กฎหมายเทคโนโลยีสารสนเทศ พิมพ์ครั้งที่ 7 ฉบับปรุบปรุง

Online Offline

ICT Law Center . (ETDA)

ICT Law Center

(Electronic Transactions),

(Computer Crimes)

(Digital Economy)

(Law Reform)

Trainer

(Capacity Building)

Online Offline

(Knowledge Management)

. ETDA

.

. ()

/

ictlawcenter

www.etda.or.thwww.ictlaw.center

ictlawcenter.etda.or.th

..

( ) ..

. ..

. ..

. . /

. . /

. . /

. ..

. ..

. ..

. (Certificate Policy) (Certification Practice Statement) (Certification Authority) ..

. ( ) ..

. ..

. ..

... () ..

* ... . .

...

..

...

..

...

..

...

..

. ..

. ..

...

..

...

(.)

critical infrastructure

:- // (.)- (.)- (., )- (.)- / (./)- / (., )- (. - )- (. - )- / (. - )

: (.)

(.)

// (.)

(.)

/ (. - )

(.)

: .

..

( ) ..

...

(.)

critical infrastructure

:- // (.)- (.)- (., )- (.)- / (./)- / (., )- (. - )- (. - )- / (. - )

: (.)

(.)

// (.)

(.)

/ (. - )

(.)

: .

..

( ) ..

..

..

..

..

..

..

(.)

.

. .

.

.

. . /

. / .

. /

. Spam mail

.

. () //() () () () /() /() () /

. / . () - () .,. () /

. ..

. -

.

. - //

.

.

..

()

()

/

www.etda.or.th

www.ictlaw.center

http://ictlawcenter.etda.or.th

www.facebook.com/ictlawcenter

() ,

() ,

() ,

() ,

() ,

() ,

()

(e-Commerce)

(e-Government)

() (.)

..

..

() () () .. () ()

() () () () () ()

() .. . .

() ..

() () () () () () () () () () ()

. . .

(e-Commerce) (m-Commerce) (e-Government) () . (Electronic Transactions Development Agency: ETDA)

()

.

()..

...

()..

.

..

.

..

.

..

.

(Certificate Policy)

(Certification Practice Statement)

(Certification Authority) ..

.

..

.

..

.

( ) ..

.

..

.

..

.

..

.

..

.

..

. . /

. . /

. . /

.

..

.

..

.

..

.

..

...

.

..

.

..

.

..

.

..

.

..

()

..

()

..

1 ()

() ..

/ / /

2 () 2 ()

()

..

.. ..

..

() ..

3 ()

() ..

/ / /

2 () 3 ()

()

() . Electronic Transactions Development Agency (Public Organization) ETDA

() ()

()

()

4 () 4 ()

()

() ()

()

() () () ()

() () ()

() () ()

()

5 ()

()

() . Electronic Transactions Development Agency (Public Organization) ETDA

() ()

()

()

4 () 5 ()

() ()

()

()

()

6 () 6 ()

() () () ()

()

() ()

()

()

7 ()

() ()

()

()

()

6 () 7 ()

() () () ()

() () ()

()

8 () 8 ()

()

()

()

()

()

()

()

()

()

() () ()

()

9 ()

() () () ()

() () ()

()

8 () 9 ()

() () ()

()

10 () 10 ()

() () ()

() () () () () ()

() () () () () ()

11 ()

() () ()

()

10 () 11 ()

()

()

()

()

()

()

12 () 12 ()

()

()

() () () () () ()

() () () () () () ()

() () () ()

13 ()

()

()

()

()

()

()

12 () 13 ()

()

14 () 14 ()

15 ()

()

14 () 15 ()

..

..

..

..

16 () 16 ()

..

17 ()

..

..

..

..

16 () 17 ()

..

18 () 18 ()

:-

19 ()

..

18 () 19 ()

.. ( ) ..

20 ()

..

/ / /

( ) ..

/ / /

21 ()

..

/ / /

( ) ..

/ / /

21 ()

21 ()

.. -------------------------

..

..

..

/ / /

22 () 22 ()

--

23 ()

.. -------------------------

..

..

..

/ / /

22 () 23 ()

--

( ) ..

24 () 24 ()

--

()

()

()

.

.

.

()

()

()

( ) .. ( ) ..

25 ()

--

( ) ..

24 () 25 ()

--

()

()

()

()

( ) .. ( ) ..

