ㄧ個基於資訊安全的中小企業雲端化可行性評估模型

Abstract

雲端技術所帶來的優勢使得企業能夠更為迅速的部署應用程式、降低管理的複雜度和維護的成本，同時允許 IT資源迅速重新分配以因應企業快速改變的需求。縱使雲端運算相關技術的出現已有一段時間，但在採用前仍有太多相關的資訊安全議題需要討論。本研究的方法是以所發展出來之雲端化的資訊安全商業模型（Cloud-BMIS）為架構，整合歐盟網路與資訊安全局（The European Union Agency for Network and Information Security，ENISA）對於雲端化的優勢、風險和建議的觀點，歸納出企業所重視的雲端化資訊安全風險項目。最終的目標，是幫助中小企業在衡量雲端化的過程中，可以透過一份資訊安全可行性檢核表的完成，來加以簡化雲端化的評估流程，避免因為不良的雲端評估方法造成企業的損失。

The advantages of cloud technology, in addition to allowing enterprises to deploy applications faster, reduce complex management and maintenance costs, while also allowing IT resources to be re-allocated quickly and meet the rapid changes in demand. Although the development of cloud technology has been a long time, there are too many information security issues need to be discussed. The approach of this study is to develop a framework of Cloud-BMIS that will integrate the ENISA's (European Union Agency for Network and Information Security) reporting on cloud technology's benefits, risks and recommendations. Then summed up the business attention to the cloud of information security risk project. The ultimate goal is to present a report that can be used as an information security feasibility checklist for SMEs in the assessment of cloud technology. Simplify the cloud assessment process and avoid the loss of business due to poor cloud assessment methods.