1. NCCU Academic Hub
  2. 商學院
  3. 風險管理與保險學系
  4. 學位論文
Please use this identifier to cite or link to this item: https://ah.lib.nccu.edu.tw/handle/140.119/101089
題名: 雲端運算服務企業⽤⼾之⾵險管理與雲端運算保險法律問題研析
A Study on the Cloud Computing Risk Management of Enterprise Users and Related Legal Issues Arising from Cloud Computing Insurance
作者: 王莉宸
Wang, Li Chen
貢獻者: 張冠群
Chang, Kuan Chun
王莉宸
Wang, Li Chen
關鍵詞: 雲端
雲端運算
雲端服務
雲端運算風險
網路風險
雲端保險
資訊安全
資料外洩
網路保險
網路安全
風險管理
cloud
cloud computing
cloud service
cloud computing risk
cyber risk
cloud insurance
information security
data breach
cyber insurance
cyber security
risk management
日期: 2016
上傳時間: 1-Sep-2016
摘要: 「雲端」是現今網路科技最火紅之名詞,不論係個人日常生活中所使用之App或企業營運應用之軟體、服務皆可能與雲端技術之應用有關。有鑒於近年來網路攻擊、資訊安全事件頻傳,不僅造成企業損失金額節節上升,更使電子化、雲端化後之個人資料保護漏洞浮上檯面,然在企業邁向雲端化的同時,若無相應之風險管理措施,則可能使其暴露於財物損失、營運中斷、法律責任和商譽威脅之風險之中。\n 為此,國外已有將雲端策略和網路安全納入國家政策中並以立法要求資訊安全和個人資料保護,甚至以政策推廣或以軟法要求企業投保網路相關保險者。惟我國除個人資料法有對個人資料之保護外,於資訊安全及雲端服務使用上則尚無完善之規劃,企業在資訊安全、網路安全相關保險之投保率亦極低,顯示企業對此領域之風險意識淡薄。而目前國內市場上可承擔網路風險之保險契約甚少,更遑論針對雲端化之產業推出之商業保險。\n 因此,本文第二章將從雲端運算之技術及基本概念出發,於第三章中剖析企業雲端使用者可能面臨之雲端運算風險、比較其與網路風險之差異,檢視現有建議雲端服務使用者之雲端運算風險管理方法,並探討以保險作為雲端風險管理途徑之妥適性。第四章則參考外國法上曾因網路風險、資訊安全風險等新興風險於傳統保險商品適用上出現之相關法律問題,對照現有網路保險或資訊安全保險之保單條款檢視前述法律問題是否已為妥善解決,並就現行保險不足之處予以改良,試研擬新型雲端保險之契約條款內容。最後於第五章以國內外雲端服務發展現況為出發,綜合本文研究成果提出雲端風險可能產生法律爭議之解套以提升雲端保險之投保意願,並參考國外雲端發展政策及相關保險制度規劃為我國雲端保險市場開展之整體配套措施提供粗淺建議,希冀對我國雲端產業及保險未來發展有棉薄之貢獻。
“Cloud” might be the most popular noun among the information and communication technology field nowadays. From apps in the mobile devices to enterprise softwares, the application of cloud computing techniques is ubiquitous. However, more and more cyber-attacks and data breach events have not only cost businesses a lot but uncovered the issue concerning personal information protection. While embracing the cloud, if enterprises continue to neglect risk management, potential financial loss, business interruption, legal liabilities and the risk of reputation are the risks that enterprise has to deal with. \n Some countries have already incorporated cloud strategy and cyber security into policies, requiring particular threshold of information security and personal information protection by legislation. Some even require business to disclose its insurance policy relevant to its particular facts, circumstances and the presented risks. Nonetheless, in Taiwan, aside from the Personal Information Protection Act, there is no comprehensive policy or strategy on cloud computing or cyber security. The low insured rate of information security and cyber security related insurance also reveals the weakness of risk management of the emerging risks in business. Cyber risk related insurance is also uncommon in the market, not to mention the cloud-computing-targeted business insurance. \n Consequently, this thesis aims to develop a thorough risk management of cloud computing. Starting with the introduction on the basic concept and techniques of cloud computing in Chapter 2, Chapter 3 analyzes the risk that the enterprise cloud service users faces, compares the difference between cyber risk and cloud computing risks, examines current enterprise’s available risk management methods, and discusses the appropriateness of adopting insurance as the risk management of cloud computing. In order to develop a new insurance product for enterprise cloud service users, Chapter 4 studies the related foreign insurance disputes regarding cyber risks and information risks, and examines whether the latest insurance policy had amended the issues, and reforms current cyber insurance into a new cloud insurance. Lastly, based on the present domestic and international market environment of cloud computing service, Chapter 5 summarizes the legal issues discussed in the previous chapter for the purpose of the future development of new cloud insurance market, and map out the cloud computing policy with regard to risk management and insurance as the conclusion of the thesis.
