Please use this identifier to cite or link to this item:
https://ah.lib.nccu.edu.tw/handle/140.119/101089| DC Field | Value | Language |
|---|---|---|
| dc.contributor.advisor | 張冠群 | zh_TW |
| dc.contributor.advisor | Chang, Kuan Chun | en_US |
| dc.contributor.author | 王莉宸 | zh_TW |
| dc.contributor.author | Wang, Li Chen | en_US |
| dc.creator | 王莉宸 | zh_TW |
| dc.creator | Wang, Li Chen | en_US |
| dc.date | 2016 | en_US |
| dc.date.accessioned | 2016-09-01T15:58:12Z | - |
| dc.date.available | 2016-09-01T15:58:12Z | - |
| dc.date.issued | 2016-09-01T15:58:12Z | - |
| dc.identifier | G1023580141 | en_US |
| dc.identifier.uri | http://nccur.lib.nccu.edu.tw/handle/140.119/101089 | - |
| dc.description | 碩士 | zh_TW |
| dc.description | 國立政治大學 | zh_TW |
| dc.description | 風險管理與保險研究所 | zh_TW |
| dc.description | 102358014 | zh_TW |
| dc.description.abstract | 「雲端」是現今網路科技最火紅之名詞,不論係個人日常生活中所使用之App或企業營運應用之軟體、服務皆可能與雲端技術之應用有關。有鑒於近年來網路攻擊、資訊安全事件頻傳,不僅造成企業損失金額節節上升,更使電子化、雲端化後之個人資料保護漏洞浮上檯面,然在企業邁向雲端化的同時,若無相應之風險管理措施,則可能使其暴露於財物損失、營運中斷、法律責任和商譽威脅之風險之中。\n 為此,國外已有將雲端策略和網路安全納入國家政策中並以立法要求資訊安全和個人資料保護,甚至以政策推廣或以軟法要求企業投保網路相關保險者。惟我國除個人資料法有對個人資料之保護外,於資訊安全及雲端服務使用上則尚無完善之規劃,企業在資訊安全、網路安全相關保險之投保率亦極低,顯示企業對此領域之風險意識淡薄。而目前國內市場上可承擔網路風險之保險契約甚少,更遑論針對雲端化之產業推出之商業保險。\n 因此,本文第二章將從雲端運算之技術及基本概念出發,於第三章中剖析企業雲端使用者可能面臨之雲端運算風險、比較其與網路風險之差異,檢視現有建議雲端服務使用者之雲端運算風險管理方法,並探討以保險作為雲端風險管理途徑之妥適性。第四章則參考外國法上曾因網路風險、資訊安全風險等新興風險於傳統保險商品適用上出現之相關法律問題,對照現有網路保險或資訊安全保險之保單條款檢視前述法律問題是否已為妥善解決,並就現行保險不足之處予以改良,試研擬新型雲端保險之契約條款內容。最後於第五章以國內外雲端服務發展現況為出發,綜合本文研究成果提出雲端風險可能產生法律爭議之解套以提升雲端保險之投保意願,並參考國外雲端發展政策及相關保險制度規劃為我國雲端保險市場開展之整體配套措施提供粗淺建議,希冀對我國雲端產業及保險未來發展有棉薄之貢獻。 | zh_TW |
| dc.description.abstract | “Cloud” might be the most popular noun among the information and communication technology field nowadays. From apps in the mobile devices to enterprise softwares, the application of cloud computing techniques is ubiquitous. However, more and more cyber-attacks and data breach events have not only cost businesses a lot but uncovered the issue concerning personal information protection. While embracing the cloud, if enterprises continue to neglect risk management, potential financial loss, business interruption, legal liabilities and the risk of reputation are the risks that enterprise has to deal with. \n Some countries have already incorporated cloud strategy and cyber security into policies, requiring particular threshold of information security and personal information protection by legislation. Some even require business to disclose its insurance policy relevant to its particular facts, circumstances and the presented risks. Nonetheless, in Taiwan, aside from the Personal Information Protection Act, there is no comprehensive policy or strategy on cloud computing or cyber security. The low insured rate of information security and cyber security related insurance also reveals the weakness of risk management of the emerging risks in business. Cyber risk related insurance is also uncommon in the market, not to mention the cloud-computing-targeted business insurance. \n Consequently, this thesis aims to develop a thorough risk management of cloud computing. Starting with the introduction on the basic concept and techniques of cloud computing in Chapter 2, Chapter 3 analyzes the risk that the enterprise cloud service users faces, compares the difference between cyber risk and cloud computing risks, examines current enterprise’s available risk management methods, and discusses the appropriateness of adopting insurance as the risk management of cloud computing. In order to develop a new insurance product for enterprise cloud service users, Chapter 4 studies the related foreign insurance disputes regarding cyber risks and information risks, and examines whether the latest insurance policy had amended the issues, and reforms current cyber insurance into a new cloud insurance. Lastly, based on the present domestic and international market environment of cloud computing service, Chapter 5 summarizes the legal issues discussed in the previous chapter for the purpose of the future development of new cloud insurance market, and map out the cloud computing policy with regard to risk management and insurance as the conclusion of the thesis. | en_US |
