學術產出-學位論文
文章檢視/開啟
書目匯出
-
題名 我國資訊安全管理法律之探討: 以關鍵資訊基礎建設保護為核心
The study on Taiwan`s Cybersecurity Management Act: Focus on Critical Information Infrastructure Protection作者 萬幼筠
Wan, Youyen貢獻者 陳起行
萬幼筠
Wan, Youyen關鍵詞 網際安全
資訊安全
關鍵資訊基礎建設保護
風險管理
資訊安全法律
Cybersecurity
Cybersecurity Law
Critical Information Infrastructure Protection
Risk management
Digital governance
Resilience日期 2019 上傳時間 7-八月-2019 16:41:08 (UTC+8) 摘要 網路與資訊科技的發展,對於國家與社會或社群的發展,以及群己關係都出現典範移轉,近年來隨著資通訊與網路科技的便利性與效率逐步滲透入各公私領域,成為不可或缺的操作工具與能力,也因此進而影響到經濟發展、民生活動,甚且地緣政治與國際關係的角力。至近二十年來的網路與通訊革命,使得社會、國家和資訊網路緊密相依性改變了群己生活的面貌。此種趨勢使得虛擬社會(Cyberspace)概念的出現,也讓網路、資通訊技術以及多元應用,成為現代化國家競爭與經濟發展的基石之一。然基於此基石之保護,已成為國家未來競爭力環節的重要部份,我國總統蔡英文女士亦提出「資安即國安」的策略,冀引起政府與民間的通力合作,以期促成先進的數位化國家,帶給人民福祉。但是若無規畫完善的法制環境,還有社會理解,並無法形成一個穩定的網際空間,除此之外,足夠的資安人才的培育,並透過政府與民間合作的格局,促使網路虛擬世界 (Cyberspace) 與資訊法律(Cyberlaw)的完善規畫,吾人得以界定網路世界的安全與保護的方式。此所以我國隨全球先進國家之腳步,訂定資訊或網路安全法律(Cybersecurity Law)來保護國家資通訊環境之發展。基於歐盟資訊安全法律(Cybersecurity Act)的設計與建構可說是相對領先的法形成過程,且完整具備政策綱領,法規與執行規範,足為參考之外。歐盟以國家資通訊基礎建設保護(Critical Information Infrastructure Protection)作為立法理念,屏除過去資訊安全立法,不同於政府或國家安全與情報保護的保護想法,亦迴異於傳統資訊安全規管以國安或情報監察,或仰賴不具技術中立性技術保護規格的迷思。皆為相對洞見的立法內容,歐盟資訊安全法透過公私機構合作,落實情資交換、人才培育,與專責機構協力等方式,帶動美日亞洲各國紛紛起而仿效,因此本研究將針對歐盟,美國兩者以實施資訊安全法三年以上之國家,對我國甫通過之資訊安全法律(Cybersecurity Law)進行比較與分析,並嘗試以具落實發展效果之框架,比較法規內容架構,運作情形與可能運作問題等,提出我國資通訊安全法律未來調適或改進的可能方向。本研究的結果發現,我國目前的資通安全管理機制,較缺乏清楚的政策綱領僅以保護方法為要,缺乏如歐盟以「數位單一市場」(Digital Single Market)為發展資通訊法律之綱領作為政策選擇的依據,此外,目前之我國之資訊安全法律並缺乏整合跨產業CII(關鍵資訊基礎建設)具融合性的資訊安全治理方法 (歐盟以數位治理為準則),或與其他資料保護法律的連結,使得資訊安全的防護缺乏明確的連結。 除了強調公營機構與政府機關之外受該法之觀照之外,目前我國的經特許之民營金融,電信與部分醫療產業,作為民生與經濟基石的私部門資訊安全皆尚未完全妥善納入治理,並針對人才別,產業別與市場需要且法律落實(Law in Action)發展的實務與執行面上, 使的我國資通安全法律尚有相當大未來之調適空間。【關鍵字】 : 網際安全、資訊安全、關鍵資訊基礎建設保護、風險管理、資訊安全法律、Cybersecurity Law、Cyberspace、Interdependency、Resilience、Cyberethics
AbstractThis study examines and analyzes the information security laws (Cybersecurity Law) adopted by the European Union,the United States and Taiwan from the perspective of implementation effectiveness of the regulations by comparing their legal framework,contents of the regulations,implementation status as well as discussing relevant regulatory issues and challenges,and proposes approaches for future modification or improvement of Taiwan`s cybersecurity regulations.The European Union`s information security regulations were selected as the main subject of study in view of the characteristics of their design framework and implementation requirements are relatively effective. The European Union takes the protection of the Critical Information Infrastructure (CII) as the core issue of the information security regulations,which requires public-private partnerships in information exchange and personnel training,and demands the cooperation of the responsible organizations and competent authorities. The design of information security laws and regulations in the United States and Japan has also adopted such approaches.The network and information technology has shifted the paradigm of development for nations,societies,or communities,as well as the relationship between group and individual. Over the past two decades,with the convenience and efficiency of access to information and network technology,it has gradually permeated into every facet of everyday life,and have become indispensable tools and functions as the foundation of almost all public and private sectors,which in turn have impact on economic development,people`s livelihood,and even the geopolitical and international relations.Such trend and the ubiquity of the Internet have led to the emergence of the virtual community,"Cyberspace",and making Internet and communication technology one of the cornerstones of national competitiveness and economic development in modern countries. The protection of such cornerstones is critical for a country to stay competitive in the future and it is important that the government to work with the private sectors to secure the network services and infrastructure of information technology.In addition to the current protection measures of the information infrastructure and services,it is critical to take into account the trends that are defining the future of our societies and governance systems when planning the protection program of national information and communication. For example,the education of information security professionals should then not only consider the status quo but the needs of the future society,and Cybersecurity Law shall be enacted under the Network and Information Law (Cyberlaw) to protect the development of the information society.The results of this study show that Taiwan`s current control and management mechanism of information and communication security lacks a clear policy framework,and only adopts protection operations as the control measures. The European Union,however,has established the policy framework,"Digital Single Market",as the guideline for the development of information and communication regulations and the basis for policy formulation. In addition,Taiwan`s current information security regulations lacks an integrated information security regulatory regime,such as a cross-industry CII information security governing system,whereas the European Union adopts Digital Governance as the integrated system,and there is also a lack of connections with other data protection regulations,which makes the protection measures of information security without clear connection to the protection objectives.Taiwan`s public institutions and government agencies are subject to information security regulations by law,however,with respect to those private franchising financial institutions,telecommunications and medical industries,as these industries of the private sector also serve as the cornerstone of people`s livelihood and economic development,the current regulation of information security management for the private sectors shall be Retrieved and enhanced. In response to the revision and development of Taiwan`s Cybersecurity Law and Cyberlaw,it is suggested that to conduct a complete review and revision from the perspective of human resources and professional training,industries and sectors,market needs,law in action,and the implementation and practice of information security regulations.[Keywords] : Cybersecurity,Cybersecurity Law,Critical Information Infrastructure Protection,Digital Governance,Cyberethics,Interdependency,Risk Management參考文獻 參考文獻中文部分書籍1.Bech, Ulrich著,汪浩譯,風險社會-通往另一個現代的路,台北: 巨流 出版社,2004年2月第一版。2.伯特蘭羅素,西方哲學史–以社會和政治視角考察哲學的一般歷史,重慶: 重慶出版社,2016年11月1日第三版。3.馬民虎,歐盟信息安全法律框架,北京: 法律出版社,2009年1月1日第一版。4.高宣揚,當代社會理論,台北: 五南出版社,1998年9月1日第一版。5.許耀明。歐盟法WTO法與科技法。台北: 元照出版社,2009年4月第一版。6.陳振楠、林永修、王瑞祥,資通安全法律教材,台北: 智勝出版社,2013年3月18日第一版。期刊論文1.吳齊殷、戴昀,虛擬空間的倫理議題─網路社會的社會秩序與信任,E社會的公共倫理-公民德行與公民養成研討會論文集【專刊】,2014年。2.周桂田,網際網路上的公共領域-在風險社會下的建構意義,第二屆資訊與社會研討會論文【專刊】,中央研究院社會學研究所,1997年。3.張道武,亞里士多德空間概念研究,科學技術與辯證法雜誌,Vol.19 No.2,2002年。4.郭良文,台灣網際網路興起之政治經濟學分析: 一個全球化發展的觀點【專刊】。第二屆資訊科技與社會轉型研討會論文集,1997年。5.陳偉、吳剛、祈志敏,浅析我国网络信息安全保险体系的建立与发展,信息安全等級保護技術研討會論文【專刊】,2016年。6.程威、周軍、羅凱,風險評估量化分析,信息網路安全期刊-公安部第三研究所,Vol:8 Issue: 10,2011年。7.劉金瑞,歐盟網路安全立法最近展及其意義,汕頭大學學報,Vol.1,2017年。8.應晨林,網路治理現代化視角下的網路安全立法之戰略定位,資訊安全研究,Vol. 2 Issue.9,2016年。研究計畫1.中華民國資訊軟體協會,國家通訊傳播委員會資訊安全管理系統研究計畫期末報告, 台北:國家通訊傳播委員,2011年。2.王仁甫,數位經濟與我國網路安全保險之趨勢,台北: 行政院,2018年。3.朱斌妤,數位國家治理(2):國情追蹤與方法整合,台北:行政院國家發展委員會,2015年。4.行政院國土安全辦公室,國家關鍵基礎設施安全防護指導綱要,台北: 行政院,2014年。5.行政院資通安全處,行政院國家資通安全會報107年資通安全諮詢會議,台北: 行政院資訊安全處,2018年。6.行政院資通安全辦公室,建立我國通資訊基礎建設安全機制計畫(94 年至 97 年),台北: 行政院國家資通安全會報,2007年。7.我國資通安全發展藍圖,我國資訊安全產業發展計畫 (107年-114年),行政院資通安全會報,2018年。8.國安會-資通安全辦公室,國家資通安全戰略報告,台北:中華民國總統府,2019年。9.國家發展委員會,網路智慧新台灣政策白皮書,台北: 行政院,2016年。10.國家發展委員會,數位國家創新經濟發展方案DIGI+,台北: 行政院科技顧問會報,2016年。11.張承瑞,科技犯罪偵查暨數位鑑識出國參訪報告書,台中: 刑事警察局,2010年。12.萬幼筠,政府委外採購資訊安全計畫-104年政府資訊安全長會議專題,台北: 行政院資通安全會報,2015年。