學術產出-學位論文
文章檢視/開啟
書目匯出
-
題名 雲端運算服務企業⽤⼾之⾵險管理與雲端運算保險法律問題研析
A Study on the Cloud Computing Risk Management of Enterprise Users and Related Legal Issues Arising from Cloud Computing Insurance作者 王莉宸
Wang, Li Chen貢獻者 張冠群
Chang, Kuan Chun
王莉宸
Wang, Li Chen關鍵詞 雲端
雲端運算
雲端服務
雲端運算風險
網路風險
雲端保險
資訊安全
資料外洩
網路保險
網路安全
風險管理
cloud
cloud computing
cloud service
cloud computing risk
cyber risk
cloud insurance
information security
data breach
cyber insurance
cyber security
risk management日期 2016 上傳時間 1-九月-2016 23:58:12 (UTC+8) 摘要 「雲端」是現今網路科技最火紅之名詞,不論係個人日常生活中所使用之App或企業營運應用之軟體、服務皆可能與雲端技術之應用有關。有鑒於近年來網路攻擊、資訊安全事件頻傳,不僅造成企業損失金額節節上升,更使電子化、雲端化後之個人資料保護漏洞浮上檯面,然在企業邁向雲端化的同時,若無相應之風險管理措施,則可能使其暴露於財物損失、營運中斷、法律責任和商譽威脅之風險之中。 為此,國外已有將雲端策略和網路安全納入國家政策中並以立法要求資訊安全和個人資料保護,甚至以政策推廣或以軟法要求企業投保網路相關保險者。惟我國除個人資料法有對個人資料之保護外,於資訊安全及雲端服務使用上則尚無完善之規劃,企業在資訊安全、網路安全相關保險之投保率亦極低,顯示企業對此領域之風險意識淡薄。而目前國內市場上可承擔網路風險之保險契約甚少,更遑論針對雲端化之產業推出之商業保險。 因此,本文第二章將從雲端運算之技術及基本概念出發,於第三章中剖析企業雲端使用者可能面臨之雲端運算風險、比較其與網路風險之差異,檢視現有建議雲端服務使用者之雲端運算風險管理方法,並探討以保險作為雲端風險管理途徑之妥適性。第四章則參考外國法上曾因網路風險、資訊安全風險等新興風險於傳統保險商品適用上出現之相關法律問題,對照現有網路保險或資訊安全保險之保單條款檢視前述法律問題是否已為妥善解決,並就現行保險不足之處予以改良,試研擬新型雲端保險之契約條款內容。最後於第五章以國內外雲端服務發展現況為出發,綜合本文研究成果提出雲端風險可能產生法律爭議之解套以提升雲端保險之投保意願,並參考國外雲端發展政策及相關保險制度規劃為我國雲端保險市場開展之整體配套措施提供粗淺建議,希冀對我國雲端產業及保險未來發展有棉薄之貢獻。
“Cloud” might be the most popular noun among the information and communication technology field nowadays. From apps in the mobile devices to enterprise softwares, the application of cloud computing techniques is ubiquitous. However, more and more cyber-attacks and data breach events have not only cost businesses a lot but uncovered the issue concerning personal information protection. While embracing the cloud, if enterprises continue to neglect risk management, potential financial loss, business interruption, legal liabilities and the risk of reputation are the risks that enterprise has to deal with. Some countries have already incorporated cloud strategy and cyber security into policies, requiring particular threshold of information security and personal information protection by legislation. Some even require business to disclose its insurance policy relevant to its particular facts, circumstances and the presented risks. Nonetheless, in Taiwan, aside from the Personal Information Protection Act, there is no comprehensive policy or strategy on cloud computing or cyber security. The low insured rate of information security and cyber security related insurance also reveals the weakness of risk management of the emerging risks in business. Cyber risk related insurance is also uncommon in the market, not to mention the cloud-computing-targeted business insurance. Consequently, this thesis aims to develop a thorough risk management of cloud computing. Starting with the introduction on the basic concept and techniques of cloud computing in Chapter 2, Chapter 3 analyzes the risk that the enterprise cloud service users faces, compares the difference between cyber risk and cloud computing risks, examines current enterprise’s available risk management methods, and discusses the appropriateness of adopting insurance as the risk management of cloud computing. In order to develop a new insurance product for enterprise cloud service users, Chapter 4 studies the related foreign insurance disputes regarding cyber risks and information risks, and examines whether the latest insurance policy had amended the issues, and reforms current cyber insurance into a new cloud insurance. Lastly, based on the present domestic and international market environment of cloud computing service, Chapter 5 summarizes the legal issues discussed in the previous chapter for the purpose of the future development of new cloud insurance market, and map out the cloud computing policy with regard to risk management and insurance as the conclusion of the thesis.參考文獻 壹、 中文部分一、 書籍江朝國,保險法逐條釋義《第一卷 總則》,2012年1月。汪信君、廖世昌,保險法理論與實務,頁266,2015年10月,三版。胡為君,雲端資安與隱私:企業風險應對之道,2012年5月。范姜肱,保險行銷—兩岸實務與個案,2015年2月。財團法人保險事業發展中心,意外保險(第一輯),94年12月。陳彩稚,企業風險管理, 2012年2月。葉啟洲,保險法實例研習,2011年7月二版。葉啟洲,保險法判決案例研析(一),2013年11月。二、 期刊論文王 平、羅濟群、趙國銘、王子夏,雲端運算服務之風險分析,管理評論,第31卷第1期,2011年1月,頁1-19。林建智、李志峰,論責任保險人之抗辯義務-以美國發展為重心,東吳法律學報,第23卷第2期,頁109-157。陳秭璇,數位保險發展國際趨勢之研析,科技法律透析,第25卷第2期,2013年2月,頁9-13。張乃文,雲端運算環境之法規遵循議題剖析,科技法律透析,第25卷第7期,頁24,2013年7月,頁21-40。張紹斌、徐仕瑋,從雲端運算談個資保護,司法新聲,第99期季刊,頁33,100年7月,頁28-36。葉奇鑫、李相臣,淺淡個人資料保護法民事賠償責任及數位鑑識相關問題,司法新聲,第101期季刊,101年7月,頁33-49。廖家宏,論「除外條款」與「特約條款」之區辨—最高法院九十六年台上字第三九四號民事判決評釋,律師雜誌,2008年7月號,第346期,頁57-63。劉定基,雲端運算與個人資料保謢-以台灣個人資料保護法與歐盟個人資料保護指令的比較為中心,東海大學法學研究,第四十三期,2014年8月,頁53-106。謝淑美,雲端服務的增值稅徵納趨勢,資誠通訊,2015年3月號第287期,頁3-4。鐘文岳、汪家倩,個人資料保護法,這樣讀就對了—企業篇,萬國法律,第181期,2012年2月,頁2-17。三、 研究計畫及統計資料財團法人保險事業發展中心,中華民國104年意外保險賠款率統計表—按風險類別(曆年制)。四、 博碩士學位論文羅邵晏,雲端服務風險評估模式建立之研究,國立政治大學資訊管理學系碩士學位論文,2013年1月。五、 政策、行政命令及其他規範中華民國精算學會,費率釐訂實務處理準則,財產保險業,精算準則公報第一號,103年1月1日第5版。行政院科技會報,雲端運算發展方案,104年10月,http://www.bost.ey.gov.tw/cp.aspx?n=B56ED9F993B2EFA5。法務部法律字第 10103107800 號,101 年 11 月 21 日。資通安全管理法草案,http://www.cnra.org.tw/index.php?action=news_detail&cid=91&id=339。 六、 保單條款Zurich Security and Privacy Protection Insurance(蘇黎世產物安全與隱私保護保險),103.09.26 (103)台蘇保產品字第125874 號函。中華民國產物保險商業同工會,商業火災保險基本條款,http://www.nlia.org.tw/modules/smartsection/item.php?itemid=65。美亞產物商業犯罪保險,102.03.04(102)美亞保精字第0030號函。美亞產物資料保護保險,102.03.04(102)美亞保精字第0030號函。美亞產物資料保護保險-天網版,102.06.18(102)美亞保精字第0096號函。美亞產物資料保護保險-天網版-資料危機管理服務附加條款,102.06.18(102)美亞保精字第098號函。美亞產物資料保護保險-天網版-擴大承保網路中斷保險附加條款,102.06.18(102)美亞保精字第099號函。美亞產物資料保護保險-天網版-擴大承保媒體內容責任附加條款,102.06.18(102)美亞保精字第100號函。國泰產物資料保護保險,104.03.05(104)企字第200-90號。七、 網際網路AIG,美亞產物保險(AIG Taiwan)推出 CyberEdge—繼資料保護保險(DataPlus)之後更完整的資訊安全解決方案,2013年3月4日,http://www.aig.com.tw/news/cyberedge。Amazon EC2–虛擬伺服器託管,Amazon Web Service官方網站,http://aws.amazon.com/tw/ec2/。Aon,商業犯罪保險,http://www.aon.com/taiwan/zh/products-and-services/risk-services/commercial-crime.jsp。Sam Chen,從賈伯斯的一席話認識雲端運算,INSIDE,2014年7月15日,http://www.inside.com.tw/2014/07/15/cloud_computing_1。Sony Playstation.com (亞洲)台灣官方網站,https://asia.playstation.com/tw/cht/regional。TREND LABS 趨勢科技全球技術支援與研發中心,什麼是社交工程(social engineering )?,2011年10月12日,http://blog.trendmicro.com.tw/?p=101。林子煒,2015年資訊安全之解析與展望,IT’s通訊eNEWS,2015年第7期,http://newsletter.ascc.sinica.edu.tw/news/read_news.php?nid=3295。洪凱音,資料保護責任險升級 全台首張 雲端保險開賣,中國時報,2013年10月3日,https://tw.news.yahoo.com/資料保護責任險升級-全台首張-雲端保險開賣-213000392.html。陳國榮,SONY因PSN用戶資料外洩事件遭英國罰款39萬美元,硬底子達人網,http://www.17inda.com/html/3/article-2528.html。陳荻雅,雲端真的可以提升工作效能嗎?,數位時代,2011年11月17日,http://www.bnext.com.tw/article/view/id/20887。陳怡如,亞洲最大!Google投六億美元,台灣資料中心正式啟用,數位時代,2013年12月12日,http://www.bnext.com.tw/article/view/id/30406。黃彥棻,索尼影業遭駭事件始末大剖析,iThome,http://www.ithome.com.tw/news/93457。張頓,索尼向雇員賠800萬美元 和解駭客入侵案,大紀元,http://www.epochtimes.com/b5/15/10/23/n4556435.htm。貳、 英文部分一、 書籍FEHLING, CHRISTOPH ET AL. (2014), CLOUD COMPUTING PATTERNS.NICOLETTI, BERNARDO (2013), CLOUD COMPUTING IN FINANCIAL SERVICES.REJDA, GEORGE E. & MCNAMARA, MICHAEL J. (Prentice Hall, 12th ed. 2013), PRINCIPLES OF RISK MANAGEMENT AND INSURANCE.ROUNTREE, DERRICK & CASTRILLO, ILEANA (Hai Jiang, Technical Edt., 2014), THE BASICS OF CLOUD COMPUTING - UNDERSTANDING THE FUNDAMENTALS OF CLOUD COMPUTING IN THEORY AND PRACTICE.