數據主權和預算方面的挑戰。
本研究有助於了解雲交付資安防護架構在跨國零售企業中的應用。它為企業提供了寶貴的見解和建議，以應對資訊爆發時代的網路安全挑戰，實現安全和可持續的業務增長。

摘要(英)

International retail firms face unprecedented cybersecurity challenges in the age of digital transformation and worldwide expansion. The COVID-19 pandemic has accelerated remote work and online trade, increasing cyber risks for enterprises. Conventional security frameworks cannot protect against shifting cyber threats across large networks. This study examines how Secure Access Service Edge (SASE) cloud-based security architecture mitigates cybersecurity risks for global retail enterprises.
Case study analysis is used to investigate SASE in a multinational retail firm. Key stakeholders like a security architect, a help desk representative, and three international end-users were extensively interviewed. The research shows that SASE streamlines IT administration, reduces costs, improves security, and improves user experience for global retail enterprises. By combining networking and security operations under a cloud platform, SASE simplifies, inconsatility, and performance issues in conventional systems. It lets companies set uniform security standards across all locations and give remote users secure access to programs and data.
However, the research also highlighted the challenges of adherence, data jurisdiction, and financial resources that enterprises must carefully address when implementing SASE. SASE deployment requires meticulous planning and optimization in global IT governance, compliance management, and data security.
This report clarifies cloud-based security architecture in global retail organizations. This research provides detailed analysis and advice for organizations to overcome cybersecurity challenges in the digital age and grow securely.

關鍵字(中)

★ 雲交付資安防護
★ 安全存取服務邊緣
★ 跨國零售企業

關鍵字(英)

★ Cloud-Delivered Security
★ SASE
★ Multinational Retail Enterprises

論文目次

摘要 iii
Abstract iv
誌謝辭 v
目錄 vi
圖目錄 viii
表目錄 ix
第一章緒論 1
第一節研究背景與動機 1
第二節研究目的 5
第三節論文架構與研究流程 6
第四節名詞釋義 9
第二章文獻探討 11
第一節資訊安全 11
第二節現行資安架構 16
第三節新一代的資安技術框架：SASE 20
第三章研究方法 26
第一節研究工具 26
第二節研究對象 26
第三節資料處理及分析 28
第四章研究結果與分析 30
第一節雲交付資安防護架構規劃設計分析 30
第二節雲交付資安防護管理與效能優化分析 35
第三節雲交付資安防護強化分析 40
第四節雲交付資安防護安全性及合規性分析 44
第五節雲交付資安防護事件回報流程及處理分析 48
第六節雲交付資安防護使用者實際體驗分析 52
第五章結論與建議 58
第一節結論 58
第二節管理意涵 60
第三節研究限制與未來研究建議 61
參考文獻 63
中文文獻 63
外文文獻 63
網路文獻 68
附錄一 70

參考文獻

中文文獻
田秀蘭(2003)。質性研究的基本概念-研究方法概論。台北市，國立台灣師範大學。
吳芝儀、廖梅花(2001)。質性研究入門：紮根理論研究方法。嘉義市，濤石。
黃明祥、林詠章(2009)。資訊與網路安全概論：建構雲端運算安全(第四版)。台北市，東華。
顏慧蓮(2005)。台灣電子化政府之隱私權揭露現況探討[碩士論文]。國立屏東科技大學。

