論金融數位韌性監理 | Publication

Publications-Theses

Article View/Open

pdf(0)

Publication Export

Google Scholar^TM

題名	論金融數位韌性監理 A Study on Financial Digital Resilience Regulation
作者	葉家如 Yeh, Chia-Ju
貢獻者	林建智 Lin, Jan-Juy 葉家如 Yeh, Chia-Ju
關鍵詞	數位韌性金融資安數位營運韌性法案金融服務業網路安全要求規範 ISO 27001 ISO 22301 NIST CSF Digital Resilience Financial Cybersecurity Digital Operational Resilience Act (DORA) 23 NYCRR Part 500 ISO 27001 ISO 22301 NIST CSF
日期	2025
上傳時間	1-Jul-2025 14:46:41 (UTC+8)
摘要	隨金融機構對資訊通訊科技（Information and Communications Technology, ICT）依賴日益加深，數位風險樣態亦趨複雜，「數位韌性」（Digital Resilience）遂成為金融監理與風險治理之重要議題。我國雖已透過《金融資安行動方案》及相關法規、自律規範與標準導入，初步建構資安治理架構，惟於實務層面仍面臨諸多挑戰，顯示現行制度難以因應多元且快速演變之風險特性。為回應上述挑戰，本文比較分析歐盟《數位營運韌性法案》（Digital Operational Resilience Act, DORA）、美國紐約州《金融服務業網路安全要求規範》（23 NYCRR Part 500）以及巴塞爾銀行監理委員會（BCBS）、國際保險監理官協會（IAIS）、支付暨市場基礎設施委員會（CPMI）與國際證券管理機構組織（IOSCO）等國際監理組織發布之韌性原則與指引，歸納各制度在法規層級、監理架構與治理邏輯之異同與互補性。另探討ISO 27001、ISO 22301與NIST CSF於數位韌性治理中的角色，其不僅有助於建構資安治理文化，亦可作為監理工具與國際對話之共通語言。綜合前述分析結果，本文提出三項政策建議：一、強化法規整合與跨業協調，建立「數位韌性共通準則」，並運用「法規調適平台」推動跨部門協作；二、深化國際標準制度化應用，將關鍵控制項納入法規與指引，搭配誘因與支援資源以利落實；三、導入比例原則與分級監理制度，依據機構風險與資源條件調整監理要求，強化制度彈性與實質治理效能。期藉此協助我國數位韌性監理架構之優化與整合，回應現行實務挑戰，並提升對數位風險之治理能力。 As financial institutions increasingly rely on Information and Communications Technology (ICT), digital risks have grown more complex and systemic. Digital resilience has therefore emerged as a key concern in financial regulation. While Taiwan has initiated frameworks such as the Financial Cyber Security Action Plan and adopted international standards, regulatory inconsistency, limited integration of standards, and gaps in implementation remain significant challenges. This study compares the EU’s Digital Operational Resilience Act (DORA), New York’s 23 NYCRR Part 500, and principles from BCBS, IAIS, CPMI, and IOSCO, analyzing their differences in legal force, supervisory structure, and risk governance logic. It also examines the functions of ISO 27001, ISO 22301, and NIST CSF as tools for institutional risk governance, regulatory compliance, and cross-border coordination. Based on the findings, this paper proposes three recommendations: (1) enhance regulatory coherence and cross-sectoral coordination through mechanisms such as Financial Action Innovation Regulation Adaptation Platform; (2) institutionalize international standards with incentives and capacity-building; and (3) implement proportional, risk-based regulation to enhance regulatory flexibility and effectiveness. This research aims to support the development of a coherent, adaptive, and internationally aligned digital resilience regime for Taiwan’s financial sector.
參考文獻	中文部分一、專書 1. 王志誠，現代金融法，3版， 2017年10月。 2. 王儷容、沈中華，法遵科技、監理科技與金融科技監理，2019年12月。 3. 呂桔誠、孫全玉，接軌國際金融監理2建構永續經營韌性，2023年9月。 4. 曾令寧、呂桔誠，接軌國際金融監理建構全面遵循體制，2020年8月。二、期刊論文 1. 王志誠，人工智慧在金融業運用之法律風險及監控，當代法律，第28期，頁11-25，2024年4月。 2. 江雅綺，歐盟建立數位韌性的立法趨勢：從《數位服務法》、《數位市場法》、《網路犯罪法》到「人工智慧法」草案，臺灣經濟研究月刊，第46卷10期，頁64-73，2023年10月。 3. 余啓民，資訊安全長之設置與責任初探，華岡法粹，第74期，頁1-61，2023年6月。 4. 呂正華，資安即國安，提升資安韌性實踐企業永續，會計研究月刊，第456期，頁76-81，2023年11月。 5. 李岳樵，論金融資安於彈性數位營運法之展望，商業法律與財金期刊，第4卷第1期，頁77-91，2021年12月。 6. 林咏儒，論金融監理之趨勢：「跨業整合」及「以風險為本」—以我國支付產業的法制為探討，萬國法律，第217期，頁13-20，2018年2月。 7. 林建智，論保險監理之基本架構-兼論我國保險監理制度之改進，保險專刊，第18卷2期，頁215-232，2002年12月。 8. 林彥良、陳鴻棋，國際資訊安全與隱私保護實務管理趨勢，內部稽核，第103期，頁10-15，2018年10月。 9. 邱安安、黃劭彥、劉福運、鄭嫆琄，金融創新服務之風險管理分析，科技管理學刊，第28卷3期，頁1-35，2023年12月。 10. 邱述琛，防禦第一線！上市櫃「資安長」與資安治理，會計研究月刊，第455期，頁78-83，2023年10月。 11. 姚智崇，數位轉型浪潮下，如何強化證券商資安監理與防護，證券服務，第685期，頁36-37，2021年10月。 12. 曹華韋（2020），「金融資安行動方案」證券業遵循之道，證券服務，第679期，頁29-34，2020年10月。 13. 莊永丞，論金融科技與金融監理，臺北大學法學論叢，第127期，頁151-236，2023年9月。 14. 陳弘益，數位治理的公私協力監管模式初探：以金融科技為例，教育暨資訊科技法學評論，第7期，頁139-151，2021年10月。 15. 陳肇鴻，金融機構資料治理規範架構之建構－由資訊需求與風險出發，台灣法律人，第 35期，頁47-62，2024年5月。 16. 曾耀民，公部門資安人力問題簡析，立法院第11屆議題研析，頁1-4，2024年12月。 17. 楊佳錚，新興科技資訊安全管控指引修訂說明，證券服務，第686期，頁35-42，2021年12月。 18. 楊岳平，評金管會最新金融整併法制之改革－兼論金融監理模式的選擇，月旦法學雜誌，第298期，頁113-133，2020年3月。 19. 楊偉文，金融監理機關功能性組織調整之研究，臺北大學法學論叢，第70期，頁157-255，2009年6月。 20. 鄒雅蓓，美國國家標準與技術研究院發布資安框架2.0版本，科技法律透析，第36卷4期，頁2-3，2024年12月。 21. 臧正運，銀行業資料治理的法制挑戰，台灣法律人，第9期，頁70-91，2022年3月。 22. 蔡信華、林建智，論金融危機與歐盟保險監理之改革—兼論我國保險監理之改進芻議，風險管理學報，第15卷1期，頁81-107，2013年6月。 23. 謝尚廷、蕭惟文、莊弘鈺，淺談金融業上雲趨勢與政策法令之發展，萬國法律，第253期，頁2-18，2024年2月。三、學位論文 1. 杜研禎，金融業人工智慧應用之金融監理規範研究，國立成功大學法律學系碩士班碩士論文，2023年1月。 2. 周映彤，建構金融監理國際協作框架—以現行架構再思考，國立政治大學法律學系碩士學位論文，2023年1月。 3. 張哲銘，金融資安攻防演練機制比較研析，東吳大學法學院法律學系碩士在職專班科技法律組碩士論文，2023年7月。 4. 陳廷祐，金融業供應鏈資通安全管理與法制，東吳大學法學院法律學系碩士在職專班科技法律組碩士論文，2025年2月。 5. 劉書良，從英美經驗看金融監理發展發向—兼論金融監理與法令遵循關係，國立臺灣大學進修推廣學院事業經營法務碩士在職學位學程碩士論文，2022年8月。 6. 鄭云婷，論金融業應用人工智慧之監理方向及內部規範之建立，國立陽明交通大學科技法律學院科技法律研究所碩士在職專班碩士論文， 2025年1月。四、政府文書 1. 金融監督管理委員會，金融科技發展策略白皮書， 2016年5月。 2. 金融監督管理委員會，金融資安行動方案，2020年8月。 3. 金融監督管理委員會，金融科技發展路徑圖，2020年8月。 4. 金融監督管理委員會，金融資安行動方案2.0，2022年12月。 5. 金融監督管理委員會，特載金融資安行動方案2.0，存款保險資訊季刊，第36卷第1期，頁1-28，2023年3月。五、網路資料 1. iThome，【iThome 2024資安大調查系列2｜資安阻礙篇】資安人手不足成最大痛點，老舊系統淪為技術面資安阻礙，https://www.ithome.com.tw/article/163450（最後瀏覽日: 2025.06.10）。 2. iThome，【臺灣資安大會直擊】加速落實金融資安行動方案2.0，金管會提供金融上手零信任架構的三步驟， https://www.ithome.com.tw/news/162972 （最後瀏覽日: 2025.06.10）。 3. iThome，【臺灣資安大會直擊】如何利用NIST框架改善企業資安治理？勤業眾信揭露3大心法，https://www.ithome.com.tw/news/135776（最後瀏覽日: 2025.06.10）。 4. Openfind，以 ISO 27001 為例說明法規遵循中的資安策略規劃，https://www.openfind.com.tw/taiwan/solutionday_2018/pdf/3_Steven.pdf（最後瀏覽日: 2025.06.10）。 5. 工商時報，金融資安攻防演練鎖定三威脅，https://www.ctee.com.tw/news/20241111700138-439901（最後瀏覽日: 2025.06.10）。 6. 工商時報，劉世芳：台美智庫進行金融兵推支持台灣加入IMF，https://www.ctee.com.tw/news/20241226702161-430104（最後瀏覽日: 2025.06.10）。 7. 公視新聞網，公部門資安人力缺口大專家：發揮空間也是求職考量， https://news.pts.org.tw/article/691352（最後瀏覽日: 2025.06.10）。 8. 立法院網站，金融監督管理委員會及所屬114年度單位預算評估報告，https://www.ly.gov.tw/Pages/Detail.aspx?nodeid=55673&pid=244108 （最後瀏覽日: 2025.06.10）。 9. 金管會資訊服務處，金管會推動「金融資安行動方案」，追求安全便利不中斷的金融服務目標，https://www.fsc.gov.tw/ch/home.jsp?id=96&parentpath=0,2&mcustomize=news_view.jsp&dataserno=202008060003&dtable=News（最後瀏覽日: 2025.06.10）。 10. 金管會資訊服務處，金管會發布「金融資安行動方案」2.0，引導金融資安持續精進，https://www.fsc.gov.tw/ch/home.jsp?id=96&parentpath=0,2&mcustomize=news_view.jsp&dataserno=202212270001&dtable=News （最後瀏覽日: 2025.06.10）。 11. 金融監督管理委員會，「金融行動創新法規調適平台」已於8月6日召開第一次工作小組會議，https://www.fsc.gov.tw/ch/home.jsp?id=96&parentpath=0,2&mcustomize=news_view.jsp&dataserno=202408070002&dtable=News（最後瀏覽日: 2025.06.10）。 12. 金融監督管理委員會，「金融行動創新法規調適平台」運作成果及2.0方案，https://www.fsc.gov.tw/ch/home.jsp?id=96&parentpath=0,2&mcustomize=news_view.jsp&dataserno=202502200002&aplistdn=ou=news,ou=multisite,ou=chinese,ou=ap_root,o=fsc,c=tw&dtable=News（最後瀏覽日: 2025.06.10）。 13. 姚智崇，銀行及證券產業資安法規比較， https://www.twse.com.tw/market_insights/zh/detail/8a8216d6933460a401937213a8f00226（最後瀏覽日: 2025.06.10）。 14. 陳威棋，【勤業眾信專欄】信任金融服務？先從零信任做起，https://fc.bnext.com.tw/articles/view/1934? （最後瀏覽日: 2025.06.10）。 15. 監察院網站，監察院賴鼎銘委員代表交通及採購委員會就「公私部門資通安全問題之探討」議題發言，https://www.cy.gov.tw/News_Content.aspx?n=709&s=27487 （最後瀏覽日: 2025.06.10）。 16. 數位發展部，數位發展部的核心理念是「強化全民數位韌性」，什麼是「數位韌性」？，https://moda.gov.tw/press/clarification/2512 （最後瀏覽日: 2025.06.10）。英文部分一、專書 1. Kaur, G., Habibi Lashkari, Z., Habibi Lashkari, A. (2021), UNDERSTANDING CYBERSECURITY MANAGEMENT IN FINTECH: CHALLENGES, STRATEGIES, AND TRENDS, Cham: Springer International Publishing. 2. Pomerleau, P. L., & Lowery, D. L. (2020), COUNTERING CYBER THREATS TO FINANCIAL INSTITUTIONS. A PRIVATE AND PUBLIC PARTNERSHIP APPROACH TO CRITICAL INFRASTRUCTURE PROTECTION, Palgrave Macmillan Cham. 3. Shandilya, S. K., Datta, A., Kartik, Y., & Nagar, A. K. (2024), DIGITAL RESILIENCE: NAVIGATING DISRUPTION AND SAFEGUARDING DATA PRIVACY, Springer Nature Switzerland. 4. Tjoa, S., Gafić, M., & Kieseberg, P. (2024), CYBER RESILIENCE FUNDAMENTALS, Springer International Publishing. 二、書之篇章 1. Anna Neumannová, Erich W. Bernroider & Christoph Elshuber(2022), The Digital Operational Resilience Act for Financial Services: A Comparative Gap Analysis and Literature Review, In Proceedings of the European, Mediterranean, and Middle Eastern Conference on Information Systems (pp.570–585), Springer Nature Switzerland. 三、期刊論文 1. Clausmeier, D., Regulation of the European Parliament and the Council on Digital Operational Resilience for the Financial Sector (DORA), 4 INT’L CYBERSECURITY L. REV. 79–90 (2023). 2. Crisanto, Juan Carlos & Prenio, Jermy, Regulatory Approaches to Enhance Banks’ Cyber-Security Frameworks, FSI Insights on Policy Implementation No. 2. Bank for International Settlements (2017). available at https://www.bis.org/fsi/publ/insights2.pdf. 3. Didenko, Anton N. Cybersecurity Regulation in the Financial Sector: Prospects of Legal Harmonization in the European Union and Beyond. Uniform Law Review, 25(1), 125 (2020). 