二、 專書論文Dasgupta, Dipankar & Naseem, Durdana (S. Srinivasan ed. 2014), A Framework for Compliance and Security Coverage Estimation for Cloud Services: A Cloud Insurance Model, in SECURITY, TRUST, AND REGULATORY ASPECTS OF CLOUD COMPUTING IN BUSINESS ENVIRONMENTS 91-114.Hon, W Kuan & Millard, Christopher (Christopher Millard ed. 2013), Cloud Technologies and Services, in CLOUD COMPUTING LAW 4-18.Kizza, Joseph M. & Yang, Li (S. Srinivasan ed. 2014), Is the Cloud the Future of Computing?, in SECURITY, TRUST, AND REGULATORY ASPECTS OF CLOUD COMPUTING IN BUSINESS ENVIRONMENTS 57-72.Losavio, Michal et al. (S. Srinivasan ed. 2014), Regulatory Aspects of Cloud Computing in Business Environments, in SECURITY, TRUST, AND REGULATORY ASPECTS OF CLOUD COMPUTING IN BUSINESS ENVIRONMENTS 156-169.Srinivasan, S. (S. Srinivasan ed. 2014), Risk Management in the Cloud and Cloud Outages, in SECURITY, TRUST, AND REGULATORY ASPECTS OF CLOUD COMPUTING IN BUSINESS ENVIRONMENTS 145-155.三、 期刊Alali, Fatima A. & Yeh, Chia-Lun, Cloud Computing: Overview and Risk Analysis, 26 J. INFO. SYS. 2 (2012).Bălţătescu, Ionela, Cloud Computing Services: Benefits, Risks and Intellectual Property Issues, 2(1) Global Economic Observer 230 (2014).Biener, Christian et al., Insurability of Cyber Risk: An Empirical Analysis, 40 The Geneva Papers on Risk and Insurance - Issues and Practice 131 (2015).Bonner, Lance, Cyber Risk: How The 2011 Sony Data Breach And The Need For Cyber Risk Insurance Policies Should Direct The Federal Response To Rising Data Breaches, 40 Wash. U. J.L. & Pol’y 257.Cheng, Tina, A Cloudy Forecast: Divergence in the Cloud Computing Laws of the United States, European Union, and China, 41 Ga. J. Int’l & Comp. L. 481.Christenson, Cass W., Insurance Coverage Regarding Data Privacy, Cloud Computing, and Other Emerging Cyber Risks, 2011 WL 601376.Cox, Dina M. et al., Cyber Insurance 101: Coverage Issues Related to Cyber Attacks and Cyber Insurance, Insurance Coverage Litigation Committee CLE Seminar (ABA)(2014).Fan, Chiang Ku & Chen, Tien-Chun, The Risk Management Strategy of Applying Cloud Computing, 3 IJACSA 9 (2012).Ferrillo, Paul & Marciano, Christine, Cyber security, Cyber governance, and Cyber insurance, Harvard Law School Forum on Corporate Governance and Financial Regulation, (Nov. 13, 2014), https://corpgov.law.harvard.edu/2014/11/13/cyber-security-cyber-governance-and-cyber-insurance/.Fortinová, Jana, Risks of Cloud Computing, 20(3) Systémová Integrace 63 (2013).Gasser, Urs & O’Brien, David, Governments and Cloud Computing: Roles, Approaches, and Policy Considerations, Berkman Center Research Publication No. 2014-6 (March 17, 2014), available at SSRN: http://ssrn.com/abstract=2410270.Gentzoglanis, Anastassios, Evolving Cloud Ecosystems: Risk, Competition and Regulation, 85 Digiworld Economic Journal 87 (2012).Gerber, Jenna, Head out of the Clouds: What the United States May Learn From the Europrean Union’s Treatment of Data in the Cloud, 23 Ind. Int`l & Comp. L. Rev. 245 (2013).Godes, Scott, Cybersecurity Risks and Insurance Coverage, 3 New Appleman Law Of Liability Insurance § 18.03 (2013).Gold, Joshua, Protection in the Cloud: Risk Management and Insurance for Cloud Computing, 15 No. 12 J. Internet L. 1 (2012).Harshbarger, Jared A., Cloud Computing Providers And Data Security Law: Building Trust With United States Companies, 16 J. Tech. L. & Pol’y 229.Kalyvas, James R. et al., Cloud Computing: A Practical Framework for Managing Cloud Computing Risk—Part I, 25 NO.3 INTELL. PROP. & TECH. L. J. 7(2013).Kalyvas, James R. et al., Cloud Computing: A Practical Framework for Managing Cloud Computing Risk—Part II, 25 NO.4 INTELL. PROP. & TECH. L. J. 19 (2013).Kattan, Ilana R., Cloudy Privacy Protections: Why the Stored Communications Act Fails to Protect the Privacy of Communications Stored in the Cloud, 13 Vand. J. Ent. & Tech. L. 617.Kosub, Thomas, Components and Challenges of Integrated Cyber Risk Management, 104 Zeitschrift für die gesamte Versicherungswissenschaft 615 (2015).Krebs, David, Regulating the Cloud: A Comparative Analysis of the Current and Proposed Privacy Frameworks in Canada and the European Union, 10 Can. J. L. & Tech. 29.McGillivray, Kevin, Conflicts in the Cloud: Contracts and Compliance with Data Protection Law in the EU, 17 Tul. J. Tech. & Intell. Prop. 217.Montgomery, Jack, Cybercrime Losses and Insurance for Property Damage and Third-Party Claims, 27 Me. B.J. 158 (2012).Quinn, Michael Sean, The Cyber-World and Insurance: An Introduction to a New Insurance, 12 J. Tex. Ins. L. 20 (2013).Rancourt, Stephen J., Hacking, Theft, And Corporate Negligence: Making The Case For Mandatory Encryption Of Personal Information, 18 Tex. Wesleyan L. Rev. 183.Reed, Toni Scott, Cybercrime: Losses, Claims, and Potential Insurance Coverage for the Technology Hazards of the Twenty-First Century, 20 Fidelity L.J. 55 (2014).Segall, Sasha, Jurisdictional Challenges In The United States Government’s Move To Cloud Computing Technology, 23 Fordham Intell. Prop. Media & Ent. L.J. 1105.Shipley, Greg, Cloud Computing: Risks, InformationWeek, Issue 1262, at 20 (2010).Soghoian, Christopher, Caught in the Cloud: Privacy, Encryption, and Government Back Doors in the Web 2.0 Era, 8 J. on Telecomm. & High Tech. L. 359 (2010).Tsanakas, Andreas & Desli, Evangelia, Measurement and Pricing of Risk in Insurance Markets, 25 Risk Analysis 6 (2005).VivinSandar, S & Shenai, Sudhir, Economic Denial of Sustainability (EDoS) in Cloud Services using HTTP and XML based DDoS Attacks, 41 International Journal of Computer Applications 11 (2012).Wilson, Nigel, E-Risks and Insurance in the Information Age, 24 NZULR 550, 556 (2011).Winn, Jane K., Insurance for Cyber-risks: Business and Legal Issues, 1.2 SKKU J. SCI. & TECH. L 87 (2007).Xie, Feng et al., A Risk Management Framework for Cloud Computing, 1 IEEE 2nd International Conference on Cloud Computing and Intelligence Systems 476 (2012).Yu, Angela, Let’s Get Physical: Loss of Use of Tangible Property as Coverage in Cyber Insurance, 40 Rutgers Computer & Tech. L.J. 229 (2014).