26 () 26 ()

--

/

()

()

()

()

()

/ ( ) ..

27 ()

--

()

()

()

()

( ) .. ( ) ..

26 () 27 ()

--

() ()

()

()

() ()

()

() ()

28 () 28 ()

--

29 ()

--

() ()

()

()

() ()

()

() ()

28 () 29 ()

--

()

()

()

()

()

()

()

()

()

30 () 30 ()

--

()

()

()

()

()

()

()

()

()

()

()

() ()

()

() () () () () ()

()

31 ()

--

()

()

()

()

()

()

()

()

()

30 () 31 ()

--

()

()

()

()

()

()

() () ()

()

()

()

()

()

()

()

32 () 32 ()

--

33 ()

--

()

()

()

()

()

()

() () ()

()

()

()

()

()

()

()

32 () 33 ()

--

34 () 34 ()

--

()

()

()

()

( ) ..

35 ()

--

34 () 35 ()

--

()

()

()

()

()

()

36 () 36 ()

--

/

/ ( ) .. ( ) ..

37 ()

--

()

()

()

()

()

()

36 () 37 ()

--

:-

* .. ..

..

:- ..

/ / /

38 () 38 ()

--

( ) ..

..

:- ..

/ / /

39 ()

--

:-

* .. ..

..

:- ..

/ / /

38 () 39 ()

--

40 () 40 ()

--

40 ()

..

41 ()

..

/ / /

42 () 42 ()

..

.. ( ) ..

..

()

()

43 ()

..

/ / /

42 () 43 ()

()

()

() () (Identification) (Authentication) () () ()

()

()

()

() () ()

44 () 44 ()

()

()

() ()

..

() () ()

(Identification) (Authentication)

()

45 ()

()

()

() () (Identification) (Authentication) () () ()

()

()

()

() () ()

44 () 45 ()

() ()

()

()

() () ()

46 () 46 ()

() ..

() (Backup) (Data recovery)

()

() ()

()

() (Identification) () (Authentication) () (Authorization) () (Accountability) ()

47 ()

() ()

()

()

() () ()

46 () 47 ()

()

()

..

48 () 48 ()

()

()

..

48 ()

..

49 ()

..

/ / /

50 () 50 ()

..

.. ( ) .. ()

..

51 ()

..

/ / /

50 () 51 ()

..

52 ()

..

/ / /

53 () 53 ()

..

/ .. ( ) ..

..

(Metadata)

54 () 54 ()

()

()

()

()

()

()

()

55 ()

..

/ .. ( ) ..

..

(Metadata)

54 () 55 ()

() ()

()

() ()

() (Identification) () (Authentication) () (Authorization) () (Accountability)

56 () 56 ()

..

57 ()

() ()

()

() ()

() (Identification) () (Authentication) () (Authorization) () (Accountability)

56 () 57 ()

..

-------------------------------

(Resolution) () 150 (dot per inch dpi) () 200 () 300 () 72

(Bit Depth) () - 1 (bit) () (grayscale) 8 () 24

44.1 (kHz) 16

58 () 58 ()

() 5 (Luminance) 13.5 (MHz) () 8 (bits per pixel: bpp) () (Chrominance) 4 (bits per pixel: bpp) () (Luminance Resolution) 720 (pixel) x 485 (active line) () (Chrominance Resolution) 360 (pixel) x 485 (active line)

() () () ()

() ()

-- () 5 (Luminance) 13.5 (MHz) () 8 (bits per pixel: bpp) () (Chrominance) 4 (bits per pixel: bpp) () (Luminance Resolution) 720 (pixel) x 485 (active line) () (Chrominance Resolution) 360 (pixel) x 485 (active line)

() () () ()

() ()

--

59 ()

..

-------------------------------

(Resolution) () 150 (dot per inch dpi) () 200 () 300 () 72

(Bit Depth) () - 1 (bit) () (grayscale) 8 () 24

44.1 (kHz) 16

58 () 59 ()

() () ()

(Metadata) ( / ) ( ) ( )

() () ()

()

() (user registration)

() (user management)

() (user password management)

() (review of user access rights)

--() () ()

(Metadata) ( / ) ( ) ( )

() () ()

()





--

60 () 60 ()

() (password use)

()

--

61 ()

() () ()

(Metadata) ( / ) ( ) ( )

() () ()

()





--() () ()

(Metadata) ( / ) ( ) ( )

() () ()

()





--

60 () 61 ()

..