參考文獻: 壹、 中文部分\n一、 書籍\n江朝國,保險法逐條釋義《第一卷 總則》,2012年1月。\n汪信君、廖世昌,保險法理論與實務,頁266,2015年10月,三版。\n胡為君,雲端資安與隱私:企業風險應對之道,2012年5月。\n范姜肱,保險行銷—兩岸實務與個案,2015年2月。\n財團法人保險事業發展中心,意外保險(第一輯),94年12月。\n陳彩稚,企業風險管理, 2012年2月。\n葉啟洲,保險法實例研習,2011年7月二版。\n葉啟洲,保險法判決案例研析(一),2013年11月。\n二、 期刊論文\n王 平、羅濟群、趙國銘、王子夏,雲端運算服務之風險分析,管理評論,第31卷第1期,2011年1月,頁1-19。\n林建智、李志峰,論責任保險人之抗辯義務-以美國發展為重心,東吳法律學報,第23卷第2期,頁109-157。\n陳秭璇,數位保險發展國際趨勢之研析,科技法律透析,第25卷第2期,2013年2月,頁9-13。\n張乃文,雲端運算環境之法規遵循議題剖析,科技法律透析,第25卷第7期,頁24,2013年7月,頁21-40。\n張紹斌、徐仕瑋,從雲端運算談個資保護,司法新聲,第99期季刊,頁33,100年7月,頁28-36。\n葉奇鑫、李相臣,淺淡個人資料保護法民事賠償責任及數位鑑識相關問題,司法新聲,第101期季刊,101年7月,頁33-49。\n廖家宏,論「除外條款」與「特約條款」之區辨—最高法院九十六年台上字第三九四號民事判決評釋,律師雜誌,2008年7月號,第346期,頁57-63。\n劉定基,雲端運算與個人資料保謢-以台灣個人資料保護法與歐盟個人資料保護指令的比較為中心,東海大學法學研究,第四十三期,2014年8月,頁53-106。\n謝淑美,雲端服務的增值稅徵納趨勢,資誠通訊,2015年3月號第287期,頁3-4。\n鐘文岳、汪家倩,個人資料保護法,這樣讀就對了—企業篇,萬國法律,第181期,2012年2月,頁2-17。\n三、 研究計畫及統計資料\n財團法人保險事業發展中心,中華民國104年意外保險賠款率統計表—按風險類別(曆年制)。\n四、 博碩士學位論文\n羅邵晏,雲端服務風險評估模式建立之研究,國立政治大學資訊管理學系碩士學位論文,2013年1月。\n五、 政策、行政命令及其他規範\n中華民國精算學會,費率釐訂實務處理準則,財產保險業,精算準則公報第一號,103年1月1日第5版。\n行政院科技會報,雲端運算發展方案,104年10月,http://www.bost.ey.gov.tw/cp.aspx?n=B56ED9F993B2EFA5。\n法務部法律字第 10103107800 號,101 年 11 月 21 日。\n資通安全管理法草案,http://www.cnra.org.tw/index.php?action=news_detail&cid=91&id=339。 \n六、 保單條款\nZurich Security and Privacy Protection Insurance(蘇黎世產物安全與隱私保護保險),103.09.26 (103)台蘇保產品字第125874 號函。\n中華民國產物保險商業同工會,商業火災保險基本條款,http://www.nlia.org.tw/modules/smartsection/item.php?itemid=65。\n美亞產物商業犯罪保險,102.03.04(102)美亞保精字第0030號函。\n美亞產物資料保護保險,102.03.04(102)美亞保精字第0030號函。\n美亞產物資料保護保險-天網版,102.06.18(102)美亞保精字第0096號函。\n美亞產物資料保護保險-天網版-資料危機管理服務附加條款,102.06.18(102)美亞保精字第098號函。\n美亞產物資料保護保險-天網版-擴大承保網路中斷保險附加條款,102.06.18(102)美亞保精字第099號函。\n美亞產物資料保護保險-天網版-擴大承保媒體內容責任附加條款,102.06.18(102)美亞保精字第100號函。\n國泰產物資料保護保險,104.03.05(104)企字第200-90號。\n七、 網際網路\nAIG,美亞產物保險(AIG Taiwan)推出 CyberEdge—繼資料保護保險(DataPlus)之後更完整的資訊安全解決方案,2013年3月4日,http://www.aig.com.tw/news/cyberedge。\nAmazon EC2–虛擬伺服器託管,Amazon Web Service官方網站,http://aws.amazon.com/tw/ec2/。\nAon,商業犯罪保險,http://www.aon.com/taiwan/zh/products-and-services/risk-services/commercial-crime.jsp。\nSam Chen,從賈伯斯的一席話認識雲端運算,INSIDE,2014年7月15日,http://www.inside.com.tw/2014/07/15/cloud_computing_1。\nSony Playstation.com (亞洲)台灣官方網站,https://asia.playstation.com/tw/cht/regional。\nTREND LABS 趨勢科技全球技術支援與研發中心,什麼是社交工程(social engineering )?,2011年10月12日,http://blog.trendmicro.com.tw/?p=101。\n林子煒,2015年資訊安全之解析與展望,IT’s通訊eNEWS,2015年第7期,http://newsletter.ascc.sinica.edu.tw/news/read_news.php?nid=3295。\n洪凱音,資料保護責任險升級 全台首張 雲端保險開賣,中國時報,2013年10月3日,https://tw.news.yahoo.com/資料保護責任險升級-全台首張-雲端保險開賣-213000392.html。\n陳國榮,SONY因PSN用戶資料外洩事件遭英國罰款39萬美元,硬底子達人網,http://www.17inda.com/html/3/article-2528.html。\n陳荻雅,雲端真的可以提升工作效能嗎?,數位時代,2011年11月17日,http://www.bnext.com.tw/article/view/id/20887。\n陳怡如,亞洲最大!Google投六億美元,台灣資料中心正式啟用,數位時代,2013年12月12日,http://www.bnext.com.tw/article/view/id/30406。\n黃彥棻,索尼影業遭駭事件始末大剖析,iThome,http://www.ithome.com.tw/news/93457。\n張頓,索尼向雇員賠800萬美元 和解駭客入侵案,大紀元,http://www.epochtimes.com/b5/15/10/23/n4556435.htm。\n貳、 英文部分\n一、 書籍\nFEHLING, CHRISTOPH ET AL. (2014), CLOUD COMPUTING PATTERNS.\nNICOLETTI, BERNARDO (2013), CLOUD COMPUTING IN FINANCIAL SERVICES.\nREJDA, GEORGE E. & MCNAMARA, MICHAEL J. (Prentice Hall, 12th ed. 2013), PRINCIPLES OF RISK MANAGEMENT AND INSURANCE.\nROUNTREE, DERRICK & CASTRILLO, ILEANA (Hai Jiang, Technical Edt., 2014), THE BASICS OF CLOUD COMPUTING - UNDERSTANDING THE FUNDAMENTALS OF CLOUD COMPUTING IN THEORY AND PRACTICE.