4. Gibb, Fiona & Buchanan, Steven. A Framework for Business Continuity Management. International Journal of Information Management, 26(2), 128 (2006). 5. Gillies, Alan, Improving the Quality of Information Security Management Systems with ISO27000, 23 TQM Journal 367 (2011). 6. Kashyap, Anil K. & Wetherilt, Andrew. Some Principles for Regulating Cyber Risk. AEA Papers and Proceedings, 109, 482 (May 2019). 7. Makhija, Anil K, Information Security Management Systems—Evolving Landscape and ISO 27001: An Empirical Study, Journal of Accounting, Finance, Economics, and Social Sciences, 6, 9 (2021). 8. MAURER, T. & A. NELSON, International Strategy to Better Protect the Financial System Against Cyber Threats, Washington, D.C.: Carnegie Endowment for International Peace (2020). 9. Maurer, Tim & Nelson, Arthur. The Global Cyber Threat. Finance & Development, 58(1), 24 (2021). 10. Oyeniyi, Lawrence D., Ugochukwu, Chinonye E. & Mhlongo, Noluthando Z, Developing Cybersecurity Frameworks for Financial Institutions: A Comprehensive Review and Best Practices, Computer Science & IT Research Journal, 5, 903 (2024). 11. Peihani, Maziar, Regulation of Cyber Risk in the Banking System: A Canadian Case Study, Journal of Financial Regulation, 8, 139 (2022). 12. Prenio, Janine & Restoy, Fernando. Safeguarding Operational Resilience: The Macroprudential Perspective. FSI Briefs No. 17 (2022). available at https://www.bis.org/fsi/fsibriefs17.pdf. 13. Torabi, S.A., Soufi, H.R. & Sahebjamnia, Navid. A New Framework for Business Impact Analysis in Business Continuity Management (with a Case Study). Safety Science, 68, 309 (2014). 四、政府與國際組織文書 1. BASEL COMMITTEE ON BANKING SUPERVISION (BCBS), PRINCIPLES FOR OPERATIONAL RESILIENCE. (March 2021), available at https://www.bis.org/bcbs/publ/d516.pdf. 2. BASEL COMMITTEE ON BANKING SUPERVISION (BCBS), REVISIONS TO THE PRINCIPLES FOR THE SOUND MANAGEMENT OF OPERATIONAL RISK. (March 2021), available at https://www.bis.org/bcbs/publ/d515.pdf. 3. COMMITTEE ON PAYMENTS AND MARKET INFRASTRUCTURES & BOARD OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS (CPMI-IOSCO), GUIDANCE ON CYBER RESILIENCE FOR FINANCIAL MARKET INFRASTRUCTURES (June 2016), available at https://www.bis.org/cpmi/publ/d146.pdf. 4. COMMITTEE ON PAYMENTS AND MARKET INFRASTRUCTURES & BOARD OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSION (CPMI-IOSCO), IMPLEMENTATION MONITORING OF THE PFMI: LEVEL 3 ASSESSMENT ON FINANCIAL MARKET INFRASTRUCTURES’ CYBER RESILIENCE (November 2022), available at https://www.bis.org/cpmi/publ/d212.pdf. 5. CONFERENCE OF STATE BANK SUPERVISORS (CSBS), 2024 CSBS ANNUAL SURVEY OF COMMUNITY BANKS 10 (Oct. 2024), available at https://www.csbs.org/sites/default/files/other-files/FINAL2024CSBSSurvey.pdf 6. EUROPEAN SUPERVISORY AUTHORITIES (EBA, EIOPA & ESMA), FINAL REPORT DRAFT REGULATORY TECHNICAL STANDARDS, JC 2023 86, 7 (Jan. 2024), available at https://www.eba.europa.eu/sites/default/files/2024-01/bf5a2976-1a48-44f3-b5a7-56acd23ba55c/JC%202023%2086%20-%20Final%20report%20on%20draft%20RTS%20on%20ICT%20Risk%20Management%20Framework%20and%20on%20simplified%20ICT%20Risk%20Management%20Framework.pdf. 7. EUROPEAN SYSTEMIC RISK BOARD (ESRB), SYSTEMIC CYBER RISK. (February 2020) , available at https://www.esrb.europa.eu/pub/pdf/reports/esrb.report200219_systemiccyberrisk~101a09685e.en.pdf 8. EUROPEAN UNION AGENCY FOR NETWORK & INFORMATION SECURITY (ENISA), CYBER SECURITY CULTURE IN ORGANISATIONS (NOVEMBER 2017), available at HTTPS://RISKCUE.ID/UPLOADS/EBOOK/20210819081936-2021-08-19EBOOK081739.PDF 9. FINANCIAL STABILITY BOARD (FSB), PROMOTING GLOBAL FINANCIAL STABILITY: 2022 FSB ANNUAL REPORT (16 November 2022), available at https://www.fsb.org/uploads/P161122.pdf. 10. FINANCIAL STABILITY BOARD (FSB), RECOMMENDATIONS TO ACHIEVE GREATER CONVERGENCE IN CYBER INCIDENT REPORTING: FINAL REPORT. (13 April 2023), available at https://www.fsb.org/uploads/P130423-1.pdf 11. INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS (IAIS), APPLICATION PAPER ON SUPERVISION OF INSURER CYBERSECURITY (November 2018), available at https://www.iais.org/uploads/2022/01/181108-Application-Paper-on-Supervision-of-Insurer-Cybersecurity.pdf. 12. INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS (IAIS), ISSUES PAPER ON INSURANCE SECTOR OPERATIONAL RESILIENCE (May 2023), available at https://www.iaisweb.org/uploads/2023/05/Issues-Paper-on-Insurance-Sector-Operational-Resilience.pdf 13. INTERNATIONAL MONETARY FUND (IMF), GLOBAL FINANCIAL STABILITY REPORT: STEADYING THE COURSE: UNCERTAINTY, ARTIFICIAL INTELLIGENCE, AND FINANCIAL STABILITY (October 2024). 14. INTERNATIONAL MONETARY FUND (IMF), GLOBAL FINANCIAL STABILITY REPORT: THE LAST MILE: FINANCIAL VULNERABILITIES AND RISKS (April 2024). 15. INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS (IOSCO), CYBER TASK FORCE FINAL REPORT (June 2019), available at https://www.iosco.org/library/pubdocs/pdf/IOSCOPD633.pdf. 16. NATIONAL ASSOCIATION OF INSURANCE COMMISSIONERS (NAIC), Insurance Data Security Model Law, NAIC Model Law No. 668 (2017), https://content.naic.org/sites/default/files/model-law-668.pdf. 17. NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (NIST), FRAMEWORK FOR IMPROVINGCRITICAL INFRASTRUCTURE CYBERSECURITY, Version 1.1 (April 2018), available at https://doi.org/10.6028/NIST.CSWP.04162018 18. NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (NIST), THE NIST CYBERSECURITY FRAMEWORK (CSF) 2.0 (February 2024), available at https://doi.org/10.6028/NIST.CSWP.29 19. New York State Department of Financial Services (NYDFS), Assessment of Public Comments and Revised Regulatory Text – Second Amendment to 23 NYCRR 500 (2023), available at https://www.dfs.ny.gov/system/files/documents/2023/10/rf_fs_2amend23NYCRR500_apc_20231101.pdf. 20. NEW YORK STATE DEPARTMENT OF FINANCIAL SERVICES(NYDFS), AMENDED CYBERSECURITY REGULATION – SECOND AMENDMENT 23 NYCRR PART 500, (November 2023), available at https://www.dfs.ny.gov/system/files/documents/2023/11/cyber_public_training_deck_20231108.pdf. 21. ORGANISATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT (OECD), OECD POLICY FRAMEWORK ON DIGITAL SECURITY: CYBERSECURITY FOR PROSPERITY (2022), available at https://doi.org/10.1787/a69df866-en. 22. SECURITIES INDUSTRY & FINANCIAL MARKETS ASSOCIATION (SIFMA), SMALL FIRMS CYBERSECURITY GUIDANCE HOW TO CONSUME THREAT INFORMATION FROM THE FS-ISAC (2017), available at https://www.sifma.org/wp-content/uploads/2017/07/small-firms-cybersecurity-guide-2017.pdf 23. WORLD ECONOMIC FORUM (WEF), GLOBAL CYBERSECURITY OUTLOOK 2025 (January, 2025), available at https://reports.weforum.org/docs/WEF_Global_Cybersecurity_Outlook_2025.pdf 五、政府與國際組織網路資料 1. Basel Committee on Banking Supervision (BCBS), Basel Committee Charter, available at https://www.bis.org/bcbs/charter.htm(last visited: June 10, 2025). 2. Basel Committee on Banking Supervision (BCBS), Newsletter on cyber security, available at https://www.bis.org/publ/bcbs_nl25.htm (last visited: June 10, 2025). 3. Basel Committee on Banking Supervision (BCBS), Principles for Sound Management of Operational Risk (PSMOR) - Executive Summary, available at https://www.bis.org/fsi/fsisummaries/psmor.htm (last visited: June 10, 2025). 4. Committee on Payments and Market Infrastructures (CPMI), CPMI work programme and strategic priorities for 2025-27, available at https://www.bis.org/cpmi/work_programme.htm?m=290 (last visited: June 10, 2025). 5. Committee on Payments and Market Infrastructures (CPMI), CPMI-IOSCO release guidance on cyber resilience for financial market infrastructures, available at https://www.bis.org/press/p160629.htm (last visited: June 10, 2025). 6. Committee on Payments and Market Infrastructures (CPMI), Guidance on cyber resilience for financial market infrastructures, available at https://www.bis.org/cpmi/publ/d146.htm (last visited: June 10, 2025). 7. European Central Bank (ECB), What is cyber resilience?, available at https://www.ecb.europa.eu/paym/cyber-resilience/html/index.en.html (last visited: June 10, 2025). 8. European Parliament, European System of Financial Supervision (ESFS), available at https://www.europarl.europa.eu/factsheets/en/sheet/84/european-system-of-financial-supervision-esfs-(last visited: June 10, 2025). 9. European Securities and Markets Authority (ESMA), ESAs publish Joint Advice on Information and Communication Technology risk management and cybersecurity, available at https://www.esma.europa.eu/press-news/esma-news/esas-publish-joint-advice-information-and-communication-technology-risk (last visited: June 10, 2025). 