---------------------------------------

(Metadata)

(Metadata) (Physical Condition Tag) (IQA Tag)

: JPEG 8-bit Grayscale 100 dpi : TIFF Black & White 200 dpi : TIFF Black & White 200 dpi

62 () 62 ()

() ()

()

--

() ()

()

--

63 ()

..

---------------------------------------

(Metadata)

(Metadata) (Physical Condition Tag) (IQA Tag)

: JPEG 8-bit Grayscale 100 dpi : TIFF Black & White 200 dpi : TIFF Black & White 200 dpi

62 () 63 ()

() (Identification)

() (Authentication)

()

(Authorization)

() (Accountability)

--

64 () 64 ()

() (Identification)

() (Authentication)

()

(Authorization)

() (Accountability)

--

64 ()


(Certification Practice Statement)

(Certification Authority) ..

65 ()

(Certificate Policy) (Certification Practice Statement) (Certification Authority) ..

/ / /

66 () 66 ()


(Certification Practice Statement) (Certification Authority)

..

(Certificate Policy) (Certification Practice Statement) (Certification Authority)

() () () ..

(Certification Authority) (Certificate Policy) (Certification Practice Statement) (Certificate Policy) (Certification Practice Statement) (Certification Authority)

..

67 ()

(Certificate Policy) (Certification Practice Statement) (Certification Authority) ..

/ / /

66 () 67 ()

(Certificate Policy) (Certification Practice Statement)

(Certification Authority)

.

(Electronic Certificate) (Certification Authority) (Digital Signature) (Server) (Entity) (Public Key Infrastructure PKI)

Internet Engineering Task Force IETF (Internet Architecture) Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework (RFC 3647)

. (Definition) (Acronym)

/ RFC The Internet Request For Comments

(Protocol)

68 () 68 ()

--

/ (Server)

(Operating Unit/Site) (Device)

Certificate Revocation List (CRL)

Online Certificate Status Protocol (OCSP)

(Protocol)

Object Identifier (OID)

(Information Object) Object

Public Key

Private Key

Key Pair

69 ()

(Certificate Policy) (Certification Practice Statement)

(Certification Authority)

.

(Electronic Certificate) (Certification Authority) (Digital Signature) (Server) (Entity) (Public Key Infrastructure PKI)

Internet Engineering Task Force IETF (Internet Architecture) Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework (RFC 3647)

. (Definition) (Acronym)

/ RFC The Internet Request For Comments

(Protocol)

68 () 69 ()

--

/ Registration Authority (RA)

(Compromise)

.

(Introduction)

(Publication and Repository Responsibilities) (Identification and Authentication)

(Certificate Life-Cycle Operation Requirements)

(Facility, Management, and Operational Controls) (Technical Security Controls)

(Certificate, CRL, and OCSP Profiles) (Compliance Audit and Other Assessment) (Other Business and Legal Matters)

70 () 70 ()

--

.

(Introduction)

. (Overview) PKI PKI PKI

. (Document Name and Identification) (Other Identifier) OID ASN.1 Object Identifier OID OID OID Information Object OID OID American National Standard Institute (ANSI) , ISO

. (PKI Participants) (Identity) (Entity)

. (Certification Authority)

. (Registration Authority) (Identification) (Authentication)

71 ()

--

/ Registration Authority (RA)

(Compromise)

.

(Introduction)

(Publication and Repository Responsibilities) (Identification and Authentication)

(Certificate Life-Cycle Operation Requirements)

(Facility, Management, and Operational Controls) (Technical Security Controls)

(Certificate, CRL, and OCSP Profiles) (Compliance Audit and Other Assessment) (Other Business and Legal Matters)

70 () 71 ()

--

. (Subscriber)

. (Relying Party)

. (Other Participants) (Providers of Repository Services) Outsource

. (Certificate Usage)

72 () 72 ()

--

. (Policy Administration)

. (Definitions and Acronyms)

(Publication and Repository Responsibilities)

(Repository) (Security Controls) (Trade Secret) (Access Control) ((Identification and Authentication (I&A))

73 ()

--

. (Subscriber)

. (Relying Party)

. (Other Participants) (Providers of Repository Services) Outsource

. (Certificate Usage)

72 () 73 ()

--

. (Naming) (Naming Convention)

. X.500 Distinguished Name RFC 822 Names (e-mail) X.400

.

. (Anonymous or Pseudonymous)

. X.500 RFC 822

. (Unique Name)

. (Initial Identity Validation) (Identification) (Authentication)

. Certificate Request Message

.