| dc.description.tableofcontents | 第一章 緒論 1\n第一節 研究動機及目的 1\n第一項 研究動機 1\n第一款 近年資安事件層出不窮 1\n第二款 雲端服務之使用可能增加資訊安全之成本 7\n第三款 外國法對雲端運算資訊安全之因應 8\n第一目 美國法 8\n第二目 歐盟法 13\n第四款 我國相關法制 15\n第二項 研究目的 17\n第二節 研究架構 19\n第三節 研究方法 21\n第二章 雲端運算概述 23\n第一節 雲端運算之定義 23\n第一項 美國國家標準技術局定義 23\n第一項 歐盟網路暨資訊安全局定義 26\n第二項 本文對「雲端運算」之定義 27\n第二節 雲端運算技術概要 28\n第一項 資料處理 29\n第一項 資料儲存 32\n第二項 資訊溝通 34\n第三節 雲端運算服務分類 35\n第一項 依雲端架構分類 35\n第一款 公有雲 35\n第二款 私有雲 35\n第三款 混合雲 36\n第四款 社群雲 36\n第二項 依服務類型分類 37\n第一款 基礎設施雲 37\n第二款 平台雲(PaaS) 37\n第三款 應用雲 38\n第四節 雲端運算服務之優勢及隱憂 39\n第一項 雲端運算優勢 39\n第一款 降低成本 39\n第二款 彈性運算能力 40\n第三款 減少資訊遺失風險 41\n第四款 可攜性服務 41\n第五款 優越的資訊安全性 42\n第六款 綠色規模經濟 42\n第二項 雲端運算服務之隱憂 44\n第五節 雲端運算服務市場現況 45\n第一項 市場上主要之雲端服務應用及其提供者 45\n第一項 雲端架構配置現況 46\n第六節 小結 49\n第三章 雲端運算風險及其管理 50\n第一節 雲端運算風險 50\n第一項 網路風險與雲端運算風險之關係與異同 50\n第一款 網路風險 50\n第一目 定義 50\n第二目 分類 51\n第二款 雲端運算風險 54\n第一目 政策及組織風險 55\n第二目 技術風險 60\n第三目 法律風險 61\n第四目 其他非雲端運算特有之風險 63\n第三款 本文對「雲端運算風險」之定義 64\n第四款 網路風險與雲端運算風險之比較 65\n第二項 雲端運算風險管理之重要性 67\n第二節 企業雲端風險管理 69\n第一項 企業使用者之雲端運算主要風險確認及評估 70\n第一款 風險管理實務見解 70\n第一目 締約風險 70\n第二目 控制權喪失風險 72\n第三目 累積風險 73\n第四目 成本風險 74\n第五目 資訊安全風險 74\n第二款 ENISA風險等級評估 75\n第三款 小結 77\n第二項 雲端運算風險伴隨之企業可能損失 78\n第一款 自己損失 79\n第二款 對第三人之責任 80\n第三項 企業之雲端風險管理方法 81\n第一款 企業雲端風險管理架構 82\n第一目 締約前之風險管理 82\n第二目 締約後之風險管理 84\n第二款 以保險作為雲端風險管理之妥適性 90\n第一目 雲端風險之可保性 90\n第二目 現行相關保險 93\n第三目 現行保單於雲端運算風險管理之短處 100\n第四目 雲端運算保險之必要 104\n第三節 本章小結 111\n第四章 雲端運算保險 114\n第一節 前言 114\n第二節 網路風險於保險適用上之相關法律爭議 117\n第一項 問題提出—以美國Eyeblaster Inc. v. Federal Insurance Company案為例 117\n第二項 網路保險相關法律問題分析 124\n第一款 損失認定 124\n第一目 問題概述 124\n第二目 財產損失性質之釐清 126\n第三目 未來潛在損失之認定 139\n第二款 保險契約中故意之認定 144\n第一目 外國相關案例 145\n第二目 案例分析 147\n第三款 因果關係之認定 149\n第一目 問題概述 149\n第二目 評析 151\n第三節 現行與雲端運算風險相關保險契約 153\n第一項 現行雲端運算相關之網路保險 153\n第一款 我國相關保險商品 153\n第一目 安全與隱私保護保險 153\n第二目 資料保護保險 156\n第二款 外國相關保險商品 165\n第一目 美國 165\n第二目 歐洲 167\n第三款 保險契約之比較與分析 173\n第二項 現行雲端相關保險對過去法律爭議解決與否之探析 178\n第一款 承保範圍之爭議 178\n第一目 有形與無形財產之爭議 178\n第二目 未來潛在損失之認定 181\n第三目 第三人故意行為所生損失是否屬於承保範圍 184\n第二款 因果關係 187\n第三項 小結 190\n第四節 雲端保險之再建構 193\n第一項 保險對象 193\n第二項 雲端保險契約條款重要內容 196\n第一款 承保範圍及相關名詞定義 196\n第一目 第一人財產保險 199\n第二目 第三人責任險 203\n第二款 除外不保事項 207\n第三款 相關名詞定義 211\n第三項 保險費計算方法 212\n第一款 雲端保險之定價策略 212\n第二款 雲端保險定價考量因素 214\n第四項 小結 217\n第五章 我國雲端保險之未來展望—代結論 219\n第一節 雲端保險市場發展前景 219\n第二節 雲端風險於保險適用上可能法律爭議之解決 222\n第一項 雲端保險承保之財產損失 222\n第一款 資訊安全損失認定 224\n第二款 被保險人之疏漏、錯誤或過失行為及部分第三人故意行為所生損失之承保範圍 224\n第二項 因果關係認定 226\n第三節 我國雲端保險之制度規劃 228\n第一項 外國法之借鏡 228\n第一項 我國雲端發展政策 230\n第二項 雲端保險政策建議 231\n參考文獻 236\n附件一 ENISA雲端風險等級評估比較表 251\n附件二 企業因雲端風險事故可能受損資產 254\n附件三 費率釐訂實務處理準則(摘錄) 257 | zh_TW |
| dc.format.extent | 5742593 bytes | - |
| dc.format.mimetype | application/pdf | - |
| dc.source.uri | http://thesis.lib.nccu.edu.tw/record/#G1023580141 | en_US |
| dc.subject | 雲端 | zh_TW |
| dc.subject | 雲端運算 | zh_TW |
| dc.subject | 雲端服務 | zh_TW |
| dc.subject | 雲端運算風險 | zh_TW |
| dc.subject | 網路風險 | zh_TW |
| dc.subject | 雲端保險 | zh_TW |
| dc.subject | 資訊安全 | zh_TW |
| dc.subject | 資料外洩 | zh_TW |
| dc.subject | 網路保險 | zh_TW |
| dc.subject | 網路安全 | zh_TW |
| dc.subject | 風險管理 | zh_TW |
| dc.subject | cloud | en_US |
| dc.subject | cloud computing | en_US |
| dc.subject | cloud service | en_US |
| dc.subject | cloud computing risk | en_US |
| dc.subject | cyber risk | en_US |
| dc.subject | cloud insurance | en_US |
| dc.subject | information security | en_US |
| dc.subject | data breach | en_US |
| dc.subject | cyber insurance | en_US |
| dc.subject | cyber security | en_US |
| dc.subject | risk management | en_US |
| dc.title | 雲端運算服務企業⽤⼾之⾵險管理與雲端運算保險法律問題研析 | zh_TW |
| dc.title | A Study on the Cloud Computing Risk Management of Enterprise Users and Related Legal Issues Arising from Cloud Computing Insurance | en_US |
| dc.type | thesis | en_US |
