金融機構數據公益與資安治理策略之研究

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：121

、訪客IP：18.117.172.189

姓名

陳品慧(Pin-Hui Chen) 查詢紙本館藏

畢業系所

資訊管理學系

論文名稱

金融機構數據公益與資安治理策略之研究
(Data Altruism and Cyber Security Governance Strategies in Financial Institutions)

相關論文

★ 以機器學習技術為基礎建構新生兒孕育健康狀態預測模型	★ 電子病歷縮寫消歧與一對多分類任務
★ 使用文字探勘與深度學習技術建置中風後肺炎之預測模型	★ 精準社群廣告投資策略：以機器學習技術為基礎之社會影響力管理模式
★ 智慧活躍老化之實現：以資料驅動為基礎之AI長者在地交友推薦模式	★ 整合深度學習技術與SOR理論之資訊情緒傳遞性探索：新聞生成特質與資訊情感傳播行為
★ 基於混合過濾的電影推薦系統	★ 以 Reddit 使用者生成內容探討糖尿病照護社會支持
★ 防範於未然：基於機器學習技術之網路入侵偵測系統	★ 可靠度驗證實驗室導入人工智慧技術的可行性探討 -以A公司為例
★ 智慧共同照護之實現: 以資料驅動為基礎之 AI 糖尿病個案管理模式	★ Non-Touch Cooperation: An Interactive Mechanism Design Based on Mid-Air Gestures
★ 基於 UGC 的反脆弱社交口碑策略:以臺灣飯店業為例	★ 基於機器學習技術之誘導式評論過濾機制：以餐廳評論為例
★ 資料驅動的球隊經營：NBA球隊競爭力與抱團策略之研究	★ 基於顧客評論觀點揭示組織調整策略和顧客體驗優化：以 Covid-19 餐飲業為例

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

至系統瀏覽論文 (2029-7-26以後開放)

摘要(中)

隨著金融科技的迅速發展和金融產品的多樣化，金融機構面臨越來越複雜的風險和資訊安全挑戰。2024年數位發展部提出數據公益運作指引，推動社會和經濟的可持續發展，惟個人資料的運用面臨隱私保護挑戰及組織資訊安全治理風險。本研究將探索金融機構在數據公益與資訊安全治理方面的挑戰進行分析，並提出相應的策略建議。研究採用質性訪談方法進行整體環境分析，對銀行、證券期貨及保險業的資訊安全從業人員進行深度訪談，收集其在數據公益實踐與資訊安全治理中的經驗和見解。通過質性文本分析工具，對訪談資料進行系統化整理和分析。研究結果顯示，金融機構在數據公益運作中需考慮法律合規、技術實施及風險管理等多方面因素，同時，資訊安全治理策略需與數據公益目標相結合，以確保數據利用的透明性和合法性。基於訪談結果，本研究提出策略建議，包括建立內部資料治理框架、提升技術應用能力及推動跨部門合作，旨在幫助金融機構在推動數據公益的同時，確保資訊安全和金融業務穩定。

摘要(英)

With the rapid development of financial technology and the diversification of financial products, financial institutions face increasingly complex risks and information security challenges. In 2024, the Ministry of Digital Affairs proposed guidelines for data altruism operations to promote sustainable social and economic development. However, the use of personal data faces privacy protection challenges and organizational information security governance risks. This study will explore and analyze the challenges faced by financial institutions in data altruism and information security governance and propose corresponding strategic recommendations. The study adopts qualitative interview methods to conduct a comprehensive environmental analysis, conducting in-depth interviews with information security professionals in the banking, securities and futures, and insurance industries to collect their experiences and insights in the practice of data altruism and information security governance. Through qualitative text analysis tools, the interview data is systematically organized and analyzed. The research results indicate that financial institutions need to consider legal compliance, technical implementation, and risk management factors in data altruism operations. Simultaneously, information security governance strategies need to be integrated with data altruism goals to ensure the transparency and legality of data utilization. Based on the interview results, this study proposes strategic recommendations, including establishing an internal data governance framework, enhancing technical application capabilities, and promoting cross-departmental cooperation. The aim is to help financial institutions ensure information security and business stability while promoting data altruism.