.

74 () 74 ()

--

. (Identification and Authentication for Re-key Requests)

. (Identification and Authentication for Revocation Requests)

(Certificate

Life-Cycle Operation Requirements)

. (Certificate Application)

. (Certificate Subject) RA

. ()

()

75 ()

--

. (Naming) (Naming Convention)

. X.500 Distinguished Name RFC 822 Names (e-mail) X.400

.

. (Anonymous or Pseudonymous)

. X.500 RFC 822

. (Unique Name)

. (Initial Identity Validation) (Identification) (Authentication)

. Certificate Request Message

.

.

74 () 75 ()

--

. (Certificate Application Processing)

.

.

.

. (Certificate Issuance)

.

.

. (Certificate Acceptance)

. ()

()

. X.500 Directory LDAP repository

.

76 () 76 ()

--

. (Key Pair and Certificate Usage)

. (Private Key)

.

. (Certificate Renewal)

.

.

. (Password)

.

.

.

77 ()

--

. (Certificate Application Processing)

.

.

.

. (Certificate Issuance)

.

.

. (Certificate Acceptance)

. ()

()

. X.500 Directory LDAP repository

.

76 () 77 ()

--

. (Certificate Re-key)

.

.

. .

.

. (Certificate Modification)

. Distinguished Name

.

.

.

.

. (Certificate Revocation and Suspension)

.

78 () 78 ()

--

.

.

.

.

. Certificate Revocation List (CRL) CRL CRL

.

. (Certificate Status Services)

.

.

. (End of Subscription)

. (Key Escrow and Recovery)

Session Key (Session Key Encapsulation)

79 ()

--

. (Certificate Re-key)

.

.

. .

.

. (Certificate Modification)

. Distinguished Name

.

.

.

.

. (Certificate Revocation and Suspension)

.

78 () 79 ()

--

(Facility, Management, and Operational Controls)

(Key Generation) (Subject Authentication) (Certificate Issuance) (Certificate Revocation) (Auditing and Archiving) (Physical Security Controls)

. (Site Location and Construction) (High

Security Zone)

. (Physical Access)

Backup Media

. (Physical Security Controls)

.

.

80 () 80 ()

--

.

.

. (Procedural Controls)

. (Compromise and Disaster Recovery)

. (CA or RA Termination)

(Technical Security Controls)

PIN Password

. (Key Pair Generation and Installation)

.

.

81 ()

--

(Facility, Management, and Operational Controls)

(Key Generation) (Subject Authentication) (Certificate Issuance) (Certificate Revocation) (Auditing and Archiving) (Physical Security Controls)

. (Site Location and Construction) (High

Security Zone)

. (Physical Access)

Backup Media

. (Physical Security Controls)

.

.

80 () 81 ()

--

.

.

. 1,024 RSA 1,024 DSA

.

. X.509 X.509 3

. (Private Key Protection) (Cryptographic Module Engineering Control)

. ( )

. ( m out of n)

. (Key Escrow)

. (Private Key Backup)

. (Private Key Archival)

.

. (Private Key Storage in Cryptographic Module) (Plaintext) (Encrypted) (Split Key)

.

.

.

82 () 82 ()

--

. ( FIPS 140-1

. (Other Aspects of Key Pair Management)

. (Public Key Archival)

.

. (Activation Data)

(Activation Data) (Reference Code) (Installation Code)

. (Computer Security Controls)

(Access Control) (Audit) (Identification Authentication) (Security testing) (Penetration Testing) The Trusted System Evaluation Criteria (TCSEC)

. (Life Cycle Technical Controls)

(Tools) (procedure) (Operational Systems) (Networks)

83 ()

--

.

.

. 1,024 RSA 1,024 DSA

.

. X.509 X.509 3

. (Private Key Protection) (Cryptographic Module Engineering Control)

. ( )

. ( m out of n)

. (Key Escrow)

. (Private Key Backup)

. (Private Key Archival)

.

. (Private Key Storage in Cryptographic Module) (Plaintext) (Encrypted) (Split Key)

.

.

.

82 () 83 ()

--

. (Network Security Controls)

(Router) (Firewall) (Intrusion Detection System: IDS)

. (Time-stamping)

(Certificate, CRL, and OCSP Profiles)

. (Certificate Profile) ( IETF RFC 3280)

.