| dc.relation.reference | 壹、 中文部分\n一、 書籍\n江朝國,保險法逐條釋義《第一卷 總則》,2012年1月。\n汪信君、廖世昌,保險法理論與實務,頁266,2015年10月,三版。\n胡為君,雲端資安與隱私:企業風險應對之道,2012年5月。\n范姜肱,保險行銷—兩岸實務與個案,2015年2月。\n財團法人保險事業發展中心,意外保險(第一輯),94年12月。\n陳彩稚,企業風險管理, 2012年2月。\n葉啟洲,保險法實例研習,2011年7月二版。\n葉啟洲,保險法判決案例研析(一),2013年11月。\n二、 期刊論文\n王 平、羅濟群、趙國銘、王子夏,雲端運算服務之風險分析,管理評論,第31卷第1期,2011年1月,頁1-19。\n林建智、李志峰,論責任保險人之抗辯義務-以美國發展為重心,東吳法律學報,第23卷第2期,頁109-157。\n陳秭璇,數位保險發展國際趨勢之研析,科技法律透析,第25卷第2期,2013年2月,頁9-13。\n張乃文,雲端運算環境之法規遵循議題剖析,科技法律透析,第25卷第7期,頁24,2013年7月,頁21-40。\n張紹斌、徐仕瑋,從雲端運算談個資保護,司法新聲,第99期季刊,頁33,100年7月,頁28-36。\n葉奇鑫、李相臣,淺淡個人資料保護法民事賠償責任及數位鑑識相關問題,司法新聲,第101期季刊,101年7月,頁33-49。\n廖家宏,論「除外條款」與「特約條款」之區辨—最高法院九十六年台上字第三九四號民事判決評釋,律師雜誌,2008年7月號,第346期,頁57-63。\n劉定基,雲端運算與個人資料保謢-以台灣個人資料保護法與歐盟個人資料保護指令的比較為中心,東海大學法學研究,第四十三期,2014年8月,頁53-106。\n謝淑美,雲端服務的增值稅徵納趨勢,資誠通訊,2015年3月號第287期,頁3-4。\n鐘文岳、汪家倩,個人資料保護法,這樣讀就對了—企業篇,萬國法律,第181期,2012年2月,頁2-17。\n三、 研究計畫及統計資料\n財團法人保險事業發展中心,中華民國104年意外保險賠款率統計表—按風險類別(曆年制)。\n四、 博碩士學位論文\n羅邵晏,雲端服務風險評估模式建立之研究,國立政治大學資訊管理學系碩士學位論文,2013年1月。\n五、 政策、行政命令及其他規範\n中華民國精算學會,費率釐訂實務處理準則,財產保險業,精算準則公報第一號,103年1月1日第5版。\n行政院科技會報,雲端運算發展方案,104年10月,http://www.bost.ey.gov.tw/cp.aspx?n=B56ED9F993B2EFA5。\n法務部法律字第 10103107800 號,101 年 11 月 21 日。\n資通安全管理法草案,http://www.cnra.org.tw/index.php?action=news_detail&cid=91&id=339。 \n六、 保單條款\nZurich Security and Privacy Protection Insurance(蘇黎世產物安全與隱私保護保險),103.09.26 (103)台蘇保產品字第125874 號函。\n中華民國產物保險商業同工會,商業火災保險基本條款,http://www.nlia.org.tw/modules/smartsection/item.php?itemid=65。\n美亞產物商業犯罪保險,102.03.04(102)美亞保精字第0030號函。\n美亞產物資料保護保險,102.03.04(102)美亞保精字第0030號函。\n美亞產物資料保護保險-天網版,102.06.18(102)美亞保精字第0096號函。\n美亞產物資料保護保險-天網版-資料危機管理服務附加條款,102.06.18(102)美亞保精字第098號函。\n美亞產物資料保護保險-天網版-擴大承保網路中斷保險附加條款,102.06.18(102)美亞保精字第099號函。\n美亞產物資料保護保險-天網版-擴大承保媒體內容責任附加條款,102.06.18(102)美亞保精字第100號函。\n國泰產物資料保護保險,104.03.05(104)企字第200-90號。\n七、 網際網路\nAIG,美亞產物保險(AIG Taiwan)推出 CyberEdge—繼資料保護保險(DataPlus)之後更完整的資訊安全解決方案,2013年3月4日,http://www.aig.com.tw/news/cyberedge。\nAmazon EC2–虛擬伺服器託管,Amazon Web Service官方網站,http://aws.amazon.com/tw/ec2/。\nAon,商業犯罪保險,http://www.aon.com/taiwan/zh/products-and-services/risk-services/commercial-crime.jsp。\nSam Chen,從賈伯斯的一席話認識雲端運算,INSIDE,2014年7月15日,http://www.inside.com.tw/2014/07/15/cloud_computing_1。\nSony Playstation.com (亞洲)台灣官方網站,https://asia.playstation.com/tw/cht/regional。\nTREND LABS 趨勢科技全球技術支援與研發中心,什麼是社交工程(social engineering )?,2011年10月12日,http://blog.trendmicro.com.tw/?p=101。\n林子煒,2015年資訊安全之解析與展望,IT’s通訊eNEWS,2015年第7期,http://newsletter.ascc.sinica.edu.tw/news/read_news.php?nid=3295。\n洪凱音,資料保護責任險升級 全台首張 雲端保險開賣,中國時報,2013年10月3日,https://tw.news.yahoo.com/資料保護責任險升級-全台首張-雲端保險開賣-213000392.html。\n陳國榮,SONY因PSN用戶資料外洩事件遭英國罰款39萬美元,硬底子達人網,http://www.17inda.com/html/3/article-2528.html。\n陳荻雅,雲端真的可以提升工作效能嗎?,數位時代,2011年11月17日,http://www.bnext.com.tw/article/view/id/20887。\n陳怡如,亞洲最大!Google投六億美元,台灣資料中心正式啟用,數位時代,2013年12月12日,http://www.bnext.com.tw/article/view/id/30406。\n黃彥棻,索尼影業遭駭事件始末大剖析,iThome,http://www.ithome.com.tw/news/93457。\n張頓,索尼向雇員賠800萬美元 和解駭客入侵案,大紀元,http://www.epochtimes.com/b5/15/10/23/n4556435.htm。\n貳、 英文部分\n一、 書籍\nFEHLING, CHRISTOPH ET AL. (2014), CLOUD COMPUTING PATTERNS.\nNICOLETTI, BERNARDO (2013), CLOUD COMPUTING IN FINANCIAL SERVICES.\nREJDA, GEORGE E. & MCNAMARA, MICHAEL J. (Prentice Hall, 12th ed. 2013), PRINCIPLES OF RISK MANAGEMENT AND INSURANCE.\nROUNTREE, DERRICK & CASTRILLO, ILEANA (Hai Jiang, Technical Edt., 2014), THE BASICS OF CLOUD COMPUTING - UNDERSTANDING THE FUNDAMENTALS OF CLOUD COMPUTING IN THEORY AND PRACTICE.\n二、 專書論文\nDasgupta, Dipankar & Naseem, Durdana (S. Srinivasan ed. 2014), A Framework for Compliance and Security Coverage Estimation for Cloud Services: A Cloud Insurance Model, in SECURITY, TRUST, AND REGULATORY ASPECTS OF CLOUD COMPUTING IN BUSINESS ENVIRONMENTS 91-114.\nHon, W Kuan & Millard, Christopher (Christopher Millard ed. 2013), Cloud Technologies and Services, in CLOUD COMPUTING LAW 4-18.\nKizza, Joseph M. & Yang, Li (S. Srinivasan ed. 2014), Is the Cloud the Future of Computing?, in SECURITY, TRUST, AND REGULATORY ASPECTS OF CLOUD COMPUTING IN BUSINESS ENVIRONMENTS 57-72.