關鍵字(中)

★ 金融機構
★ 資訊安全
★ 數據公益
★ 質性研究

關鍵字(英)

★ financial institutions
★ information security
★ data altruism
★ qualitative research

論文目次

摘要 i
ABSTRACT ii
目錄 iii
圖目錄 v
表目錄 vi
第一章緒論 1
1.1 研究背景與動機 1
1.2 研究目的 5
1.3 論文架構 6
第二章文獻探討 7
2.1 資料治理的定義與目標 7
2.2 數據公益 11
2.3 金融機構的資安治理 21
2.4 PESTLE分析 23
第三章研究方法 25
3.1 研究設計 25
3.2 資料收集 26
3.2.1 半結構式質性訪談 26
3.2.2 訪談大綱設計與執行 27
3.2.3 研究對象 29
3.3 資料分析 31
3.3.1 質性文本分析工具(MAXQDA) 31
3.3.2 模糊質性比較分析(fsQCA) 31
第四章研究分析與結果 33
4.1 金融機構背景資料 33
4.2 訪談分析結果 35
4.2.1 政治因素 35
4.2.2 經濟因素 40
4.2.3 社會因素 45
4.2.4 技術因素 49
4.2.5 法律因素 52
4.2.6 環境因素 56
4.2.7 分析結果總結 59
第五章結論與建議 61
5.1 研究結論 61
5.2 研究限制 63
5.3 未來研究方向 63
參考文獻 65

參考文獻

中文文獻
中央銀行（2023）。金融穩定報告。（第17期）。
https://www.cbc.gov.tw/tw/cp-899-31778-E2861-1.html
李洛維、朱斌妤（2021）。推動服務型智慧政府的核心引擎：資料治理的挑戰與對策。文官制度，13（2），115-151。
金融監督管理委員會（2015）。大數據研究應用。https://www.fsc.gov.tw/ch/home.jsp?id=503&parentpath=0,7
金融監督管理委員會（2022）。金融資安行動方案2.0。https://www.fsc.gov.tw/ch/home.jsp?id=975&parentpath=0
徐子苓（2023）。數位部推「數據公益」指引專家2大肯定、3大疑慮。自由時報。 https://ec.ltn.com.tw/article/breakingnews/4437141
翁逸泓（2022）。資料治理法制：歐盟模式之啟發。東海大學法學研究，（64），55-116。
國家發展委員會（2015）。建立數位政府服務新思維，強化開放資料、大數據應用深度。國土及公共治理季刊，3（4），3-6。
張腕純（2022）。資料生態系與臺灣資料治理法制框架建構方向。科技法律透析，34（6），43-71。
臺灣證券交易所（2024）。公開資訊觀測站。公司基本資料。https://mops.twse.com.tw/mops/web/index
劉書良（2022）。從英美經驗看金融監理發展方向---兼論金融監理與法令遵循關係。碩士論文，國立臺灣大學事業經營法務碩士在職學位學程。
數位發展部（2024）。數據公益。https://moda.gov.tw/digital-affairs/plural-innovation/operations/270
蔡鐘慶（2023）。金融科技對法令遵循所帶來的衝擊與挑戰。月旦法學，（335），83-95。
賴奕霖（2020）。從歐盟一般資料保護規則及電子隱私規則草案探討我國個人資料保護法之修正。碩士論文，國立政治大學科技管理與智慧財產研究所。
謝尚廷、蕭惟文、莊弘鈺（2024）。淺談金融業上雲趨勢與政策法令之發展。萬國法律（253），2-18。
魏欣柔（2024）。金融機構股東監理法制：以控制能力為中心。碩士論文，國立臺灣大學法律學系。