13.資策會科技法律研究所,我國資通安全法制研究-資通安全授權子法-資訊安全管理法施行細則,台北: 行政院資通安全處,2018年。14.資策會科技法律研究所,資通安全管理法子法發展計畫草案(第二階段北區公聽會),台北: 行政院資安處,2018年。15.蔡玉玲,虛擬世界發展法規調適規劃方案(核定本),台北:國家發展委員會,2016年。16.聯合行銷研究股份有限公司, 106年民眾數位機會調查報告, 台北: 行政院國家發展委員會,2017年。17.謝永江,网络空间安全法律法规研究子計畫-論網路安全法的基本原則, 北京: 中国工程院,2016年。博碩士學位論文1.王欣怡,殭屍網路之攻防架構與分析研究,未出版之博(碩)士論文,銘傳大學,資訊傳播研究所,台北,2011年。2.王泰銓,歐盟基本權利憲章之探討,未出版之博(碩)士論文,淡江大學,歐洲研究所, 新北市, 2002年。3.劉興浚,強化我國資訊安全管理法之研究,未出版之博(碩)士論文,東吳大學: 法律研究所,台北,2015年。4.鍾文魁,關鍵資訊基礎設施保護法制面建構與分析, 未出版之博(碩)士論文,東吳大學: 法律研究所,台北,2018年。網際網路1.TVBS - 金管會兩策略拚資安險保費,收入年增25% ,最後瀏覽日: June/25/2019, 檢自: https://news.tvbs.com.tw/world/9494692.vTaiwan 數位經濟法規線上諮詢, 最後瀏覽日: May/15/2019, 檢自: https://vtaiwan.tw/intro/3.中國如何獲取美國科研技術?權威學者關鍵報告:又偷又騙!是人類歷史上規模最大的財富轉移. 最後瀏覽日: June/1/2019, 檢自: https://www.storm.mg/article/669795?srcid=7777772e73746f726d2e6d675f66306361323834303833663465313432_15625838714.中華民國總統府,資通電軍成軍 總統: 有形國土 捍衛到底. 無形國土 絕不讓步,最後瀏覽日: June/1/2016, 檢自: https://www.president.gov.tw/NEWS/214515.石依華,中美駭客大戰-硝煙漸息 IT home 新聞,最後瀏覽日: May/31/2019, 檢自: https://www.ithome.com.tw/node/127836.伍芬婕,政府開放資料,在世界第一之後?,天下雜誌,最後瀏覽日: May/31/ 2019,檢自: https://www.cw.com.tw/article/articleLogin.action?id=50735437.自由時報電子報,國安法修法三讀 網際空間納入,最後瀏覽日: June/18/ 2019, 檢自 : https://news.ltn.com.tw/news/politics/breakingnews/28269468.吳建興,瑞典首次發出阻斷連線禁制令,最後瀏覽日: April/10/2019, 檢自 : https://stli.iii.org.tw/article-detail.aspx?no=16&tp=1&i=0&d=77849.國家級駭客橫行全球-行政院技服中心資安新聞,最後瀏覽日: April/5/2019,檢自: https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=1618210.國家資通安全會報技術服務中心簡介,最後瀏覽日: June/10/2019,檢自: https://www.nccst.nat.gov.tw/About?lang=zh11.張雪峰,資訊安全概論-第三章資訊認證技術,最後瀏覽日2019/5/20 , 檢自: https://www.zip118.com/180187176_0814/6879.html12.陳慧菱,金管會將清查上市櫃公司投保資安險狀況,並納入公司治理評鑑”,鉅亨網,August/13/2018,最後瀏覽日: June/5/2019, 檢自: https://www.csronereporting.com/news/show/499213.黃彥棻,立院通過廢止資安中心條例-親痛仇快,IThome 電腦報, 最後瀏覽日: May/4/2016, 檢自: https://www.ithome.com.tw/news/10571414.黃惠聆,企業資訊安全頻拉警報,資安險投保倍增,明年更旺,工商時報, November/27/2018,最後瀏覽日: Jun/12/2019, 檢自: https://www.chinatimes.com/newspapers/20181127000437-260208?chdtv15.意外發生!大量歐洲網路流量被導向中國長達2小時,最後瀏覽日: June/4/2019,檢自: https://netmag.tw/2019/06/14/量歐洲網路流量被導向中國長達2小時16.經濟部國營事業委員會年報,最後瀏覽: 2019/05/21,檢自: https://www.moea.gov.tw/Mns/CNC/content/wHandMenuFile.ashx?file_id=154817.資通安全管理法之衝擊與影響,最後瀏覽日: June/ 19/ 2019,檢自: https://www.sgs.com.tw/zh-tw/news/2019/03/n_20190311_118.網路民議: 翻牆罪,終於要落地了?,中國數字時代電子報,最後瀏覽日: April/21/2019, 檢自: https://chinadigitaltimes.net/chinese/2019/06/%E3%80%90%E7%BD%91%E7%BB%9C%E6%B0%91%E8%AE%AE%E3%80%91%E7%BF%BB%E5%A2%99%E7%BD%AA%E7%BB%88%E4%BA%8E%E8%A6%81%E8%90%BD%E5%9C%B0%E4%BA%86%EF%BC%9F/19.聯合國大會決議 (A/53/576)政府專家小組報告,最後瀏覽日: May/ 24/2019,檢自: https://s3.amazonaws.com/unoda-web/wp-content/uploads/2017/09/Information-Security-Fact-Sheet-Sep2017.pdf20.聯合國大會決議 UN (37/50)號,最後瀏覽日: May/24/2019,檢自: https://undocs.org/zh/A/RES/53/7021.鍾銘,中世紀間諜戰,最後瀏覽日: April/2/2019,檢自: https://kknews.cc/zh-tw/world/z96gbeg.html22.蘋果日報,中國31t.tw在台註冊宣傳,危害國安遭NCC火速斷網, 最後瀏覽日: April/10/2019, 檢自: https://tw.appledaily.com/new/realtime/20190315/1534035/參考文獻英文部分書籍1.Bauer, Craig P., Secret History: The Story of Cryptology, Florida USA: CRC Press, (2016).2.Bellia, Patricia L., Cyberlaw: Problems of Policy and Jurisprudence in the Information Age, Minnesota: WEST: Thomason Reuters Business, (2007).3.Bodeau, Deborah J., Cyber Threat Modeling: Survey, Assessment, and Representative Framework and legal study. The Homeland Security Systems Engineering and Development Institute (HSSEDI)™ Operated by The MITRE Corporation. Pittsburgh: MITRE,(2012).4.Christakis, Theodore, The Relations Between Cybersecurity, Data Protection and Privacy: A European Perspective, Berlin Germany: The Alexander von Humboldt Institute for Internet and Society (HIIG) , (2017).5.Clemente, Dave, Cybersecurity and Global Interdependence: What is Critical? Royal Institute of International Affairs, British: CHATHAM HOUSE, (2013).6.Dähn, Marie-Christine, Cyber Security: Public Responsibility and Fundamental Rights, or Shared Responsibility and Regulatory Challenge? Berlin Germany, Berlin Germany: The Alexander von Humboldt Institute for Internet and Society (HIIG) , (2017).7.ENISA, , Good Practices for identifying and assessing cybersecurity interdependencies, Athen: ENISA (2018).8.Friedman, Thomas, The world is flat, U.S.A: Farrar Straus Giroux.(2006).9.Gibson, William, (1982), “Burning Chrome”, Omni Magazine, (2005).10 Government of Netherlands, International Cyber Strategy: Towards an integrated international cyber policy, Netherland: Government of Netherland, (2017).11 Habermas, Jurgen, Strukturwandel der Offentlichkeit, Suhrkamp: Frankfurt am Main, (1990).12 Harrop, Wayne, Cyber Resilience: A Review of Critical National Infrastructure and Cybersecurity Protection Measures: Applied in the UK and USA, London: Palgrave Macrmillan, (2015).13 International Telecommunication Union, International Standard: ITU-T X.1051 Overview of Cybersecurity. Swiss: ITU, (2016).14 Koepsell, David R., The Ontology of Cyberspace: Philosophy, Law and the future of Intellectual Property, Chicago: Open Court, (2003).15 Kosseff, Jeff, Cybersecurity Law, New Jersey: John Wiley & Sons, (2017).16.Lee, Michael J., Toward Industrial Cybersecurity Resilience of Multinational Cooperation. IFAC Conference on Technology, (2018).17.Lessig, Lawrence The Code Version 2.0, Boston: Basic Books Publish, (2006),.18.Lemieux, Frederic, Current and Emerging Trends in Cyber Operations, London: Palgrave Macmillan, (2015).19.Lipton, Jacqueline, Rethinking Cyberlaw, Northampton: Edward Elgar Publishing, (2015).20.McNicholas, Edward R. Cybersecurity: A Practical Guide to the Law of Cyber Risk,New York: Practising Law Institute, (2015),.21.Mitnik, Kevin D., William L., Simon The Art of Deception: Controlling the Human Element of Security, New Jersey: John Wiley & Sons, (2002),.22.O’Connell, Marchy Ellen, Cyber Security and International Law, Royal Institute of International Affairs, British: CHATHAM HOUSE, (2012).23.Ohlin, Jens David, Cyber War: Law and Ethics for Virtual Conflicts, Oxford University Press, (2013).24.Orji, Uchenna Jerome, Cybersecurity Law and Regulation, Netherland: Wolf Legal Publishers (WLP), (2012).25.Pieprzyk, Josef, Fundamentals of Computer Security, Sydney Australia: Springer, (2003).26.Raul, Alan Charles, Privacy Law and Cybersecurity Law Review, London: Sidley Austin, (2018).27.Sigfusson, T. & Harris S., Cyberspace: A Paradigm Shift for International Entrepreneurs’ Relationships? In: Harris S., Kuivalainen O., Stoyanova V. (eds) International Business. The Academy of International Business. London: Palgrave Macmillan, London, (2012).28.Simon, Herbert A., The new Science of Management Decemberision, Prentice Hall,(1977).