10. Federal Financial Supervisory Authority (BaFin), Central counterparties: CPMI and IOSCO publish report on implementation of principles for financial market infrastructures, available at https://www.bafin.de/SharedDocs/Veroeffentlichungen/EN/Fachartikel/2016/fa_bj_1609_zentrale_gegenparteien_en.html (last visited: June 10, 2025). 11. Federal Financial Supervisory Authority (BaFin), International securities regulation - IOSCO overhauls international standards, available at https://www.bafin.de/SharedDocs/Veroeffentlichungen/EN/Fachartikel/2017/fa_bj_1706_IOSCO_en.html (last visited: June 10, 2025). 12. Financial Services Information Sharing and Analysis Center (FS-ISAC), Resilience, available at https://www.fsisac.com/resilience (last visited: June 10, 2025). 13. Financial Stability Board (FSB), FSB publishes stocktake on cybersecurity regulatory and supervisory practices, available at https://www.fsb.org/2017/10/fsb-publishes-stocktake-on-cybersecurity-regulatory-and-supervisory-practices/ (last visited: June 10, 2025). 14. International Organization of Securities Commissions (IOSCO), About IOSCO, available at https://www.iosco.org/about/?subsection=membership_map (last visited: June 10, 2025). 15. New York State Department of Financial Services (NYDFS), About DFS, available at https://www.dfs.ny.gov/About_Us?utm_source (last visited: June 10, 2025). 16. New York State Department of Financial Services (NYDFS), Cybersecurity Resource Center Introduction, available at https://www.dfs.ny.gov/industry_guidance/cybersecurity (last visited: June 10, 2025). 17. Organisation for Economic Co-operation & Development (OECD), Digital Security, available at https://www.oecd.org/en/topics/digital-security.html (last visited: June 10, 2025). 18. S&P Global Ratings, Global Banks Midyear Outlook 2024 Searching For Calmer Waters (July 2024), available at https://www.spglobal.com/_assets/documents/ratings/research/101601133.pdf?utm_source=chatgpt.com (last visited: June 10, 2025). 六、網路資料 1. Alan Parker , Common Challenges in Implementing ISO 27001 and How to Overcome Them, Iseo Blue, available at https://www.iseoblue.com/post/common-challenges-in-implementing-iso-27001-and-how-to-overcome-them (last visited: June 10, 2025). 2. Alextec Advisory, Business Continuity Plans Testing & Exercising, available at https://alextec.com/bcm/business-continuity-testing-exercising/ (last visited: June 10, 2025). 3. Amelia Ho, Roles of Three Lines of Defense for Information Security and Governance, ISACA, available at https://www.isaca.org/resources/isaca-journal/issues/2018/volume-4/roles-of-three-lines-of-defense-for-information-security-and-governance(last visited: June 10, 2025). 4. AON, For Cyber Readiness, the CISO and CRO Join Forces, available at https://www.aon.com/en/insights/articles/for-cyber-readiness-the-ciso-and-cro-join-forces(last visited: June 10, 2025). 5. Bernard Marr, The Important Difference Between Cybersecurity And Cyber Resilience (And Why You Need Both), available at https://bernardmarr.com/the-important-difference-between-cybersecurity-and-cyber-resilience-and-why-you-need-both/ (last visited: June 10, 2025). 6. Checkmarx, What is NIST CSF?, available at https://checkmarx.com/glossary/what-is-nist-csf/ (last visited: June 10, 2025). 7. Cyber Risk GmbH, The Digital Operational Resilience Act (DORA) - Regulation (EU) 2022/2554, available at https://www.digital-operational-resilience-act.com (last visited: June 10, 2025). 8. Dejan Kosutic, What is ISO 22301?, Advisera, available at https://advisera.com/27001academy/what-is-iso-22301/ (last visited: June 10, 2025). 9. DEKRA, ISO 22301 Certification, available at https://www.dekra.us/en/audit/iso-22301-certification/ (last visited: June 10, 2025). 10. Erik Gerding, Cybersecurity Disclosure, U.S. Securities and Exchange Commission, available at https://www.sec.gov/newsroom/speeches-statements/gerding-cybersecurity-disclosure-20231214 (last visited: June 10, 2025). 11. Fortinet home, What Is The CIA Triad?, available at https://www.fortinet.com/resources/cyberglossary/cia-triad (last visited: June 10, 2025). 12. Gaurav Modi, How can enterprises build digital resilience for trust?, EY, available at https://www.ey.com/en_id/insights/consulting/how-can-enterprises-build-digital-resilience-for-trust (last visited: June 10, 2025). 13. Gowsika Vadivel, How Much ISO 27001 Really Costs - The Complete Cost Breakdown, Cyber Sierra, available at https://cybersierra.co/blog/iso-27001-cost-breakdown/ (last visited: June 10, 2025). 14. Healey, Jason, Kaplan, Carina & McNeill, Christine, Understanding Cyber Market Failures, Lawfare, available at https://www.lawfaremedia.org/article/understanding-cyber-market-failures (last visited: June 10, 2025). 15. High Table, ISO 27001 Clause 5.1 Leadership and Commitment, available at https://hightable.io/iso-27001-clause-5-1-leadership-and-commitment/ (last visited: June 10, 2025). 16. IBM, What is cyber resilience?, available at https://www.ibm.com/topics/cyber-resilience (last visited: June 10, 2025). 17. International Organization for Standardization (ISO), About ISO, available at https://www.iso.org/about(last visited: June 10, 2025). 18. International Organization for Standardization (ISO), ISO 22301:2019, available at https://www.iso.org/standard/75106.html (last visited: June 10, 2025). 19. Libby Bevin, What Is Digital Resilience?, Zen GRC, available at https://www.zengrc.com/blog/what-is-digital-resilience/ (last visited: June 10, 2025). 20. Mark Sharron, ISO 27001 Requirements, Isms.online, available at https://www.isms.online/iso-27001/requirements/ (last visited: June 10, 2025). 21. Max Edwards, ISO 22301 vs ISO 27001, Isms.online, available at https://www.isms.online/iso-27001/vs-iso-22301/ (last visited: June 10, 2025). 22. Max Edwards, ISO 27001:2022 Annex A Explained, https://www.isms.online/iso-27001/annex-a/ (last visited: June 10, 2025). 23. Metricstream, Top 5 Operational Resilience Challenges in the Post-Pandemic Era, available at https://www.metricstream.com/learn/top-5-operational-resilience-challenges.html (last visited: June 10, 2025). 24. National Institute of Standards and Technology (NIST), About NIST, available at https://www.nist.gov/about-nist (last visited: June 10, 2025). 25. National Institute of Standards and Technology (NIST), cyber resiliency, available at https://csrc.nist.gov/glossary/term/cyber_resiliency (last visited: June 10, 2025). 26. Neumetric, ISO 22301 vs ISO 27001: Business Continuity vs Information Security Management, available at https://www.neumetric.com/journal/iso-22301-vs-iso-27001-business-continuity-vs-information-security-management/ (last visited: June 10, 2025). 27. Neumetric, NIST CSF vs ISO 27001: Which Cybersecurity Standard is right for you?, available at https://www.neumetric.com/journal/nist-csf-vs-iso-27001-1416/ (last visited: June 10, 2025). 28. Pivot Point Security, ISO 27001 vs NIST Cybersecurity Framework: What’s the Difference?, available at https://www.pivotpointsecurity.com/difference-between-iso-27001-vs-nist-cybersecurity-framework/(last visited: June 10, 2025). 29. Rohan Timalsina, Achieving Digital Resilience: Key Strategies for Modern Enterprises, TuxCare, available at https://tuxcare.com/blog/digital-resilience/?utm (last visited: June 10, 2025). 30. Secureframe, What is ISO 27001 Certification?, available at https://secureframe.com/hub/iso-27001/what-is-iso-27001 (last visited: June 10, 2025). 31. SEO HERO LTD, Building Digital Resilience: Essential Strategies for Financial Institutions, opencart, available at https://www.opencart.com/blog/building-digital-resilience?filter_author=SEO+HERO+LTD (last visited: June 10, 2025). 32. Stephen Watts, What is BCM? Basics of business continuity management explained, available at https://www.bmc.com/blogs/business-contunity-management-bcm/ (last visited: June 10, 2025). 33. Steve Taylor, Digital Operational Resilience: Complying with DORA, BDO, available at https://www.bdo.com/insights/advisory/digital-operational-resilience-complying-with-dora (last visited: June 10, 2025). 34. Vanta, Who needs ISO 27001 certification?, available at https://www.vanta.com/collection/iso-27001/who-needs-iso-27001-certification (last visited: June 10, 2025). 35. WIZ, Introduction to the NIST Cybersecurity Framework (CSF), available at https://www.wiz.io/academy/nist-cybersecurity-framework-csf (last visited: June 10, 2025).
描述	碩士國立政治大學風險管理與保險學系 111358003
資料來源	http://thesis.lib.nccu.edu.tw/record/#G0111358003
資料類型	thesis