四、 研究報告及統計資料ASSOCIATION OF BRITISH INSURERS (ABI), MAKING SENSE OF CYBER INSURANCE: A GUIDE FOR SMES (May 2016), available at https://www.abi.org.uk/Insurance-and-savings/Products/Business-insurance/Cyber-risk-insurance.CROWE HORWATH LLP ET AL., ENTERPRISE RISK MANAGEMENT FOR CLOUD COMPUTING (Committee of Sponsoring Organizations of the Treadway Commission) (Jun. 2012).EDARA, SREE RAMA & KANDAGATLA, RANJITH KUMAR, CAPGEMINI, CLOUD COMPUTING IN THE PROPERTY & CASUALTY INSURANCE INDUSTRY - THE CASE FOR DEVELOPING A HOLISTIC CLOUD STRATEGY, available at https://www.hu.capgemini.com/resource-file-access/resource/pdf/Cloud_Computing_in_the_Property___Casualty_Insurance_Industry.pdf.ENISA, CLOUD COMPUTING BENEFITS, RISKS AND RECOMMENDATIONS FOR INFORMATION SECURITY (2009), available at https://www.enisa.europa.eu/activities/risk-management/files/deliverables/cloud-computing-risk-assessment.ENISA, CLOUD COMPUTING BENEFITS, RISKS AND RECOMMENDATIONS FOR INFORMATION SECURITY (2012), available at https://resilience.enisa.europa.eu/cloud-security-and-resilience/publications/cloud-computing-benefits-risks-and-recommendations-for-information-security.EUROPEAN COMMISSION, UNLEASHING THE POTENTIAL OF CLOUD COMPUTING IN EUROPE (2012), available at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0529:FIN:EN:PDF. FEDERAL INSURANCE OFFICE, ANNUAL REPORT ON INSURANCE INDUSTRY, U.S. DEPARTMENT OF THE TREASURY (September 2015).FITÓ, ORIOL J. & GUITART, JORDI, INTRODUCING RISK MANAGEMENT INTO CLOUD COMPUTING, http://www.ac.upc.edu/app/research-reports/html/RR/2010/33.pdf.HM GOVERNMENT, GOVERNMENT CLOUD STRATEGY – A SUB STRATEGY OF THE GOVERNMENT ICT STRATEGY 15, March 2011, available at https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/266214/government-cloud-strategy_0.pdf.HM GOVERNMENT & MARSH, UK CYBER SECURITY – THE ROLE OF INSURANCE IN MANAGING AND MITIGATING THE RISK (March 2015), available at https://www.marsh.com/uk/insights/research/uk-cyber-security-role-of-insurance-in-managing-mitigating-risk.html. INSTITUTE OF RISK MANAGEMENT, CYBER RISK – EXECUTIVE SUMMARY (2014).KENT, KAREN & SOUPPAYA, MURUGIAH, GUIDE TO COMPUTER SECURITY LOG MANAGEMENT, NIST, available at http://dl.acm.org/citation.cfm?id=2206303.KESAN, JAY P. ET AL., CYBERINSURANCE AS A MERKET-BASED SOLUTION TO THE PROBLEM OF CYBERSECURITY - A CASE STUDY, Jan. 1, 2005, http://docplayer.net/2850625-Cyberinsurance-as-a-market-based-solution.html. MELL, PETER & GRANCE, TIMOTHY, THE NIST DEFINITION OF CLOUD COMPUTING 2, U.S. DEP’T OF COMMERCE (2011), Spec. Publ’n 800-145, available at http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf.MERRILL, TOBY & KANG, THOMAS, CLOUD COMPUTING: IS YOUR COMPANY WEIGHING BOTH BENEFITS & RISKS?, ACE INSUREDTM (2014), available at http://www.acegroup.com/us-en/assets/privacy-network-security-cloud-computing-is-your-company-weighing-both-benefits-risks.pdf.NIST, GLOSSARY OF KEY INFORMATION SECURITY TERMS (Richard Kissel, ed. 2013), available at http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf.PONEMON INSTITUTE LLC, DATA BREACH: THE CLOUD MULTIPLIER EFFECT (2014).PWC, INSURANCE 2020 & BEYOND: REAPING THE DIVIDENDS OF CYBER RESILIENCE 10 (Sep. 2015), available at http://www.pwccn.com/home/eng/insurance_2020_sep2015.html.RIGHTSCALE, 2016 STATE OF THE CLOUD REPORT (2016), available at http://www.mcit.gov.eg/Upcont/Documents/Reports%20and%20Documents_1252016000_RightScale-2016-State-of-the-Cloud-Report.pdf.SWISS RE, SWISS RE SONAR NEW EMERGING RISK INSIGHTS, July 2014, available at http://www.swissre.com/rethinking/emerging_risks/Swiss_Res_SONAR_new_emerging_risk_insights_for_2014.html.THE ECONOMIST, REPUTATION RISK: RISK OF RISKS (2005).UNCTAD, INFORMATION ECONOMY REPORT 2005, UNCTAD/SDTE/ECB/2005/1, U.N. Sales No. E.05.II.D.19 (2005).VERDANTIX, CLOUD COMPUTING – THE IT SOLUTION FOR THE 21ST CENTURY (2011), available at https://www.cdp.net/en-us/whatwedo/cdpnewsarticlepages/cloud-computing-can-dramatically-reduce-energy-costs-and-carbon-emissions.aspx.五、 判決America Online v. Saint Paul Mercury Insurance, 207 F. Supp. 2d 459 (E.D. Va. 2002).American Guarantee & Liability Insurance Co. v. Ingram Micro, Inc., Civ. 99-185 TUC ACM, 2000 WL 726789 (D. Ariz. April. 18, 2000).Anderson v. Hannaford Bros. Co., 659 F.3d 151 (2011).Central Delta Water Agency v. U.S., 306 F.3d 938 (2002).Clapper v. Amnesty Intern. USA, 133 S.Ct. 1138, 1147 (2013).Eyeblaster Inc. v. Federal Insurance Co., 613 F.3d 797 (8th Cir. 2010).Hammond v. The Bank of New York Mellon Corp., 2010 WL 2643307 (2010).In re Barnes & Noble Pin Pad Litigation, WL 4759588 (2013).In Re Sony PS3 Others OS Litigation, No. 3:2010cv01811 - Document 185 (N.D. Cal. 2011).Krottner v. Starbucks Corp., 628 F.3d 1139 (2010).Lambrecht & Associates, Inc. v. State Farm Lloyds, 119 S.W.3d 16 (2003).Landmark American Ins. Co. v. Gulf Coast Analytical, 2012 WL 1094761, at 1 (2012).Lynch Props. Inc. v. Potomac Ins. Co., 962 F. Supp. 956.Maximillian Schrems v. Data Protection Commissioner, 2014 WL 4954897 (2014).Michael Corona, et al v. Sony Pictures Entertainment, Inc., 2015 WL 3916744 (C.D.Cal.).Moyer v. Michaels Stores, Inc., 2014 WL 3511500 (2014).Pisciotta v. Old Nat. Bancorp, 499 F.3d 629 (2007).Prudential Insurance Co v. Inland Revenue Commissioners, [1904] 2 K.B. 658.Republic Nat. Life Ins. Co. v. Heyward, 536 S.W.2d 549 (1976).Retail Systems, Inc. v. CNA Ins. Co., 469 N.W.2d 735 (Minn. App. 1991).Retail Ventures, Inc. v. National Union Fire Ins. Co. of Pittsburgh, Pa., 691 F.3d 821, 826 (2012).Santos v. Peerless Ins. Co, 2009 WL 1164972 (2009).South Cent. Bell Telephone Co. v. Barthelemy, 643 So.2d 1240 (La.1994).St. Paul Fire & Marine Ins. Co. v. Compaq Computer Corp., 539 F.3d 809 (8th Cir.2008).Ward General Ins. Services, Inc. v. Employers Fire Ins. Co., 114 Cal.App.4th 548 (2003).Zurich American Insurance Co., et al. v. Sony Corp. of America, et al., No. 651982/2011 (N.Y. Sup. Ct. New York Cty.).六、 政策、法規(含草案)1. 美國法16 C.F.R. §314.3-.4 (2011).16 C.F.R. §681.1(d) (2011).45 C.F.R. §§ 164.308-314 (2011).15 U.S.C. §§ 6801-6809 (2006).15 U.S.C.A. § 7463.18 U.S.C.A. §§ 2701 -12.18 U.S.C.A. § 2510.42 U.S.C. § 1320d-6 (2006)42 U.S.C. § 1320d-1 (2006).Computer Fraud and Abuse Act of 1984, 18 U.S.C. § 1030.Data Breach Notification Act of 2011, S. 1408.Electronic Communications Privacy Act of 1986, U.S. Dept. of Just., Off. of Just. Programs, http://it.ojp.gov/default.aspx?area=privacy&page=1285.Mass. Code Regs. § 17.00 (2011).Md. Code Ann., Com. Law § 14-3503 (West 2011).Nev. Rev. Stat. § 597.970 (2008).Personal Data Protection and Breach Accountability Act of 2011.Restatement (Second) of Torts § 919 (1979).SEC, Corporate Finance’s Disclosure Guidance on Cybersecurity, Oct. 13, 2011, available at https://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm.Vivek Kundra, Federal Cloud Computing Strategy, the White House (2011), available at https://cio.gov/worldclassdigitalservices/cloud/.2. 歐盟法2000/520/EC: Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce (notified under document number C(2000) 2441).Directive 2002/58/EC.Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995, on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of such Data.EU Commission, Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace (2013).Network and information security directive: Co-legislators agree on the first EU-wide legislation on cybersecurity - digital single market - European commission, EU Commission (Dec. 9, 2015), https://ec.europa.eu/digital-single-market/en/news/network-and-information-security-directive-co-legislators-agree-first-eu-wide-legislation.Proposal for a Regulation of the European Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of such Data (General Data Protection Regulation), COM (2012) 11 final (Jan. 25, 2012)七、 保單條款Esurance® CPM Policy Document 1-3, CFC CPM UK V1.9, CFC Underwriting Limited, available at http://www.stgilesgroup.co.uk/storage/documents/Cyber%20Policy%20Wording.pdf. ISO Property Inc., Commercial General Liability Form (2003) , available at http://www.ngwa.org/documents/insurance/ngwasamplegeneralliabilityform.pdf.ISO, ISO’s Cyber Insurance Program, available at http://www.verisk.com/downloads/iso-cyber-insurance-program.pdfMarsh, CloudProtect – A Cyber Policy Enhancement, available at https://www.marsh.com/us/services/cyber-risk/marsh-cloudprotect-cyber-policy-enhancement.html.Traveler’s - Sample Insuring Agreement 1-2, CYB-3001 Ed. 07-10, available at https://www.travelers.com/business-insurance/cyber-security/management-professional-liability/cyber-risk-forms.aspx. 