\nLosavio, Michal et al. (S. Srinivasan ed. 2014), Regulatory Aspects of Cloud Computing in Business Environments, in SECURITY, TRUST, AND REGULATORY ASPECTS OF CLOUD COMPUTING IN BUSINESS ENVIRONMENTS 156-169.\nSrinivasan, S. (S. Srinivasan ed. 2014), Risk Management in the Cloud and Cloud Outages, in SECURITY, TRUST, AND REGULATORY ASPECTS OF CLOUD COMPUTING IN BUSINESS ENVIRONMENTS 145-155.\n三、 期刊\nAlali, Fatima A. & Yeh, Chia-Lun, Cloud Computing: Overview and Risk Analysis, 26 J. INFO. SYS. 2 (2012).\nBălţătescu, Ionela, Cloud Computing Services: Benefits, Risks and Intellectual Property Issues, 2(1) Global Economic Observer 230 (2014).\nBiener, Christian et al., Insurability of Cyber Risk: An Empirical Analysis, 40 The Geneva Papers on Risk and Insurance - Issues and Practice 131 (2015).\nBonner, Lance, Cyber Risk: How The 2011 Sony Data Breach And The Need For Cyber Risk Insurance Policies Should Direct The Federal Response To Rising Data Breaches, 40 Wash. U. J.L. & Pol’y 257.\nCheng, Tina, A Cloudy Forecast: Divergence in the Cloud Computing Laws of the United States, European Union, and China, 41 Ga. J. Int’l & Comp. L. 481.\nChristenson, Cass W., Insurance Coverage Regarding Data Privacy, Cloud Computing, and Other Emerging Cyber Risks, 2011 WL 601376.\nCox, Dina M. et al., Cyber Insurance 101: Coverage Issues Related to Cyber Attacks and Cyber Insurance, Insurance Coverage Litigation Committee CLE Seminar (ABA)(2014).\nFan, Chiang Ku & Chen, Tien-Chun, The Risk Management Strategy of Applying Cloud Computing, 3 IJACSA 9 (2012).\nFerrillo, Paul & Marciano, Christine, Cyber security, Cyber governance, and Cyber insurance, Harvard Law School Forum on Corporate Governance and Financial Regulation, (Nov. 13, 2014), https://corpgov.law.harvard.edu/2014/11/13/cyber-security-cyber-governance-and-cyber-insurance/.\nFortinová, Jana, Risks of Cloud Computing, 20(3) Systémová Integrace 63 (2013).\nGasser, Urs & O’Brien, David, Governments and Cloud Computing: Roles, Approaches, and Policy Considerations, Berkman Center Research Publication No. 2014-6 (March 17, 2014), available at SSRN: http://ssrn.com/abstract=2410270.\nGentzoglanis, Anastassios, Evolving Cloud Ecosystems: Risk, Competition and Regulation, 85 Digiworld Economic Journal 87 (2012).\nGerber, Jenna, Head out of the Clouds: What the United States May Learn From the Europrean Union’s Treatment of Data in the Cloud, 23 Ind. Int`l & Comp. L. Rev. 245 (2013).\nGodes, Scott, Cybersecurity Risks and Insurance Coverage, 3 New Appleman Law Of Liability Insurance § 18.03 (2013).\nGold, Joshua, Protection in the Cloud: Risk Management and Insurance for Cloud Computing, 15 No. 12 J. Internet L. 1 (2012).\nHarshbarger, Jared A., Cloud Computing Providers And Data Security Law: Building Trust With United States Companies, 16 J. Tech. L. & Pol’y 229.\nKalyvas, James R. et al., Cloud Computing: A Practical Framework for Managing Cloud Computing Risk—Part I, 25 NO.3 INTELL. PROP. & TECH. L. J. 7(2013).\nKalyvas, James R. et al., Cloud Computing: A Practical Framework for Managing Cloud Computing Risk—Part II, 25 NO.4 INTELL. PROP. & TECH. L. J. 19 (2013).\nKattan, Ilana R., Cloudy Privacy Protections: Why the Stored Communications Act Fails to Protect the Privacy of Communications Stored in the Cloud, 13 Vand. J. Ent. & Tech. L. 617.\nKosub, Thomas, Components and Challenges of Integrated Cyber Risk Management, 104 Zeitschrift für die gesamte Versicherungswissenschaft 615 (2015).\nKrebs, David, Regulating the Cloud: A Comparative Analysis of the Current and Proposed Privacy Frameworks in Canada and the European Union, 10 Can. J. L. & Tech. 29.\nMcGillivray, Kevin, Conflicts in the Cloud: Contracts and Compliance with Data Protection Law in the EU, 17 Tul. J. Tech. & Intell. Prop. 217.\nMontgomery, Jack, Cybercrime Losses and Insurance for Property Damage and Third-Party Claims, 27 Me. B.J. 158 (2012).