英文文獻
Abraham, R., Schneider, J., & vom Brocke, J. (2019). Data governance: A conceptual framework, structured review, and research agenda. International Journal of Information Management, 49, 424-438.
Achbah, R., Vitanova, I., & Fréchet, M. (2024). Failure Escape: The role of advice seeking in CEOs’ awareness of financial difficulties and corporate restructuring. Journal of Business Research, 175, 114548.
Ahmadi, S. (2024). A Comprehensive Study on Integration of Big Data and AI in Financial Industry and its Effect on Present and Future Opportunities. International Journal of Current Science Research and Review, 7(01), 66-74.
Al-Ruithe, M., Benkhelifa, E., & Hameed, K. (2019). A systematic literature review of data governance and cloud data governance. Personal and Ubiquitous Computing, 23(5), 839-859.
Alhassan, I., Sammon, D., & Daly, M. (2016). Data governance activities: an analysis of the literature. Journal of Decision Systems, 25(sup1), 64-75.
Anderson, R. (2001, 10-14 Dec. 2001). Why information security is hard - an economic perspective. Seventeenth Annual Computer Security Applications Conference,
Barton, D., & Court, D. (2012). Making advanced analytics work for you. Harvard business review, 90(10), 78-83.
Bernanke, B. S. (2020). The new tools of monetary policy. American Economic Review, 110(4), 943-983.
Bernier, A., Molnár-Gábor, F., & Knoppers, B. M. (2022). The international data governance landscape. Journal of Law and the Biosciences, 9(1), lsac005.
Bokan, B., & Santos, J. (2021). Managing cybersecurity risk using threat based methodology for evaluation of cybersecurity architectures. 2021 Systems and Information Engineering Design Symposium (SIEDS),
Bremmer, I. (2022). The power of crisis: how three threats–and our response–will change the world. Simon and Schuster.
Brown, T., Mann, B., Ryder, N., Subbiah, M., Kaplan, J. D., Dhariwal, P., Neelakantan, A., Shyam, P., Sastry, G., & Askell, A. (2020). Language models are few-shot learners. Advances in neural information processing systems, 33, 1877-1901.
Bühler, N., Frahsa, A., Morand Bourqui, R., Von Götz, N., Bochud, M., & Panese, F. (2023). Between data providers and concerned citizens: Exploring participation in precision public health in Switzerland. Public Understanding of Science, 33(1), 105-120.
Buye, R. (2021). Critical examination of the PESTEL Analysis Model. Project: Action Research for Development.
Cangialosi, N. (2023). Fuzzy-Set Qualitative Comparative Analysis (fsQCA) in Organizational Psychology: Theoretical Overview, Research Guidelines, and A Step-By-Step Tutorial Using R Software. The Spanish Journal of Psychology, 26, e21, Article e21.
Canton, H. (2021). Organisation for economic co-operation and development—OECD. In The Europa Directory of International Organizations 2021 (pp. 677-687). Routledge.
Celeste, E., & Fabbrini, F. (2021). Competing Jurisdictions: Data Privacy Across the Borders. In T. Lynn, J. G. Mooney, L. van der Werff, & G. Fox (Eds.), Data Privacy and Trust in Cloud Computing: Building trust in the cloud through assurance and accountability (pp. 43-58). Springer International Publishing.
Chang, K., & Huang, H. (2023). Exploring the management of multi-sectoral cybersecurity information-sharing networks. Government Information Quarterly, 40(4), 101870.
Charmaz, K., & Thornberg, R. (2021). The pursuit of quality in grounded theory. Qualitative research in psychology, 18(3), 305-327.
Chuah, S. H.-W., Aw, E. C.-X., & Yee, D. (2021). Unveiling the complexity of consumers’ intention to use service robots: An fsQCA approach. Computers in Human Behavior, 123, 106870.