dc.contributor.advisor	林建智	zh_TW
dc.contributor.advisor	Lin, Jan-Juy	en_US
dc.contributor.author (Authors)	葉家如	zh_TW
dc.contributor.author (Authors)	Yeh, Chia-Ju	en_US
dc.creator (作者)	葉家如	zh_TW
dc.creator (作者)	Yeh, Chia-Ju	en_US
dc.date (日期)	2025	en_US
dc.date.accessioned	1-Jul-2025 14:46:41 (UTC+8)	-
dc.date.available	1-Jul-2025 14:46:41 (UTC+8)	-
dc.date.issued (上傳時間)	1-Jul-2025 14:46:41 (UTC+8)	-
dc.identifier (Other Identifiers)	G0111358003	en_US
dc.identifier.uri (URI)	https://nccur.lib.nccu.edu.tw/handle/140.119/157761	-
dc.description (描述)	碩士	zh_TW
dc.description (描述)	國立政治大學	zh_TW
dc.description (描述)	風險管理與保險學系	zh_TW
dc.description (描述)	111358003	zh_TW
dc.description.abstract (摘要)	隨金融機構對資訊通訊科技（Information and Communications Technology, ICT）依賴日益加深，數位風險樣態亦趨複雜，「數位韌性」（Digital Resilience）遂成為金融監理與風險治理之重要議題。我國雖已透過《金融資安行動方案》及相關法規、自律規範與標準導入，初步建構資安治理架構，惟於實務層面仍面臨諸多挑戰，顯示現行制度難以因應多元且快速演變之風險特性。為回應上述挑戰，本文比較分析歐盟《數位營運韌性法案》（Digital Operational Resilience Act, DORA）、美國紐約州《金融服務業網路安全要求規範》（23 NYCRR Part 500）以及巴塞爾銀行監理委員會（BCBS）、國際保險監理官協會（IAIS）、支付暨市場基礎設施委員會（CPMI）與國際證券管理機構組織（IOSCO）等國際監理組織發布之韌性原則與指引，歸納各制度在法規層級、監理架構與治理邏輯之異同與互補性。另探討ISO 27001、ISO 22301與NIST CSF於數位韌性治理中的角色，其不僅有助於建構資安治理文化，亦可作為監理工具與國際對話之共通語言。綜合前述分析結果，本文提出三項政策建議：一、強化法規整合與跨業協調，建立「數位韌性共通準則」，並運用「法規調適平台」推動跨部門協作；二、深化國際標準制度化應用，將關鍵控制項納入法規與指引，搭配誘因與支援資源以利落實；三、導入比例原則與分級監理制度，依據機構風險與資源條件調整監理要求，強化制度彈性與實質治理效能。期藉此協助我國數位韌性監理架構之優化與整合，回應現行實務挑戰，並提升對數位風險之治理能力。	zh_TW
dc.description.abstract (摘要)	As financial institutions increasingly rely on Information and Communications Technology (ICT), digital risks have grown more complex and systemic. Digital resilience has therefore emerged as a key concern in financial regulation. While Taiwan has initiated frameworks such as the Financial Cyber Security Action Plan and adopted international standards, regulatory inconsistency, limited integration of standards, and gaps in implementation remain significant challenges. This study compares the EU’s Digital Operational Resilience Act (DORA), New York’s 23 NYCRR Part 500, and principles from BCBS, IAIS, CPMI, and IOSCO, analyzing their differences in legal force, supervisory structure, and risk governance logic. It also examines the functions of ISO 27001, ISO 22301, and NIST CSF as tools for institutional risk governance, regulatory compliance, and cross-border coordination. Based on the findings, this paper proposes three recommendations: (1) enhance regulatory coherence and cross-sectoral coordination through mechanisms such as Financial Action Innovation Regulation Adaptation Platform; (2) institutionalize international standards with incentives and capacity-building; and (3) implement proportional, risk-based regulation to enhance regulatory flexibility and effectiveness. This research aims to support the development of a coherent, adaptive, and internationally aligned digital resilience regime for Taiwan’s financial sector.	en_US
dc.description.tableofcontents	第一章緒論 1 第一節研究動機與目的 1 第二節研究範圍與研究方法 3 第一項研究範圍 3 第二項研究方法 4 第一款文獻分析法 4 第二款比較研究法 5 第三款歸納法 5 第三節研究架構 5 第二章金融數位韌性之理論基礎、風險特性與監理意涵 8 第一節數位韌性相關核心概念之界定 8 第一項營運韌性 8 第二項數位韌性 9 第三項數位營運韌性 11 第四項網路韌性 11 第五項概念釐清與範疇界定 12 第二節數位韌性之治理基礎與整合架構 15 第一項資訊安全 15 第二項營運持續性管理 16 第三項數位韌性：核心內涵、整合框架與實踐 18 第一款整合框架與核心要素 19 第二款數位韌性之治理與實踐 20 第三節金融數位韌性風險之特性與挑戰 21 第一項風險來源多樣且動態演變 21 第二項系統性風險與集中性風險 22 第三項供應鏈風險 23 第四項資訊共享與協作失效風險 24 第五項小結 24 第四節數位韌性監理介入之正當性與制度挑戰 25 第一項數位韌性監理之必要性分析 26 第一款因應市場失靈維繫金融穩定 26 第二款現行監理框架之侷限 28 第二項數位韌性監理挑戰 28 第一款監理規範分散與標準不一致 29 第二款監理滯後與技術發展挑戰 29 第三款認證標準與監理指引銜接問題 29 第四款第三方依賴與供應鏈監理缺口 30 第五款跨境合作挑戰 30 第六款比例原則彈性監理調整 31 第三項小結 31 第五節本章總結 32 第三章臺灣數位韌性監理現況與挑戰 34 第一節臺灣金融資安政策-金融資安行動方案 35 第一項強化主管機關資安監理 35 第一款形塑金融機構重視資安之組織文化 35 第二款完備資安規範 36 第三款加強金融資安檢查 36 第二項深化金融機構資安治理 37 第一款加強資安管理 37 第二款強化資安監控 37 第三款加強資安人才培育 37 第四款鼓勵零信任網路部署 38 第三項精實金融機構資安作業韌性 38 第一款增進營運持續管理之量能 38 第二款加強資安演練 39 第三款建構資料保全避風港 39 第四項發揮資安聯防功能 39 第一款資安情資分享與合作 40 第二款建立金融資安事件應變體系 40 第三款建立金融資安事件監控體系 40 第五項小結 41 第二節各業別金融資安監理框架：法規命令與自律規範 42 第一項臺灣金融資安監理制度與自律規範重點 42 第二項銀行業 44 第一款法規命令 44 第二款自律規範 47 第三項保險業 53 第一款法規命令 53 第二款自律規範 55 第四項證券業 57 第一款法規命令 57 第二款自律規範 60 第五項小結 69 第三節臺灣監理挑戰與制度缺口 72 第一項《金融資安行動方案》之問題與挑戰 72 第一款專業監理人才不足 72 第二款國際認證導入之挑戰 73 第二項法規命令層面之問題與挑戰 75 第一款法規基本架構的一致性與差異化 75 第二款資安長制度之實質效力 76 第三款資安事件通報制度的橫向整合困境 77 第三項自律規範層面之問題與挑戰 77 第一款規範重複與結構分散 77 第二款橫向整合與協調不足 78 第三款缺乏彈性與動態修正機制 79 第四項小結 80 第四章國際數位韌性監理 82 第一節國際數位韌性監理法規 82 第一項歐盟數位營運韌性法案（DORA） 82 第一款歐盟金融監理框架 83 第二款數位營運韌性法案（DORA）背景 85 第三款數位營運韌性法案（DORA）框架 86 第四款小結 95 第二項紐約金融服務業網路安全要求規範（23 NYCRR Part 500） 97 第一款紐約金融監理概況 97 第二款金融服務業網路安全要求規範（23NYCRR 500）背景 98 第三款金融服務業網路安全要求規範（23NYCRR 500）框架 99 第四款小結 106 第三項比較分析 107 第一款比較面向 107 第二款比較小結 110 第二節國際組織之數位韌性監理原則 112 第一項巴塞爾銀行監理委員會（BCBS） 112 第一款組織背景 112 第二款韌性原則背景與目的 113 第三款營運韌性原則（POR） 114 第四款營運風險管理原則（PSMOR） 119 第五款小結 124 第二項國際保險監理官協會（IAIS） 125 第一款組織背景 125 第二款保險業營運韌性報告發布背景與核心概念 125 第三款營運韌性於ICP原則中之定位與實務 126 第四款關鍵議題與監理方式 127 第五款小結 133 第三項國際清算銀行支付暨市場基礎設施委員會（CPMI）、國際證券管理機構組織（IOSCO）、 134 第一款組織背景 134 第二款金融市場基礎設施網路韌性指引之發布背景與核心目的 135 第三款網路韌性框架 137 第四款小結 148 第四項比較分析 149 第一款比較面向 149 第二款比較小結 154 第三節綜合比較 156 第一項法令規範與國際原則之拘束力比較 156 第一款具法律約束力之強制規範 156 第二款國際監理組織之軟法原則與指導 157 第三款比較分析 158 第二項整合監理與分業監理體系之比較 158 第一款跨業整合型監理模式 158 第二款分業型監理模式 159 第三款比較分析 160 第三項小結 162 第五章國際認證標準於數位韌性治理與監理之定位與應用 164 第一節國際認證標準 164 第一項國際標準組織ISO 164 第一款 ISO簡介 164 第二款 ISO認證流程 166 第三款 ISO數位韌性系列標準 167 第四款 ISO27001和ISO22301比較分析 173 第二項美國國家標準與技術研究院 NIST 175 第一款 NIST網路安全架構背景 175 第二款 NIST網路安全架構目標 175 第三款 NIST網路安全架構核心組成要素 176 第四款網路安全風險溝通與整合 181 第五款小結 182 第三項國際標準比較分析與整合應用 183 第一款標準性質與定位 183 第二款管理架構與風險治理邏輯 184 第三款治理機制與組織責任設計 185 第四款法令遵循實踐與監理參照功能 186 第五款認證與驗證流程 187 第六款標準整合應用與效益 188 第七款小結 189 第二節數位韌性監理中之標準運用 190 第一項國際韌性監理法規之標準運用 191 第一款歐盟 DORA法案 191 第二款紐約 23NYCRR 500法案 192 第三款小結 193 第二項國際監理組織之標準運用 194 第一款巴塞爾銀行監理委員會（BCBS） 194 第二款國際保險監理官協會（IAIS） 194 第三款國際清算銀行支付暨市場基礎設施委員會（CPMI）、國際證券管理機構組織（IOSCO） 195 第四款小結 196 第三項我國監理政策之標準運用 196 第四項國際標準在數位韌性監理中之角色定位 198 第三節金融機構內部導入資安標準之挑戰 199 第一項治理整合挑戰 199 第二項中小型機構之資源與成本挑戰 201 第四節認證標準在金融監理中的應用與可行性 202 第一項促進認證標準在金融監理的有效應用 203 第一款強化法規與標準的整合設計 203 第二款建立誘因導向監理機制 203 第三款推動資源共享與產業協力機制 204 第四款深化資安文化與從業人員意識 205 第二項小結 206 第五節本章總結 206 第六章臺灣數位韌性監理制度之政策建議 208 第一節臺灣與國際數位韌性監理制度之比較與分析 208 第一項臺灣金融數位韌性監理現況與核心挑戰 208 第二項國際法規與監理原則之主要特徵 210 第三項臺灣與國際制度比較分析 211 第一款法規層級與法律拘束力 211 第二款監理權責劃分與治理深度 211 第三款監理效能與彈性工具 213 第四款跨部門協作與資訊共享 214 第四項小結 215 第二節臺灣金融數位韌性監理政策建議 217 第一項強化既有規範與推動跨業協調 217 第一款提升核心共通規範之法律位階與一致性 218 第二款善用既有平台，深化跨業數位韌性法規協調 219 第三款強化高階治理責任與資安長專業 220 第二項深化國際認證標準應用：強化監理效能與實務遵循 221 第一款認證標準納入法規設計與實務規範 221 第二款推動標準落實之制度性支持措施 222 第三項落實比例原則，建構差異化數位韌性監理機制 222 第一款建構風險為基礎之分級分類架構 222 第二款強化動態裁量與執行彈性機制 223 第三款強化自律規範彈性設計 223 第四項小結 224 第七章結論與建議 226 第一節研究結論 226 第二節政策建議 228 參考文獻 229	zh_TW