\nQuinn, Michael Sean, The Cyber-World and Insurance: An Introduction to a New Insurance, 12 J. Tex. Ins. L. 20 (2013).\nRancourt, Stephen J., Hacking, Theft, And Corporate Negligence: Making The Case For Mandatory Encryption Of Personal Information, 18 Tex. Wesleyan L. Rev. 183.\nReed, Toni Scott, Cybercrime: Losses, Claims, and Potential Insurance Coverage for the Technology Hazards of the Twenty-First Century, 20 Fidelity L.J. 55 (2014).\nSegall, Sasha, Jurisdictional Challenges In The United States Government’s Move To Cloud Computing Technology, 23 Fordham Intell. Prop. Media & Ent. L.J. 1105.\nShipley, Greg, Cloud Computing: Risks, InformationWeek, Issue 1262, at 20 (2010).\nSoghoian, Christopher, Caught in the Cloud: Privacy, Encryption, and Government Back Doors in the Web 2.0 Era, 8 J. on Telecomm. & High Tech. L. 359 (2010).\nTsanakas, Andreas & Desli, Evangelia, Measurement and Pricing of Risk in Insurance Markets, 25 Risk Analysis 6 (2005).\nVivinSandar, S & Shenai, Sudhir, Economic Denial of Sustainability (EDoS) in Cloud Services using HTTP and XML based DDoS Attacks, 41 International Journal of Computer Applications 11 (2012).\nWilson, Nigel, E-Risks and Insurance in the Information Age, 24 NZULR 550, 556 (2011).\nWinn, Jane K., Insurance for Cyber-risks: Business and Legal Issues, 1.2 SKKU J. SCI. & TECH. L 87 (2007).\nXie, Feng et al., A Risk Management Framework for Cloud Computing, 1 IEEE 2nd International Conference on Cloud Computing and Intelligence Systems 476 (2012).\nYu, Angela, Let’s Get Physical: Loss of Use of Tangible Property as Coverage in Cyber Insurance, 40 Rutgers Computer & Tech. L.J. 229 (2014).\n四、 研究報告及統計資料\nASSOCIATION OF BRITISH INSURERS (ABI), MAKING SENSE OF CYBER INSURANCE: A GUIDE FOR SMES (May 2016), available at https://www.abi.org.uk/Insurance-and-savings/Products/Business-insurance/Cyber-risk-insurance.\nCROWE HORWATH LLP ET AL., ENTERPRISE RISK MANAGEMENT FOR CLOUD COMPUTING (Committee of Sponsoring Organizations of the Treadway Commission) (Jun. 2012).\nEDARA, SREE RAMA & KANDAGATLA, RANJITH KUMAR, CAPGEMINI, CLOUD COMPUTING IN THE PROPERTY & CASUALTY INSURANCE INDUSTRY - THE CASE FOR DEVELOPING A HOLISTIC CLOUD STRATEGY, available at https://www.hu.capgemini.com/resource-file-access/resource/pdf/Cloud_Computing_in_the_Property___Casualty_Insurance_Industry.pdf.\nENISA, CLOUD COMPUTING BENEFITS, RISKS AND RECOMMENDATIONS FOR INFORMATION SECURITY (2009), available at https://www.enisa.europa.eu/activities/risk-management/files/deliverables/cloud-computing-risk-assessment.\nENISA, CLOUD COMPUTING BENEFITS, RISKS AND RECOMMENDATIONS FOR INFORMATION SECURITY (2012), available at https://resilience.enisa.europa.eu/cloud-security-and-resilience/publications/cloud-computing-benefits-risks-and-recommendations-for-information-security.\nEUROPEAN COMMISSION, UNLEASHING THE POTENTIAL OF CLOUD COMPUTING IN EUROPE (2012), available at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0529:FIN:EN:PDF. \nFEDERAL INSURANCE OFFICE, ANNUAL REPORT ON INSURANCE INDUSTRY, U.S. DEPARTMENT OF THE TREASURY (September 2015).\nFITÓ, ORIOL J. & GUITART, JORDI, INTRODUCING RISK MANAGEMENT INTO CLOUD COMPUTING, http://www.ac.upc.edu/app/research-reports/html/RR/2010/33.pdf.\nHM GOVERNMENT, GOVERNMENT CLOUD STRATEGY – A SUB STRATEGY OF THE GOVERNMENT ICT STRATEGY 15, March 2011, available at https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/266214/government-cloud-strategy_0.pdf.\nHM GOVERNMENT & MARSH, UK CYBER SECURITY – THE ROLE OF INSURANCE IN MANAGING AND MITIGATING THE RISK (March 2015), available at https://www.marsh.com/uk/insights/research/uk-cyber-security-role-of-insurance-in-managing-mitigating-risk.html. \nINSTITUTE OF RISK MANAGEMENT, CYBER RISK – EXECUTIVE SUMMARY (2014).\nKENT, KAREN & SOUPPAYA, MURUGIAH, GUIDE TO COMPUTER SECURITY LOG MANAGEMENT, NIST, available at http://dl.acm.org/citation.cfm?id=2206303.