Citaristi, I. (2022). Organisation For Economic Co-Operation And Development—OECD. In The Europa Directory of International Organizations 2022 (pp. 694-701). Routledge.
Clarke, V., & Braun, V. (2021). Thematic analysis: a practical guide.
Consoli, S. (2021). Uncovering the hidden face of narrative analysis: A reflexive perspective through MAXQDA. System, 102, 102611.
Cupoli, P., Earley, S., & Henderson, D. (2014). Dama-dmbok2 framework. Dama International.
Davidson, E., Wessel, L., Winter, J. S., & Winter, S. (2023). Future directions for scholarship on data governance, digital innovation, and grand challenges. Information and Organization, 33(1), 100454.
Dodman, D., Hayward, B., Pelling, M., Castán Broto, V., & Chow, W. T. (2022). Cities, settlements and key infrastructure.
ENISA, E. (2016). PETs controls matrix: a systematic approach for assessing online and mobile privacy tools.
Esteves, B. (2023). Towards an Architecture for Data Altruism in Solid.
Franke, J., & Gailhofer, P. (2021). Data governance and regulation for sustainable smart cities. Frontiers in Sustainable Cities, 3, 763788.
Ganter, A., & Hecker, A. (2014). Configurational paths to organizational innovation: qualitative comparative analyses of antecedents and contingencies. Journal of Business Research, 67(6), 1285-1292.
Garrido, G. M., Sedlmeir, J., Uludağ, Ö., Alaoui, I. S., Luckow, A., & Matthes, F. (2022). Revealing the landscape of privacy-enhancing technologies in the context of data markets for the IoT: A systematic literature review. Journal of Network and Computer Applications, 207, 103465.
Geissdoerfer, M., Santa‐Maria, T., Kirchherr, J., & Pelzeter, C. (2023). Drivers and barriers for circular business model innovation. Business Strategy and the Environment, 32(6), 3814-3832.
Gritsenko, D. (2024). Advancing UN digital cooperation: Lessons from environmental policy and governance. World Development, 173, 106392.
Guetterman, T. C., & James, T. G. (2023). A software feature for mixed methods analysis: The MAXQDA Interactive Quote Matrix. Methods in Psychology, 8, 100116.
Hai, T. N., Van, Q. N., & Thi Tuyet, M. N. (2021). Digital transformation: Opportunities and challenges for leaders in the emerging countries in response to COVID-19 pandemic. Emerging Science Journal, 5(1), 21-36.
Hasani, T., Rezania, D., Levallet, N., O’Reilly, N., & Mohammadi, M. (2023). Privacy enhancing technology adoption and its impact on SMEs’ performance. International Journal of Engineering Business Management, 15, 18479790231172874.
Hashem, I. A. T., Yaqoob, I., Anuar, N. B., Mokhtar, S., Gani, A., & Ullah Khan, S. (2015). The rise of “big data” on cloud computing: Review and open research issues. Information Systems, 47, 98-115.
Holloway, I., & Galvin, K. (2023). Qualitative research in nursing and healthcare. John Wiley & Sons.
Hormio, S. (2023). Collective responsibility for climate change. Wiley Interdisciplinary Reviews: Climate Change, 14(4), e830.
Jordan, S., Fontaine, C., & Hendricks-Sturrup, R. (2022). Selecting privacy-enhancing technologies for managing health data use. Frontiers in Public Health, 10, 814163.
Kaaniche, N., Laurent, M., & Belguith, S. (2020). Privacy enhancing technologies for solving the privacy-personalization paradox: Taxonomy and survey. Journal of Network and Computer Applications, 171, 102807.
Karkošková, S. (2023). Data governance model to enhance data quality in financial institutions. Information Systems Management, 40(1), 90-110.
Khatri, V., & Brown, C. V. (2010). Designing data governance. Communications of the ACM, 53(1), 148-152.