外文文獻
Alsmadi, D., & Prybutok, V. (2018). Sharing and storage behavior via cloud computing: Security and privacy in research and practice. Computers in Human Behavior, 85, 218-226. https://doi.org/10.1016/j.chb.2018.04.003
Alexander, N., & Doherty, A. M. (2010). International retail research: focus, methodology and conceptual development. International Journal of Retail & Distribution Management, 38, 928-942. https://doi.org/10.1108/09590551011085993
Anderson, R. (2008). Security engineering: A guide to building dependable distributed systems (2nd ed.). N.J., USA: Wiley Publishing, Inc. ISBN: 978-0-470-06852-6
Benlian, A., Kettinger, W. J., Sunyaev, A., & Winkler, T. J. (2018). Special section: The transformative value of cloud computing: A decoupling, platformization, and recombination theoretical framework. Journal of Management Information Systems, 35(3), 719-739. https://doi.org/10.1080/07421222.2018.1481634
Bulgurcu, B., Hasan, C., & Izak, B. (2010). Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness. MIS Quarterly: Management Information Systems, 34(3), 523-548.
Butterfield, A., Ngondi, G. E., & Kerr, A. (Eds.). (2016). A Dictionary of Computer Science (7th ed.). England, British: Oxford University Press. eISBN: 9780191768125
Cavusoglu, H. (2004). Economics of IT Security Management: Four Improvements to Current Security Practices. Communications of the Association for Information Systems, 14, 65-75. https://personal.utdallas.edu/~huseyin/paper/practice.pdf
Glaser, B. & Strauss, A. (1967). The discovery of grounded theory. Chicago, USA: Aldine. ISBN: 0-202-30260-1
Glaser, B. (1978). Theoretical sensitivity: Advances in the methodology of grounded theory. Mill Valley, British: Sociology Press. ISBN-13978-1884156014
Gollmann, D. (2011). Computer security (3rd ed.). N.J., USA: Wiley Publishing, Inc. ISBN: 978-0-470-74115-3
Hiles, A. (2010). The definitive handbook of business continuity management. N.J. USA: John Wiley & Sons. DOI:10.1002/9781119205883
Miguel, H. B., Ricardo, J. R., & José, M. (2021). A Vision for Improving Business Continuity through Cyber-resilience Mechanisms and Frameworks. https://www.researchgate.net/publication/353203872_A_Vision_for_Improving_Business_Continuity_through_Cyber-resilience_Mechanisms_and_Frameworks. DOI:10.23919/CISTI52073.2021.9476324
ISO (2013). ISO/IEC 27001:2013 Information technology-Security techniques- Information security management systems - Requirements. Geneva: ISO.
Jie, J. (2023). The Impact of Covid-19 on E-Commerce Platforms and The Opportunities and Challenges They Face. BCP Business & Management, 44, 843-849. DOI:10.54691/bcpbm.v44i.4968
Jon, J., Carte, T. A., Saunders, C. S., Butler, B. S., Henry, J. P. C., & Weijun, Z. (2002). Review: Power and Information Technology Research: A Metatriangulation Review. MIS Quarterly, 26(4), 397-459. https://doi.org/10.2307/4132315
Jones, A., & Ashenden, D. (2005). Risk Management for Computer Security: Protecting Your Network & Information Assets. Oxford, United Kingdom: Butterworth-Heinemann. ISBN-13978-0750677950
Kathuria, A., Mann, A., Khuntia, J., Saldanha, T. J., & Kauffman, R. J. (2018). A strategic value appropriation path for cloud computing. Journal of Management Information Systems, 35(3), 740-775. https://doi.org/10.1080/07421222.2018.1481635
Kiesow, C. E., & Dekker, M. (2022). A Corporate Governance Approach to Cybersecurity Risk Disclosure. European Journal of Risk Regulation, 13(3), 443–463. doi:10.1017/err.2022.10.
Kott, A., & Linkov, I. (Eds.). (2019). Cyber Resilience of Systems and Networks. Germany, Springer Science Business Media.
Lambert, P. (2018). The impact of the GDPR on corporate data governance. Journal of Data Protection & Privacy, 2(1), 37-46. ISSN (print): 2398-5100
Maxim, C., Zubair, B., & Sherali, Z. (2021). Cloud-Native Application Security: Risks, Opportunities, and Challenges in Securing the Evolving Attack Surface. DOI Bookmark: 10.1109/MC.2021.3076537
Mell, P., & Grance, T. (2011). The NIST definition of cloud computing. NIST Special Publication800-145. https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-145.pdf
Moulika, B., & Vijay, K. D. (2017). Cloud computing: Security issues and research challenges. Journal of Network Communications and Emerging Technologies (JNCET), 7. https://www.jncet.org/Manuscripts/Volume-7/Issue-11/Vol-7-issue-11-M-12.pdf
National Institute of Standards and Technology, NIST (2020). Special Publication 800-53 Revision 5: Security and Privacy Controls for Information Systems and Organizations. https://doi.org/10.6028/NIST.SP.800-53r5