\nKESAN, JAY P. ET AL., CYBERINSURANCE AS A MERKET-BASED SOLUTION TO THE PROBLEM OF CYBERSECURITY - A CASE STUDY, Jan. 1, 2005, http://docplayer.net/2850625-Cyberinsurance-as-a-market-based-solution.html. \nMELL, PETER & GRANCE, TIMOTHY, THE NIST DEFINITION OF CLOUD COMPUTING 2, U.S. DEP’T OF COMMERCE (2011), Spec. Publ’n 800-145, available at http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf.\nMERRILL, TOBY & KANG, THOMAS, CLOUD COMPUTING: IS YOUR COMPANY WEIGHING BOTH BENEFITS & RISKS?, ACE INSUREDTM (2014), available at http://www.acegroup.com/us-en/assets/privacy-network-security-cloud-computing-is-your-company-weighing-both-benefits-risks.pdf.\nNIST, GLOSSARY OF KEY INFORMATION SECURITY TERMS (Richard Kissel, ed. 2013), available at http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf.\nPONEMON INSTITUTE LLC, DATA BREACH: THE CLOUD MULTIPLIER EFFECT (2014).\nPWC, INSURANCE 2020 & BEYOND: REAPING THE DIVIDENDS OF CYBER RESILIENCE 10 (Sep. 2015), available at http://www.pwccn.com/home/eng/insurance_2020_sep2015.html.\nRIGHTSCALE, 2016 STATE OF THE CLOUD REPORT (2016), available at http://www.mcit.gov.eg/Upcont/Documents/Reports%20and%20Documents_1252016000_RightScale-2016-State-of-the-Cloud-Report.pdf.\nSWISS RE, SWISS RE SONAR NEW EMERGING RISK INSIGHTS, July 2014, available at http://www.swissre.com/rethinking/emerging_risks/Swiss_Res_SONAR_new_emerging_risk_insights_for_2014.html.\nTHE ECONOMIST, REPUTATION RISK: RISK OF RISKS (2005).\nUNCTAD, INFORMATION ECONOMY REPORT 2005, UNCTAD/SDTE/ECB/2005/1, U.N. Sales No. E.05.II.D.19 (2005).\nVERDANTIX, CLOUD COMPUTING – THE IT SOLUTION FOR THE 21ST CENTURY (2011), available at https://www.cdp.net/en-us/whatwedo/cdpnewsarticlepages/cloud-computing-can-dramatically-reduce-energy-costs-and-carbon-emissions.aspx.\n五、 判決\nAmerica Online v. Saint Paul Mercury Insurance, 207 F. Supp. 2d 459 (E.D. Va. 2002).\nAmerican Guarantee & Liability Insurance Co. v. Ingram Micro, Inc., Civ. 99-185 TUC ACM, 2000 WL 726789 (D. Ariz. April. 18, 2000).\nAnderson v. Hannaford Bros. Co., 659 F.3d 151 (2011).\nCentral Delta Water Agency v. U.S., 306 F.3d 938 (2002).\nClapper v. Amnesty Intern. USA, 133 S.Ct. 1138, 1147 (2013).\nEyeblaster Inc. v. Federal Insurance Co., 613 F.3d 797 (8th Cir. 2010).\nHammond v. The Bank of New York Mellon Corp., 2010 WL 2643307 (2010).\nIn re Barnes & Noble Pin Pad Litigation, WL 4759588 (2013).\nIn Re Sony PS3 Others OS Litigation, No. 3:2010cv01811 - Document 185 (N.D. Cal. 2011).\nKrottner v. Starbucks Corp., 628 F.3d 1139 (2010).\nLambrecht & Associates, Inc. v. State Farm Lloyds, 119 S.W.3d 16 (2003).\nLandmark American Ins. Co. v. Gulf Coast Analytical, 2012 WL 1094761, at 1 (2012).\nLynch Props. Inc. v. Potomac Ins. Co., 962 F. Supp. 956.\nMaximillian Schrems v. Data Protection Commissioner, 2014 WL 4954897 (2014).\nMichael Corona, et al v. Sony Pictures Entertainment, Inc., 2015 WL 3916744 (C.D.Cal.).\nMoyer v. Michaels Stores, Inc., 2014 WL 3511500 (2014).\nPisciotta v. Old Nat. Bancorp, 499 F.3d 629 (2007).\nPrudential Insurance Co v. Inland Revenue Commissioners, [1904] 2 K.B. 658.\nRepublic Nat. Life Ins. Co. v. Heyward, 536 S.W.2d 549 (1976).\nRetail Systems, Inc. v. CNA Ins. Co., 469 N.W.2d 735 (Minn. App. 1991).\nRetail Ventures, Inc. v. National Union Fire Ins. Co. of Pittsburgh, Pa., 691 F.3d 821, 826 (2012).\nSantos v. Peerless Ins. Co, 2009 WL 1164972 (2009).\nSouth Cent. Bell Telephone Co. v. Barthelemy, 643 So.2d 1240 (La.1994).\nSt. Paul Fire & Marine Ins. Co. v. Compaq Computer Corp., 539 F.3d 809 (8th Cir.2008).\nWard General Ins. Services, Inc. v. Employers Fire Ins. Co., 114 Cal.App.4th 548 (2003).\nZurich American Insurance Co., et al. v. Sony Corp. of America, et al., No. 651982/2011 (N.Y. Sup. Ct. New York Cty.).\n六、 政策、法規(含草案)\n1. 美國法\n16 C.F.R. §314.3-.4 (2011).\n16 C.F.R. §681.1(d) (2011).\n45 C.F.R. §§ 164.308-314 (2011).\n15 U.S.C. §§ 6801-6809 (2006).