BANK 3.0 BANK 3.0 / 102 12 Target Corporation POS (Point-of-sale) 7,000 200 10 ( ) 103 5 29 11 2 103 7 10 10300173840 ( ) ( ) 1 48 / No.84 / 2015.10
BANK 3.0 1 ( ATM ) ( ) ( ) 103 ( 2) 2 ( ) ( ) ( ) ( ) 1. 2. (1) (Certified Information Security Manager CISM) (Information Security Management System Lead Auditor ISO 27001 LA) (2) (Certified Information Systems Security Professional CISSP) (3) (Council Ethical Hacking CEH) (Certified Incident Handler www.fisc.com.tw 49
BANK 3.0 CIH) (4) ( ) ( ) ( ) ( ) ( ) ( ) ( ) ( ) 1. (Topology) 2. 3. ( ) 1. 2. ( ) 3. ( Riverbed NIKSUN) (Domain Name System Server DNS Server) ( G-ISAC ) ( ) 1. 50 / No.84 / 2015.10
BANK 3.0 2. ( XecProbe Fireeye HX) OA 3. (File Transfer Protocol FTP) ( ) 1. OSSTMM (Open-Source Security Testing Methodology Manual) OWASP (Open Web Application Security Project) Testing Guide OWASP Web Application Penetration Checklist ( Nessus Nmap Ixia BreakingPoint) 2. ( WebInspect Checkmarx) 3. 4. (deadlock) CPU ( ) ( ) 1. ( Active Directory) (Government Configuration Baseline GCB) www.fisc.com.tw 51
BANK 3.0 2. ( FireMon tuffin) 3. ( Access Control List) 4. Microsoft Baseline Security Analyzer windows office SQL server 5. (Government Root Certification Authority GRCA) (Payment Card Industry Data Security Standard PCI DSS) 25 26~ 51 (1) (2) (3) (4) 2. ( ) ( ) 1. 1~ 1. 2. 3. 52 / No.84 / 2015.10
BANK 3.0 4. / 1. 2. www.fisc.com.tw 53