dc.format.extent	4294836 bytes	-
dc.format.mimetype	application/pdf	-
dc.source.uri (資料來源)	http://thesis.lib.nccu.edu.tw/record/#G0111358003	en_US
dc.subject (關鍵詞)	數位韌性	zh_TW
dc.subject (關鍵詞)	金融資安	zh_TW
dc.subject (關鍵詞)	數位營運韌性法案	zh_TW
dc.subject (關鍵詞)	金融服務業網路安全要求規範	zh_TW
dc.subject (關鍵詞)	ISO 27001	zh_TW
dc.subject (關鍵詞)	ISO 22301	zh_TW
dc.subject (關鍵詞)	NIST CSF	zh_TW
dc.subject (關鍵詞)	Digital Resilience	en_US
dc.subject (關鍵詞)	Financial Cybersecurity	en_US
dc.subject (關鍵詞)	Digital Operational Resilience Act (DORA)	en_US
dc.subject (關鍵詞)	23 NYCRR Part 500	en_US
dc.subject (關鍵詞)	ISO 27001	en_US
dc.subject (關鍵詞)	ISO 22301	en_US
dc.subject (關鍵詞)	NIST CSF	en_US
dc.title (題名)	論金融數位韌性監理	zh_TW
dc.title (題名)	A Study on Financial Digital Resilience Regulation	en_US
dc.type (資料類型)	thesis	en_US
dc.relation.reference (參考文獻)	中文部分一、專書 1. 王志誠，現代金融法，3版， 2017年10月。 2. 王儷容、沈中華，法遵科技、監理科技與金融科技監理，2019年12月。 3. 呂桔誠、孫全玉，接軌國際金融監理2建構永續經營韌性，2023年9月。 4. 曾令寧、呂桔誠，接軌國際金融監理建構全面遵循體制，2020年8月。二、期刊論文 1. 王志誠，人工智慧在金融業運用之法律風險及監控，當代法律，第28期，頁11-25，2024年4月。 2. 江雅綺，歐盟建立數位韌性的立法趨勢：從《數位服務法》、《數位市場法》、《網路犯罪法》到「人工智慧法」草案，臺灣經濟研究月刊，第46卷10期，頁64-73，2023年10月。 3. 余啓民，資訊安全長之設置與責任初探，華岡法粹，第74期，頁1-61，2023年6月。 4. 呂正華，資安即國安，提升資安韌性實踐企業永續，會計研究月刊，第456期，頁76-81，2023年11月。 5. 李岳樵，論金融資安於彈性數位營運法之展望，商業法律與財金期刊，第4卷第1期，頁77-91，2021年12月。 6. 林咏儒，論金融監理之趨勢：「跨業整合」及「以風險為本」—以我國支付產業的法制為探討，萬國法律，第217期，頁13-20，2018年2月。 7. 林建智，論保險監理之基本架構-兼論我國保險監理制度之改進，保險專刊，第18卷2期，頁215-232，2002年12月。 8. 林彥良、陳鴻棋，國際資訊安全與隱私保護實務管理趨勢，內部稽核，第103期，頁10-15，2018年10月。 9. 邱安安、黃劭彥、劉福運、鄭嫆琄，金融創新服務之風險管理分析，科技管理學刊，第28卷3期，頁1-35，2023年12月。 10. 邱述琛，防禦第一線！上市櫃「資安長」與資安治理，會計研究月刊，第455期，頁78-83，2023年10月。 11. 姚智崇，數位轉型浪潮下，如何強化證券商資安監理與防護，證券服務，第685期，頁36-37，2021年10月。 12. 曹華韋（2020），「金融資安行動方案」證券業遵循之道，證券服務，第679期，頁29-34，2020年10月。 13. 莊永丞，論金融科技與金融監理，臺北大學法學論叢，第127期，頁151-236，2023年9月。 14. 陳弘益，數位治理的公私協力監管模式初探：以金融科技為例，教育暨資訊科技法學評論，第7期，頁139-151，2021年10月。 15. 陳肇鴻，金融機構資料治理規範架構之建構－由資訊需求與風險出發，台灣法律人，第 35期，頁47-62，2024年5月。 16. 曾耀民，公部門資安人力問題簡析，立法院第11屆議題研析，頁1-4，2024年12月。 17. 楊佳錚，新興科技資訊安全管控指引修訂說明，證券服務，第686期，頁35-42，2021年12月。 18. 楊岳平，評金管會最新金融整併法制之改革－兼論金融監理模式的選擇，月旦法學雜誌，第298期，頁113-133，2020年3月。 19. 楊偉文，金融監理機關功能性組織調整之研究，臺北大學法學論叢，第70期，頁157-255，2009年6月。 20. 鄒雅蓓，美國國家標準與技術研究院發布資安框架2.0版本，科技法律透析，第36卷4期，頁2-3，2024年12月。 21. 臧正運，銀行業資料治理的法制挑戰，台灣法律人，第9期，頁70-91，2022年3月。 22. 蔡信華、林建智，論金融危機與歐盟保險監理之改革—兼論我國保險監理之改進芻議，風險管理學報，第15卷1期，頁81-107，2013年6月。 23. 謝尚廷、蕭惟文、莊弘鈺，淺談金融業上雲趨勢與政策法令之發展，萬國法律，第253期，頁2-18，2024年2月。三、學位論文 1. 杜研禎，金融業人工智慧應用之金融監理規範研究，國立成功大學法律學系碩士班碩士論文，2023年1月。 2. 周映彤，建構金融監理國際協作框架—以現行架構再思考，國立政治大學法律學系碩士學位論文，2023年1月。 3. 張哲銘，金融資安攻防演練機制比較研析，東吳大學法學院法律學系碩士在職專班科技法律組碩士論文，2023年7月。 4. 陳廷祐，金融業供應鏈資通安全管理與法制，東吳大學法學院法律學系碩士在職專班科技法律組碩士論文，2025年2月。 5. 劉書良，從英美經驗看金融監理發展發向—兼論金融監理與法令遵循關係，國立臺灣大學進修推廣學院事業經營法務碩士在職學位學程碩士論文，2022年8月。 6. 鄭云婷，論金融業應用人工智慧之監理方向及內部規範之建立，國立陽明交通大學科技法律學院科技法律研究所碩士在職專班碩士論文， 2025年1月。四、政府文書 1. 金融監督管理委員會，金融科技發展策略白皮書， 2016年5月。 2. 金融監督管理委員會，金融資安行動方案，2020年8月。 3. 金融監督管理委員會，金融科技發展路徑圖，2020年8月。 4. 金融監督管理委員會，金融資安行動方案2.0，2022年12月。 5. 金融監督管理委員會，特載金融資安行動方案2.0，存款保險資訊季刊，第36卷第1期，頁1-28，2023年3月。五、網路資料 1. iThome，【iThome 2024資安大調查系列2｜資安阻礙篇】資安人手不足成最大痛點，老舊系統淪為技術面資安阻礙，https://www.ithome.com.tw/article/163450（最後瀏覽日: 2025.06.10）。 2. iThome，【臺灣資安大會直擊】加速落實金融資安行動方案2.0，金管會提供金融上手零信任架構的三步驟， https://www.ithome.com.tw/news/162972 （最後瀏覽日: 2025.06.10）。 3. iThome，【臺灣資安大會直擊】如何利用NIST框架改善企業資安治理？勤業眾信揭露3大心法，https://www.ithome.com.tw/news/135776（最後瀏覽日: 2025.06.10）。 4. Openfind，以 ISO 27001 為例說明法規遵循中的資安策略規劃，https://www.openfind.com.tw/taiwan/solutionday_2018/pdf/3_Steven.pdf（最後瀏覽日: 2025.06.10）。 5. 工商時報，金融資安攻防演練鎖定三威脅，https://www.ctee.com.tw/news/20241111700138-439901（最後瀏覽日: 2025.06.10）。 6. 工商時報，劉世芳：台美智庫進行金融兵推支持台灣加入IMF，https://www.ctee.com.tw/news/20241226702161-430104（最後瀏覽日: 2025.06.10）。 7. 公視新聞網，公部門資安人力缺口大專家：發揮空間也是求職考量， https://news.pts.org.tw/article/691352（最後瀏覽日: 2025.06.10）。 8. 立法院網站，金融監督管理委員會及所屬114年度單位預算評估報告，https://www.ly.gov.tw/Pages/Detail.aspx?nodeid=55673&pid=244108 （最後瀏覽日: 2025.06.10）。 9. 金管會資訊服務處，金管會推動「金融資安行動方案」，追求安全便利不中斷的金融服務目標，https://www.fsc.gov.tw/ch/home.jsp?id=96&parentpath=0,2&mcustomize=news_view.jsp&dataserno=202008060003&dtable=News（最後瀏覽日: 2025.06.10）。 10. 金管會資訊服務處，金管會發布「金融資安行動方案」2.0，引導金融資安持續精進，https://www.fsc.gov.tw/ch/home.jsp?id=96&parentpath=0,2&mcustomize=news_view.jsp&dataserno=202212270001&dtable=News （最後瀏覽日: 2025.06.10）。 11. 金融監督管理委員會，「金融行動創新法規調適平台」已於8月6日召開第一次工作小組會議，https://www.fsc.gov.tw/ch/home.jsp?id=96&parentpath=0,2&mcustomize=news_view.jsp&dataserno=202408070002&dtable=News（最後瀏覽日: 2025.06.10）。 12. 金融監督管理委員會，「金融行動創新法規調適平台」運作成果及2.0方案，https://www.fsc.gov.tw/ch/home.jsp?id=96&parentpath=0,2&mcustomize=news_view.jsp&dataserno=202502200002&aplistdn=ou=news,ou=multisite,ou=chinese,ou=ap_root,o=fsc,c=tw&dtable=News（最後瀏覽日: 2025.06.10）。 13. 姚智崇，銀行及證券產業資安法規比較， https://www.twse.com.tw/market_insights/zh/detail/8a8216d6933460a401937213a8f00226（最後瀏覽日: 2025.06.10）。 14. 陳威棋，【勤業眾信專欄】信任金融服務？先從零信任做起，https://fc.bnext.com.tw/articles/view/1934? （最後瀏覽日: 2025.06.10）。 15. 監察院網站，監察院賴鼎銘委員代表交通及採購委員會就「公私部門資通安全問題之探討」議題發言，https://www.cy.gov.tw/News_Content.aspx?n=709&s=27487 （最後瀏覽日: 2025.06.10）。 16. 數位發展部，數位發展部的核心理念是「強化全民數位韌性」，什麼是「數位韌性」？，https://moda.gov.tw/press/clarification/2512 （最後瀏覽日: 2025.06.10）。英文部分一、專書 1. Kaur, G., Habibi Lashkari, Z., Habibi Lashkari, A. (2021), UNDERSTANDING CYBERSECURITY MANAGEMENT IN FINTECH: CHALLENGES, STRATEGIES, AND TRENDS, Cham: Springer International Publishing. 2. Pomerleau, P. L., & Lowery, D. L. (2020), COUNTERING CYBER THREATS TO FINANCIAL INSTITUTIONS. A PRIVATE AND PUBLIC PARTNERSHIP APPROACH TO CRITICAL INFRASTRUCTURE PROTECTION, Palgrave Macmillan Cham. 3. Shandilya, S. K., Datta, A., Kartik, Y., & Nagar, A. K. (2024), DIGITAL RESILIENCE: NAVIGATING DISRUPTION AND SAFEGUARDING DATA PRIVACY, Springer Nature Switzerland. 