淡江大學覺生紀念圖書館 (TKU Library)
進階搜尋


下載電子全文限經由淡江IP使用) 
系統識別號 U0002-2706201321353100
中文論文名稱 營運持續管理成熟度之研究-以銀行業為例
英文論文名稱 Maturity of Business Continuity Management-A Case Study of Banking
校院名稱 淡江大學
系所名稱(中) 資訊管理學系碩士在職專班
系所名稱(英) On-the-Job Graduate Program in Advanced Information Management
學年度 101
學期 2
出版年 102
研究生中文姓名 朱庭逸
研究生英文姓名 Ting-Yi Chu
學號 700630154
學位類別 碩士
語文別 中文
口試日期 2013-06-22
論文頁數 77頁
口試委員 指導教授-黃明達
委員-林至中
委員-林東清
中文關鍵字 營運持續管理  RMN 模型  成熟度 
英文關鍵字 Business Continuity Management  RMN Model  Maturity 
學科別分類
中文摘要 金融機構營運管理系統於持續發展過程中,受限於緊迫時程與資源重置,承受了極大的考驗。國內多數金融機構自民國80年以來,皆陸續擬定災害復原計畫與建置備援系統,應相對成熟,卻很少企業曾真正啟動,常淪為備而不用的計畫,並未真正得到應有重視。近年國內外災難頻傳,遂陸續回頭審視管理機制,發現不夠深入與完整。而營運持續管理以災難備援為基礎並行之有年,由點到面進一步擴展而成,惟未有管理工具評估實際成熟程度,供各界檢視自身營運持續管理能力之參考。

將個案持續進行八年之營運發展軌跡導入模型,綜合顧問與專家建議,客觀定義成熟標準進行歷年比較分析,以瞭解成熟水準及如何改善的具體作法。最後將研究結果,提出作業標準程序供金融機構參考使用,逐步提昇營運持續管理之成熟度,作為管理機制的調整依據與指引,增進其營運持續能力,為企業創造最大利潤與提升競爭力。
英文摘要 Most of banking institutions in the process of sustainable development, limit to the urgency of time and resources to reset, to taking stress withstand a great test. The majority of domestic banking institutions since 1991, are one after another to develop a disaster recovery plan(DRP.) and build a redundant system, should be relatively mature, but very few companies had actually started DRP., keep it for possible future use meant as a precautionary measure.「Yet, DRP. does not always receive the attention it deserves? 」

Domestic and international disasters were frequent in recent years, then begin to look back at the management regulation found are not enough depth and complete. The business continuity management rely on the basis of disaster recovery, and running more years. From basic to complex and further expansion made but there are no management tools to understand the actual maturity of the business continuity management capabilities of reference for public view.

The case eight years of operation and development trajectory import model, the comprehensive consulting with experts suggest,Objective definition of a mature standard calendar year comparative analysis, to understand the level of maturity and how to improve practice.Finally, the study puts forward the operating standard procedures for financial institutions use and reference.Gradually improve the operation of the maturity of the ongoing management, as adjusted basis and guidelines for management mechanism, Enhance the sustainability of its operations for enterprises to create maximum profits and enhance their competitiveness.
論文目次 目次
=======================================
目次 VI
表目錄 VIII
圖目錄 IX
第一章 緒論1
第一節 研究背景與動機1
第二節 研究目的4
第三節 論文架構5
第二章 文獻探討6
第一節 營運持續管理介紹8
第二節 營運持續管理國際發展歷史與現況9
第三節 營運持續管理的定義與範疇11
第四節 營運持續管理成熟度定義與整合模式12
第五節 營運持續管理成熟度模型15
第六節 RMN模型採用說明17
第七節 營運持續管理分析19
第三章 研究設計21
第一節 研究方法21
第二節 研究對象23
第三節 研究流程24
第四章 個案研究與分析25
第一節 個案背景25
第二節 個案BCM成熟度模型28
第三節 個案年度成熟度差異分析32
第四節 金管會採用之基準與RMN模型比較41
第五節 RMN模型標準作業程序 50
第五章 結論與建議53
第一節 結論53
第二節 建議58
參考文獻 64
一、中文文獻64
二、英文文獻65
附錄69
一、RMN模型組成與品質水準成熟率檢核表(2005-2012) 69
二、RMN模型組成水準檢核表70
三、RMN模型品質水準檢核表72
四、金管會基準與RMN模型對應表77