Kraus, S., Ribeiro-Soriano, D., & Schüssler, M. (2018). Fuzzy-set qualitative comparative analysis (fsQCA) in entrepreneurship and innovation research – the rise of a method. International Entrepreneurship and Management Journal, 14(1), 15-33.
Kumar, S., Sahoo, S., Lim, W. M., Kraus, S., & Bamel, U. (2022). Fuzzy-set qualitative comparative analysis (fsQCA) in business and management research: A contemporary overview. Technological Forecasting and Social Change, 178, 121599.
Lalova-Spinks, T., Meszaros, J., & Huys, I. (2023). The application of data altruism in clinical research through empirical and legal analysis lenses. Frontiers in Medicine, 10, 1141685.
Lemieux, V. L., & Werner, J. (2024). Protecting Privacy in Digital Records: The Potential of Privacy-Enhancing Technologies. ACM Journal on Computing and Cultural Heritage, 16(4), 1-18.
Lou, Z., Ye, A., Mao, J., & Zhang, C. (2022). Supplier selection, control mechanisms, and firm innovation: Configuration analysis based on fsQCA. Journal of Business Research, 139, 81-89.
Ma, Y.-j., & Jing, B.-j. (2021). Chinese (Taiwan) Yearbook of International Law and Affairs, Volume 38, 2020. Brill | Nijhoff.
Malatji, M. (2023). Management of enterprise cyber security: A review of ISO/IEC 27001: 2022. 2023 International conference on cyber management and engineering (CyMaEn),
Mamanazarov, S. (2024). De-identification and anonymization: legal and technical approaches. Tsul legal report, 5, 25-37.
Marcucci, S., Alarcón, N. G., Verhulst, S. G., & Wüllhorst, E. (2023). Informing the Global Data Future: Benchmarking Data Governance Frameworks. Data & Policy, 5, e30.
McAfee, A., & Brynjolfsson, E. (2012). Big data: the management revolution. Harv Bus Rev, 90(10), 60-66, 68, 128.
McGrath, C., Palmgren, P. J., & Liljedahl, M. (2019). Twelve tips for conducting qualitative research interviews. Medical Teacher, 41(9), 1002-1006.
Melzi, P., Rathgeb, C., Tolosana, R., Vera-Rodriguez, R., & Busch, C. (2022). An overview of privacy-enhancing technologies in biometric recognition. arXiv preprint arXiv:2206.10465.
Merriam, S. B., & Tisdell, E. J. (2015). Qualitative research: A guide to design and implementation. John Wiley & Sons.
Michałowicz, A. (2023). Data altruism in the European Union law University of Łódź].
Nadal, S., Jovanovic, P., Bilalli, B., & Romero, O. (2022). Operationalizing and automating data governance. Journal of big data, 9(1), 117.
Naeem, M., Jamal, T., Diaz-Martinez, J., Butt, S. A., Montesano, N., Tariq, M. I., De-la-Hoz-Franco, E., & De-La-Hoz-Valdiris, E. (2022). Trends and future perspective challenges in big data. Advances in Intelligent Data Analysis and Applications: Proceeding of the Sixth Euro-China Conference on Intelligent Data Analysis and Applications, 15–18 October 2019, Arad, Romania,
Nowell, L. S., Norris, J. M., White, D. E., & Moules, N. J. (2017). Thematic analysis: Striving to meet the trustworthiness criteria. International journal of qualitative methods, 16(1), 1609406917733847.
O′Hara, K. (2022). Privacy, privacy-enhancing technologies & the individual.
Oh, J., & Lee, K. (2023). Data De-identification Framework. Computers, Materials & Continua, 74(2).
Otto, B. (2011). A morphology of the organisation of data governance.
Pappas, I. O., & Woodside, A. G. (2021). Fuzzy-set Qualitative Comparative Analysis (fsQCA): Guidelines for research practice in Information Systems and marketing. International Journal of Information Management, 58, 102310.
Paseri, L. (2024). The ethical and legal challenges of data altruism for thescientific research sector. Smart Ethics in the Digital World: Proceedings of the ETHICOMP 2024. 21th International Conference on the Ethical and Social Impacts of ICT,