. Certificate Extensions (Criticality) OID (Cryptographic Algorithm Object Identifiers)

.

. OID

. (Certification Revocation List Profile)

. ( IETF RFC 3280)

. CRL Entry Extensions (Criticality)

. OCSP (OCSP Profile)

OCSP (Online Certificate Status Protocol) OCSP OCSP ( IETF RFC 2560)

84 () 84 ()

--

(Compliance Audit and Other Assessment)

(Methodology) WebTrust (Other Business and Legal Matters)

(Fees) (Financial Responsibility) (Limitation of Liability)

. (Fees)

(Certificate Issuance or Renewal Fees) (Certificate Access Fees) (Refund Policy)

85 ()

--

. (Network Security Controls)

(Router) (Firewall) (Intrusion Detection System: IDS)

. (Time-stamping)

(Certificate, CRL, and OCSP Profiles)

. (Certificate Profile) ( IETF RFC 3280)

.

. Certificate Extensions (Criticality) OID (Cryptographic Algorithm Object Identifiers)

.

. OID

. (Certification Revocation List Profile)

. ( IETF RFC 3280)

. CRL Entry Extensions (Criticality)

. OCSP (OCSP Profile)

OCSP (Online Certificate Status Protocol) OCSP OCSP ( IETF RFC 2560)

84 () 85 ()

--

. (Financial Responsibility) (Operational PKI Responsibilities) (to Remain Solvent and Pay Damages) (Insurance Coverage for Liabilities) (Contingencies) (Assets on The Balance Sheet) (Surety Bond) (Letter of Credit) (Indemnity) (Insurance) (Warranty)

. (Confidentiality of Business Information) (Business Plan) (Sales Information) (Trade Secrets) (Nondisclosure Agreement) (Compromise)

. (Privacy of Personal Information)

OECD Guidelines

. (Intellectual Property Rights)

86 () 86 ()

--

. (Representations and Warranties) (Subscriber Agreement) (Relying Party Agreement)

. (Disclaimers of Warranties)

. (Limitations of Liability) (Incidental Damages) (Consequential Damages)

. (Indemnities)

Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework (RFC 3647)

87 ()

--

. (Financial Responsibility) (Operational PKI Responsibilities) (to Remain Solvent and Pay Damages) (Insurance Coverage for Liabilities) (Contingencies) (Assets on The Balance Sheet) (Surety Bond) (Letter of Credit) (Indemnity) (Insurance) (Warranty)

. (Confidentiality of Business Information) (Business Plan) (Sales Information) (Trade Secrets) (Nondisclosure Agreement) (Compromise)

. (Privacy of Personal Information)

OECD Guidelines

. (Intellectual Property Rights)

86 () 87 ()

..

88 ()

..

/ / /

89 ()

..

89 ()

..

.. ..

..

..

90 () 90 ()

() ()

91 ()

..

.. ..

..

..

90 () 91 ()

:- ..

92 () 92 ()

:- ..

92 ()

..

93 ()

..

/ / /

94 () 94 ()

..

.. ..

()

..

..

95 ()

..

/ / /

94 () 95 ()

()

()

()

()

()

()

()

96 () 96 ()

()

()

97 ()

()

()

()

()

()

()

()

96 () 97 ()

:- ..

98 () 98 ()

:- ..

98 ()

( ) ..

99 ()

( ) ..

/ / /

100 ()

( ) ..

..

( ) ..

..

(Chief Executive Officer : CEO)

..

101 ()

..

102 ()

..

/ / /

100 () 103 ()

..

..

()

101 () 104 ()

()

() (asset) ()

() (information security) (confidentiality) (integrity) (availability) (authenticity) (accountability) (non-repudiation) (reliability)

() (information security event)

() (information security incident) (unwanted or unexpected)

() ()

()

102 ()

..

..

()

101 () 105 ()

()

()

() ()

- (access control)

()

()

()

(business

requirements for access control)

(user access management) (information security awareness training)

103 () 106 ()

()





(user responsibilities)

() (password use)

()

() (clear desk and clear screen policy)

104 ()

()

()

() ()

- (access control)

()

()

()

(business

requirements for access control)

(user access management) (information security awareness training)

103 () 107 ()

() ..

(network access control)

()

() (user authentication for external connections)

() (equipment identification in networks)

() (remote diagnostic and configuration port protection)

() (segregation in networks)

() (network connection control)

() (network routing control)

(operating system access control)

()

105 () 108 ()

() (user identification and authentication)

() (password management system) (interactive)

() (use of system utilities)

() (session time-out)

() (limitation of connection time)

(application and information access control)

() (information access restriction) (functions)

() (mobile computing and teleworking)

()

106 ()

() ..