\n15 U.S.C.A. § 7463.\n18 U.S.C.A. §§ 2701 -12.\n18 U.S.C.A. § 2510.\n42 U.S.C. § 1320d-6 (2006)\n42 U.S.C. § 1320d-1 (2006).\nComputer Fraud and Abuse Act of 1984, 18 U.S.C. § 1030.\nData Breach Notification Act of 2011, S. 1408.\nElectronic Communications Privacy Act of 1986, U.S. Dept. of Just., Off. of Just. Programs, http://it.ojp.gov/default.aspx?area=privacy&page=1285.\nMass. Code Regs. § 17.00 (2011).\nMd. Code Ann., Com. Law § 14-3503 (West 2011).\nNev. Rev. Stat. § 597.970 (2008).\nPersonal Data Protection and Breach Accountability Act of 2011.\nRestatement (Second) of Torts § 919 (1979).\nSEC, Corporate Finance’s Disclosure Guidance on Cybersecurity, Oct. 13, 2011, available at https://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm.\nVivek Kundra, Federal Cloud Computing Strategy, the White House (2011), available at https://cio.gov/worldclassdigitalservices/cloud/.\n2. 歐盟法\n2000/520/EC: Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce (notified under document number C(2000) 2441).\nDirective 2002/58/EC.\nDirective 95/46/EC of the European Parliament and of the Council of 24 October 1995, on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of such Data.\nEU Commission, Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace (2013).\nNetwork and information security directive: Co-legislators agree on the first EU-wide legislation on cybersecurity - digital single market - European commission, EU Commission (Dec. 9, 2015), https://ec.europa.eu/digital-single-market/en/news/network-and-information-security-directive-co-legislators-agree-first-eu-wide-legislation.\nProposal for a Regulation of the European Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of such Data (General Data Protection Regulation), COM (2012) 11 final (Jan. 25, 2012)\n七、 保單條款\nEsurance® CPM Policy Document 1-3, CFC CPM UK V1.9, CFC Underwriting Limited, available at http://www.stgilesgroup.co.uk/storage/documents/Cyber%20Policy%20Wording.pdf. \nISO Property Inc., Commercial General Liability Form (2003) , available at http://www.ngwa.org/documents/insurance/ngwasamplegeneralliabilityform.pdf.\nISO, ISO’s Cyber Insurance Program, available at http://www.verisk.com/downloads/iso-cyber-insurance-program.pdf\nMarsh, CloudProtect – A Cyber Policy Enhancement, available at https://www.marsh.com/us/services/cyber-risk/marsh-cloudprotect-cyber-policy-enhancement.html.\nTraveler’s - Sample Insuring Agreement 1-2, CYB-3001 Ed. 07-10, available at https://www.travelers.com/business-insurance/cyber-security/management-professional-liability/cyber-risk-forms.aspx. \n八、 網際網路\nABI, Cyber Insurance To Become A Business Essential Within The Next Decade, May 5, 2015, https://www.abi.org.uk/News/News-releases/2015/05/Cyber-insurance-to-become-a-business-essential-within-the-next-decade.\nAlpeyev, Pavel et al., Amazon.Com Server Said To Have Been Used In Sony Attack, Bloomberg Business, BLOOMBERG TECHNOLOGY, (May 15, 2011, 3:53 AM HKT), http://www.bloomberg.com/news/articles/2011-05-13/sony-network-said-to-have-been-invaded-by-hackers-using-amazon-com-server.\nAlvarez, Edgar, Sony Pictures Hack: The Whole Story, ENGADGET, (Dec. 10, 2014), http://www.engadget.com/2014/12/10/sony-pictures-hack-the-whole-story/.\nBBC News, Sony Fined Over ‘Preventable’ Playstation Data Hack, (Jan. 24, 2013), http://www.bbc.com/news/technology-21160818.\nBerkowitz, Ben, Sony Insurer, Zurich, Files Suit To Deny Data Breach Coverage, INSURANCE JOURNAL, (Jul. 21, 2011), http://www.insurancejournal.com/news/national/2011/07/21/207474.htm.\nBisson, David, Sony Pictures Loses Bid to Throw Out Data Breach Lawsuit, THE STATE OF SECURITY, (Jun. 16, 2015), http://www.tripwire.com/state-of-security/latest-security-news/sony-pictures-loses-bid-to-throw-out-data-breach-lawsuit/.\nCambridge Dictionary Online, http://dictionary.cambridge.org. \nFederal Trade Commission, U.S.-EU Safe Harbor Framework, Nov. 6, 2015, https://www.ftc.gov/tips-advice/business-center/privacy-and-security/u.s.