期刊論文1.Adams, Samantha A., The Governance of Cybersecurity ,TILT – Tilburg Institute for Law, Technology, and Society - Tilburg University, (2015).2.Atkinson, Sean, Cybersecurity Tech Basics: Vulnerability Management: Overview, Thomson Reuters Practical Law Vol: W-013-3774, (2018).3.Bauer, Johannes M. & Dutton, William H., “The New Cybersecurity Agenda: Economic and Social Challenges to a Secure Internet”, The World Development Report 2016: Digital Dividends, (2016).4.Bodeau, Deborah J. et.al., Cyber Threat Modeling: Survey, Assessment, and Representative Framework and Legal Study, The Homeland Security Systems Engineering and Development Institute (HSSEDI)™ Operated by The MITRE Corporation, Case Number 18-1174 / DHS reference number 16-J-00184-01, (2012).5.Bomse, Amy Lynne, “The Independence of Cyberspace”, Duke Law Review Vol.50, (2001).6.Brilingaite, Agne et. al, “Environment for Cybersecurity Tabletop Exercise”, 2017 The European Conference on Game-Based Learning, (2017).7.Castells, Manuel, “An Introduction to the Information Age”, Oxford University CITY Journal vol. 7, (1997).8.Cavelty, Myriam Dunn, From Cyberwar to Cybersecurity: Proportionality of Fear and Countermeasures, Academia.edu, (2011).9.Danezis, George, “Privacy and Data Protection by Design – From Policy to Engineering”, ATHEN: ENISA, (2015).10.ENISA, Cybersecurity Culture Guidelines: Behavioural Aspects of Cybersecurity, ENISA Publishing,(2018).11.Enocson, Juia, Prevention of Cybersecurity Incidents within the Public Sector, Linköping University | Department of Management and Engineering, Master Thesis, (2018).12.Fichtner, Laura, What kind of cyber security? Theorising cyber security and mapping approaches, Journal on Internet Regulation, Vol:7 Issues:2 , (2018).13.Fogleman, Ronald R., Information Operations: The Fifth Domain Dimension of Warfare, IWS Vol.10 No.47, (1995).14.Goldsmith, Jack L., “Against Cyberanarchy”, Chicago Law Review, Vol.65 Issue.1199, (1996).15.Goldsmith, Jack L., Cybersecurity Treaties: A Skeptical View. Koret-Taube Task Force on National Security and Law, Stanford University: Hoover Institution Press, (2013).16.Grobler C.P., Digital Forensic Readiness as a Component of Information Security Best Practice. IFIP International Federation for Information Processing, Vol 232, (2007).17.González-Sancho, Miguel, European Commission Strategy-Cybersecurity, EU Digital Single Market Policy, Belgium, (2019).18.Habermas, Jurgen.,” Drei normative Modelle der Demokratie: Zum Begriff deliberativer Politik”, in: Munkler, H.(Hg), Die Chancen der Freiheit. Grundprobleme der Demokratie, Munchen: Piper Verlag,(1992),.19.Helmbrecht, Udo, “Speech on ENISA – Cybersecurity Best Practices”, (2018).20.International Telecommunication Union, International Standard: ITU-T X.1051 Overview of Cybersecurity, Swiss: ITU, (2016).21.Jaycox, Mark, EFF Opposes Cybersecurity Bill Added to Congressional End of Year Budget Package, EFF Legislative Analysis, (2015).22.Jakobsen, Bettina, “Challenges to effective EU Cybersecurity Policy – Brief Paper”, European Court of Auditors, (2019).23.Karp, Brad S., Federal Guidance on Cybersecurity Information Sharing Act of 2015, Harvard Law School Forum on Corporate Governance and Financial Regulation, (2016).24.Krassni, Christian, European Programme on Critical Infrastructure Protection (EPCIP), 1st international Workshop on Regional Critical infrastructures Protection Programmes, (2011).25.Koseff, Jeff, Defining Cybersecurity Law, Iowa Law Review Vol.2 Issue.3, (2018).26.Kurniawan, Engdan, Security Level Analysis of academic information systems based on Standard ISO 27002:2013 using SSE-CMM, ArXiv,abs/1802.03613, (2018).27.Langner, Ralph, Stuxnet: Discussing a Cyberwarfare weapon, IEEE: Security and Privacy, Vol.9 Issues:3, (2011).28.Lazari, Alessandro, European Critical Infrastructure Protection, Italy: Springer, (2014).29.Lessig, Lawrence, The path of Cyberlaw, The Yale Law Journal Vol.104. Issue.1743, (1995),.30.essig, Lawrence, “Reading the Constitution in Cyberspace”, SSRN Electronic Journal Vol.45 Issues:3, (1997).31.Lessig, Lawrence, The Law of the Horse: What Cyberlaw might teach, Harvard Law Review, Vol.113. Issues:501, (1999).32.Liu, Edward C., “Cybersecurity: Selected Legal Issues”, Congressional Research Service R40429, (2013).33.Neutze, January & Nicholas, J. Paul, Cyber Insecurity: Competition, Conflict, and In Innovation Demand Effective Cyber Security Norms, Georgetown Journal of International Affairs, (2013).34.Nieto, Ana, Mobile Networks and Application, (2018).35.O’Connell, Marchy Ellen, Cyber Security and International Law, London: Chatcham House, (2012).36.Osula, Anna-Marchia, Mutual legal assistance & other mechanisms for accessing extraterritorially located data,Masaryk University Journal of Law and Technology Vol. 9 Issues.1, (2015).37.Post, David G., Against against Cyberanarchy, Berkeley Law Review Vol.17, (2002).38.Rosenzweig, Paul, THE International Governance Framework for Cybersecurity, Canada-United States Law Journal -Vol.37 Issue.2, (2012).39.Rothchild, John Protecting the Digital Consumer: The Limits of Cyberspace Utopianism, Indiana Law Journal,Vol.4 Issue.3, (1999),.40.Rowland, Diana, Electronic Datasets and Access to Legal Information, 15th BILETA Conference, (2000).41.Shackelford, Scott, Estonia two-and-a-half years later: A Progress Report on Combating Cyber Attacks, Journal of Internet Law SSRN: 1499849, (2010).42.Shackelford, Scott J. et, al., Unpacking the International Law on Cybersecurity Due Diligence: Lessons from the Public and Private Sectors, Chicago Journal of International Law,Vol.17 No.1, (2016).43.Shank, Sean, Cybersecurity: Domestic and Legislative Issues, National Security Law Brief Vol.1 No.1, (2011)44.Shgapiro, Sidney A., Risk Regulation at Risk, San Francisco: Stanford University Press, (2002).45.Shoebridge, Michael, Chinese Cyber Espionage and the National Security Risks Huawei Poses to 5G Networks, Commentary NLI, (2018).46.Solms, Rossouw von From Information Security to Cyber Security, Computers and Security Journal Vol. 38 Issues:3, (2013),.47.Stevens, Tim, “Global Cybersecurity: New Directions in Theory and Methods”, Politics and Governance Vol.6 Issue 2, (2018).48.Tanczer, Leonie Maria & Brass, Irina & Carr, Madeline, CSIRTS and Global Cybersecurity: How Technical Experts Support Science Diplomacy, Global Policy Vol. 9 Supplement. 3,pp60-62, (2018).49.Tanyildizi, Emrah, State Responsibility in Cyberspace, The problem of Attribution of Cyberattacks Conducted by Non-State-Actors”, Law & Justice Review Vol.8 Issue.14, (2017).50.Wamala, Frederick National Cybersecurity Strategy Guide, Swiss: International Telecommunication Union, Swiss: ITU, (2012),.51.White, Daniel M., The Federal Information Security Management Act of 2002: A Potemkin Village, 79 Fordham L. Rev. 369, (2011).52.Xu, Shouhuai, Cybersecurity Dynamics, Proceedings of The 2014 Symposium and Bootcamp on The Science of Security Article No.14, (2014).博碩士學位論文1.Martino, Mariano Di, Social profiling of users through information leakages, Master Degree Thesis Universiteit Hasselt, (2018).2.Backman, Sarah, The Institutionalization of Cybersecurity Management at EU-Level, Master Thesis, Swedish Defense University, (2016)3.Thaw, David Bernard, Characterizing, Classifying, and Understanding Information Security Laws and Regulations: Considerations for Policymakers and Organizations Protecting Sensitive Information Assets”, Dissertation of Doctor of Philosophy, of University of California, Berkeley, (2011).網際網路1.Adams, Samantha A. et. al., “The Governance of Cybersecurity - ”, TILT – Tilburg Institute for Law, Technology, and Society - Tilburg University, Retrieved by: May/1/2019, From: https://pdfs.semanticscholar.org/9f4c/b321bd2ca3a3c2f253066ccab7c49098ef.pdf2.Ansip, Andrus, Leading the Digital Single Market and fighting Cybersecurity, Open Access Government, Retrieved by : June/27/2019, From: https://www.openaccessgovernment.org/fighting-cybersecurity/67544/3.ATT&CK Matrix for Enterprise, MITRE, Retrieved by : June/28/2019,From: https://attack.mitre.org/?fbclid=IwAR3wrwjGtuXIWdEuwJAk3vY-7wmv5DWS1CKH8hwRozfjUCoHTZAoNDmHnIs4.Barlow, John Perry, (1996), Retrieved by : June/5/2019,From: https://www.eff.org/cyberspace-independence5.BBC News , May,27,2019, Retrieved by : June/5/2019,From: https://www.bbc.com/zhongwen/trad/world-484212246.Chalk, William, Privacy by Design: Cybersecurity and the future of 5G, CSOonLine. Retrieved by: June/20/2019, From: https://www.csoonline.com/article/3399000/privacy-by-design-cybersecurity-and-the-future-of-5g.html7.CISA, “About CISA”, Retrieved by : June/1/2019, From: https://www.dhs.gov/cisa/about-cisa8.Cole, James