表目錄
=======================================
表 2-1全球災害復原與營運持續規劃相關法規彙總表10
表 2-2 營運持續管理成熟度模型研究彙整13
表 4-1 戒備等級與RTO對應表26
表 4-2 BCM成熟度組成層級 資料來源:(MOHAN AND RAI, 2006)29
表 4-3 BCM成熟度品質層級 資料來源:(RANDEREE, 2012)30
表 4-4 RMN MODEL成熟率31
表 4-5成熟度提昇對應表61
表 4-6組成水準分類表61
表 4-7品質水準分類表62
表 4-8成熟度對應程序表63

圖目錄
=======================================
圖 1-1 BCM、BCP、DRP發展關係圖3
圖 2-1 營運持續管理發展趨勢圖8
圖 2-2 RMN成熟度模型 資料來源:(RANDEREE ET AL., 2012)17
圖 3-1 研究流程圖24
圖 4-1 個案銀行組織系統圖25
圖 4-2 RMN模型等級、項目分類30
圖 4-3 RMN MODEL成熟度歷程31
圖 4-4 金管會、個案銀行RMN MODEL關係比較41

參考文獻 一、中文文獻
[1]史上十大IT災難,網址:http://www.cmmi-taiwan.org.tw/content/news-in.aspx?id=10,上網日期:2012年11月12日。
[2]江衍勳,〈IT災害復原簡介 (IT Disaster Recovery)-巡迴篇v3〉,國家資通安全會報技服中心,2009年。
[3]李紀珠,〈台灣開放民營銀行設立之經驗與展望〉,國政研究報告,財金(研)091-063號,1991年。
[4]林佩璇,《個案研究及其在教育研究上的應用》,中正大學教育學研究所,pp.239-262,麗文文化,高雄,2000年。
[5]邱奕菁、張翼,〈從高科技產業探討災後企業持續營運管理之復原成功因素〉,工業安全衛生月刊,2010年。
[6]紀佳妮,〈營運持續計畫之災害復原實作〉,財團法人資訊工業策進會與行政院國家資通安全會報技術服務中心,2011年。
[7]曾韵、李介文,〈資訊系統災難備援規劃的新挑戰〉,電腦稽核期刊,2011年。
[8]經濟部工業局,《企業營運持續管理技術手冊》,網址:www.isha.org.tw/cesh/data3/DATA3-2-05.pdf,上網日期:2012年11月16日。
[9]銀行局全球資訊網,網址:http://www.banking.gov.tw
/Layout/main_ch/index.aspx?frame=3,上網日期: 2012/11/20。
[10]蘇建源、蔡旻修、阮金聲,〈以個案分析法探討金融業之企業營運持續管理〉,電腦稽核期刊,2011年。
[11]蕭瑞祥、仲偉明、 鄭哲斌,〈金融業IT管理的績效指標之研究〉,第十五屆資訊管理暨實務研討會,2009年。