\n二、 專書論文\nDasgupta, Dipankar & Naseem, Durdana (S. Srinivasan ed. 2014), A Framework for Compliance and Security Coverage Estimation for Cloud Services: A Cloud Insurance Model, in SECURITY, TRUST, AND REGULATORY ASPECTS OF CLOUD COMPUTING IN BUSINESS ENVIRONMENTS 91-114.\nHon, W Kuan & Millard, Christopher (Christopher Millard ed. 2013), Cloud Technologies and Services, in CLOUD COMPUTING LAW 4-18.\nKizza, Joseph M. & Yang, Li (S. Srinivasan ed. 2014), Is the Cloud the Future of Computing?, in SECURITY, TRUST, AND REGULATORY ASPECTS OF CLOUD COMPUTING IN BUSINESS ENVIRONMENTS 57-72.\nLosavio, Michal et al. (S. Srinivasan ed. 2014), Regulatory Aspects of Cloud Computing in Business Environments, in SECURITY, TRUST, AND REGULATORY ASPECTS OF CLOUD COMPUTING IN BUSINESS ENVIRONMENTS 156-169.\nSrinivasan, S. (S. Srinivasan ed. 2014), Risk Management in the Cloud and Cloud Outages, in SECURITY, TRUST, AND REGULATORY ASPECTS OF CLOUD COMPUTING IN BUSINESS ENVIRONMENTS 145-155.\n三、 期刊\nAlali, Fatima A. & Yeh, Chia-Lun, Cloud Computing: Overview and Risk Analysis, 26 J. INFO. SYS. 2 (2012).\nBălţătescu, Ionela, Cloud Computing Services: Benefits, Risks and Intellectual Property Issues, 2(1) Global Economic Observer 230 (2014).\nBiener, Christian et al., Insurability of Cyber Risk: An Empirical Analysis, 40 The Geneva Papers on Risk and Insurance - Issues and Practice 131 (2015).\nBonner, Lance, Cyber Risk: How The 2011 Sony Data Breach And The Need For Cyber Risk Insurance Policies Should Direct The Federal Response To Rising Data Breaches, 40 Wash. U. J.L. & Pol’y 257.\nCheng, Tina, A Cloudy Forecast: Divergence in the Cloud Computing Laws of the United States, European Union, and China, 41 Ga. J. Int’l & Comp. L. 481.\nChristenson, Cass W., Insurance Coverage Regarding Data Privacy, Cloud Computing, and Other Emerging Cyber Risks, 2011 WL 601376.\nCox, Dina M. et al., Cyber Insurance 101: Coverage Issues Related to Cyber Attacks and Cyber Insurance, Insurance Coverage Litigation Committee CLE Seminar (ABA)(2014).\nFan, Chiang Ku & Chen, Tien-Chun, The Risk Management Strategy of Applying Cloud Computing, 3 IJACSA 9 (2012).\nFerrillo, Paul & Marciano, Christine, Cyber security, Cyber governance, and Cyber insurance, Harvard Law School Forum on Corporate Governance and Financial Regulation, (Nov. 13, 2014), https://corpgov.law.harvard.edu/2014/11/13/cyber-security-cyber-governance-and-cyber-insurance/.\nFortinová, Jana, Risks of Cloud Computing, 20(3) Systémová Integrace 63 (2013).\nGasser, Urs & O’Brien, David, Governments and Cloud Computing: Roles, Approaches, and Policy Considerations, Berkman Center Research Publication No. 2014-6 (March 17, 2014), available at SSRN: http://ssrn.com/abstract=2410270.\nGentzoglanis, Anastassios, Evolving Cloud Ecosystems: Risk, Competition and Regulation, 85 Digiworld Economic Journal 87 (2012).\nGerber, Jenna, Head out of the Clouds: What the United States May Learn From the Europrean Union’s Treatment of Data in the Cloud, 23 Ind. Int`l & Comp. L. Rev. 245 (2013).\nGodes, Scott, Cybersecurity Risks and Insurance Coverage, 3 New Appleman Law Of Liability Insurance § 18.03 (2013).\nGold, Joshua, Protection in the Cloud: Risk Management and Insurance for Cloud Computing, 15 No. 12 J. Internet L. 1 (2012).