八、 網際網路ABI, Cyber Insurance To Become A Business Essential Within The Next Decade, May 5, 2015, https://www.abi.org.uk/News/News-releases/2015/05/Cyber-insurance-to-become-a-business-essential-within-the-next-decade.Alpeyev, Pavel et al., Amazon.Com Server Said To Have Been Used In Sony Attack, Bloomberg Business, BLOOMBERG TECHNOLOGY, (May 15, 2011, 3:53 AM HKT), http://www.bloomberg.com/news/articles/2011-05-13/sony-network-said-to-have-been-invaded-by-hackers-using-amazon-com-server.Alvarez, Edgar, Sony Pictures Hack: The Whole Story, ENGADGET, (Dec. 10, 2014), http://www.engadget.com/2014/12/10/sony-pictures-hack-the-whole-story/.BBC News, Sony Fined Over ‘Preventable’ Playstation Data Hack, (Jan. 24, 2013), http://www.bbc.com/news/technology-21160818.Berkowitz, Ben, Sony Insurer, Zurich, Files Suit To Deny Data Breach Coverage, INSURANCE JOURNAL, (Jul. 21, 2011), http://www.insurancejournal.com/news/national/2011/07/21/207474.htm.Bisson, David, Sony Pictures Loses Bid to Throw Out Data Breach Lawsuit, THE STATE OF SECURITY, (Jun. 16, 2015), http://www.tripwire.com/state-of-security/latest-security-news/sony-pictures-loses-bid-to-throw-out-data-breach-lawsuit/.Cambridge Dictionary Online, http://dictionary.cambridge.org. Federal Trade Commission, U.S.-EU Safe Harbor Framework, Nov. 6, 2015, https://www.ftc.gov/tips-advice/business-center/privacy-and-security/u.s.-eu-safe-harbor-framework.Greenwald, Judy, Cloud Computing Risks Generally Covered By Cyber Insurance - Coverage Important As Cloud Vendors Try To Limit Liability, (Jan. 15, 2012), Business Insurance, http://www.businessinsurance.com/article/20120115/NEWS07/301159996/cloud-computing-risks-generally-covered-by-cyber-insurance. Ha, Young, N.Y. Court: Zurich Not Obligated To Defend Sony Units In Data Breach Litigation, INSURANCE JOURNAL, (Mar. 17, 2014), http://www.insurancejournal.com/news/east/2014/03/17/323551.htm.Ha, Young, Sony, Zurich Reach Settlement in PlayStation Data Breach Case in New York, INSURANCE JOURNAL, (May 1, 2015), http://www.insurancejournal.com/news/east/2015/05/01/366600.htm.Information Is Beautiful, World’s Biggest Data Breaches, http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/.ISACA, Cybersecurity Legislation Watch, http://www.isaca.org/cyber/pages/cybersecuritylegislation.aspx (last visited Jan. 14, 2016).Investopedia, http://www.investopedia.com. Musil, Steven, Sony Hack Leaked 47,000 Social Security Numbers, Celebrity Data, CNET, (Dec. 4, 2014, 7:05 PM PST), http://www.cnet.com/news/sony-hack-said-to-leak-47000-social-security-numbers-celebrity-data/.Navetta, David, Cyber Insurance: An Efficient Way to Manage Security and Privacy Risk in the Cloud?, Info. Law Grp. (Feb. 1, 2012), http://www.infolawgroup.com/2012/02/articles/cloud-computing-1/cyber-insurance-an-efficient-way-to-manage-security-and-privacy-risk-in-the-cloud/.Newbusiness, Cyber security and insurance to become compulsory by 2017, May. 31, 2016, http://www.newbusiness.co.uk/articles/insurance-advice/cyber-security-and-insurance-become-compulsory-2017.Palermo, Elizabeth, 10 Worst Data Breaches of All Time, TOM’S GUIDE, (Feb 6, 2015, 7:00 AM), http://www.tomsguide.com/us/biggest-data-breaches,news-19083.html.PCI official website, https://www.pcisecuritystandards.org.Ragan, Steve, Breach Insurance Might Not Cover Losses At Sony Pictures, CSO, (Dec. 15, 2014, 6:29 AM PT), http://www.csoonline.com/article/2859535/business-continuity/breach-insurance-might-not-cover-losses-at-sony-pictures.html.Rouse, Margaret, Privilege Escalation Attack, TechTarget, available at http://searchsecurity.techtarget.com/definition/privilege-escalation-attack.Schwartzel, Erich, Cybersecurity Insurance: Many Companies Continue To Ignore The Issue, PITTSBURGH POST-GAZETTE, (June 22, 2010 4:00 AM), http://www.post-gazette.com/business/tech-news/2010/06/22/Cybersecurity-insurance-Many-companies-continue-to-ignore-the-issue/stories/201006220157.Swiss Re, Cyber Risks - Insurable, But Within Limits, http://www.swissre.com/reinsurance/insurers/casualty/Cyber_risks_insurable_but_within_limits.html.Synergy research group, Amazon Leads; Microsoft, IBM & Google Chase; Others Trail, Agu. 1, 2016, https://www.srgresearch.com/articles/amazon-leads-microsoft-ibm-google-chase-others-trail.TREND MICRO, Cloud Makes Data Breaches Increasingly Likely And Costly, June 17, 2014, http://blog.trendmicro.com/cloud-makes-data-breaches-increasingly-likely-costly/.Walker, Danielle, Sony To Shell Out $15M In PSN Breach Settlement, SC MAGAZINE, (Jul. 24, 2014), available at http://www.scmagazine.com/sony-to-shell-out-15m-in-psn-breach-settlement/article/362720/.Woodward, Jeff, The 2001 ISO CGL Revision, IRMI, (Jan. 2002), https://www.irmi.com/articles/expert-commentary/the-2001-iso-cgl-revision. 描述 碩士
國立政治大學
風險管理與保險研究所
102358014資料來源 http://thesis.lib.nccu.edu.tw/record/#G1023580141 資料類型 thesis dc.contributor.advisor 張冠群 zh_TW dc.contributor.advisor Chang, Kuan Chun en_US dc.contributor.author (作者) 王莉宸 zh_TW dc.contributor.author (作者) Wang, Li Chen en_US dc.creator (作者) 王莉宸 zh_TW dc.creator (作者) Wang, Li Chen en_US dc.date (日期) 2016 en_US dc.date.accessioned 1-九月-2016 23:58:12 (UTC+8) - dc.date.available 1-九月-2016 23:58:12 (UTC+8) - dc.date.issued (上傳時間) 1-九月-2016 23:58:12 (UTC+8) - dc.identifier (其他 識別碼) G1023580141 en_US dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/101089 - dc.description (描述) 碩士 zh_TW dc.description (描述) 國立政治大學 zh_TW dc.description (描述) 風險管理與保險研究所 zh_TW dc.description (描述) 102358014 zh_TW dc.description.abstract (摘要) 「雲端」是現今網路科技最火紅之名詞,不論係個人日常生活中所使用之App或企業營運應用之軟體、服務皆可能與雲端技術之應用有關。有鑒於近年來網路攻擊、資訊安全事件頻傳,不僅造成企業損失金額節節上升,更使電子化、雲端化後之個人資料保護漏洞浮上檯面,然在企業邁向雲端化的同時,若無相應之風險管理措施,則可能使其暴露於財物損失、營運中斷、法律責任和商譽威脅之風險之中。 為此,國外已有將雲端策略和網路安全納入國家政策中並以立法要求資訊安全和個人資料保護,甚至以政策推廣或以軟法要求企業投保網路相關保險者。惟我國除個人資料法有對個人資料之保護外,於資訊安全及雲端服務使用上則尚無完善之規劃,企業在資訊安全、網路安全相關保險之投保率亦極低,顯示企業對此領域之風險意識淡薄。而目前國內市場上可承擔網路風險之保險契約甚少,更遑論針對雲端化之產業推出之商業保險。 因此,本文第二章將從雲端運算之技術及基本概念出發,於第三章中剖析企業雲端使用者可能面臨之雲端運算風險、比較其與網路風險之差異,檢視現有建議雲端服務使用者之雲端運算風險管理方法,並探討以保險作為雲端風險管理途徑之妥適性。第四章則參考外國法上曾因網路風險、資訊安全風險等新興風險於傳統保險商品適用上出現之相關法律問題,對照現有網路保險或資訊安全保險之保單條款檢視前述法律問題是否已為妥善解決,並就現行保險不足之處予以改良,試研擬新型雲端保險之契約條款內容。最後於第五章以國內外雲端服務發展現況為出發,綜合本文研究成果提出雲端風險可能產生法律爭議之解套以提升雲端保險之投保意願,並參考國外雲端發展政策及相關保險制度規劃為我國雲端保險市場開展之整體配套措施提供粗淺建議,希冀對我國雲端產業及保險未來發展有棉薄之貢獻。 