M., Deputy Attorney General, Addresses the Georgetown Cybersecurity Law Institute, Justice News - Department of Justice USA, May/23/2013,from : https://www.justice.gov/opa/speech/deputy-attorney-general-james-m-cole-addresses-georgetown-cybersecurity-law-institute9.Computer Hope: Robert T. Morris, Retrieved by : June/1/2019,From: https://www.computerhope.com/people/robert_morris.htm10.Cyber Defense Magazine Media Team, Cybersecurity Statics for 2019,Cyber Defense Magazine, March/2019,Retrieved by : June/3/2019,From: https://www.cyberdefensemagazine.com/cyber-security-statistics-for-201911.Digital Economy - Critical information Infrastructure Protection (CIIP), Retrieved by : June/1/2019,From: https://www.oecd.org/sti/ieconomy/ciip.htm12.European Cybercrime Center – EC3, Retrieved by : June/20/2019, From: https://www.europol.europa.eu/about-europol/european-cybercrime-centre-ec313.ENISA Cybersecurity Resilience Portal, Retrieved by : June/7/2019, From: https://resilience.enisa.europa.eu/article-1914.ENISA, EC3, ”Workshop on CISRT-LE Cooperation of Digital Forensics”, Retrieved by : June/1/2019,From: https://c4e.cz/news/enisaec3-workshop?lang=en15.ENISA Information Risk Management Methodology, Retrieved by : May/7/2019,From: https://www.enisa.europa.eu/publications/nlra-analysis-report16.ENISA, Public Private Partnerships, Retrieved by : April/4/2019,From: https://www.enisa.europa.eu/topics/national-cyber-security-strategies/ppps17.EuroDIG 2019, “Making norms work – Pursuing effective Cybersecurity – PL 04 2019”, June,2019, Retrieved by : Jun/5/2019,From: https://eurodigwiki.org/wiki/Making_norms_work_%E2%80%93_Pursuing_effective_cybersecurity_%E2%80%93_PL_04_201918.Haran,Varun, AI-Augmented Security : Can Cyberattackers Counter it ?,ISMG Network, Retrieved by : June/28/2019,from : https://www.bankinfosecurity.com/ai-augmented-security-cyberattackers-counter-it-a-1128319.ISO 27000 Standard Family, IT Governance website, Retrieved by : April/2/2019, From: https://www.itgovernance.co.uk/iso27000-family20.Lipner, Steven B. & Lampson, Butler W., ” Risk Management and the Cybersecurity of the U.S. Government”, Retrieved by : June/22/016, From: https://www.nist.gov/sites/default/files/documents/2016/09/16/s.lipner-b.lampson_rfi_response.pdf21.McAfee Research Report, Cyber-Responsibility Report, Retrieved by : May/20/2019, From: https://www.mcafee.com/enterprise/en-us/assets/reports/rp-cyber-responsibility.pdf22.Merisalo, Taija, Cybersecurity is a fusion of man and machine, F-Secure Blog, May,2018, Retrieved by : June/15/2019.From: https://blog.f-secure.com/cyber-security-is-a-fusion-of-man-and-machine/,23.National Infrastructure Protection Plan, Retrieved by : May/7/2019, From: https://www.dhs.gov/cisa/national-infrastructure-protection-plan24.NIST, Computer Forensic Tools and Techniques Catalog, Retrieved by : June/28/2019,From: https://toolcatalog.nist.gov25.NIST Small Business Cybersecurity Act becomes Law, Retrieved by : June/21/2019,From: https://www.securityweek.com/nist-small-business-cybersecurity-act-becomes-law26.North Korea’s Foreign Currency earning & Financial Hacking activity on the Cyber Area from Southern Korea Cybersecurity Team – Simon Choi, Retrieved by : April/10/2019, From: https://drive.google.com/file/d/0B_tRQHq1vrtxbzdrWnJoWjR1VGc/view27.Petit, Frédéric, et,al., Analysis of Critical Infrastructure dependency and interdependency, Argonne National Laboratory, Retrieved by : June/20/2016,From: https://publications.anl.gov/anlpubs/2015/06/111906.pdf28.President Policy Directive 21, Homeland Security PPD-21 Archives, Retrieved by : Jun/12/2019, From: https://www.dhs.gov/taxonomy/term/2586/all/feed29.Presidential Policy Directive, Critical Infrastructure Security and Resilience, whitehouse.gov, Retrieved March/12/2019,From: https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil30.Roberto Viola, A safe and trustworthy digital world – our shared responsibility, Retrieved by : May/1/2019,From: https://ec.europa.eu/digital-single-Marchket/en/blogposts/safe-and-trustworthy-digital-world-our-shared-responsibility31.Secure by Default, National Cybersecurity Center – United Kingdom, Retrieved by: June/20/2019, From: https://www.ncsc.gov.uk/information/secure-default32.Segovia, Antonio Jose, “Main Difference between ISO 27001 and ISO 27032”, Aug, 25,2015, Retrieved by : May/28/2019,From: https://advisera.com/27001academy/blog/2015/08/25/iso-27001-vs-iso-27032-cybersecurity-standard/33.Stückelberger, Christoph, Cyber Ethics 4.0 Saving Humanity with Values,Globalethics.net, Retrieved by : June/3/2019 From: https://www.globethics.net/documents/4289936/13403236/Ge_Global_17_web_isbn9782889312641.pdf/34.The Biggest to Cybersecurity is organization complexity, Retrieved by : June/3/2019,From: https://www.bralin.com/the-biggest-threat-to-cybersecurity-is-organization-complexity35.The Cybersecurity of Supply Chain: Who is real Risk, Man or Machine? Retrieved by : May/18/2019,From: https://kodiakrating.com/2017/08/16/the-cyber-security-of-supply-chains-whos-the-real-risk-man-or-machine/36.The Evolution of U.S Cyberpower, Retrieved by : May/30/2019,From: https://www.afcea.org/committees/cyber/documents/theevolutionofuscyberpower.pdf37.The NSA Files December – Edward Snowden, The Guardian Newspaper - British, Retrieved by : March/10/2019,From: https://www.theguardian.com/us-news/the-nsa-files38.The Story of Operation Orchard, Retrieved by : March/5/2019,From: http://www.jmhinternational.com/news/news/selectednews/files/2009/11/20091103_SpiegelOnline_TheStoryOfOperationOrchard.pdf39.The World Economic Forum Global Risk Report 2013, Retrieved by : April/4/2019, From: http://www3.weforum.org/docs/WEF_GlobalRisks_Report_2013.pdf.40.Three Layers of Cyberspace, Cyberspace Operations Concept Capability Plan, Retrieved by : May/24/2019,From: https://www.researchgate.net/figure/The-three-layers-of-cyberspace-Adapted-from-Cyberspace-Operations-Concept-Capability_fig1_26736355141.Thomson, Ian, US Congress quietly slips cloud-spying powers into page 2,201 of spending mega-bill, Retrieved by: June/20/2019, From: https://www.theregister.co.uk/2018/03/23/cloud_act_spending_bill/42.Vault 7 : CIA Hacking Database- WIRED Magazine, Feb/12/2019,From: https://www.wired.com/tag/vault-7/43.What we need to know about PRISM-Electronic Frontier Foundation, Retrieved by : June/12/2016,From: https://www.eff.org/deeplinks/2013/06/what-we-need-to-know-about-prism44.Zion Marchket Research, “Digital Forensics Marchket Report”, Retrieved by : March/7/2019,From: https://www.globenewswire.com/news-release/2019/05/13/1822215/0/en/Global-Digital-Forensics-Marchket-Will-Reach-Over-USD-14-215-Million-by-2027-Zion-Marchket-Research.html 描述 碩士
國立政治大學
法學院碩士在職專班