\nHarshbarger, Jared A., Cloud Computing Providers And Data Security Law: Building Trust With United States Companies, 16 J. Tech. L. & Pol’y 229.\nKalyvas, James R. et al., Cloud Computing: A Practical Framework for Managing Cloud Computing Risk—Part I, 25 NO.3 INTELL. PROP. & TECH. L. J. 7(2013).\nKalyvas, James R. et al., Cloud Computing: A Practical Framework for Managing Cloud Computing Risk—Part II, 25 NO.4 INTELL. PROP. & TECH. L. J. 19 (2013).\nKattan, Ilana R., Cloudy Privacy Protections: Why the Stored Communications Act Fails to Protect the Privacy of Communications Stored in the Cloud, 13 Vand. J. Ent. & Tech. L. 617.\nKosub, Thomas, Components and Challenges of Integrated Cyber Risk Management, 104 Zeitschrift für die gesamte Versicherungswissenschaft 615 (2015).\nKrebs, David, Regulating the Cloud: A Comparative Analysis of the Current and Proposed Privacy Frameworks in Canada and the European Union, 10 Can. J. L. & Tech. 29.\nMcGillivray, Kevin, Conflicts in the Cloud: Contracts and Compliance with Data Protection Law in the EU, 17 Tul. J. Tech. & Intell. Prop. 217.\nMontgomery, Jack, Cybercrime Losses and Insurance for Property Damage and Third-Party Claims, 27 Me. B.J. 158 (2012).\nQuinn, Michael Sean, The Cyber-World and Insurance: An Introduction to a New Insurance, 12 J. Tex. Ins. L. 20 (2013).\nRancourt, Stephen J., Hacking, Theft, And Corporate Negligence: Making The Case For Mandatory Encryption Of Personal Information, 18 Tex. Wesleyan L. Rev. 183.\nReed, Toni Scott, Cybercrime: Losses, Claims, and Potential Insurance Coverage for the Technology Hazards of the Twenty-First Century, 20 Fidelity L.J. 55 (2014).\nSegall, Sasha, Jurisdictional Challenges In The United States Government’s Move To Cloud Computing Technology, 23 Fordham Intell. Prop. Media & Ent. L.J. 1105.\nShipley, Greg, Cloud Computing: Risks, InformationWeek, Issue 1262, at 20 (2010).\nSoghoian, Christopher, Caught in the Cloud: Privacy, Encryption, and Government Back Doors in the Web 2.0 Era, 8 J. on Telecomm. & High Tech. L. 359 (2010).\nTsanakas, Andreas & Desli, Evangelia, Measurement and Pricing of Risk in Insurance Markets, 25 Risk Analysis 6 (2005).\nVivinSandar, S & Shenai, Sudhir, Economic Denial of Sustainability (EDoS) in Cloud Services using HTTP and XML based DDoS Attacks, 41 International Journal of Computer Applications 11 (2012).\nWilson, Nigel, E-Risks and Insurance in the Information Age, 24 NZULR 550, 556 (2011).\nWinn, Jane K., Insurance for Cyber-risks: Business and Legal Issues, 1.2 SKKU J. SCI. & TECH. L 87 (2007).\nXie, Feng et al., A Risk Management Framework for Cloud Computing, 1 IEEE 2nd International Conference on Cloud Computing and Intelligence Systems 476 (2012).\nYu, Angela, Let’s Get Physical: Loss of Use of Tangible Property as Coverage in Cyber Insurance, 40 Rutgers Computer & Tech. L.J. 229 (2014).\n四、 研究報告及統計資料\nASSOCIATION OF BRITISH INSURERS (ABI), MAKING SENSE OF CYBER INSURANCE: A GUIDE FOR SMES (May 2016), available at https://www.abi.org.uk/Insurance-and-savings/Products/Business-insurance/Cyber-risk-insurance.\nCROWE HORWATH LLP ET AL., ENTERPRISE RISK MANAGEMENT FOR CLOUD COMPUTING (Committee of Sponsoring Organizations of the Treadway Commission) (Jun. 2012).