zh_TW dc.description.abstract (摘要) “Cloud” might be the most popular noun among the information and communication technology field nowadays. From apps in the mobile devices to enterprise softwares, the application of cloud computing techniques is ubiquitous. However, more and more cyber-attacks and data breach events have not only cost businesses a lot but uncovered the issue concerning personal information protection. While embracing the cloud, if enterprises continue to neglect risk management, potential financial loss, business interruption, legal liabilities and the risk of reputation are the risks that enterprise has to deal with. Some countries have already incorporated cloud strategy and cyber security into policies, requiring particular threshold of information security and personal information protection by legislation. Some even require business to disclose its insurance policy relevant to its particular facts, circumstances and the presented risks. Nonetheless, in Taiwan, aside from the Personal Information Protection Act, there is no comprehensive policy or strategy on cloud computing or cyber security. The low insured rate of information security and cyber security related insurance also reveals the weakness of risk management of the emerging risks in business. Cyber risk related insurance is also uncommon in the market, not to mention the cloud-computing-targeted business insurance. Consequently, this thesis aims to develop a thorough risk management of cloud computing. Starting with the introduction on the basic concept and techniques of cloud computing in Chapter 2, Chapter 3 analyzes the risk that the enterprise cloud service users faces, compares the difference between cyber risk and cloud computing risks, examines current enterprise’s available risk management methods, and discusses the appropriateness of adopting insurance as the risk management of cloud computing. In order to develop a new insurance product for enterprise cloud service users, Chapter 4 studies the related foreign insurance disputes regarding cyber risks and information risks, and examines whether the latest insurance policy had amended the issues, and reforms current cyber insurance into a new cloud insurance. Lastly, based on the present domestic and international market environment of cloud computing service, Chapter 5 summarizes the legal issues discussed in the previous chapter for the purpose of the future development of new cloud insurance market, and map out the cloud computing policy with regard to risk management and insurance as the conclusion of the thesis. en_US dc.description.tableofcontents 第一章 緒論 1第一節 研究動機及目的 1第一項 研究動機 1第一款 近年資安事件層出不窮 1第二款 雲端服務之使用可能增加資訊安全之成本 7第三款 外國法對雲端運算資訊安全之因應 8第一目 美國法 8第二目 歐盟法 13第四款 我國相關法制 15第二項 研究目的 17第二節 研究架構 19第三節 研究方法 21第二章 雲端運算概述 23第一節 雲端運算之定義 23第一項 美國國家標準技術局定義 23第一項 歐盟網路暨資訊安全局定義 26第二項 本文對「雲端運算」之定義 27第二節 雲端運算技術概要 28第一項 資料處理 29第一項 資料儲存 32第二項 資訊溝通 34第三節 雲端運算服務分類 35第一項 依雲端架構分類 35第一款 公有雲 35第二款 私有雲 35第三款 混合雲 36第四款 社群雲 36第二項 依服務類型分類 37第一款 基礎設施雲 37第二款 平台雲(PaaS) 37第三款 應用雲 38第四節 雲端運算服務之優勢及隱憂 39第一項 雲端運算優勢 39第一款 降低成本 39第二款 彈性運算能力 40第三款 減少資訊遺失風險 41第四款 可攜性服務 41第五款 優越的資訊安全性 42第六款 綠色規模經濟 42第二項 雲端運算服務之隱憂 44第五節 雲端運算服務市場現況 45第一項 市場上主要之雲端服務應用及其提供者 45第一項 雲端架構配置現況 46第六節 小結 49第三章 雲端運算風險及其管理 50第一節 雲端運算風險 50第一項 網路風險與雲端運算風險之關係與異同 50第一款 網路風險 50第一目 定義 50第二目 分類 51第二款 雲端運算風險 54第一目 政策及組織風險 55第二目 技術風險 60第三目 法律風險 61第四目 其他非雲端運算特有之風險 63第三款 本文對「雲端運算風險」之定義 64第四款 網路風險與雲端運算風險之比較 65第二項 雲端運算風險管理之重要性 67第二節 企業雲端風險管理 69第一項 企業使用者之雲端運算主要風險確認及評估 70第一款 風險管理實務見解 70第一目 締約風險 70第二目 控制權喪失風險 72第三目 累積風險 73第四目 成本風險 74第五目 資訊安全風險 74第二款 ENISA風險等級評估 75第三款 小結 77第二項 雲端運算風險伴隨之企業可能損失 78第一款 自己損失 79第二款 對第三人之責任 80第三項 企業之雲端風險管理方法 81第一款 企業雲端風險管理架構 82第一目 締約前之風險管理 82第二目 締約後之風險管理 84第二款 以保險作為雲端風險管理之妥適性 90第一目 雲端風險之可保性 90第二目 現行相關保險 93第三目 現行保單於雲端運算風險管理之短處 100第四目 雲端運算保險之必要 104第三節 本章小結 111第四章 雲端運算保險 114第一節 前言 114第二節 網路風險於保險適用上之相關法律爭議 117第一項 問題提出—以美國Eyeblaster Inc. v. Federal Insurance Company案為例 117第二項 網路保險相關法律問題分析 124第一款 損失認定 124第一目 問題概述 124第二目 財產損失性質之釐清 126第三目 未來潛在損失之認定 139第二款 保險契約中故意之認定 144第一目 外國相關案例 145第二目 案例分析 147第三款 因果關係之認定 149第一目 問題概述 149第二目 評析 151第三節 現行與雲端運算風險相關保險契約 153第一項 現行雲端運算相關之網路保險 153第一款 我國相關保險商品 153第一目 安全與隱私保護保險 153第二目 資料保護保險 156第二款 外國相關保險商品 165第一目 美國 165第二目 歐洲 167第三款 保險契約之比較與分析 173第二項 現行雲端相關保險對過去法律爭議解決與否之探析 178第一款 承保範圍之爭議 178第一目 有形與無形財產之爭議 178第二目 未來潛在損失之認定 181第三目 第三人故意行為所生損失是否屬於承保範圍 184第二款 因果關係 187第三項 小結 190第四節 雲端保險之再建構 193第一項 保險對象 193第二項 雲端保險契約條款重要內容 196第一款 承保範圍及相關名詞定義 196第一目 第一人財產保險 199第二目 第三人責任險 203第二款 除外不保事項 207第三款 相關名詞定義 211第三項 保險費計算方法 212第一款 雲端保險之定價策略 212第二款 雲端保險定價考量因素 214第四項 小結 217第五章 我國雲端保險之未來展望—代結論 219第一節 雲端保險市場發展前景 219第二節 雲端風險於保險適用上可能法律爭議之解決 222第一項 雲端保險承保之財產損失 222第一款 資訊安全損失認定 224第二款 被保險人之疏漏、錯誤或過失行為及部分第三人故意行為所生損失之承保範圍 224第二項 因果關係認定 226第三節 我國雲端保險之制度規劃 228第一項 外國法之借鏡 228第一項 我國雲端發展政策 230第二項 雲端保險政策建議 231參考文獻 236附件一 ENISA雲端風險等級評估比較表 251附件二 企業因雲端風險事故可能受損資產 254附件三 費率釐訂實務處理準則(摘錄) 257 zh_TW dc.format.extent 5742593 bytes - dc.format.mimetype application/pdf - dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G1023580141 en_US dc.subject (關鍵詞) 雲端 zh_TW dc.subject (關鍵詞) 雲端運算 zh_TW dc.subject (關鍵詞) 雲端服務 zh_TW dc.subject (關鍵詞) 雲端運算風險 zh_TW dc.subject (關鍵詞) 網路風險 zh_TW dc.subject (關鍵詞) 雲端保險 zh_TW dc.subject (關鍵詞) 資訊安全 zh_TW dc.subject (關鍵詞) 資料外洩 zh_TW dc.subject (關鍵詞) 網路保險 zh_TW dc.subject (關鍵詞) 網路安全 zh_TW dc.subject (關鍵詞) 風險管理 zh_TW dc.subject (關鍵詞) cloud en_US dc.subject (關鍵詞) cloud computing en_US dc.subject (關鍵詞) cloud service en_US dc.subject (關鍵詞) cloud computing risk en_US dc.subject (關鍵詞) cyber risk en_US dc.subject (關鍵詞) cloud insurance en_US dc.subject (關鍵詞) information security en_US dc.subject (關鍵詞) data breach en_US dc.subject (關鍵詞) cyber insurance en_US dc.subject (關鍵詞) cyber security en_US dc.subject (關鍵詞) risk management en_US dc.title (題名) 雲端運算服務企業⽤⼾之⾵險管理與雲端運算保險法律問題研析 zh_TW dc.title (題名) A Study on the Cloud Computing Risk Management of Enterprise Users and Related Legal Issues Arising from Cloud Computing Insurance en_US dc.type (資料類型) thesis en_US dc.relation.reference (參考文獻) 壹、 中文部分一、 書籍江朝國,保險法逐條釋義《第一卷 總則》,2012年1月。汪信君、廖世昌,保險法理論與實務,頁266,2015年10月,三版。胡為君,雲端資安與隱私:企業風險應對之道,2012年5月。范姜肱,保險行銷—兩岸實務與個案,2015年2月。財團法人保險事業發展中心,意外保險(第一輯),94年12月。陳彩稚,企業風險管理, 2012年2月。葉啟洲,保險法實例研習,2011年7月二版。葉啟洲,保險法判決案例研析(一),2013年11月。二、 期刊論文王 平、羅濟群、趙國銘、王子夏,雲端運算服務之風險分析,管理評論,第31卷第1期,2011年1月,頁1-19。林建智、李志峰,論責任保險人之抗辯義務-以美國發展為重心,東吳法律學報,第23卷第2期,頁109-157。陳秭璇,數位保險發展國際趨勢之研析,科技法律透析,第25卷第2期,2013年2月,頁9-13。張乃文,雲端運算環境之法規遵循議題剖析,科技法律透析,第25卷第7期,頁24,2013年7月,頁21-40。張紹斌、徐仕瑋,從雲端運算談個資保護,司法新聲,第99期季刊,頁33,100年7月,頁28-36。葉奇鑫、李相臣,淺淡個人資料保護法民事賠償責任及數位鑑識相關問題,司法新聲,第101期季刊,101年7月,頁33-49。廖家宏,論「除外條款」與「特約條款」之區辨—最高法院九十六年台上字第三九四號民事判決評釋,律師雜誌,2008年7月號,第346期,頁57-63。劉定基,雲端運算與個人資料保謢-以台灣個人資料保護法與歐盟個人資料保護指令的比較為中心,東海大學法學研究,第四十三期,2014年8月,頁53-106。謝淑美,雲端服務的增值稅徵納趨勢,資誠通訊,2015年3月號第287期,頁3-4。鐘文岳、汪家倩,個人資料保護法,這樣讀就對了—企業篇,萬國法律,第181期,2012年2月,頁2-17。三、 研究計畫及統計資料財團法人保險事業發展中心,中華民國104年意外保險賠款率統計表—按風險類別(曆年制)。四、 博碩士學位論文羅邵晏,雲端服務風險評估模式建立之研究,國立政治大學資訊管理學系碩士學位論文,2013年1月。五、 政策、行政命令及其他規範中華民國精算學會,費率釐訂實務處理準則,財產保險業,精算準則公報第一號,103年1月1日第5版。行政院科技會報,雲端運算發展方案,104年10月,http://www.bost.ey.gov.tw/cp.aspx?n=B56ED9F993B2EFA5。法務部法律字第 10103107800 號,101 年 11 月 21 日。資通安全管理法草案,http://www.cnra.org.tw/index.php?action=news_detail&cid=91&id=339。 六、 保單條款Zurich Security and Privacy Protection Insurance(蘇黎世產物安全與隱私保護保險),103.09.26 (103)台蘇保產品字第125874 號函。中華民國產物保險商業同工會,商業火災保險基本條款,http://www.nlia.org.tw/modules/smartsection/item.php?itemid=65。美亞產物商業犯罪保險,102.03.04(102)美亞保精字第0030號函。美亞產物資料保護保險,102.03.04(102)美亞保精字第0030號函。美亞產物資料保護保險-天網版,102.06.18(102)美亞保精字第0096號函。