Pathak, M. (2024). Data Governance Redefined: The Evolution of EU Data Regulations from the GDPR to the DMA, DSA, DGA, Data Act and AI Act. DSA, DGA, Data Act and AI Act.(February 6, 2024).
Patton, M. Q. (2014). Qualitative research & evaluation methods: Integrating theory and practice. Sage publications.
Phan, S. (2021). The effect of PESTLE factors on development of e-commerce. International Journal of Data and Network Science, 5(1), 37-42.
Radford, A., Wu, J., Child, R., Luan, D., Amodei, D., & Sutskever, I. (2019). Language models are unsupervised multitask learners. OpenAI blog, 1(8), 9.
Rädiker, S., & Kuckartz, U. (2020). Focused analysis of qualitative interviews with MAXQDA. MAXQDA Press.
Ragin, C. C. (2009). Redesigning social inquiry: Fuzzy sets and beyond. University of Chicago Press.
Rane, N. (2023). Role and challenges of ChatGPT and similar generative artificial intelligence in business management. Available at SSRN 4603227.
Ratten, V. (2023). The Ukraine/Russia conflict: Geopolitical and international business strategies. Thunderbird International Business Review, 65(2), 265-271.
Ricci, S., Janout, V., Parker, S., Jerabek, J., Hajny, J., Chatzopoulou, A., & Badonnel, R. (2021). PESTLE analysis of cybersecurity education. Proceedings of the 16th International Conference on Availability, Reliability and Security,
Rice, C., & Zegart, A. B. (2018). Political risk: How businesses and organizations can anticipate global insecurity. Twelve.
Rothrock, R. A., Kaplan, J., & Van Der Oord, F. (2018). The Board′s Role in Managing Cybersecurity Risks. MIT Sloan Management Review, 59(2), 12-15.
Ruohonen, J., & Mickelsson, S. (2023). Reflections on the Data Governance Act. Digital Society, 2(1), 10.
Rydning, D. R.-J. G.-J., Reinsel, J., & Gantz, J. (2018). The digitization of the world from edge to core. Framingham: International Data Corporation, 16, 1-28.
Sarter, E. K., Bailey, E. C., & Law, J. (2023). Understanding Public Services: A Contemporary Introduction Understanding Public Services. Policy Press.
Schwartz, S. H. (2014). Values and culture. In Motivation and culture (pp. 69-84). Routledge.
Shabani, M. (2022). Will the European Health Data Space change data sharing rules? Science, 375(6587), 1357-1359.
Shah, S. I. H., Peristeras, V., & Magnisalis, I. (2021). Government big data ecosystem: definitions, types of data, actors, and roles and the impact in public administrations. ACM Journal of Data and Information Quality, 13(2), 1-25.
Tan, L. H., Chew, B. C., & Hamid, S. R. (2017). A holistic perspective on sustainable banking operating system drivers: A case study of Maybank group. Qualitative Research in Financial Markets, 9(3), 240-262.
Vedral, B. (2021). The vulnerability of the financial system to a systemic cyberattack. 2021 13th International Conference on Cyber Conflict (CyCon),
Velinov, E., Kadłubek, M., Thalassinos, E., Grima, S., & Maditinos, D. (2023). Digital Transformation and Data Governance: Top Management Teams Perspectives. In Digital Transformation, Strategic Resilience, Cyber Security and Risk Management (Vol. 111, pp. 147-158). Emerald Publishing Limited.
Vollset, S. E., Goren, E., Yuan, C.-W., Cao, J., Smith, A. E., Hsiao, T., Bisignano, C., Azhar, G. S., Castro, E., & Chalek, J. (2020). Fertility, mortality, migration, and population scenarios for 195 countries and territories from 2017 to 2100: a forecasting analysis for the Global Burden of Disease Study. The Lancet, 396(10258), 1285-1306.
Wenzel, M., Stanske, S., & Lieberman, M. B. (2020). Strategic responses to crisis. Strategic Management Journal, 41(7/18), 3161.

指導教授

曾筱珽(Hsiao-Ting Tseng)

審核日期

2024-7-26

推文