資安協作自動化應變(SOAR)對於企業資安防護之研究-以P公司為例;Study on the Impact of Security Orchestration, Automation, and Re-sponse (SOAR) on Enterprise Cybersecurity Protection - A Case Study of Company P

NCU Institutional Repository > 管理學院 > 資訊管理研究所 > 博碩士論文 > Item 987654321/95552

jsp.display-item.identifier=請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/95552

题名:	資安協作自動化應變(SOAR)對於企業資安防護之研究-以P公司為例;Study on the Impact of Security Orchestration, Automation, and Re-sponse (SOAR) on Enterprise Cybersecurity Protection - A Case Study of Company P
作者:	黃智鋒;HUANG, CHIH-FENG
贡献者:	資訊管理學系
关键词:	企業資安;網路安全;資安協作自動化應變;安全事件檢測與回應;自動化流程;enterprise cybersecurity;cybersecurity;security orchestration automated response;incident detection and response;process automation;SOAR
日期:	2024-07-23
上传时间:	2024-10-09 17:00:30 (UTC+8)
出版者:	國立中央大學
摘要:	隨著網際網路的快速發展，勒索軟體攻擊愈發頻繁，這些攻擊往往難以完全阻止。然而企業不僅面臨著日益複雜的資安管理挑戰，同時也遭遇了專業人才的短缺。資安協作自動化應變(SOAR)技術解決方案號稱為能夠改善這些問題，但從企業角度來看，實際驗證SOAR在企業環境中資安防護效益的案例仍然不足，無法讓決策者了解其實際導入效益及評估其導入應用流程。因此本研究交採用個案研究法，透過分析三個具體的資訊安全應變處理場景，包括TW-ISAC情資應用流程、群組原則設置異常監控應用流程和誘餌檔案異動偵測流程，來實際驗證導入SOAR後的差異與效益。研究結果顯示，應用SOAR系統後，這些場景的處理時間均顯著縮短，從而證明了SOAR技術在整合安全工具及實現流程自動化方面的巨大潛力。透過這些案例分析，本研究不僅證實了SOAR系統在強化企業資安防護和提高安全事件處置效率方面的價值，也為企業資安管理的自動化變革提供了重要的參考。 ;With the rapid development of the Internet, ransomware attacks have become increas-ingly frequent and are often difficult to completely prevent. Companies are not only facing increasingly complex cybersecurity management challenges but also encountering a short-age of professional talent. Security Orchestration, Automation, and Response (SOAR) tech-nology solutions are claimed to address these issues. However, from a corporate perspective, there are still insufficient cases verifying the security benefits of SOAR in enterprise envi-ronments, leaving decision-makers unable to understand its actual implementation benefits and evaluate its application processes. Therefore, this study adopts a case study approach, analyzing three specific cybersecu-rity incident response scenarios: the TW-ISAC intelligence application process, the abnor-mal group policy setting monitoring application process, and the decoy file alteration detec-tion process, to practically verify the differences and benefits after implementing SOAR. The results of the study show that after applying the SOAR system, the processing time for these scenarios was significantly reduced, thereby demonstrating the great potential of SOAR technology in integrating security tools and achieving process automation. Through these case analyses, this study not only confirms the value of the SOAR system in enhancing enterprise cybersecurity protection and improving the efficiency of handling security inci-dents but also provides important references for the automation transformation of corporate cybersecurity management.
显示于类别:	[資訊管理研究所] 博碩士論文

文件中的档案:

档案	描述	大小	格式	浏览次数
index.html		0Kb	HTML	32	检视/开启

在NCUIR中所有的数据项都受到原著作权保护.

社群 sharing

数据加载中.....