4. Tjoa, S., Gafić, M., & Kieseberg, P. (2024), CYBER RESILIENCE FUNDAMENTALS, Springer International Publishing. 二、書之篇章 1. Anna Neumannová, Erich W. Bernroider & Christoph Elshuber(2022), The Digital Operational Resilience Act for Financial Services: A Comparative Gap Analysis and Literature Review, In Proceedings of the European, Mediterranean, and Middle Eastern Conference on Information Systems (pp.570–585), Springer Nature Switzerland. 三、期刊論文 1. Clausmeier, D., Regulation of the European Parliament and the Council on Digital Operational Resilience for the Financial Sector (DORA), 4 INT’L CYBERSECURITY L. REV. 79–90 (2023). 2. Crisanto, Juan Carlos & Prenio, Jermy, Regulatory Approaches to Enhance Banks’ Cyber-Security Frameworks, FSI Insights on Policy Implementation No. 2. Bank for International Settlements (2017). available at https://www.bis.org/fsi/publ/insights2.pdf. 3. Didenko, Anton N. Cybersecurity Regulation in the Financial Sector: Prospects of Legal Harmonization in the European Union and Beyond. Uniform Law Review, 25(1), 125 (2020). 4. Gibb, Fiona & Buchanan, Steven. A Framework for Business Continuity Management. International Journal of Information Management, 26(2), 128 (2006). 5. Gillies, Alan, Improving the Quality of Information Security Management Systems with ISO27000, 23 TQM Journal 367 (2011). 6. Kashyap, Anil K. & Wetherilt, Andrew. Some Principles for Regulating Cyber Risk. AEA Papers and Proceedings, 109, 482 (May 2019). 7. Makhija, Anil K, Information Security Management Systems—Evolving Landscape and ISO 27001: An Empirical Study, Journal of Accounting, Finance, Economics, and Social Sciences, 6, 9 (2021). 8. MAURER, T. & A. NELSON, International Strategy to Better Protect the Financial System Against Cyber Threats, Washington, D.C.: Carnegie Endowment for International Peace (2020). 9. Maurer, Tim & Nelson, Arthur. The Global Cyber Threat. Finance & Development, 58(1), 24 (2021). 10. Oyeniyi, Lawrence D., Ugochukwu, Chinonye E. & Mhlongo, Noluthando Z, Developing Cybersecurity Frameworks for Financial Institutions: A Comprehensive Review and Best Practices, Computer Science & IT Research Journal, 5, 903 (2024). 11. Peihani, Maziar, Regulation of Cyber Risk in the Banking System: A Canadian Case Study, Journal of Financial Regulation, 8, 139 (2022). 12. Prenio, Janine & Restoy, Fernando. Safeguarding Operational Resilience: The Macroprudential Perspective. FSI Briefs No. 17 (2022). available at https://www.bis.org/fsi/fsibriefs17.pdf. 13. Torabi, S.A., Soufi, H.R. & Sahebjamnia, Navid. A New Framework for Business Impact Analysis in Business Continuity Management (with a Case Study). Safety Science, 68, 309 (2014). 四、政府與國際組織文書 1. BASEL COMMITTEE ON BANKING SUPERVISION (BCBS), PRINCIPLES FOR OPERATIONAL RESILIENCE. (March 2021), available at https://www.bis.org/bcbs/publ/d516.pdf. 2. BASEL COMMITTEE ON BANKING SUPERVISION (BCBS), REVISIONS TO THE PRINCIPLES FOR THE SOUND MANAGEMENT OF OPERATIONAL RISK. (March 2021), available at https://www.bis.org/bcbs/publ/d515.pdf. 3. COMMITTEE ON PAYMENTS AND MARKET INFRASTRUCTURES & BOARD OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS (CPMI-IOSCO), GUIDANCE ON CYBER RESILIENCE FOR FINANCIAL MARKET INFRASTRUCTURES (June 2016), available at https://www.bis.org/cpmi/publ/d146.pdf. 4. COMMITTEE ON PAYMENTS AND MARKET INFRASTRUCTURES & BOARD OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSION (CPMI-IOSCO), IMPLEMENTATION MONITORING OF THE PFMI: LEVEL 3 ASSESSMENT ON FINANCIAL MARKET INFRASTRUCTURES’ CYBER RESILIENCE (November 2022), available at https://www.bis.org/cpmi/publ/d212.pdf. 5. CONFERENCE OF STATE BANK SUPERVISORS (CSBS), 2024 CSBS ANNUAL SURVEY OF COMMUNITY BANKS 10 (Oct. 2024), available at https://www.csbs.org/sites/default/files/other-files/FINAL2024CSBSSurvey.pdf 6. EUROPEAN SUPERVISORY AUTHORITIES (EBA, EIOPA & ESMA), FINAL REPORT DRAFT REGULATORY TECHNICAL STANDARDS, JC 2023 86, 7 (Jan. 2024), available at https://www.eba.europa.eu/sites/default/files/2024-01/bf5a2976-1a48-44f3-b5a7-56acd23ba55c/JC%202023%2086%20-%20Final%20report%20on%20draft%20RTS%20on%20ICT%20Risk%20Management%20Framework%20and%20on%20simplified%20ICT%20Risk%20Management%20Framework.pdf. 7. EUROPEAN SYSTEMIC RISK BOARD (ESRB), SYSTEMIC CYBER RISK. (February 2020) , available at https://www.esrb.europa.eu/pub/pdf/reports/esrb.report200219_systemiccyberrisk~101a09685e.en.pdf 8. EUROPEAN UNION AGENCY FOR NETWORK & INFORMATION SECURITY (ENISA), CYBER SECURITY CULTURE IN ORGANISATIONS (NOVEMBER 2017), available at HTTPS://RISKCUE.ID/UPLOADS/EBOOK/20210819081936-2021-08-19EBOOK081739.PDF 9. FINANCIAL STABILITY BOARD (FSB), PROMOTING GLOBAL FINANCIAL STABILITY: 2022 FSB ANNUAL REPORT (16 November 2022), available at https://www.fsb.org/uploads/P161122.pdf. 10. FINANCIAL STABILITY BOARD (FSB), RECOMMENDATIONS TO ACHIEVE GREATER CONVERGENCE IN CYBER INCIDENT REPORTING: FINAL REPORT. (13 April 2023), available at https://www.fsb.org/uploads/P130423-1.pdf 11. INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS (IAIS), APPLICATION PAPER ON SUPERVISION OF INSURER CYBERSECURITY (November 2018), available at https://www.iais.org/uploads/2022/01/181108-Application-Paper-on-Supervision-of-Insurer-Cybersecurity.pdf. 12. INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS (IAIS), ISSUES PAPER ON INSURANCE SECTOR OPERATIONAL RESILIENCE (May 2023), available at https://www.iaisweb.org/uploads/2023/05/Issues-Paper-on-Insurance-Sector-Operational-Resilience.pdf 13. INTERNATIONAL MONETARY FUND (IMF), GLOBAL FINANCIAL STABILITY REPORT: STEADYING THE COURSE: UNCERTAINTY, ARTIFICIAL INTELLIGENCE, AND FINANCIAL STABILITY (October 2024). 14. INTERNATIONAL MONETARY FUND (IMF), GLOBAL FINANCIAL STABILITY REPORT: THE LAST MILE: FINANCIAL VULNERABILITIES AND RISKS (April 2024). 15. INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS (IOSCO), CYBER TASK FORCE FINAL REPORT (June 2019), available at https://www.iosco.org/library/pubdocs/pdf/IOSCOPD633.pdf. 16. NATIONAL ASSOCIATION OF INSURANCE COMMISSIONERS (NAIC), Insurance Data Security Model Law, NAIC Model Law No. 668 (2017), https://content.naic.org/sites/default/files/model-law-668.pdf. 17. NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (NIST), FRAMEWORK FOR IMPROVINGCRITICAL INFRASTRUCTURE CYBERSECURITY, Version 1.1 (April 2018), available at https://doi.org/10.6028/NIST.CSWP.04162018 18. NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (NIST), THE NIST CYBERSECURITY FRAMEWORK (CSF) 2.0 (February 2024), available at https://doi.org/10.6028/NIST.CSWP.29 19. New York State Department of Financial Services (NYDFS), Assessment of Public Comments and Revised Regulatory Text – Second Amendment to 23 NYCRR 500 (2023), available at https://www.dfs.ny.gov/system/files/documents/2023/10/rf_fs_2amend23NYCRR500_apc_20231101.pdf. 20. NEW YORK STATE DEPARTMENT OF FINANCIAL SERVICES(NYDFS), AMENDED CYBERSECURITY REGULATION – SECOND AMENDMENT 23 NYCRR PART 500, (November 2023), available at https://www.dfs.ny.gov/system/files/documents/2023/11/cyber_public_training_deck_20231108.pdf. 21. ORGANISATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT (OECD), OECD POLICY FRAMEWORK ON DIGITAL SECURITY: CYBERSECURITY FOR PROSPERITY (2022), available at https://doi.org/10.1787/a69df866-en. 22. SECURITIES INDUSTRY & FINANCIAL MARKETS ASSOCIATION (SIFMA), SMALL FIRMS CYBERSECURITY GUIDANCE HOW TO CONSUME THREAT INFORMATION FROM THE FS-ISAC (2017), available at https://www.sifma.org/wp-content/uploads/2017/07/small-firms-cybersecurity-guide-2017.pdf 23. WORLD ECONOMIC FORUM (WEF), GLOBAL CYBERSECURITY OUTLOOK 2025 (January, 2025), available at https://reports.weforum.org/docs/WEF_Global_Cybersecurity_Outlook_2025.pdf 五、政府與國際組織網路資料 1. Basel Committee on Banking Supervision (BCBS), Basel Committee Charter, available at https://www.bis.org/bcbs/charter.htm(last visited: June 10, 2025). 2. Basel Committee on Banking Supervision (BCBS), Newsletter on cyber security, available at https://www.bis.org/publ/bcbs_nl25.htm (last visited: June 10, 2025). 3. Basel Committee on Banking Supervision (BCBS), Principles for Sound Management of Operational Risk (PSMOR) - Executive Summary, available at https://www.bis.org/fsi/fsisummaries/psmor.htm (last visited: June 10, 2025). 4. Committee on Payments and Market Infrastructures (CPMI), CPMI work programme and strategic priorities for 2025-27, available at https://www.bis.org/cpmi/work_programme.htm?m=290 (last visited: June 10, 2025). 5. Committee on Payments and Market Infrastructures (CPMI), CPMI-IOSCO release guidance on cyber resilience for financial market infrastructures, available at https://www.bis.org/press/p160629.htm (last visited: June 10, 2025). 6. Committee on Payments and Market Infrastructures (CPMI), Guidance on cyber resilience for financial market infrastructures, available at https://www.bis.org/cpmi/publ/d146.htm (last visited: June 10, 2025). 7. European Central Bank (ECB), What is cyber resilience?, available at https://www.ecb.europa.eu/paym/cyber-resilience/html/index.en.html (last visited: June 10, 2025). 8. European Parliament, European System of Financial Supervision (ESFS), available at https://www.europarl.europa.eu/factsheets/en/sheet/84/european-system-of-financial-supervision-esfs-(last visited: June 10, 2025). 9. European Securities and Markets Authority (ESMA), ESAs publish Joint Advice on Information and Communication Technology risk management and cybersecurity, available at https://www.esma.europa.eu/press-news/esma-news/esas-publish-joint-advice-information-and-communication-technology-risk (last visited: June 10, 2025). 10. Federal Financial Supervisory Authority (BaFin), Central counterparties: CPMI and IOSCO publish report on implementation of principles for financial market infrastructures, available at https://www.bafin.de/SharedDocs/Veroeffentlichungen/EN/Fachartikel/2016/fa_bj_1609_zentrale_gegenparteien_en.html (last visited: June 10, 2025). 11. Federal Financial Supervisory Authority (BaFin), International securities regulation - IOSCO overhauls international standards, available at https://www.bafin.de/SharedDocs/Veroeffentlichungen/EN/Fachartikel/2017/fa_bj_1706_IOSCO_en.html (last visited: June 10, 2025). 12. Financial Services Information Sharing and Analysis Center (FS-ISAC), Resilience, available at https://www.fsisac.com/resilience (last visited: June 10, 2025). 13. Financial Stability Board (FSB), FSB publishes stocktake on cybersecurity regulatory and supervisory practices, available at https://www.fsb.org/2017/10/fsb-publishes-stocktake-on-cybersecurity-regulatory-and-supervisory-practices/ (last visited: June 10, 2025). 14. International Organization of Securities Commissions (IOSCO), About IOSCO, available at https://www.iosco.org/about/?subsection=membership_map (last visited: June 10, 2025). 15. New York State Department of Financial Services (NYDFS), About DFS, available at https://www.dfs.ny.gov/About_Us?utm_source (last visited: June 10, 2025). 16. New York State Department of Financial Services (NYDFS), Cybersecurity Resource Center Introduction, available at https://www.dfs.ny.gov/industry_guidance/cybersecurity (last visited: June 10, 2025). 17. Organisation for Economic Co-operation & Development (OECD), Digital Security, available at https://www.oecd.org/en/topics/digital-security.html (last visited: June 10, 2025). 18. S&P Global Ratings, Global Banks Midyear Outlook 2024 Searching For Calmer Waters (July 2024), available at https://www.spglobal.com/_assets/documents/ratings/research/101601133.pdf?utm_source=chatgpt.com (last visited: June 10, 2025). 六、網路資料 1. Alan Parker , Common Challenges in Implementing ISO 27001 and How to Overcome Them, Iseo Blue, available at https://www.iseoblue.com/post/common-challenges-in-implementing-iso-27001-and-how-to-overcome-them (last visited: June 10, 2025). 2. Alextec Advisory, Business Continuity Plans Testing & Exercising, available at https://alextec.com/bcm/business-continuity-testing-exercising/ (last visited: June 10, 2025). 