-eu-safe-harbor-framework.\nGreenwald, Judy, Cloud Computing Risks Generally Covered By Cyber Insurance - Coverage Important As Cloud Vendors Try To Limit Liability, (Jan. 15, 2012), Business Insurance, http://www.businessinsurance.com/article/20120115/NEWS07/301159996/cloud-computing-risks-generally-covered-by-cyber-insurance. \nHa, Young, N.Y. Court: Zurich Not Obligated To Defend Sony Units In Data Breach Litigation, INSURANCE JOURNAL, (Mar. 17, 2014), http://www.insurancejournal.com/news/east/2014/03/17/323551.htm.\nHa, Young, Sony, Zurich Reach Settlement in PlayStation Data Breach Case in New York, INSURANCE JOURNAL, (May 1, 2015), http://www.insurancejournal.com/news/east/2015/05/01/366600.htm.\nInformation Is Beautiful, World’s Biggest Data Breaches, http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/.\nISACA, Cybersecurity Legislation Watch, http://www.isaca.org/cyber/pages/cybersecuritylegislation.aspx (last visited Jan. 14, 2016).\nInvestopedia, http://www.investopedia.com. \nMusil, Steven, Sony Hack Leaked 47,000 Social Security Numbers, Celebrity Data, CNET, (Dec. 4, 2014, 7:05 PM PST), http://www.cnet.com/news/sony-hack-said-to-leak-47000-social-security-numbers-celebrity-data/.\nNavetta, David, Cyber Insurance: An Efficient Way to Manage Security and Privacy Risk in the Cloud?, Info. Law Grp. (Feb. 1, 2012), http://www.infolawgroup.com/2012/02/articles/cloud-computing-1/cyber-insurance-an-efficient-way-to-manage-security-and-privacy-risk-in-the-cloud/.\nNewbusiness, Cyber security and insurance to become compulsory by 2017, May. 31, 2016, http://www.newbusiness.co.uk/articles/insurance-advice/cyber-security-and-insurance-become-compulsory-2017.\nPalermo, Elizabeth, 10 Worst Data Breaches of All Time, TOM’S GUIDE, (Feb 6, 2015, 7:00 AM), http://www.tomsguide.com/us/biggest-data-breaches,news-19083.html.\nPCI official website, https://www.pcisecuritystandards.org.\nRagan, Steve, Breach Insurance Might Not Cover Losses At Sony Pictures, CSO, (Dec. 15, 2014, 6:29 AM PT), http://www.csoonline.com/article/2859535/business-continuity/breach-insurance-might-not-cover-losses-at-sony-pictures.html.\nRouse, Margaret, Privilege Escalation Attack, TechTarget, available at http://searchsecurity.techtarget.com/definition/privilege-escalation-attack.\nSchwartzel, Erich, Cybersecurity Insurance: Many Companies Continue To Ignore The Issue, PITTSBURGH POST-GAZETTE, (June 22, 2010 4:00 AM), http://www.post-gazette.com/business/tech-news/2010/06/22/Cybersecurity-insurance-Many-companies-continue-to-ignore-the-issue/stories/201006220157.\nSwiss Re, Cyber Risks - Insurable, But Within Limits, http://www.swissre.com/reinsurance/insurers/casualty/Cyber_risks_insurable_but_within_limits.html.\nSynergy research group, Amazon Leads; Microsoft, IBM & Google Chase; Others Trail, Agu. 1, 2016, https://www.srgresearch.com/articles/amazon-leads-microsoft-ibm-google-chase-others-trail.\nTREND MICRO, Cloud Makes Data Breaches Increasingly Likely And Costly, June 17, 2014, http://blog.trendmicro.com/cloud-makes-data-breaches-increasingly-likely-costly/.\nWalker, Danielle, Sony To Shell Out $15M In PSN Breach Settlement, SC MAGAZINE, (Jul. 24, 2014), available at http://www.scmagazine.com/sony-to-shell-out-15m-in-psn-breach-settlement/article/362720/.\nWoodward, Jeff, The 2001 ISO CGL Revision, IRMI, (Jan. 2002), https://www.irmi.com/articles/expert-commentary/the-2001-iso-cgl-revision. | zh_TW |
| item.fulltext | With Fulltext | - |
| item.cerifentitytype | Publications | - |
| item.openairetype | thesis | - |
| item.openairecristype | http://purl.org/coar/resource_type/c_46ec | - |
| item.grantfulltext | open | - |
| Appears in Collections: | 學位論文 | |
Files in This Item:
| File | Size | Format | |
|---|---|---|---|
| 014101.pdf | 5.61 MB | Adobe PDF2 | View/Open |
Google ScholarTM
Check
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.