\nEDARA, SREE RAMA & KANDAGATLA, RANJITH KUMAR, CAPGEMINI, CLOUD COMPUTING IN THE PROPERTY & CASUALTY INSURANCE INDUSTRY - THE CASE FOR DEVELOPING A HOLISTIC CLOUD STRATEGY, available at https://www.hu.capgemini.com/resource-file-access/resource/pdf/Cloud_Computing_in_the_Property___Casualty_Insurance_Industry.pdf.\nENISA, CLOUD COMPUTING BENEFITS, RISKS AND RECOMMENDATIONS FOR INFORMATION SECURITY (2009), available at https://www.enisa.europa.eu/activities/risk-management/files/deliverables/cloud-computing-risk-assessment.\nENISA, CLOUD COMPUTING BENEFITS, RISKS AND RECOMMENDATIONS FOR INFORMATION SECURITY (2012), available at https://resilience.enisa.europa.eu/cloud-security-and-resilience/publications/cloud-computing-benefits-risks-and-recommendations-for-information-security.\nEUROPEAN COMMISSION, UNLEASHING THE POTENTIAL OF CLOUD COMPUTING IN EUROPE (2012), available at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0529:FIN:EN:PDF. \nFEDERAL INSURANCE OFFICE, ANNUAL REPORT ON INSURANCE INDUSTRY, U.S. DEPARTMENT OF THE TREASURY (September 2015).\nFITÓ, ORIOL J. & GUITART, JORDI, INTRODUCING RISK MANAGEMENT INTO CLOUD COMPUTING, http://www.ac.upc.edu/app/research-reports/html/RR/2010/33.pdf.\nHM GOVERNMENT, GOVERNMENT CLOUD STRATEGY – A SUB STRATEGY OF THE GOVERNMENT ICT STRATEGY 15, March 2011, available at https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/266214/government-cloud-strategy_0.pdf.\nHM GOVERNMENT & MARSH, UK CYBER SECURITY – THE ROLE OF INSURANCE IN MANAGING AND MITIGATING THE RISK (March 2015), available at https://www.marsh.com/uk/insights/research/uk-cyber-security-role-of-insurance-in-managing-mitigating-risk.html. \nINSTITUTE OF RISK MANAGEMENT, CYBER RISK – EXECUTIVE SUMMARY (2014).\nKENT, KAREN & SOUPPAYA, MURUGIAH, GUIDE TO COMPUTER SECURITY LOG MANAGEMENT, NIST, available at http://dl.acm.org/citation.cfm?id=2206303.\nKESAN, JAY P. ET AL., CYBERINSURANCE AS A MERKET-BASED SOLUTION TO THE PROBLEM OF CYBERSECURITY - A CASE STUDY, Jan. 1, 2005, http://docplayer.net/2850625-Cyberinsurance-as-a-market-based-solution.html. \nMELL, PETER & GRANCE, TIMOTHY, THE NIST DEFINITION OF CLOUD COMPUTING 2, U.S. DEP’T OF COMMERCE (2011), Spec. Publ’n 800-145, available at http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf.\nMERRILL, TOBY & KANG, THOMAS, CLOUD COMPUTING: IS YOUR COMPANY WEIGHING BOTH BENEFITS & RISKS?, ACE INSUREDTM (2014), available at http://www.acegroup.com/us-en/assets/privacy-network-security-cloud-computing-is-your-company-weighing-both-benefits-risks.pdf.\nNIST, GLOSSARY OF KEY INFORMATION SECURITY TERMS (Richard Kissel, ed. 2013), available at http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf.\nPONEMON INSTITUTE LLC, DATA BREACH: THE CLOUD MULTIPLIER EFFECT (2014).\nPWC, INSURANCE 2020 & BEYOND: REAPING THE DIVIDENDS OF CYBER RESILIENCE 10 (Sep. 2015), available at http://www.pwccn.com/home/eng/insurance_2020_sep2015.html.\nRIGHTSCALE, 2016 STATE OF THE CLOUD REPORT (2016), available at http://www.mcit.gov.eg/Upcont/Documents/Reports%20and%20Documents_1252016000_RightScale-2016-State-of-the-Cloud-Report.pdf.\nSWISS RE, SWISS RE SONAR NEW EMERGING RISK INSIGHTS, July 2014, available at http://www.swissre.com/rethinking/emerging_risks/Swiss_Res_SONAR_new_emerging_risk_insights_for_2014.html.\nTHE ECONOMIST, REPUTATION RISK: RISK OF RISKS (2005).\nUNCTAD, INFORMATION ECONOMY REPORT 2005, UNCTAD/SDTE/ECB/2005/1, U.N. Sales No. E.05.II.D.19 (2005).