美亞產物資料保護保險-天網版-資料危機管理服務附加條款,102.06.18(102)美亞保精字第098號函。美亞產物資料保護保險-天網版-擴大承保網路中斷保險附加條款,102.06.18(102)美亞保精字第099號函。美亞產物資料保護保險-天網版-擴大承保媒體內容責任附加條款,102.06.18(102)美亞保精字第100號函。國泰產物資料保護保險,104.03.05(104)企字第200-90號。七、 網際網路AIG,美亞產物保險(AIG Taiwan)推出 CyberEdge—繼資料保護保險(DataPlus)之後更完整的資訊安全解決方案,2013年3月4日,http://www.aig.com.tw/news/cyberedge。Amazon EC2–虛擬伺服器託管,Amazon Web Service官方網站,http://aws.amazon.com/tw/ec2/。Aon,商業犯罪保險,http://www.aon.com/taiwan/zh/products-and-services/risk-services/commercial-crime.jsp。Sam Chen,從賈伯斯的一席話認識雲端運算,INSIDE,2014年7月15日,http://www.inside.com.tw/2014/07/15/cloud_computing_1。Sony Playstation.com (亞洲)台灣官方網站,https://asia.playstation.com/tw/cht/regional。TREND LABS 趨勢科技全球技術支援與研發中心,什麼是社交工程(social engineering )?,2011年10月12日,http://blog.trendmicro.com.tw/?p=101。林子煒,2015年資訊安全之解析與展望,IT’s通訊eNEWS,2015年第7期,http://newsletter.ascc.sinica.edu.tw/news/read_news.php?nid=3295。洪凱音,資料保護責任險升級 全台首張 雲端保險開賣,中國時報,2013年10月3日,https://tw.news.yahoo.com/資料保護責任險升級-全台首張-雲端保險開賣-213000392.html。陳國榮,SONY因PSN用戶資料外洩事件遭英國罰款39萬美元,硬底子達人網,http://www.17inda.com/html/3/article-2528.html。陳荻雅,雲端真的可以提升工作效能嗎?,數位時代,2011年11月17日,http://www.bnext.com.tw/article/view/id/20887。陳怡如,亞洲最大!Google投六億美元,台灣資料中心正式啟用,數位時代,2013年12月12日,http://www.bnext.com.tw/article/view/id/30406。黃彥棻,索尼影業遭駭事件始末大剖析,iThome,http://www.ithome.com.tw/news/93457。張頓,索尼向雇員賠800萬美元 和解駭客入侵案,大紀元,http://www.epochtimes.com/b5/15/10/23/n4556435.htm。貳、 英文部分一、 書籍FEHLING, CHRISTOPH ET AL. (2014), CLOUD COMPUTING PATTERNS.NICOLETTI, BERNARDO (2013), CLOUD COMPUTING IN FINANCIAL SERVICES.REJDA, GEORGE E. & MCNAMARA, MICHAEL J. (Prentice Hall, 12th ed. 2013), PRINCIPLES OF RISK MANAGEMENT AND INSURANCE.ROUNTREE, DERRICK & CASTRILLO, ILEANA (Hai Jiang, Technical Edt., 2014), THE BASICS OF CLOUD COMPUTING - UNDERSTANDING THE FUNDAMENTALS OF CLOUD COMPUTING IN THEORY AND PRACTICE.二、 專書論文Dasgupta, Dipankar & Naseem, Durdana (S. Srinivasan ed. 2014), A Framework for Compliance and Security Coverage Estimation for Cloud Services: A Cloud Insurance Model, in SECURITY, TRUST, AND REGULATORY ASPECTS OF CLOUD COMPUTING IN BUSINESS ENVIRONMENTS 91-114.Hon, W Kuan & Millard, Christopher (Christopher Millard ed. 2013), Cloud Technologies and Services, in CLOUD COMPUTING LAW 4-18.Kizza, Joseph M. & Yang, Li (S. Srinivasan ed. 2014), Is the Cloud the Future of Computing?, in SECURITY, TRUST, AND REGULATORY ASPECTS OF CLOUD COMPUTING IN BUSINESS ENVIRONMENTS 57-72.Losavio, Michal et al. (S. Srinivasan ed. 2014), Regulatory Aspects of Cloud Computing in Business Environments, in SECURITY, TRUST, AND REGULATORY ASPECTS OF CLOUD COMPUTING IN BUSINESS ENVIRONMENTS 156-169.Srinivasan, S. (S. Srinivasan ed. 2014), Risk Management in the Cloud and Cloud Outages, in SECURITY, TRUST, AND REGULATORY ASPECTS OF CLOUD COMPUTING IN BUSINESS ENVIRONMENTS 145-155.三、 期刊Alali, Fatima A. & Yeh, Chia-Lun, Cloud Computing: Overview and Risk Analysis, 26 J. INFO. SYS. 2 (2012).Bălţătescu, Ionela, Cloud Computing Services: Benefits, Risks and Intellectual Property Issues, 2(1) Global Economic Observer 230 (2014).Biener, Christian et al., Insurability of Cyber Risk: An Empirical Analysis, 40 The Geneva Papers on Risk and Insurance - Issues and Practice 131 (2015).Bonner, Lance, Cyber Risk: How The 2011 Sony Data Breach And The Need For Cyber Risk Insurance Policies Should Direct The Federal Response To Rising Data Breaches, 40 Wash. U. J.L. & Pol’y 257.Cheng, Tina, A Cloudy Forecast: Divergence in the Cloud Computing Laws of the United States, European Union, and China, 41 Ga. J. Int’l & Comp. L. 481.Christenson, Cass W., Insurance Coverage Regarding Data Privacy, Cloud Computing, and Other Emerging Cyber Risks, 2011 WL 601376.Cox, Dina M. et al., Cyber Insurance 101: Coverage Issues Related to Cyber Attacks and Cyber Insurance, Insurance Coverage Litigation Committee CLE Seminar (ABA)(2014).Fan, Chiang Ku & Chen, Tien-Chun, The Risk Management Strategy of Applying Cloud Computing, 3 IJACSA 9 (2012).Ferrillo, Paul & Marciano, Christine, Cyber security, Cyber governance, and Cyber insurance, Harvard Law School Forum on Corporate Governance and Financial Regulation, (Nov. 13, 2014), https://corpgov.law.harvard.edu/2014/11/13/cyber-security-cyber-governance-and-cyber-insurance/.Fortinová, Jana, Risks of Cloud Computing, 20(3) Systémová Integrace 63 (2013).Gasser, Urs & O’Brien, David, Governments and Cloud Computing: Roles, Approaches, and Policy Considerations, Berkman Center Research Publication No. 2014-6 (March 17, 2014), available at SSRN: http://ssrn.com/abstract=2410270.Gentzoglanis, Anastassios, Evolving Cloud Ecosystems: Risk, Competition and Regulation, 85 Digiworld Economic Journal 87 (2012).Gerber, Jenna, Head out of the Clouds: What the United States May Learn From the Europrean Union’s Treatment of Data in the Cloud, 23 Ind. Int`l & Comp. L. Rev. 245 (2013).Godes, Scott, Cybersecurity Risks and Insurance Coverage, 3 New Appleman Law Of Liability Insurance § 18.03 (2013).Gold, Joshua, Protection in the Cloud: Risk Management and Insurance for Cloud Computing, 15 No. 12 J. Internet L. 1 (2012).Harshbarger, Jared A., Cloud Computing Providers And Data Security Law: Building Trust With United States Companies, 16 J. Tech. L. & Pol’y 229.Kalyvas, James R. et al., Cloud Computing: A Practical Framework for Managing Cloud Computing Risk—Part I, 25 NO.3 INTELL. PROP. & TECH. L. J. 7(2013).Kalyvas, James R. et al., Cloud Computing: A Practical Framework for Managing Cloud Computing Risk—Part II, 25 NO.4 INTELL. PROP. & TECH. L. J. 19 (2013).Kattan, Ilana R., Cloudy Privacy Protections: Why the Stored Communications Act Fails to Protect the Privacy of Communications Stored in the Cloud, 13 Vand. J. Ent. & Tech. L. 617.Kosub, Thomas, Components and Challenges of Integrated Cyber Risk Management, 104 Zeitschrift für die gesamte Versicherungswissenschaft 615 (2015).Krebs, David, Regulating the Cloud: A Comparative Analysis of the Current and Proposed Privacy Frameworks in Canada and the European Union, 10 Can. J. L. & Tech. 29.McGillivray, Kevin, Conflicts in the Cloud: Contracts and Compliance with Data Protection Law in the EU, 17 Tul. J. Tech. & Intell. Prop. 217.Montgomery, Jack, Cybercrime Losses and Insurance for Property Damage and Third-Party Claims, 27 Me. B.J. 158 (2012).Quinn, Michael Sean, The Cyber-World and Insurance: An Introduction to a New Insurance, 12 J. Tex. Ins. L. 20 (2013).Rancourt, Stephen J., Hacking, Theft, And Corporate Negligence: Making The Case For Mandatory Encryption Of Personal Information, 18 Tex. Wesleyan L. Rev. 183.Reed, Toni Scott, Cybercrime: Losses, Claims, and Potential Insurance Coverage for the Technology Hazards of the Twenty-First Century, 20 Fidelity L.J. 55 (2014).Segall, Sasha, Jurisdictional Challenges In The United States Government’s Move To Cloud Computing Technology, 23 Fordham Intell. Prop. Media & Ent. L.J. 1105.Shipley, Greg, Cloud Computing: Risks, InformationWeek, Issue 1262, at 20 (2010).Soghoian, Christopher, Caught in the Cloud: Privacy, Encryption, and Government Back Doors in the Web 2.0 Era, 8 J. on Telecomm. & High Tech. L. 359 (2010).Tsanakas, Andreas & Desli, Evangelia, Measurement and Pricing of Risk in Insurance Markets, 25 Risk Analysis 6 (2005).VivinSandar, S & Shenai, Sudhir, Economic Denial of Sustainability (EDoS) in Cloud Services using HTTP and XML based DDoS Attacks, 41 International Journal of Computer Applications 11 (2012).Wilson, Nigel, E-Risks and Insurance in the Information Age, 24 NZULR 550, 556 (2011).Winn, Jane K., Insurance for Cyber-risks: Business and Legal Issues, 1.2 SKKU J. SCI. & TECH. L 87 (2007).Xie, Feng et al., A Risk Management Framework for Cloud Computing, 1 IEEE 2nd International Conference on Cloud Computing and Intelligence Systems 476 (2012).Yu, Angela, Let’s Get Physical: Loss of Use of Tangible Property as Coverage in Cyber Insurance, 40 Rutgers Computer & Tech. L.J. 229 (2014).