3. Amelia Ho, Roles of Three Lines of Defense for Information Security and Governance, ISACA, available at https://www.isaca.org/resources/isaca-journal/issues/2018/volume-4/roles-of-three-lines-of-defense-for-information-security-and-governance(last visited: June 10, 2025). 4. AON, For Cyber Readiness, the CISO and CRO Join Forces, available at https://www.aon.com/en/insights/articles/for-cyber-readiness-the-ciso-and-cro-join-forces(last visited: June 10, 2025). 5. Bernard Marr, The Important Difference Between Cybersecurity And Cyber Resilience (And Why You Need Both), available at https://bernardmarr.com/the-important-difference-between-cybersecurity-and-cyber-resilience-and-why-you-need-both/ (last visited: June 10, 2025). 6. Checkmarx, What is NIST CSF?, available at https://checkmarx.com/glossary/what-is-nist-csf/ (last visited: June 10, 2025). 7. Cyber Risk GmbH, The Digital Operational Resilience Act (DORA) - Regulation (EU) 2022/2554, available at https://www.digital-operational-resilience-act.com (last visited: June 10, 2025). 8. Dejan Kosutic, What is ISO 22301?, Advisera, available at https://advisera.com/27001academy/what-is-iso-22301/ (last visited: June 10, 2025). 9. DEKRA, ISO 22301 Certification, available at https://www.dekra.us/en/audit/iso-22301-certification/ (last visited: June 10, 2025). 10. Erik Gerding, Cybersecurity Disclosure, U.S. Securities and Exchange Commission, available at https://www.sec.gov/newsroom/speeches-statements/gerding-cybersecurity-disclosure-20231214 (last visited: June 10, 2025). 11. Fortinet home, What Is The CIA Triad?, available at https://www.fortinet.com/resources/cyberglossary/cia-triad (last visited: June 10, 2025). 12. Gaurav Modi, How can enterprises build digital resilience for trust?, EY, available at https://www.ey.com/en_id/insights/consulting/how-can-enterprises-build-digital-resilience-for-trust (last visited: June 10, 2025). 13. Gowsika Vadivel, How Much ISO 27001 Really Costs - The Complete Cost Breakdown, Cyber Sierra, available at https://cybersierra.co/blog/iso-27001-cost-breakdown/ (last visited: June 10, 2025). 14. Healey, Jason, Kaplan, Carina & McNeill, Christine, Understanding Cyber Market Failures, Lawfare, available at https://www.lawfaremedia.org/article/understanding-cyber-market-failures (last visited: June 10, 2025). 15. High Table, ISO 27001 Clause 5.1 Leadership and Commitment, available at https://hightable.io/iso-27001-clause-5-1-leadership-and-commitment/ (last visited: June 10, 2025). 16. IBM, What is cyber resilience?, available at https://www.ibm.com/topics/cyber-resilience (last visited: June 10, 2025). 17. International Organization for Standardization (ISO), About ISO, available at https://www.iso.org/about(last visited: June 10, 2025). 18. International Organization for Standardization (ISO), ISO 22301:2019, available at https://www.iso.org/standard/75106.html (last visited: June 10, 2025). 19. Libby Bevin, What Is Digital Resilience?, Zen GRC, available at https://www.zengrc.com/blog/what-is-digital-resilience/ (last visited: June 10, 2025). 20. Mark Sharron, ISO 27001 Requirements, Isms.online, available at https://www.isms.online/iso-27001/requirements/ (last visited: June 10, 2025). 21. Max Edwards, ISO 22301 vs ISO 27001, Isms.online, available at https://www.isms.online/iso-27001/vs-iso-22301/ (last visited: June 10, 2025). 22. Max Edwards, ISO 27001:2022 Annex A Explained, https://www.isms.online/iso-27001/annex-a/ (last visited: June 10, 2025). 23. Metricstream, Top 5 Operational Resilience Challenges in the Post-Pandemic Era, available at https://www.metricstream.com/learn/top-5-operational-resilience-challenges.html (last visited: June 10, 2025). 24. National Institute of Standards and Technology (NIST), About NIST, available at https://www.nist.gov/about-nist (last visited: June 10, 2025). 25. National Institute of Standards and Technology (NIST), cyber resiliency, available at https://csrc.nist.gov/glossary/term/cyber_resiliency (last visited: June 10, 2025). 26. Neumetric, ISO 22301 vs ISO 27001: Business Continuity vs Information Security Management, available at https://www.neumetric.com/journal/iso-22301-vs-iso-27001-business-continuity-vs-information-security-management/ (last visited: June 10, 2025). 27. Neumetric, NIST CSF vs ISO 27001: Which Cybersecurity Standard is right for you?, available at https://www.neumetric.com/journal/nist-csf-vs-iso-27001-1416/ (last visited: June 10, 2025). 28. Pivot Point Security, ISO 27001 vs NIST Cybersecurity Framework: What’s the Difference?, available at https://www.pivotpointsecurity.com/difference-between-iso-27001-vs-nist-cybersecurity-framework/(last visited: June 10, 2025). 29. Rohan Timalsina, Achieving Digital Resilience: Key Strategies for Modern Enterprises, TuxCare, available at https://tuxcare.com/blog/digital-resilience/?utm (last visited: June 10, 2025). 30. Secureframe, What is ISO 27001 Certification?, available at https://secureframe.com/hub/iso-27001/what-is-iso-27001 (last visited: June 10, 2025). 31. SEO HERO LTD, Building Digital Resilience: Essential Strategies for Financial Institutions, opencart, available at https://www.opencart.com/blog/building-digital-resilience?filter_author=SEO+HERO+LTD (last visited: June 10, 2025). 32. Stephen Watts, What is BCM? Basics of business continuity management explained, available at https://www.bmc.com/blogs/business-contunity-management-bcm/ (last visited: June 10, 2025). 33. Steve Taylor, Digital Operational Resilience: Complying with DORA, BDO, available at https://www.bdo.com/insights/advisory/digital-operational-resilience-complying-with-dora (last visited: June 10, 2025). 34. Vanta, Who needs ISO 27001 certification?, available at https://www.vanta.com/collection/iso-27001/who-needs-iso-27001-certification (last visited: June 10, 2025). 35. WIZ, Introduction to the NIST Cybersecurity Framework (CSF), available at https://www.wiz.io/academy/nist-cybersecurity-framework-csf (last visited: June 10, 2025).	zh_TW

Publications-Theses

Article View/Open

Publication Export

Google ScholarTM

NCCU Library

Citation Infomation

Related Publications in TAIR

Google Scholar^TM