\nVERDANTIX, CLOUD COMPUTING – THE IT SOLUTION FOR THE 21ST CENTURY (2011), available at https://www.cdp.net/en-us/whatwedo/cdpnewsarticlepages/cloud-computing-can-dramatically-reduce-energy-costs-and-carbon-emissions.aspx.\n五、 判決\nAmerica Online v. Saint Paul Mercury Insurance, 207 F. Supp. 2d 459 (E.D. Va. 2002).\nAmerican Guarantee & Liability Insurance Co. v. Ingram Micro, Inc., Civ. 99-185 TUC ACM, 2000 WL 726789 (D. Ariz. April. 18, 2000).\nAnderson v. Hannaford Bros. Co., 659 F.3d 151 (2011).\nCentral Delta Water Agency v. U.S., 306 F.3d 938 (2002).\nClapper v. Amnesty Intern. USA, 133 S.Ct. 1138, 1147 (2013).\nEyeblaster Inc. v. Federal Insurance Co., 613 F.3d 797 (8th Cir. 2010).\nHammond v. The Bank of New York Mellon Corp., 2010 WL 2643307 (2010).\nIn re Barnes & Noble Pin Pad Litigation, WL 4759588 (2013).\nIn Re Sony PS3 Others OS Litigation, No. 3:2010cv01811 - Document 185 (N.D. Cal. 2011).\nKrottner v. Starbucks Corp., 628 F.3d 1139 (2010).\nLambrecht & Associates, Inc. v. State Farm Lloyds, 119 S.W.3d 16 (2003).\nLandmark American Ins. Co. v. Gulf Coast Analytical, 2012 WL 1094761, at 1 (2012).\nLynch Props. Inc. v. Potomac Ins. Co., 962 F. Supp. 956.\nMaximillian Schrems v. Data Protection Commissioner, 2014 WL 4954897 (2014).\nMichael Corona, et al v. Sony Pictures Entertainment, Inc., 2015 WL 3916744 (C.D.Cal.).\nMoyer v. Michaels Stores, Inc., 2014 WL 3511500 (2014).\nPisciotta v. Old Nat. Bancorp, 499 F.3d 629 (2007).\nPrudential Insurance Co v. Inland Revenue Commissioners, [1904] 2 K.B. 658.\nRepublic Nat. Life Ins. Co. v. Heyward, 536 S.W.2d 549 (1976).\nRetail Systems, Inc. v. CNA Ins. Co., 469 N.W.2d 735 (Minn. App. 1991).\nRetail Ventures, Inc. v. National Union Fire Ins. Co. of Pittsburgh, Pa., 691 F.3d 821, 826 (2012).\nSantos v. Peerless Ins. Co, 2009 WL 1164972 (2009).\nSouth Cent. Bell Telephone Co. v. Barthelemy, 643 So.2d 1240 (La.1994).\nSt. Paul Fire & Marine Ins. Co. v. Compaq Computer Corp., 539 F.3d 809 (8th Cir.2008).\nWard General Ins. Services, Inc. v. Employers Fire Ins. Co., 114 Cal.App.4th 548 (2003).\nZurich American Insurance Co., et al. v. Sony Corp. of America, et al., No. 651982/2011 (N.Y. Sup. Ct. New York Cty.).\n六、 政策、法規(含草案)\n1. 美國法\n16 C.F.R. §314.3-.4 (2011).\n16 C.F.R. §681.1(d) (2011).\n45 C.F.R. §§ 164.308-314 (2011).\n15 U.S.C. §§ 6801-6809 (2006).\n15 U.S.C.A. § 7463.\n18 U.S.C.A. §§ 2701 -12.\n18 U.S.C.A. § 2510.\n42 U.S.C. § 1320d-6 (2006)\n42 U.S.C. § 1320d-1 (2006).\nComputer Fraud and Abuse Act of 1984, 18 U.S.C. § 1030.\nData Breach Notification Act of 2011, S. 1408.\nElectronic Communications Privacy Act of 1986, U.S. Dept. of Just., Off. of Just. Programs, http://it.ojp.gov/default.aspx?area=privacy&page=1285.\nMass. Code Regs. § 17.00 (2011).\nMd. Code Ann., Com. Law § 14-3503 (West 2011).\nNev. Rev. Stat. § 597.970 (2008).\nPersonal Data Protection and Breach Accountability Act of 2011.\nRestatement (Second) of Torts § 919 (1979).\nSEC, Corporate Finance’s Disclosure Guidance on Cybersecurity, Oct. 13, 2011, available at https://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm.\nVivek Kundra, Federal Cloud Computing Strategy, the White House (2011), available at https://cio.gov/worldclassdigitalservices/cloud/.\n2. 歐盟法\n2000/520/EC: Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce (notified under document number C(2000) 2441).