二、英文文獻
[12]British Standards Institution , “Guide to Business Continuity Management (PAS 56) , ” London: British Standards Institution(BSI),2003.
[13]Brahim, H., Dominic, E. and EthneM. Swartz, “Business Continuity Management: Time for a Strategic Role?,” Long Range Planning,vol. 37, no. 5, pp. 435-457, 2004.
[14]British Standards Institution , “Code of practice for Business Continuity Management (BS 25999-1) , ”London:British Standards Institution (BSI), 2006.
[15]Christopher K., Jordan S., “Best Practices in IT Disaster Recovery Planning Among US Banks,” Journal of Internet Banking and Commerce, vol. 15, no. 1, 2010. http://www.arraydev.com/commerce/JIBC/2010-04/KadlecShropshireITDRP.pdf, 7 pages in the web version.
[16]Devargas, M., “Survival is Not Compulsory: An Introduction to Business Continuity Planning,” Computer and Security, vol. 18, no. 1, pp. 35-46, 1999.
[17]Fabio Arduini and Vincenzo Morabito , “Business
Continuity and the Banking Industry,” communications of the ACM, vol. 53, no. 3, pp. 121-126, 2010.
[18]Gartner Group.Gartner, Inc. (NYSE: IT), is the world's leading information technology research and advisory company, 1979.
[19]Hoffer, Jim. , “Backing up business- Industry trend or event. Health Management Technology,” 2001.
[20]IDC,“ Security and Continuity Delegate Survey Results:
(Doc#AP322365M), ” International Data Corp, 2005.
[21]International Standard Organization (ISO), Publicly Available Specification of ISO 22301, 2012.
[22]Jordan shropshire and christopher kadlec , “developing the it disaster recovery planning construct,” journal of information technology management , vol. 3, no. 4, pp. 37-56, 2009.
[23]King,D.L., “Moving Towards a Business Continuity Culture,”Network Security, vol. 1, pp. 12-17, 2003.
[24]Kasim Randeree, Ashish Mahal, and Anjli Narwani, “a business continuity management maturity model for the uae banking sector,”Business Process management Journal, vol. 18, no. 3, pp. 472 – 492, 2012.
[25]Leegwater, D. and Reiniers, C., “ Business Continuity Management – Methodiek en lessen vanuit de praktijk,” Jaarboek IT beheer en Informatiebeveiliging, 2005.
[26]Leegwater, D., and Ploeg, J., “ Business Continuity Management sterk gebaat bij procesdenken,” Business Process Magazine, 2005.
[27]Naomi Smit,“Business continuity management –a maturity model, “ Erasmus University Rotterdam Informatics and Economics, 2005.
[28]Noakes-Fry, N., & Diamond, T., ”Business Continuity Planning and Management Perspective, “Gartner Research, 2001.
[29]Mario Spremic, Marijana Ivanov, and Bozidar Jakovic, “IT governance and information system auditing practice in credit institutions in the Republic Of Croatia, ”international journal of applied mathematics and informatics, vol. 6, no. 2, pp. 427-438,2011.
[30]Mohan, L. and Rai, S., “Business continuity model: a reality check for banks in India,” Journal of Internet Banking and Commerce, vol. 11, no. 2, 2006. (http://www.arraydev.com/commerce/jibc/ ), 7 pages in the web version.
[31]Montri Wiboonratr and Kitti Kosavisutte , “Optimal strategic decision for disaster recovery, ” International Journal of Management Science and Engineering Management , vol. 4, no. 4, pp. 260-269,2009.
[32]Niazi, M., Wilson, D. and Zowghi, D. , “A maturity model for the implementation of software process improvement: an empirical study,” The Journal of Systems and Software, vol. 74, pp. 152-172,2005.
[33]M.C. Paulk, B. Curtis, M.B. Chrissis, and C.V. Weber,. ,“The Capability Maturity Model for Software,” Software Engineering Institute(SEI), , M. Dorfman and R.H. Thayer (eds), IEEE Computer Society Press, Los Alamitos, CA, pp. 427-438, 1995.
[34]Roger D. Wimmer and Joseph R. Dominick,“Mass Media Research:An Introduction ,” USA Wadsworth Publish in, 1991.
[35]Rolf Moulton and Robert S. Coles.“Applying Information
Security Governance.” Computers and Security, vol. 22, no. 7, pp. 274-281, 2003.
[36]Stake, R. E., “ Case studies. In Dezin,” 1998.
[37]Sharp, J., “ Introduction to M.Wi e r c z o r e k , i n : U. Na u j o k s ,”B .Bartlett (Eds.), Business Continuity,London, p. xi, 2002.
[38]Software Engineering Institute (SEI) , “ The Rational Unified Process and the Capability Maturity Model ,” Carnegie Mellon University, Pittsburgh, 2002.
[39]Saleh, Y. and Alshawi, M. , “An alternative model for measuring the success of IS projects:the GPIS model,” Journal of Enterprise Information Management, vol. 18, no. 1, pp. 47-63, 2005.
[40]Smit, N. , “Business continuity management – a maturity model,”Masters thesis, ErasmusUniversity Rotterdam, from Erasmus University Thesis database, 2005.
[41]Shalini Wunnava, and Dr. Selwyn Ellis, “DISASTER Recovery planning: a pmt-based conceptual model (research-in-progress),” Proceedings of the Southern Association for Information Systems Conference, Richmond, VA, USA March 13th-15th, 2008.
[42]Titulaer, R., e.a.; Kwaliteit bij Burgerzaken:; stap voor stap op weg
naar rekenschap,http://www.zenc.nl/rekenschap/h3.htm, 2001.
[43]Wiberg, M., “An optimal design approach to criterion-referenced computerized testing,” Journal of Education and Behavioral Statistics, vol. 28, no. 2, pp. 97-110, 2003.
[44]W. Edwards Deming, ”Elementary Principles of the Statistical Control of Quality, ” Japanese Union of Scientists and Engineers, 1950.註(5).
[45]Wolfgang Boehmer , “Performance, survivability, and cost aspects of Business Continuity Processes According to BS25999,” International Journal on Advances in Security, vol. 2, no. 4, pp. 312-324, 2009.
[46]Yin, R., “Case study research: Design and methods,” (2nd ed.),Thousand Oaks, CA: Sage Publishing, 1994.
論文使用權限
  • 同意紙本無償授權給館內讀者為學術之目的重製使用,於2013-07-04公開。
  • 同意授權瀏覽/列印電子全文服務,於2013-07-04起公開。


  • 若您有任何疑問,請與我們聯絡!
    圖書館: 請來電 (02)2621-5656 轉 2281 或 來信