四、 研究報告及統計資料ASSOCIATION OF BRITISH INSURERS (ABI), MAKING SENSE OF CYBER INSURANCE: A GUIDE FOR SMES (May 2016), available at https://www.abi.org.uk/Insurance-and-savings/Products/Business-insurance/Cyber-risk-insurance.CROWE HORWATH LLP ET AL., ENTERPRISE RISK MANAGEMENT FOR CLOUD COMPUTING (Committee of Sponsoring Organizations of the Treadway Commission) (Jun. 2012).EDARA, SREE RAMA & KANDAGATLA, RANJITH KUMAR, CAPGEMINI, CLOUD COMPUTING IN THE PROPERTY & CASUALTY INSURANCE INDUSTRY - THE CASE FOR DEVELOPING A HOLISTIC CLOUD STRATEGY, available at https://www.hu.capgemini.com/resource-file-access/resource/pdf/Cloud_Computing_in_the_Property___Casualty_Insurance_Industry.pdf.ENISA, CLOUD COMPUTING BENEFITS, RISKS AND RECOMMENDATIONS FOR INFORMATION SECURITY (2009), available at https://www.enisa.europa.eu/activities/risk-management/files/deliverables/cloud-computing-risk-assessment.ENISA, CLOUD COMPUTING BENEFITS, RISKS AND RECOMMENDATIONS FOR INFORMATION SECURITY (2012), available at https://resilience.enisa.europa.eu/cloud-security-and-resilience/publications/cloud-computing-benefits-risks-and-recommendations-for-information-security.EUROPEAN COMMISSION, UNLEASHING THE POTENTIAL OF CLOUD COMPUTING IN EUROPE (2012), available at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0529:FIN:EN:PDF. FEDERAL INSURANCE OFFICE, ANNUAL REPORT ON INSURANCE INDUSTRY, U.S. DEPARTMENT OF THE TREASURY (September 2015).FITÓ, ORIOL J. & GUITART, JORDI, INTRODUCING RISK MANAGEMENT INTO CLOUD COMPUTING, http://www.ac.upc.edu/app/research-reports/html/RR/2010/33.pdf.HM GOVERNMENT, GOVERNMENT CLOUD STRATEGY – A SUB STRATEGY OF THE GOVERNMENT ICT STRATEGY 15, March 2011, available at https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/266214/government-cloud-strategy_0.pdf.HM GOVERNMENT & MARSH, UK CYBER SECURITY – THE ROLE OF INSURANCE IN MANAGING AND MITIGATING THE RISK (March 2015), available at https://www.marsh.com/uk/insights/research/uk-cyber-security-role-of-insurance-in-managing-mitigating-risk.html. INSTITUTE OF RISK MANAGEMENT, CYBER RISK – EXECUTIVE SUMMARY (2014).KENT, KAREN & SOUPPAYA, MURUGIAH, GUIDE TO COMPUTER SECURITY LOG MANAGEMENT, NIST, available at http://dl.acm.org/citation.cfm?id=2206303.KESAN, JAY P. ET AL., CYBERINSURANCE AS A MERKET-BASED SOLUTION TO THE PROBLEM OF CYBERSECURITY - A CASE STUDY, Jan. 1, 2005, http://docplayer.net/2850625-Cyberinsurance-as-a-market-based-solution.html. MELL, PETER & GRANCE, TIMOTHY, THE NIST DEFINITION OF CLOUD COMPUTING 2, U.S. DEP’T OF COMMERCE (2011), Spec. Publ’n 800-145, available at http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf.MERRILL, TOBY & KANG, THOMAS, CLOUD COMPUTING: IS YOUR COMPANY WEIGHING BOTH BENEFITS & RISKS?, ACE INSUREDTM (2014), available at http://www.acegroup.com/us-en/assets/privacy-network-security-cloud-computing-is-your-company-weighing-both-benefits-risks.pdf.NIST, GLOSSARY OF KEY INFORMATION SECURITY TERMS (Richard Kissel, ed. 2013), available at http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf.PONEMON INSTITUTE LLC, DATA BREACH: THE CLOUD MULTIPLIER EFFECT (2014).PWC, INSURANCE 2020 & BEYOND: REAPING THE DIVIDENDS OF CYBER RESILIENCE 10 (Sep. 2015), available at http://www.pwccn.com/home/eng/insurance_2020_sep2015.html.RIGHTSCALE, 2016 STATE OF THE CLOUD REPORT (2016), available at http://www.mcit.gov.eg/Upcont/Documents/Reports%20and%20Documents_1252016000_RightScale-2016-State-of-the-Cloud-Report.pdf.SWISS RE, SWISS RE SONAR NEW EMERGING RISK INSIGHTS, July 2014, available at http://www.swissre.com/rethinking/emerging_risks/Swiss_Res_SONAR_new_emerging_risk_insights_for_2014.html.THE ECONOMIST, REPUTATION RISK: RISK OF RISKS (2005).UNCTAD, INFORMATION ECONOMY REPORT 2005, UNCTAD/SDTE/ECB/2005/1, U.N. Sales No. E.05.II.D.19 (2005).VERDANTIX, CLOUD COMPUTING – THE IT SOLUTION FOR THE 21ST CENTURY (2011), available at https://www.cdp.net/en-us/whatwedo/cdpnewsarticlepages/cloud-computing-can-dramatically-reduce-energy-costs-and-carbon-emissions.aspx.五、 判決America Online v. Saint Paul Mercury Insurance, 207 F. Supp. 2d 459 (E.D. Va. 2002).American Guarantee & Liability Insurance Co. v. Ingram Micro, Inc., Civ. 99-185 TUC ACM, 2000 WL 726789 (D. Ariz. April. 18, 2000).Anderson v. Hannaford Bros. Co., 659 F.3d 151 (2011).Central Delta Water Agency v. U.S., 306 F.3d 938 (2002).Clapper v. Amnesty Intern. USA, 133 S.Ct. 1138, 1147 (2013).Eyeblaster Inc. v. Federal Insurance Co., 613 F.3d 797 (8th Cir. 2010).Hammond v. The Bank of New York Mellon Corp., 2010 WL 2643307 (2010).In re Barnes & Noble Pin Pad Litigation, WL 4759588 (2013).In Re Sony PS3 Others OS Litigation, No. 3:2010cv01811 - Document 185 (N.D. Cal. 2011).Krottner v. Starbucks Corp., 628 F.3d 1139 (2010).Lambrecht & Associates, Inc. v. State Farm Lloyds, 119 S.W.3d 16 (2003).Landmark American Ins. Co. v. Gulf Coast Analytical, 2012 WL 1094761, at 1 (2012).Lynch Props. Inc. v. Potomac Ins. Co., 962 F. Supp. 956.Maximillian Schrems v. Data Protection Commissioner, 2014 WL 4954897 (2014).Michael Corona, et al v. Sony Pictures Entertainment, Inc., 2015 WL 3916744 (C.D.Cal.).Moyer v. Michaels Stores, Inc., 2014 WL 3511500 (2014).Pisciotta v. Old Nat. Bancorp, 499 F.3d 629 (2007).Prudential Insurance Co v. Inland Revenue Commissioners, [1904] 2 K.B. 658.Republic Nat. Life Ins. Co. v. Heyward, 536 S.W.2d 549 (1976).Retail Systems, Inc. v. CNA Ins. Co., 469 N.W.2d 735 (Minn. App. 1991).Retail Ventures, Inc. v. National Union Fire Ins. Co. of Pittsburgh, Pa., 691 F.3d 821, 826 (2012).Santos v. Peerless Ins. Co, 2009 WL 1164972 (2009).South Cent. Bell Telephone Co. v. Barthelemy, 643 So.2d 1240 (La.1994).St. Paul Fire & Marine Ins. Co. v. Compaq Computer Corp., 539 F.3d 809 (8th Cir.2008).Ward General Ins. Services, Inc. v. Employers Fire Ins. Co., 114 Cal.App.4th 548 (2003).Zurich American Insurance Co., et al. v. Sony Corp. of America, et al., No. 651982/2011 (N.Y. Sup. Ct. New York Cty.).六、 政策、法規(含草案)1. 