| 摘要: | 因資訊與網路科技之大量應用,過去以文書型態呈現之資料,現在大多以電子形式呈現與儲存居多,尤其,政府近期更宣佈未來證書與證照等將採電子化呈現,未來或許不須頒發紙本的畢業證書或證照,足見個資電子化之未來應用將大幅增長。有關個資之資訊安全,我國立法院近期陸續通過「政府資訊公開法」、「隱私權及智財權法」,另推行多年之「個人資料保護法」於99年4月27日通過,未來對企業、組織乃至個人之資料保護與相關要求將更加嚴謹與妥善,其對公司企業與個人之資訊作業影響甚巨。
政府自94年陸續編定各種參考指引,供各組織團體參考引用,並透過多個組織團體進行實作測試,以做為修訂參考並確保指引之落實度。其中電子資料保護參考指引以資料生命週期(蒐集、處理、傳送、儲存、流通)及資訊管理循環【政策制定(Policy)、程序發展(Procedure)、實作執行(Do)、測試檢查(Check)、整合行動(Act)】進行資安成熟度之評鑑,再據以對須改善的控制措施採行技術性管控。
緣於資訊電子化安全維護對企業、組織與個人之重要影響,本論文特參考該指引,利用免費有效的工具(如:ccleaner、TrueCrypt、WowUSBProtect、WinMerge、Palo Alto、Sophos…etc.)模擬實作生命週期各階段,中、小型企業或個人文書處理之安全驗證與電子文書之加密處理,以實現敏感電子資料之保護,此外,並針對網路通聯作業所使用非常頻繁之電子郵件,就資訊交換屬於敏感等級以上之資料為例,在各個階段針對電子資料的生命週期進行適切保護之驗證,期確保電子資料不會遭受竊取、竄改及洩漏等威脅以維電子資料之完整性。
本論文於模擬過程中,針對資訊電子化之安全維護與作業處理程序以及安全驗證之有效性等方面之模擬結果,經分析探討後所提出之較佳實現機制之具體建議對企業、組織與個人未來電子資訊之安全維護確具參用價值與助益。
Due to the emerging applications of Information and Internet technology, the data traditionally displayed on the paper are gradually substituted, displayed, and restored in electric forms. Moreover, the government of Taiwan recently announced that the certification will be also displayed in electronic form. According to the high technologies emerging, all of the documents might be displayed and stored with paperless forms to achieve the goal of saving resources in the future.
It is obviously that the application of Electronic Personal-Information will be dramatically increased in the future. As regarding the information security of personal information, the government of Taiwan has carried out some bills including “The Freedom of Government Information Law, privacy and intellectual property Act”, and “Personal Data Protection Act” which have been carried out for many years and just issued on April 27, 2010. Those issued bills do have significant influence on the information process of enterprise and organization, especially the process of personal information.
In Taiwan, the government has issued some different versions of “Index and Reference” for individuals, organizations, institutes, and enterprises to follow on for implementation. The government also periodically inspected and modified those “Index and Reference” to ensure that they are all exactly fit for the actual needs of organizations, institutes, and enterprises. As regarding the maturity of information security, both of the data life cycle (DLC) and information management cycle (IMC) belonging to the index of Electronic Data Protection are evaluated under technical control directly. In which, the DLC includes the process of Collection, Handling, Transmission, Storing, and Circulation, and the IMC includes the specification of Policy, Procedure, Operation, Check, and Action.
The security maintenance of electronic data does significantly affect the operation of individuals, enterprises, organizations, etc. To implement information protection on those sensitive electronic data that stored in text format, a simulation based on the reference of “The Index of Electric Data Protection” is performed in this paper. The experiments are performed effective free softwares such as ccleaner, TrueCrypt, WowUSBProtect, WinMerge, Palo Alto, Sophos, and etc. on each stage of the data life cycle to encrypt those electronic documents and verify the security strength of those documents. In addition, some E-mails are also experimented due to their popularity and available to all users in the world. Via Internet, a lot of information are exchanged or attached. Therefore, information security is inevitable and very important. While the exchanged information is categorized as sensitive or confidential, appropriate verification must be performed on each stage of electronic data life cycle to ensure data integrity from the threats of being stolen, changed, lost, etc.
Finally, all of the demonstrations of the experiments based on security maintenance of electronic data, operation procedure and security verification are analyzed. Some regarding the electronic data protection are given, which can be adopted for individuals, enterprises, organizations, etc. as a valuable reference to implement information protection. |