\nDirective 2002/58/EC.\nDirective 95/46/EC of the European Parliament and of the Council of 24 October 1995, on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of such Data.\nEU Commission, Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace (2013).\nNetwork and information security directive: Co-legislators agree on the first EU-wide legislation on cybersecurity - digital single market - European commission, EU Commission (Dec. 9, 2015), https://ec.europa.eu/digital-single-market/en/news/network-and-information-security-directive-co-legislators-agree-first-eu-wide-legislation.\nProposal for a Regulation of the European Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of such Data (General Data Protection Regulation), COM (2012) 11 final (Jan. 25, 2012)\n七、 保單條款\nEsurance® CPM Policy Document 1-3, CFC CPM UK V1.9, CFC Underwriting Limited, available at http://www.stgilesgroup.co.uk/storage/documents/Cyber%20Policy%20Wording.pdf. \nISO Property Inc., Commercial General Liability Form (2003) , available at http://www.ngwa.org/documents/insurance/ngwasamplegeneralliabilityform.pdf.\nISO, ISO’s Cyber Insurance Program, available at http://www.verisk.com/downloads/iso-cyber-insurance-program.pdf\nMarsh, CloudProtect – A Cyber Policy Enhancement, available at https://www.marsh.com/us/services/cyber-risk/marsh-cloudprotect-cyber-policy-enhancement.html.\nTraveler’s - Sample Insuring Agreement 1-2, CYB-3001 Ed. 07-10, available at https://www.travelers.com/business-insurance/cyber-security/management-professional-liability/cyber-risk-forms.aspx. \n八、 網際網路\nABI, Cyber Insurance To Become A Business Essential Within The Next Decade, May 5, 2015, https://www.abi.org.uk/News/News-releases/2015/05/Cyber-insurance-to-become-a-business-essential-within-the-next-decade.\nAlpeyev, Pavel et al., Amazon.Com Server Said To Have Been Used In Sony Attack, Bloomberg Business, BLOOMBERG TECHNOLOGY, (May 15, 2011, 3:53 AM HKT), http://www.bloomberg.com/news/articles/2011-05-13/sony-network-said-to-have-been-invaded-by-hackers-using-amazon-com-server.\nAlvarez, Edgar, Sony Pictures Hack: The Whole Story, ENGADGET, (Dec. 10, 2014), http://www.engadget.com/2014/12/10/sony-pictures-hack-the-whole-story/.\nBBC News, Sony Fined Over ‘Preventable’ Playstation Data Hack, (Jan. 24, 2013), http://www.bbc.com/news/technology-21160818.\nBerkowitz, Ben, Sony Insurer, Zurich, Files Suit To Deny Data Breach Coverage, INSURANCE JOURNAL, (Jul. 21, 2011), http://www.insurancejournal.com/news/national/2011/07/21/207474.htm.\nBisson, David, Sony Pictures Loses Bid to Throw Out Data Breach Lawsuit, THE STATE OF SECURITY, (Jun. 16, 2015), http://www.tripwire.com/state-of-security/latest-security-news/sony-pictures-loses-bid-to-throw-out-data-breach-lawsuit/.\nCambridge Dictionary Online, http://dictionary.cambridge.org. \nFederal Trade Commission, U.S.-EU Safe Harbor Framework, Nov. 6, 2015, https://www.ftc.gov/tips-advice/business-center/privacy-and-security/u.s.-eu-safe-harbor-framework.\nGreenwald, Judy, Cloud Computing Risks Generally Covered By Cyber Insurance - Coverage Important As Cloud Vendors Try To Limit Liability, (Jan. 15, 2012), Business Insurance, http://www.businessinsurance.com/article/20120115/NEWS07/301159996/cloud-computing-risks-generally-covered-by-cyber-insurance. \nHa, Young, N.Y. Court: Zurich Not Obligated To Defend Sony Units In Data Breach Litigation, INSURANCE JOURNAL, (Mar. 17, 2014), http://www.insurancejournal.com/news/east/2014/03/17/323551.htm.