美國法16 C.F.R. §314.3-.4 (2011).16 C.F.R. §681.1(d) (2011).45 C.F.R. §§ 164.308-314 (2011).15 U.S.C. §§ 6801-6809 (2006).15 U.S.C.A. § 7463.18 U.S.C.A. §§ 2701 -12.18 U.S.C.A. § 2510.42 U.S.C. § 1320d-6 (2006)42 U.S.C. § 1320d-1 (2006).Computer Fraud and Abuse Act of 1984, 18 U.S.C. § 1030.Data Breach Notification Act of 2011, S. 1408.Electronic Communications Privacy Act of 1986, U.S. Dept. of Just., Off. of Just. Programs, http://it.ojp.gov/default.aspx?area=privacy&page=1285.Mass. Code Regs. § 17.00 (2011).Md. Code Ann., Com. Law § 14-3503 (West 2011).Nev. Rev. Stat. § 597.970 (2008).Personal Data Protection and Breach Accountability Act of 2011.Restatement (Second) of Torts § 919 (1979).SEC, Corporate Finance’s Disclosure Guidance on Cybersecurity, Oct. 13, 2011, available at https://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm.Vivek Kundra, Federal Cloud Computing Strategy, the White House (2011), available at https://cio.gov/worldclassdigitalservices/cloud/.2. 歐盟法2000/520/EC: Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce (notified under document number C(2000) 2441).Directive 2002/58/EC.Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995, on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of such Data.EU Commission, Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace (2013).Network and information security directive: Co-legislators agree on the first EU-wide legislation on cybersecurity - digital single market - European commission, EU Commission (Dec. 9, 2015), https://ec.europa.eu/digital-single-market/en/news/network-and-information-security-directive-co-legislators-agree-first-eu-wide-legislation.Proposal for a Regulation of the European Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of such Data (General Data Protection Regulation), COM (2012) 11 final (Jan. 25, 2012)七、 保單條款Esurance® CPM Policy Document 1-3, CFC CPM UK V1.9, CFC Underwriting Limited, available at http://www.stgilesgroup.co.uk/storage/documents/Cyber%20Policy%20Wording.pdf. ISO Property Inc., Commercial General Liability Form (2003) , available at http://www.ngwa.org/documents/insurance/ngwasamplegeneralliabilityform.pdf.ISO, ISO’s Cyber Insurance Program, available at http://www.verisk.com/downloads/iso-cyber-insurance-program.pdfMarsh, CloudProtect – A Cyber Policy Enhancement, available at https://www.marsh.com/us/services/cyber-risk/marsh-cloudprotect-cyber-policy-enhancement.html.Traveler’s - Sample Insuring Agreement 1-2, CYB-3001 Ed. 07-10, available at https://www.travelers.com/business-insurance/cyber-security/management-professional-liability/cyber-risk-forms.aspx. 八、 網際網路ABI, Cyber Insurance To Become A Business Essential Within The Next Decade, May 5, 2015, https://www.abi.org.uk/News/News-releases/2015/05/Cyber-insurance-to-become-a-business-essential-within-the-next-decade.Alpeyev, Pavel et al., Amazon.Com Server Said To Have Been Used In Sony Attack, Bloomberg Business, BLOOMBERG TECHNOLOGY, (May 15, 2011, 3:53 AM HKT), http://www.bloomberg.com/news/articles/2011-05-13/sony-network-said-to-have-been-invaded-by-hackers-using-amazon-com-server.Alvarez, Edgar, Sony Pictures Hack: The Whole Story, ENGADGET, (Dec. 10, 2014), http://www.engadget.com/2014/12/10/sony-pictures-hack-the-whole-story/.BBC News, Sony Fined Over ‘Preventable’ Playstation Data Hack, (Jan. 24, 2013), http://www.bbc.com/news/technology-21160818.Berkowitz, Ben, Sony Insurer, Zurich, Files Suit To Deny Data Breach Coverage, INSURANCE JOURNAL, (Jul. 21, 2011), http://www.insurancejournal.com/news/national/2011/07/21/207474.htm.Bisson, David, Sony Pictures Loses Bid to Throw Out Data Breach Lawsuit, THE STATE OF SECURITY, (Jun. 16, 2015), http://www.tripwire.com/state-of-security/latest-security-news/sony-pictures-loses-bid-to-throw-out-data-breach-lawsuit/.Cambridge Dictionary Online, http://dictionary.cambridge.org. Federal Trade Commission, U.S.-EU Safe Harbor Framework, Nov. 6, 2015, https://www.ftc.gov/tips-advice/business-center/privacy-and-security/u.s.-eu-safe-harbor-framework.Greenwald, Judy, Cloud Computing Risks Generally Covered By Cyber Insurance - Coverage Important As Cloud Vendors Try To Limit Liability, (Jan. 15, 2012), Business Insurance, http://www.businessinsurance.com/article/20120115/NEWS07/301159996/cloud-computing-risks-generally-covered-by-cyber-insurance. Ha, Young, N.Y. Court: Zurich Not Obligated To Defend Sony Units In Data Breach Litigation, INSURANCE JOURNAL, (Mar. 17, 2014), http://www.insurancejournal.com/news/east/2014/03/17/323551.htm.Ha, Young, Sony, Zurich Reach Settlement in PlayStation Data Breach Case in New York, INSURANCE JOURNAL, (May 1, 2015), http://www.insurancejournal.com/news/east/2015/05/01/366600.htm.Information Is Beautiful, World’s Biggest Data Breaches, http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/.ISACA, Cybersecurity Legislation Watch, http://www.isaca.org/cyber/pages/cybersecuritylegislation.aspx (last visited Jan. 14, 2016).Investopedia, http://www.investopedia.com. Musil, Steven, Sony Hack Leaked 47,000 Social Security Numbers, Celebrity Data, CNET, (Dec. 4, 2014, 7:05 PM PST), http://www.cnet.com/news/sony-hack-said-to-leak-47000-social-security-numbers-celebrity-data/.Navetta, David, Cyber Insurance: An Efficient Way to Manage Security and Privacy Risk in the Cloud?, Info. Law Grp. (Feb. 1, 2012), http://www.infolawgroup.com/2012/02/articles/cloud-computing-1/cyber-insurance-an-efficient-way-to-manage-security-and-privacy-risk-in-the-cloud/.Newbusiness, Cyber security and insurance to become compulsory by 2017, May. 31, 2016, http://www.newbusiness.co.uk/articles/insurance-advice/cyber-security-and-insurance-become-compulsory-2017.Palermo, Elizabeth, 10 Worst Data Breaches of All Time, TOM’S GUIDE, (Feb 6, 2015, 7:00 AM), http://www.tomsguide.com/us/biggest-data-breaches,news-19083.html.PCI official website, https://www.pcisecuritystandards.org.Ragan, Steve, Breach Insurance Might Not Cover Losses At Sony Pictures, CSO, (Dec. 15, 2014, 6:29 AM PT), http://www.csoonline.com/article/2859535/business-continuity/breach-insurance-might-not-cover-losses-at-sony-pictures.html.Rouse, Margaret, Privilege Escalation Attack, TechTarget, available at http://searchsecurity.techtarget.com/definition/privilege-escalation-attack.Schwartzel, Erich, Cybersecurity Insurance: Many Companies Continue To Ignore The Issue, PITTSBURGH POST-GAZETTE, (June 22, 2010 4:00 AM), http://www.post-gazette.com/business/tech-news/2010/06/22/Cybersecurity-insurance-Many-companies-continue-to-ignore-the-issue/stories/201006220157.Swiss Re, Cyber Risks - Insurable, But Within Limits, http://www.swissre.com/reinsurance/insurers/casualty/Cyber_risks_insurable_but_within_limits.html.Synergy research group, Amazon Leads; Microsoft, IBM & Google Chase; Others Trail, Agu. 1, 2016, https://www.srgresearch.com/articles/amazon-leads-microsoft-ibm-google-chase-others-trail.TREND MICRO, Cloud Makes Data Breaches Increasingly Likely And Costly, June 17, 2014, http://blog.trendmicro.com/cloud-makes-data-breaches-increasingly-likely-costly/.Walker, Danielle, Sony To Shell Out $15M In PSN Breach Settlement, SC MAGAZINE, (Jul. 24, 2014), available at http://www.scmagazine.com/sony-to-shell-out-15m-in-psn-breach-settlement/article/362720/.Woodward, Jeff, The 2001 ISO CGL Revision, IRMI, (Jan. 2002), https://www.irmi.com/articles/expert-commentary/the-2001-iso-cgl-revision. zh_TW