101961009資料來源 http://thesis.lib.nccu.edu.tw/record/#G0101961009 資料類型 thesis dc.contributor.advisor 陳起行 zh_TW dc.contributor.author (作者) 萬幼筠 zh_TW dc.contributor.author (作者) Wan, Youyen en_US dc.creator (作者) 萬幼筠 zh_TW dc.creator (作者) Wan, Youyen en_US dc.date (日期) 2019 en_US dc.date.accessioned 7-八月-2019 16:41:08 (UTC+8) - dc.date.available 7-八月-2019 16:41:08 (UTC+8) - dc.date.issued (上傳時間) 7-八月-2019 16:41:08 (UTC+8) - dc.identifier (其他 識別碼) G0101961009 en_US dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/124900 - dc.description (描述) 碩士 zh_TW dc.description (描述) 國立政治大學 zh_TW dc.description (描述) 法學院碩士在職專班 zh_TW dc.description (描述) 101961009 zh_TW dc.description.abstract (摘要) 網路與資訊科技的發展,對於國家與社會或社群的發展,以及群己關係都出現典範移轉,近年來隨著資通訊與網路科技的便利性與效率逐步滲透入各公私領域,成為不可或缺的操作工具與能力,也因此進而影響到經濟發展、民生活動,甚且地緣政治與國際關係的角力。至近二十年來的網路與通訊革命,使得社會、國家和資訊網路緊密相依性改變了群己生活的面貌。此種趨勢使得虛擬社會(Cyberspace)概念的出現,也讓網路、資通訊技術以及多元應用,成為現代化國家競爭與經濟發展的基石之一。然基於此基石之保護,已成為國家未來競爭力環節的重要部份,我國總統蔡英文女士亦提出「資安即國安」的策略,冀引起政府與民間的通力合作,以期促成先進的數位化國家,帶給人民福祉。但是若無規畫完善的法制環境,還有社會理解,並無法形成一個穩定的網際空間,除此之外,足夠的資安人才的培育,並透過政府與民間合作的格局,促使網路虛擬世界 (Cyberspace) 與資訊法律(Cyberlaw)的完善規畫,吾人得以界定網路世界的安全與保護的方式。此所以我國隨全球先進國家之腳步,訂定資訊或網路安全法律(Cybersecurity Law)來保護國家資通訊環境之發展。基於歐盟資訊安全法律(Cybersecurity Act)的設計與建構可說是相對領先的法形成過程,且完整具備政策綱領,法規與執行規範,足為參考之外。歐盟以國家資通訊基礎建設保護(Critical Information Infrastructure Protection)作為立法理念,屏除過去資訊安全立法,不同於政府或國家安全與情報保護的保護想法,亦迴異於傳統資訊安全規管以國安或情報監察,或仰賴不具技術中立性技術保護規格的迷思。皆為相對洞見的立法內容,歐盟資訊安全法透過公私機構合作,落實情資交換、人才培育,與專責機構協力等方式,帶動美日亞洲各國紛紛起而仿效,因此本研究將針對歐盟,美國兩者以實施資訊安全法三年以上之國家,對我國甫通過之資訊安全法律(Cybersecurity Law)進行比較與分析,並嘗試以具落實發展效果之框架,比較法規內容架構,運作情形與可能運作問題等,提出我國資通訊安全法律未來調適或改進的可能方向。本研究的結果發現,我國目前的資通安全管理機制,較缺乏清楚的政策綱領僅以保護方法為要,缺乏如歐盟以「數位單一市場」(Digital Single Market)為發展資通訊法律之綱領作為政策選擇的依據,此外,目前之我國之資訊安全法律並缺乏整合跨產業CII(關鍵資訊基礎建設)具融合性的資訊安全治理方法 (歐盟以數位治理為準則),或與其他資料保護法律的連結,使得資訊安全的防護缺乏明確的連結。 除了強調公營機構與政府機關之外受該法之觀照之外,目前我國的經特許之民營金融,電信與部分醫療產業,作為民生與經濟基石的私部門資訊安全皆尚未完全妥善納入治理,並針對人才別,產業別與市場需要且法律落實(Law in Action)發展的實務與執行面上, 使的我國資通安全法律尚有相當大未來之調適空間。【關鍵字】 : 網際安全、資訊安全、關鍵資訊基礎建設保護、風險管理、資訊安全法律、Cybersecurity Law、Cyberspace、Interdependency、Resilience、Cyberethics zh_TW dc.description.abstract (摘要) AbstractThis study examines and analyzes the information security laws (Cybersecurity Law) adopted by the European Union,the United States and Taiwan from the perspective of implementation effectiveness of the regulations by comparing their legal framework,contents of the regulations,implementation status as well as discussing relevant regulatory issues and challenges,and proposes approaches for future modification or improvement of Taiwan`s cybersecurity regulations.The European Union`s information security regulations were selected as the main subject of study in view of the characteristics of their design framework and implementation requirements are relatively effective. The European Union takes the protection of the Critical Information Infrastructure (CII) as the core issue of the information security regulations,which requires public-private partnerships in information exchange and personnel training,and demands the cooperation of the responsible organizations and competent authorities. The design of information security laws and regulations in the United States and Japan has also adopted such approaches.The network and information technology has shifted the paradigm of development for nations,societies,or communities,as well as the relationship between group and individual. Over the past two decades,with the convenience and efficiency of access to information and network technology,it has gradually permeated into every facet of everyday life,and have become indispensable tools and functions as the foundation of almost all public and private sectors,which in turn have impact on economic development,people`s livelihood,and even the geopolitical and international relations.Such trend and the ubiquity of the Internet have led to the emergence of the virtual community,"Cyberspace",and making Internet and communication technology one of the cornerstones of national competitiveness and economic development in modern countries. The protection of such cornerstones is critical for a country to stay competitive in the future and it is important that the government to work with the private sectors to secure the network services and infrastructure of information technology.In addition to the current protection measures of the information infrastructure and services,it is critical to take into account the trends that are defining the future of our societies and governance systems when planning the protection program of national information and communication. For example,the education of information security professionals should then not only consider the status quo but the needs of the future society,and Cybersecurity Law shall be enacted under the Network and Information Law (Cyberlaw) to protect the development of the information society.The results of this study show that Taiwan`s current control and management mechanism of information and communication security lacks a clear policy framework,and only adopts protection operations as the control measures. The European Union,however,has established the policy framework,"Digital Single Market",as the guideline for the development of information and communication regulations and the basis for policy formulation. In addition,Taiwan`s current information security regulations lacks an integrated information security regulatory regime,such as a cross-industry CII information security governing system,whereas the European Union adopts Digital Governance as the integrated system,and there is also a lack of connections with other data protection regulations,which makes the protection measures of information security without clear connection to the protection objectives.Taiwan`s public institutions and government agencies are subject to information security regulations by law,however,with respect to those private franchising financial institutions,telecommunications and medical industries,as these industries of the private sector also serve as the cornerstone of people`s livelihood and economic development,the current regulation of information security management for the private sectors shall be Retrieved and enhanced. In response to the revision and development of Taiwan`s Cybersecurity Law and Cyberlaw,it is suggested that to conduct a complete review and revision from the perspective of human resources and professional training,industries and sectors,market needs,law in action,and the implementation and practice of information security regulations.[Keywords] : Cybersecurity,Cybersecurity Law,Critical Information Infrastructure Protection,Digital Governance,Cyberethics,Interdependency,Risk Management en_US dc.description.tableofcontents 目 錄第一章 緒 論 11第一節 研究動機與目的 11第二節 研究範圍與限制 22第三節 研究方法 25第二章 資訊安全與資訊安全法律 27第一節 資訊安全定義、本質與保護標的 27第二節 網際空間與資訊安全法律 43第一項 網際空間(Cyberspace)的定義與特質 43第二項 網際空間資訊安全(Cybersecurity)與法律 46第三節 資訊安全法律的類型與目的 61第四節 資訊安全法律的隱喻(Metaphor) 68第五節 資訊安全法律的發展重點 76第六節 風險管理導向的資訊安全法律 82第三章 關鍵資訊基礎建設保護(CIIP) 98第一節 關鍵資訊基礎建設之定義 102第二節 關鍵資訊基礎建設之選定與保護 109第一項 我國-國土安全辦公室與行政院資通安全處 109第二項 歐盟-資訊安全局(ENISA) 111第三項 美國-網際空間與基礎架構保護局 (CISA) 114第四章 我國資訊安全管理法之發展 122第一節 我國資通安全機制建置計畫 126第二節 資訊安全管理法立法 134第三節 我國資訊安全稽核機制之發展 143第五章 國際資訊安全立法趨勢 150第一節 美國資訊安全法規之發展與現況 151第二節 歐盟資訊安全法 161第一項 EU NIS Directive 161第二項 EU Cybersecurity Act 171第六章 結論與建議 176第一節 結論 176第二節 建議一: 我國資訊安全法律強化方向 178第三節 建議二: 資訊安全治理精神亟待建立 181第四節 建議三: 採納國際資訊安全立法考量準則 186第五節 建議四: 盡速優化資安鑑識與資安保險等能量 189參考文獻 (中文) 201參考文獻 (英文) 206附錄一 資通安全管理法全文 217附錄二 資通安全管理法施行細則 222 zh_TW dc.format.extent 2922383 bytes - dc.format.mimetype application/pdf - dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0101961009 en_US dc.subject (關鍵詞) 網際安全 zh_TW dc.subject (關鍵詞) 資訊安全 zh_TW dc.subject (關鍵詞) 關鍵資訊基礎建設保護 zh_TW dc.subject (關鍵詞) 風險管理 zh_TW dc.subject (關鍵詞) 資訊安全法律 zh_TW dc.subject (關鍵詞) Cybersecurity en_US dc.subject (關鍵詞) Cybersecurity Law en_US dc.subject (關鍵詞) Critical Information Infrastructure Protection en_US dc.subject (關鍵詞) Risk management en_US dc.subject (關鍵詞) Digital governance en_US dc.subject (關鍵詞) Resilience en_US dc.title (題名) 我國資訊安全管理法律之探討: 以關鍵資訊基礎建設保護為核心 zh_TW dc.title (題名) The study on Taiwan`s Cybersecurity Management Act: Focus on Critical Information Infrastructure Protection en_US dc.type (資料類型) thesis en_US dc.relation.reference (參考文獻) 參考文獻中文部分書籍1.Bech, Ulrich著,汪浩譯,風險社會-通往另一個現代的路,台北: 巨流 出版社,2004年2月第一版。2.伯特蘭羅素,西方哲學史–以社會和政治視角考察哲學的一般歷史,重慶: 重慶出版社,2016年11月1日第三版。3.馬民虎,歐盟信息安全法律框架,北京: 法律出版社,2009年1月1日第一版。4.高宣揚,當代社會理論,台北: 五南出版社,1998年9月1日第一版。5.許耀明。歐盟法WTO法與科技法。台北: 元照出版社,2009年4月第一版。6.陳振楠、林永修、王瑞祥,資通安全法律教材,台北: 智勝出版社,2013年3月18日第一版。期刊論文1.吳齊殷、戴昀,虛擬空間的倫理議題─網路社會的社會秩序與信任,E社會的公共倫理-公民德行與公民養成研討會論文集【專刊】,2014年。2.