\nHa, Young, Sony, Zurich Reach Settlement in PlayStation Data Breach Case in New York, INSURANCE JOURNAL, (May 1, 2015), http://www.insurancejournal.com/news/east/2015/05/01/366600.htm.\nInformation Is Beautiful, World’s Biggest Data Breaches, http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/.\nISACA, Cybersecurity Legislation Watch, http://www.isaca.org/cyber/pages/cybersecuritylegislation.aspx (last visited Jan. 14, 2016).\nInvestopedia, http://www.investopedia.com. \nMusil, Steven, Sony Hack Leaked 47,000 Social Security Numbers, Celebrity Data, CNET, (Dec. 4, 2014, 7:05 PM PST), http://www.cnet.com/news/sony-hack-said-to-leak-47000-social-security-numbers-celebrity-data/.\nNavetta, David, Cyber Insurance: An Efficient Way to Manage Security and Privacy Risk in the Cloud?, Info. Law Grp. (Feb. 1, 2012), http://www.infolawgroup.com/2012/02/articles/cloud-computing-1/cyber-insurance-an-efficient-way-to-manage-security-and-privacy-risk-in-the-cloud/.\nNewbusiness, Cyber security and insurance to become compulsory by 2017, May. 31, 2016, http://www.newbusiness.co.uk/articles/insurance-advice/cyber-security-and-insurance-become-compulsory-2017.\nPalermo, Elizabeth, 10 Worst Data Breaches of All Time, TOM’S GUIDE, (Feb 6, 2015, 7:00 AM), http://www.tomsguide.com/us/biggest-data-breaches,news-19083.html.\nPCI official website, https://www.pcisecuritystandards.org.\nRagan, Steve, Breach Insurance Might Not Cover Losses At Sony Pictures, CSO, (Dec. 15, 2014, 6:29 AM PT), http://www.csoonline.com/article/2859535/business-continuity/breach-insurance-might-not-cover-losses-at-sony-pictures.html.\nRouse, Margaret, Privilege Escalation Attack, TechTarget, available at http://searchsecurity.techtarget.com/definition/privilege-escalation-attack.\nSchwartzel, Erich, Cybersecurity Insurance: Many Companies Continue To Ignore The Issue, PITTSBURGH POST-GAZETTE, (June 22, 2010 4:00 AM), http://www.post-gazette.com/business/tech-news/2010/06/22/Cybersecurity-insurance-Many-companies-continue-to-ignore-the-issue/stories/201006220157.\nSwiss Re, Cyber Risks - Insurable, But Within Limits, http://www.swissre.com/reinsurance/insurers/casualty/Cyber_risks_insurable_but_within_limits.html.\nSynergy research group, Amazon Leads; Microsoft, IBM & Google Chase; Others Trail, Agu. 1, 2016, https://www.srgresearch.com/articles/amazon-leads-microsoft-ibm-google-chase-others-trail.\nTREND MICRO, Cloud Makes Data Breaches Increasingly Likely And Costly, June 17, 2014, http://blog.trendmicro.com/cloud-makes-data-breaches-increasingly-likely-costly/.\nWalker, Danielle, Sony To Shell Out $15M In PSN Breach Settlement, SC MAGAZINE, (Jul. 24, 2014), available at http://www.scmagazine.com/sony-to-shell-out-15m-in-psn-breach-settlement/article/362720/.\nWoodward, Jeff, The 2001 ISO CGL Revision, IRMI, (Jan. 2002), https://www.irmi.com/articles/expert-commentary/the-2001-iso-cgl-revision.
描述: 碩士
國立政治大學
風險管理與保險研究所
102358014
資料來源: http://thesis.lib.nccu.edu.tw/record/#G1023580141
資料類型: thesis
Appears in Collections:學位論文

Files in This Item:
File SizeFormat
014101.pdf5.61 MBAdobe PDF2View/Open
Show full item record

Google ScholarTM

Check


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.