Niemimaa, E., & Niemimaa, M. (2017). Information systems security policy implementation in practice: from best practices to situated practices. European Journal of Information Systems, 26(1), 1-20. https://doi.org/10.1057/s41303-016-0025-y
Pahl, C., Brogi, A., Soldani, J., & Jamshidi, P. (2019). Cloud container technologies: a state-of-the-art review. IEEE Transactions on Cloud Computing, 7(3), 677-692. DOI: 10.1109/TCC.2017.2702586
Ponemon Institute. (2019). Cost of a Data Breach Report 2019. IBM Security. https://www.ibm.com/downloads/cas/RDEQK07R
Rahman, M. R., & Boutaba, R. (2013). SVNE: Survivable virtual network embedding algorithms for network virtualization. IEEE Transactions on Network and Service Management, 10(2), 105-118. DOI: 10.1109/TNSM.2013.013013.110202
Rose, S., Borchert, O., Mitchell, S., & Connelly, S. (2020). Zero Trust Architecture (NIST Special Publication (SP) 800-207). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-207
Russell, D. & Gangemi, G.T. (2006). Computer Security Basics (2nd ed.). C.A., USA: O′Reilly Media, Inc. ISBN: 9780596006693
Sanchez-Cartas, J. M., & Leon, G. (2018). Multisided Platforms and Markets: A Literature Review. Telecommunications Policy, 45(5), 102152. https://www.researchgate.net/publication/325225786_Multisided_Platforms_and_Markets_A_Literature_Review
Sasse, M. A., & Flechais, I. (2005). Usable Security: Why Do We Need It? How Do We Get It? Security and Usability: Designing Secure Systems that People Can Use (13-30). C.A., USA: O′Reilly Media, Inc. https://www.researchgate.net/publication/316236669_Usable_Security_Why_Do_We_Need_It_How_Do_We_Get_It
Schneier, B. (2018). Click Here to Kill Everybody: Security and Survival in a Hyper-connected World. N.Y., USA: W. W. Norton & Company. ISBN-13978-0393357448
Siim, A. (2017). Dealing with an Evolving Cyber Threat Picture – Developing a Joint European Response. DOI10.3233/NHSDP190005
Simson, G. and Gene, S. (1991), Practical UNIX Security, (1st edition). C.A., USA: O.Reilly & Associates, Inc. ISBN-13978-0937175729
Snedaker, S. (2013). Business continuity and disaster recovery planning for IT professionals. C.A., USA: Syngress Publishing, Inc. ISBN-13978-0124105263
Solove, D. J. (2004). The Digital Person: Technology and Privacy in the Information Age. N.Y., USA: NYU Press. ISBN-13978-0814740378
Sonatype (2021). THE STATE OF CLOUD SECURITY 2021. https://www.sonatype.com/hubfs/State_of_Cloud_Security_2021.pdf
Stamp, M. (2011). Information security: Principles and practice (2nd ed.). N.J., USA: Wiley Publishing, Inc. ISBN-0789753251
Syed, H. J., Gani, A., Ahmad, R. W., Khan, M. K., & Ahmed, A. I. A. (2017). Cloud monitoring: A review, taxonomy, and open research issues. Journal of Network and Computer Applications, 98, 11-26. https://doi.org/10.1016/j.jnca.2017.08.021
Vacca, J. R. (2013). Computer and Information Security Handbook. London, British: Newnes. ISBN-13978-0128038437
Ware, W.H. (1970). Security Controls for Computer Systems: Report of Defense Science Board Task Force on Computer Security. C.A., USA: Santa Monica, RAND Corporation. https://www.rand.org/pubs/reports/R609-1.html.
Wiebe, E. (2019). Information Security: Principles and Practices. Pearson IT Certification.https://www.pearson.com/en-us/search.html/Information+Technology/IT+Certification
Zhao, C., Shi, M., Huang, M., & Du, X. (2019). "Authentication Scheme Based on Hashchain for Space-Air-Ground Integrated Network," ICC 2019 - 2019 IEEE [International Conference on Communications (ICC)], Shanghai, China, 1-6.
Zimmermann, A., Schmidt, R., Sandkuhl, K., Wißotzki, M., Jugel, D., & Möhring, M. (2015). Digital enterprise architecture-transformation for the internet of things. 2015 IEEE 19th International Enterprise Distributed Object Computing Workshop, 130-138.

網路文獻
Fortinet (2023). Secure Access Service Edge. Retrieved from https://www.fortinet.com/tw/products/sase (March 25, 2024)
Optiv (2017). What is Cloud-Delivered Security? Retrieved from https://www.optiv.com/cybersecurity-dictionary/cloud-delivered-security (April 4, 2024)
Polymer (2023). Retrieved from https://www.polymerhq.io. (April 19, 2024)
Whitman, M. E., & Mattord, H. J. (2021). Principles of Information Security (7th ed.). Cengage Learning. Retrieved from https://www.cengageasia.com/ (March 21, 2024)
Zeljka, Z. (2021). Zero Trust: A Solution to Many Cybersecurity Problems. Retrieved from https://www.helpnetsecurity.com/2021/01/25/zero-trust-a-solution-to-many-cybersecurity-problems/. (May 2, 2024)

指導教授

周惠文(Huey-Wen Chou)

審核日期

2024-7-22

推文