周桂田,網際網路上的公共領域-在風險社會下的建構意義,第二屆資訊與社會研討會論文【專刊】,中央研究院社會學研究所,1997年。3.張道武,亞里士多德空間概念研究,科學技術與辯證法雜誌,Vol.19 No.2,2002年。4.郭良文,台灣網際網路興起之政治經濟學分析: 一個全球化發展的觀點【專刊】。第二屆資訊科技與社會轉型研討會論文集,1997年。5.陳偉、吳剛、祈志敏,浅析我国网络信息安全保险体系的建立与发展,信息安全等級保護技術研討會論文【專刊】,2016年。6.程威、周軍、羅凱,風險評估量化分析,信息網路安全期刊-公安部第三研究所,Vol:8 Issue: 10,2011年。7.劉金瑞,歐盟網路安全立法最近展及其意義,汕頭大學學報,Vol.1,2017年。8.應晨林,網路治理現代化視角下的網路安全立法之戰略定位,資訊安全研究,Vol. 2 Issue.9,2016年。研究計畫1.中華民國資訊軟體協會,國家通訊傳播委員會資訊安全管理系統研究計畫期末報告, 台北:國家通訊傳播委員,2011年。2.王仁甫,數位經濟與我國網路安全保險之趨勢,台北: 行政院,2018年。3.朱斌妤,數位國家治理(2):國情追蹤與方法整合,台北:行政院國家發展委員會,2015年。4.行政院國土安全辦公室,國家關鍵基礎設施安全防護指導綱要,台北: 行政院,2014年。5.行政院資通安全處,行政院國家資通安全會報107年資通安全諮詢會議,台北: 行政院資訊安全處,2018年。6.行政院資通安全辦公室,建立我國通資訊基礎建設安全機制計畫(94 年至 97 年),台北: 行政院國家資通安全會報,2007年。7.我國資通安全發展藍圖,我國資訊安全產業發展計畫 (107年-114年),行政院資通安全會報,2018年。8.國安會-資通安全辦公室,國家資通安全戰略報告,台北:中華民國總統府,2019年。9.國家發展委員會,網路智慧新台灣政策白皮書,台北: 行政院,2016年。10.國家發展委員會,數位國家創新經濟發展方案DIGI+,台北: 行政院科技顧問會報,2016年。11.張承瑞,科技犯罪偵查暨數位鑑識出國參訪報告書,台中: 刑事警察局,2010年。12.萬幼筠,政府委外採購資訊安全計畫-104年政府資訊安全長會議專題,台北: 行政院資通安全會報,2015年。13.資策會科技法律研究所,我國資通安全法制研究-資通安全授權子法-資訊安全管理法施行細則,台北: 行政院資通安全處,2018年。14.資策會科技法律研究所,資通安全管理法子法發展計畫草案(第二階段北區公聽會),台北: 行政院資安處,2018年。15.蔡玉玲,虛擬世界發展法規調適規劃方案(核定本),台北:國家發展委員會,2016年。16.聯合行銷研究股份有限公司, 106年民眾數位機會調查報告, 台北: 行政院國家發展委員會,2017年。17.謝永江,网络空间安全法律法规研究子計畫-論網路安全法的基本原則, 北京: 中国工程院,2016年。博碩士學位論文1.王欣怡,殭屍網路之攻防架構與分析研究,未出版之博(碩)士論文,銘傳大學,資訊傳播研究所,台北,2011年。2.王泰銓,歐盟基本權利憲章之探討,未出版之博(碩)士論文,淡江大學,歐洲研究所, 新北市, 2002年。3.劉興浚,強化我國資訊安全管理法之研究,未出版之博(碩)士論文,東吳大學: 法律研究所,台北,2015年。4.鍾文魁,關鍵資訊基礎設施保護法制面建構與分析, 未出版之博(碩)士論文,東吳大學: 法律研究所,台北,2018年。網際網路1.TVBS - 金管會兩策略拚資安險保費,收入年增25% ,最後瀏覽日: June/25/2019, 檢自: https://news.tvbs.com.tw/world/9494692.vTaiwan 數位經濟法規線上諮詢, 最後瀏覽日: May/15/2019, 檢自: https://vtaiwan.tw/intro/3.中國如何獲取美國科研技術?權威學者關鍵報告:又偷又騙!是人類歷史上規模最大的財富轉移. 最後瀏覽日: June/1/2019, 檢自: https://www.storm.mg/article/669795?srcid=7777772e73746f726d2e6d675f66306361323834303833663465313432_15625838714.中華民國總統府,資通電軍成軍 總統: 有形國土 捍衛到底. 無形國土 絕不讓步,最後瀏覽日: June/1/2016, 檢自: https://www.president.gov.tw/NEWS/214515.石依華,中美駭客大戰-硝煙漸息 IT home 新聞,最後瀏覽日: May/31/2019, 檢自: https://www.ithome.com.tw/node/127836.伍芬婕,政府開放資料,在世界第一之後?,天下雜誌,最後瀏覽日: May/31/ 2019,檢自: https://www.cw.com.tw/article/articleLogin.action?id=50735437.自由時報電子報,國安法修法三讀 網際空間納入,最後瀏覽日: June/18/ 2019, 檢自 : https://news.ltn.com.tw/news/politics/breakingnews/28269468.吳建興,瑞典首次發出阻斷連線禁制令,最後瀏覽日: April/10/2019, 檢自 : https://stli.iii.org.tw/article-detail.aspx?no=16&tp=1&i=0&d=77849.國家級駭客橫行全球-行政院技服中心資安新聞,最後瀏覽日: April/5/2019,檢自: https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=1618210.國家資通安全會報技術服務中心簡介,最後瀏覽日: June/10/2019,檢自: https://www.nccst.nat.gov.tw/About?lang=zh11.張雪峰,資訊安全概論-第三章資訊認證技術,最後瀏覽日2019/5/20 , 檢自: https://www.zip118.com/180187176_0814/6879.html12.陳慧菱,金管會將清查上市櫃公司投保資安險狀況,並納入公司治理評鑑”,鉅亨網,August/13/2018,最後瀏覽日: June/5/2019, 檢自: https://www.csronereporting.com/news/show/499213.黃彥棻,立院通過廢止資安中心條例-親痛仇快,IThome 電腦報, 最後瀏覽日: May/4/2016, 檢自: https://www.ithome.com.tw/news/10571414.黃惠聆,企業資訊安全頻拉警報,資安險投保倍增,明年更旺,工商時報, November/27/2018,最後瀏覽日: Jun/12/2019, 檢自: https://www.chinatimes.com/newspapers/20181127000437-260208?chdtv15.意外發生!大量歐洲網路流量被導向中國長達2小時,最後瀏覽日: June/4/2019,檢自: https://netmag.tw/2019/06/14/量歐洲網路流量被導向中國長達2小時16.經濟部國營事業委員會年報,最後瀏覽: 2019/05/21,檢自: https://www.moea.gov.tw/Mns/CNC/content/wHandMenuFile.ashx?file_id=154817.資通安全管理法之衝擊與影響,最後瀏覽日: June/ 19/ 2019,檢自: https://www.sgs.com.tw/zh-tw/news/2019/03/n_20190311_118.網路民議: 翻牆罪,終於要落地了?,中國數字時代電子報,最後瀏覽日: April/21/2019, 檢自: https://chinadigitaltimes.net/chinese/2019/06/%E3%80%90%E7%BD%91%E7%BB%9C%E6%B0%91%E8%AE%AE%E3%80%91%E7%BF%BB%E5%A2%99%E7%BD%AA%E7%BB%88%E4%BA%8E%E8%A6%81%E8%90%BD%E5%9C%B0%E4%BA%86%EF%BC%9F/19.聯合國大會決議 (A/53/576)政府專家小組報告,最後瀏覽日: May/ 24/2019,檢自: https://s3.amazonaws.com/unoda-web/wp-content/uploads/2017/09/Information-Security-Fact-Sheet-Sep2017.pdf20.聯合國大會決議 UN (37/50)號,最後瀏覽日: May/24/2019,檢自: https://undocs.org/zh/A/RES/53/7021.鍾銘,中世紀間諜戰,最後瀏覽日: April/2/2019,檢自: https://kknews.cc/zh-tw/world/z96gbeg.html22.蘋果日報,中國31t.tw在台註冊宣傳,危害國安遭NCC火速斷網, 最後瀏覽日: April/10/2019, 檢自: https://tw.appledaily.com/new/realtime/20190315/1534035/參考文獻英文部分書籍1.Bauer, Craig P., Secret History: The Story of Cryptology, Florida USA: CRC Press, (2016).2.Bellia, Patricia L., Cyberlaw: Problems of Policy and Jurisprudence in the Information Age, Minnesota: WEST: Thomason Reuters Business, (2007).3.Bodeau, Deborah J., Cyber Threat Modeling: Survey, Assessment, and Representative Framework and legal study. The Homeland Security Systems Engineering and Development Institute (HSSEDI)™ Operated by The MITRE Corporation. Pittsburgh: MITRE,(2012).4.Christakis, Theodore, The Relations Between Cybersecurity, Data Protection and Privacy: A European Perspective, Berlin Germany: The Alexander von Humboldt Institute for Internet and Society (HIIG) , (2017).5.Clemente, Dave, Cybersecurity and Global Interdependence: What is Critical? Royal Institute of International Affairs, British: CHATHAM HOUSE, (2013).6.Dähn, Marie-Christine, Cyber Security: Public Responsibility and Fundamental Rights, or Shared Responsibility and Regulatory Challenge? Berlin Germany, Berlin Germany: The Alexander von Humboldt Institute for Internet and Society (HIIG) , (2017).7.ENISA, , Good Practices for identifying and assessing cybersecurity interdependencies, Athen: ENISA (2018).8.Friedman, Thomas, The world is flat, U.S.A: Farrar Straus Giroux.(2006).9.Gibson, William, (1982), “Burning Chrome”, Omni Magazine, (2005).10 Government of Netherlands, International Cyber Strategy: Towards an integrated international cyber policy, Netherland: Government of Netherland, (2017).11 Habermas, Jurgen, Strukturwandel der Offentlichkeit, Suhrkamp: Frankfurt am Main, (1990).12 Harrop, Wayne, Cyber Resilience: A Review of Critical National Infrastructure and Cybersecurity Protection Measures: Applied in the UK and USA, London: Palgrave Macrmillan, (2015).13 International Telecommunication Union, International Standard: ITU-T X.1051 Overview of Cybersecurity. Swiss: ITU, (2016).14 Koepsell, David R., The Ontology of Cyberspace: Philosophy, Law and the future of Intellectual Property, Chicago: Open Court, (2003).15 Kosseff, Jeff, Cybersecurity Law, New Jersey: John Wiley & Sons, (2017).16.Lee, Michael J., Toward Industrial Cybersecurity Resilience of Multinational Cooperation. IFAC Conference on Technology, (2018).17.Lessig, Lawrence The Code Version 2.0, Boston: Basic Books Publish, (2006),.18.Lemieux, Frederic, Current and Emerging Trends in Cyber Operations, London: Palgrave Macmillan, (2015).19.Lipton, Jacqueline, Rethinking Cyberlaw, Northampton: Edward Elgar Publishing, (2015).20.McNicholas, Edward R. Cybersecurity: A Practical Guide to the Law of Cyber Risk,New York: Practising Law Institute, (2015),.21.Mitnik, Kevin D., William L., Simon The Art of Deception: Controlling the Human Element of Security, New Jersey: John Wiley & Sons, (2002),.22.O’Connell, Marchy Ellen, Cyber Security and International Law, Royal Institute of International Affairs, British: CHATHAM HOUSE, (2012).23.Ohlin, Jens David, Cyber War: Law and Ethics for Virtual Conflicts, Oxford University Press, (2013).24.Orji, Uchenna Jerome, Cybersecurity Law and Regulation, Netherland: Wolf Legal Publishers (WLP), (2012).25.Pieprzyk, Josef, Fundamentals of Computer Security, Sydney Australia: Springer, (2003).26.Raul, Alan Charles, Privacy Law and Cybersecurity Law Review, London: Sidley Austin, (2018).27.Sigfusson, T. & Harris S., Cyberspace: A Paradigm Shift for International Entrepreneurs’ Relationships? In: Harris S., Kuivalainen O., Stoyanova V. (eds) International Business. The Academy of International Business. London: Palgrave Macmillan, London, (2012).28.Simon, Herbert A., The new Science of Management Decemberision, Prentice Hall,(1977).