標題: 金融投資公司雲端化的風險評鑑與管理
Risk Assessment and Management of Cloud Adoption of Financial Investment Companies
作者: 劉凱元
羅濟群
Liu, Kai-Yuan
Lo, Chi-Chun
管理學院資訊管理學程
關鍵字: 金融投資公司;雲端運算;資訊安全;IEC 27001;Investment Company;Cloud Computing;Information Security;IEC 27001
公開日期: 2017
摘要: 由於近年來雲端運算科技的發展,雲端金融服務供應商的出現使得金融投資公司可以獲得先進資訊系統與軟體,協助其進行更有效率與自動化的交易活動。另外一方面,將資訊系統與重要資料導入雲端無疑的將帶來新的安全問題與疑慮,若管理不當將衝擊金融投資公司的永續經營。本論文將針對金融投資公司使用雲端運算科技提出一個風險評鑑與管理架構。首先,我們將分析金融投資公司使用雲端運算科技的特性與安全需求。再者,我們將從金融投資公司內受影響之利害關係人的角度,進行公司營運雲端化的風險評鑑。除此之外,將提出一個基於持續改進之PDCA循環的風險管理架構。最後我們進行一個案例分析,使用本論文提出之雲端化的風險與評鑑方式發現在消除主要風險、針對環境變化的持續性改善以及加速雲端畫的成功皆有正向的幫助。
Due to the development of cloud computing technology in recent years, the new breed of cloud-based financial service providers enable financial investment companies to reach advanced information system and software, and helping them with a more sophisticated, efficient and automated trading activity. On the other hand, moving information system and critical data to cloud definitely bring new security issues and concerns. In this thesis, we propose a risk assessment and management framework to financial investment companies when leveraging cloud-computing technology form cloud service provider. To begin with, we analyze the characteristics and security requirement to the cloud adoption of financial investment company. Next, we perform risk assessment to the cloud-based business operation in terms of the stakeholders who will be affected in financial investment companies. Moreover, we deliver a risk management framework to mitigate the identified risks base on a continual improvement plan-do-check-act cycle. In the end, a case study that implementing the risk assessment and management framework proposed in this thesis will be delivered and it shows a positive result under this processes.
URI: http://etd.lib.nctu.edu.tw/cdrfb3/record/nctu/#GT070463404
http://hdl.handle.net/11536/141425
Appears in Collections:Thesis