期刊論文1.Adams, Samantha A., The Governance of Cybersecurity ,TILT – Tilburg Institute for Law, Technology, and Society - Tilburg University, (2015).2.Atkinson, Sean, Cybersecurity Tech Basics: Vulnerability Management: Overview, Thomson Reuters Practical Law Vol: W-013-3774, (2018).3.Bauer, Johannes M. & Dutton, William H., “The New Cybersecurity Agenda: Economic and Social Challenges to a Secure Internet”, The World Development Report 2016: Digital Dividends, (2016).4.Bodeau, Deborah J. et.al., Cyber Threat Modeling: Survey, Assessment, and Representative Framework and Legal Study, The Homeland Security Systems Engineering and Development Institute (HSSEDI)™ Operated by The MITRE Corporation, Case Number 18-1174 / DHS reference number 16-J-00184-01, (2012).5.Bomse, Amy Lynne, “The Independence of Cyberspace”, Duke Law Review Vol.50, (2001).6.Brilingaite, Agne et. al, “Environment for Cybersecurity Tabletop Exercise”, 2017 The European Conference on Game-Based Learning, (2017).7.Castells, Manuel, “An Introduction to the Information Age”, Oxford University CITY Journal vol. 7, (1997).8.Cavelty, Myriam Dunn, From Cyberwar to Cybersecurity: Proportionality of Fear and Countermeasures, Academia.edu, (2011).9.Danezis, George, “Privacy and Data Protection by Design – From Policy to Engineering”, ATHEN: ENISA, (2015).10.ENISA, Cybersecurity Culture Guidelines: Behavioural Aspects of Cybersecurity, ENISA Publishing,(2018).11.Enocson, Juia, Prevention of Cybersecurity Incidents within the Public Sector, Linköping University | Department of Management and Engineering, Master Thesis, (2018).12.Fichtner, Laura, What kind of cyber security? Theorising cyber security and mapping approaches, Journal on Internet Regulation, Vol:7 Issues:2 , (2018).13.Fogleman, Ronald R., Information Operations: The Fifth Domain Dimension of Warfare, IWS Vol.10 No.47, (1995).14.Goldsmith, Jack L., “Against Cyberanarchy”, Chicago Law Review, Vol.65 Issue.1199, (1996).15.Goldsmith, Jack L., Cybersecurity Treaties: A Skeptical View. Koret-Taube Task Force on National Security and Law, Stanford University: Hoover Institution Press, (2013).16.Grobler C.P., Digital Forensic Readiness as a Component of Information Security Best Practice. IFIP International Federation for Information Processing, Vol 232, (2007).17.González-Sancho, Miguel, European Commission Strategy-Cybersecurity, EU Digital Single Market Policy, Belgium, (2019).18.Habermas, Jurgen.,” Drei normative Modelle der Demokratie: Zum Begriff deliberativer Politik”, in: Munkler, H.(Hg), Die Chancen der Freiheit. Grundprobleme der Demokratie, Munchen: Piper Verlag,(1992),.19.Helmbrecht, Udo, “Speech on ENISA – Cybersecurity Best Practices”, (2018).20.International Telecommunication Union, International Standard: ITU-T X.1051 Overview of Cybersecurity, Swiss: ITU, (2016).21.Jaycox, Mark, EFF Opposes Cybersecurity Bill Added to Congressional End of Year Budget Package, EFF Legislative Analysis, (2015).22.Jakobsen, Bettina, “Challenges to effective EU Cybersecurity Policy – Brief Paper”, European Court of Auditors, (2019).23.Karp, Brad S., Federal Guidance on Cybersecurity Information Sharing Act of 2015, Harvard Law School Forum on Corporate Governance and Financial Regulation, (2016).24.Krassni, Christian, European Programme on Critical Infrastructure Protection (EPCIP), 1st international Workshop on Regional Critical infrastructures Protection Programmes, (2011).25.Koseff, Jeff, Defining Cybersecurity Law, Iowa Law Review Vol.2 Issue.3, (2018).26.Kurniawan, Engdan, Security Level Analysis of academic information systems based on Standard ISO 27002:2013 using SSE-CMM, ArXiv,abs/1802.03613, (2018).27.Langner, Ralph, Stuxnet: Discussing a Cyberwarfare weapon, IEEE: Security and Privacy, Vol.9 Issues:3, (2011).28.Lazari, Alessandro, European Critical Infrastructure Protection, Italy: Springer, (2014).29.Lessig, Lawrence, The path of Cyberlaw, The Yale Law Journal Vol.104. Issue.1743, (1995),.30.essig, Lawrence, “Reading the Constitution in Cyberspace”, SSRN Electronic Journal Vol.45 Issues:3, (1997).31.Lessig, Lawrence, The Law of the Horse: What Cyberlaw might teach, Harvard Law Review, Vol.113. Issues:501, (1999).32.Liu, Edward C., “Cybersecurity: Selected Legal Issues”, Congressional Research Service R40429, (2013).33.Neutze, January & Nicholas, J. Paul, Cyber Insecurity: Competition, Conflict, and In Innovation Demand Effective Cyber Security Norms, Georgetown Journal of International Affairs, (2013).34.Nieto, Ana, Mobile Networks and Application, (2018).35.O’Connell, Marchy Ellen, Cyber Security and International Law, London: Chatcham House, (2012).36.Osula, Anna-Marchia, Mutual legal assistance & other mechanisms for accessing extraterritorially located data,Masaryk University Journal of Law and Technology Vol. 9 Issues.1, (2015).37.Post, David G., Against against Cyberanarchy, Berkeley Law Review Vol.17, (2002).38.Rosenzweig, Paul, THE International Governance Framework for Cybersecurity, Canada-United States Law Journal -Vol.37 Issue.2, (2012).39.Rothchild, John Protecting the Digital Consumer: The Limits of Cyberspace Utopianism, Indiana Law Journal,Vol.4 Issue.3, (1999),.40.Rowland, Diana, Electronic Datasets and Access to Legal Information, 15th BILETA Conference, (2000).41.Shackelford, Scott, Estonia two-and-a-half years later: A Progress Report on Combating Cyber Attacks, Journal of Internet Law SSRN: 1499849, (2010).42.Shackelford, Scott J. et, al., Unpacking the International Law on Cybersecurity Due Diligence: Lessons from the Public and Private Sectors, Chicago Journal of International Law,Vol.17 No.1, (2016).43.Shank, Sean, Cybersecurity: Domestic and Legislative Issues, National Security Law Brief Vol.1 No.1, (2011)44.Shgapiro, Sidney A., Risk Regulation at Risk, San Francisco: Stanford University Press, (2002).45.Shoebridge, Michael, Chinese Cyber Espionage and the National Security Risks Huawei Poses to 5G Networks, Commentary NLI, (2018).46.Solms, Rossouw von From Information Security to Cyber Security, Computers and Security Journal Vol. 38 Issues:3, (2013),.47.Stevens, Tim, “Global Cybersecurity: New Directions in Theory and Methods”, Politics and Governance Vol.6 Issue 2, (2018).48.Tanczer, Leonie Maria & Brass, Irina & Carr, Madeline, CSIRTS and Global Cybersecurity: How Technical Experts Support Science Diplomacy, Global Policy Vol. 9 Supplement. 3,pp60-62, (2018).49.Tanyildizi, Emrah, State Responsibility in Cyberspace, The problem of Attribution of Cyberattacks Conducted by Non-State-Actors”, Law & Justice Review Vol.8 Issue.14, (2017).50.Wamala, Frederick National Cybersecurity Strategy Guide, Swiss: International Telecommunication Union, Swiss: ITU, (2012),.51.White, Daniel M., The Federal Information Security Management Act of 2002: A Potemkin Village, 79 Fordham L. Rev. 369, (2011).52.Xu, Shouhuai, Cybersecurity Dynamics, Proceedings of The 2014 Symposium and Bootcamp on The Science of Security Article No.14, (2014).博碩士學位論文1.Martino, Mariano Di, Social profiling of users through information leakages, Master Degree Thesis Universiteit Hasselt, (2018).2.Backman, Sarah, The Institutionalization of Cybersecurity Management at EU-Level, Master Thesis, Swedish Defense University, (2016)3.Thaw, David Bernard, Characterizing, Classifying, and Understanding Information Security Laws and Regulations: Considerations for Policymakers and Organizations Protecting Sensitive Information Assets”, Dissertation of Doctor of Philosophy, of University of California, Berkeley, (2011).網際網路1.Adams, Samantha A. et. al., “The Governance of Cybersecurity - ”, TILT – Tilburg Institute for Law, Technology, and Society - Tilburg University, Retrieved by: May/1/2019, From: https://pdfs.semanticscholar.org/9f4c/b321bd2ca3a3c2f253066ccab7c49098ef.pdf2.Ansip, Andrus, Leading the Digital Single Market and fighting Cybersecurity, Open Access Government, Retrieved by : June/27/2019, From: https://www.openaccessgovernment.org/fighting-cybersecurity/67544/3.ATT&CK Matrix for Enterprise, MITRE, Retrieved by : June/28/2019,From: https://attack.mitre.org/?fbclid=IwAR3wrwjGtuXIWdEuwJAk3vY-7wmv5DWS1CKH8hwRozfjUCoHTZAoNDmHnIs4.Barlow, John Perry, (1996), Retrieved by : June/5/2019,From: https://www.eff.org/cyberspace-independence5.BBC News , May,27,2019, Retrieved by : June/5/2019,From: https://www.bbc.com/zhongwen/trad/world-484212246.Chalk, William, Privacy by Design: Cybersecurity and the future of 5G, CSOonLine. Retrieved by: June/20/2019, From: https://www.csoonline.com/article/3399000/privacy-by-design-cybersecurity-and-the-future-of-5g.html7.CISA, “About CISA”, Retrieved by : June/1/2019, From: https://www.dhs.gov/cisa/about-cisa8.Cole, James M., Deputy Attorney General, Addresses the Georgetown Cybersecurity Law Institute, Justice News - Department of Justice USA, May/23/2013,from : https://www.justice.gov/opa/speech/deputy-attorney-general-james-m-cole-addresses-georgetown-cybersecurity-law-institute9.Computer Hope: Robert T. Morris, Retrieved by : June/1/2019,From: https://www.computerhope.com/people/robert_morris.htm10.Cyber Defense Magazine Media Team, Cybersecurity Statics for 2019,Cyber Defense Magazine, March/2019,Retrieved by : June/3/2019,From: https://www.cyberdefensemagazine.com/cyber-security-statistics-for-201911.Digital Economy - Critical information Infrastructure Protection (CIIP), Retrieved by : June/1/2019,From: https://www.oecd.org/sti/ieconomy/ciip.htm12.European Cybercrime Center – EC3, Retrieved by : June/20/2019, From: https://www.europol.europa.eu/about-europol/european-cybercrime-centre-ec313.ENISA Cybersecurity Resilience Portal, Retrieved by : June/7/2019, From: https://resilience.enisa.europa.eu/article-1914.ENISA, EC3, ”Workshop on CISRT-LE Cooperation of Digital Forensics”, Retrieved by : June/1/2019,From: https://c4e.cz/news/enisaec3-workshop?lang=en15.ENISA Information Risk Management Methodology, Retrieved by : May/7/2019,From: https://www.enisa.europa.eu/publications/nlra-analysis-report16.ENISA, Public Private Partnerships, Retrieved by : April/4/2019,From: https://www.enisa.europa.eu/topics/national-cyber-security-strategies/ppps17.EuroDIG 2019, “Making norms work – Pursuing effective Cybersecurity – PL 04 2019”, June,2019, Retrieved by : Jun/5/2019,From: https://eurodigwiki.org/wiki/Making_norms_work_%E2%80%93_Pursuing_effective_cybersecurity_%E2%80%93_PL_04_201918.Haran,Varun, AI-Augmented Security : Can Cyberattackers Counter it ?,ISMG Network, Retrieved by : June/28/2019,from : https://www.bankinfosecurity.com/ai-augmented-security-cyberattackers-counter-it-a-1128319.ISO 27000 Standard Family, IT Governance website, Retrieved by : April/2/2019, From: https://www.itgovernance.co.uk/iso27000-family20.Lipner, Steven B. & Lampson, Butler W., ” Risk Management and the Cybersecurity of the U.S. Government”, Retrieved by : June/22/016, From: https://www.nist.gov/sites/default/files/documents/2016/09/16/s.lipner-b.lampson_rfi_response.pdf21.McAfee Research Report, Cyber-Responsibility Report, Retrieved by : May/20/2019, From: https://www.mcafee.com/enterprise/en-us/assets/reports/rp-cyber-responsibility.pdf22.Merisalo, Taija, Cybersecurity is a fusion of man and machine, F-Secure Blog, May,2018, Retrieved by : June/15/2019.From: https://blog.f-secure.com/cyber-security-is-a-fusion-of-man-and-machine/,23.National Infrastructure Protection Plan, Retrieved by : May/7/2019, From: https://www.dhs.gov/cisa/national-infrastructure-protection-plan24.NIST, Computer Forensic Tools and Techniques Catalog, Retrieved by : June/28/2019,From: https://toolcatalog.nist.gov25.NIST Small Business Cybersecurity Act becomes Law, Retrieved by : June/21/2019,From: https://www.securityweek.com/nist-small-business-cybersecurity-act-becomes-law26.North Korea’s Foreign Currency earning & Financial Hacking activity on the Cyber Area from Southern Korea Cybersecurity Team – Simon Choi, Retrieved by : April/10/2019, From: https://drive.google.com/file/d/0B_tRQHq1vrtxbzdrWnJoWjR1VGc/view27.Petit, Frédéric, et,al., Analysis of Critical Infrastructure dependency and interdependency, Argonne National Laboratory, Retrieved by : June/20/2016,From: https://publications.anl.gov/anlpubs/2015/06/111906.pdf28.President Policy Directive 21, Homeland Security PPD-21 Archives, Retrieved by : Jun/12/2019, From: https://www.dhs.gov/taxonomy/term/2586/all/feed29.Presidential Policy Directive, Critical Infrastructure Security and Resilience, whitehouse.gov, Retrieved March/12/2019,From: https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil30.Roberto Viola, A safe and trustworthy digital world – our shared responsibility, Retrieved by : May/1/2019,From: https://ec.europa.eu/digital-single-Marchket/en/blogposts/safe-and-trustworthy-digital-world-our-shared-responsibility31.Secure by Default, National Cybersecurity Center – United Kingdom, Retrieved by: June/20/2019, From: https://www.ncsc.gov.uk/information/secure-default32.Segovia, Antonio Jose, “Main Difference between ISO 27001 and ISO 27032”, Aug, 25,2015, Retrieved by : May/28/2019,From: https://advisera.com/27001academy/blog/2015/08/25/iso-27001-vs-iso-27032-cybersecurity-standard/33.Stückelberger, Christoph, Cyber Ethics 4.0 Saving Humanity with Values,Globalethics.net, Retrieved by : June/3/2019 From: https://www.globethics.net/documents/4289936/13403236/Ge_Global_17_web_isbn9782889312641.pdf/34.The Biggest to Cybersecurity is organization complexity, Retrieved by : June/3/2019,From: https://www.bralin.com/the-biggest-threat-to-cybersecurity-is-organization-complexity35.The Cybersecurity of Supply Chain: Who is real Risk, Man or Machine? Retrieved by : May/18/2019,From: https://kodiakrating.com/2017/08/16/the-cyber-security-of-supply-chains-whos-the-real-risk-man-or-machine/36.The Evolution of U.S Cyberpower, Retrieved by : May/30/2019,From: https://www.afcea.org/committees/cyber/documents/theevolutionofuscyberpower.pdf37.The NSA Files December – Edward Snowden, The Guardian Newspaper - British, Retrieved by : March/10/2019,From: https://www.theguardian.com/us-news/the-nsa-files38.The Story of Operation Orchard, Retrieved by : March/5/2019,From: http://www.jmhinternational.com/news/news/selectednews/files/2009/11/20091103_SpiegelOnline_TheStoryOfOperationOrchard.pdf39.The World Economic Forum Global Risk Report 2013, Retrieved by : April/4/2019, From: http://www3.weforum.org/docs/WEF_GlobalRisks_Report_2013.pdf.40.Three Layers of Cyberspace, Cyberspace Operations Concept Capability Plan, Retrieved by : May/24/2019,From: https://www.researchgate.net/figure/The-three-layers-of-cyberspace-Adapted-from-Cyberspace-Operations-Concept-Capability_fig1_26736355141.Thomson, Ian, US Congress quietly slips cloud-spying powers into page 2,201 of spending mega-bill, Retrieved by: June/20/2019, From: https://www.theregister.co.uk/2018/03/23/cloud_act_spending_bill/42.Vault 7 : CIA Hacking Database- WIRED Magazine, Feb/12/2019,From: https://www.wired.com/tag/vault-7/43.What we need to know about PRISM-Electronic Frontier Foundation, Retrieved by : June/12/2016,From: https://www.eff.org/deeplinks/2013/06/what-we-need-to-know-about-prism44.Zion Marchket Research, “Digital Forensics Marchket Report”, Retrieved by : March/7/2019,From: https://www.globenewswire.com/news-release/2019/05/13/1822215/0/en/Global-Digital-Forensics-Marchket-Will-Reach-Over-USD-14-215-Million-by-2027-Zion-Marchket-Research.html zh_TW dc.identifier.doi (DOI) 10.6814/NCCU201900557 en_US