(network access control)

()

() (user authentication for external connections)

() (equipment identification in networks)

() (remote diagnostic and configuration port protection)

() (segregation in networks)

() (network connection control)

() (network routing control)

(operating system access control)

()

105 () 109 ()

() (teleworking)

()

()

()

()

()

() (information security audit and assessment)

() (internal auditor) (external auditor)

107 () 110 ()

..

108 ()

() (teleworking)

()

()

()

()

()

() (information security audit and assessment)

() (internal auditor) (external auditor)

107 () 111 ()

..

112 ()

..

/ / /

110 () 113 ()

..

..

()

()

111 () 114 ()

()

()

()

()

()

()

()

112 ()

..

..

()

()

111 () 115 ()

() () ()

()

()

()

113 () 116 ()

() (Cookies)

() (Demographic Information)

() (Log Files)

(IP Address) (Browser)

()

()

(Data Subject)

114 ()

() () ()

()

()

()

113 () 117 ()

()

()

()

()

115 () 118 ()

()

()

()

()

()

()

()

() () () ()

116 ()

()

()

()

()

115 () 119 ()

(Trust Mark)

(Trust Mark)

..

117 () 120 ()

(Trust Mark)

(Trust Mark)

..

117 ()

..

121 ()

..

/ / /

119 () 122 ()

..

.. ..

..

..

120 ()

..

/ / /

119 () 123 ()

(Electronic Data Capture : EDC)

(EDC Network)

(Transaction Switching)

121 () 124 ()

(Clearing)

(Settlement)

.

.

.

122 ()


(EDC Network)


121 () 125 ()

()

()

() () () ()

() ()

()

()

() ()

123 () 126 ()

() ()

() ()

() () ()

. () () () () ()

() () ()

.

124 ()

()

()

() () () ()

() ()

()

()

() ()

123 () 127 ()

..

()

125 () 128 ()

126 ()

..

()

125 () 129 ()

() ()

()

() ()

() () . ()

.

() () ()

()

127 () 130 ()

() ()

()

. ()

() . () ()

. .

.

.

. .

128 ()

() ()

()

() ()

() () . ()

.

() () ()

()

127 () 131 ()

. ..

. . ..

() ..

() () .

129 () 132 ()

130 ()

. ..

. . ..

() ..

() () .

129 () 133 ()

..

.

() () () ()

() () () () () ()

131 () 134 ()

:-

132 ()

..

.

() () () ()

() () () () () ()

131 () 135 ()

..

136 ()

..

..

/ / /

137 ()

..

..

()

.. ()

( ) .. ()

( ) .. ()

( ) ..

.. ( ) ( ) ( )

( ) (e-Money )

138 ()

( ) () (Credit Card Network) () (EDC Network) () (Transaction Switching ) ()

(e-Money )

( ) () (Clearing) () (Settlement) () () (Transaction Switching ) () ()

(e-Money )

.

..

..

139 ()

()

()

() (Clearing) () (Settlement) ()

() (Transaction Switching )

() ()

(e-Money )

. ..

140 ()

() .

141 ()

() .

() ()

()

. ()

() ()

() .

()

() ()

.

() .

()

()

142 ()

()

()

()

() () () () .

()

() () (Financial Risk) ()

()

143 ()

()

() .

()

()

()

.

() .

() . .

. .

.

144 ()

(Outsourcing)

()

() .

(Agent) .

. .

..

() () () () ()

() () () () () () () () () () () ()

145 ()

() () () () . ()

. . .

() . () () . ()

. . . .

.

. . .

(e-Money)

146 ()

() ()

()

() ()

()

()

()

() ..

()

()

() () . . . .

147 ()

(Credit Card Network)

(EDC Network) (Transaction Switching)

(Access and Exit Criteria)

(Clearing)

.

.

()

()

. .

148 ()

.

(Settlement)

(Settlement Risk)

. .

.

..

149 ()

()

() () ..

(Issuer)

(Acquirer)

()

() (Issuer) (Acquirer) () ()

() () () () ()

() (Acquirer)

(Issuer) () (Transaction Switching)

150 ()

() (Clearing) () (Settlement)

. .

.

(IT Outsourcing) () - () .

.

(IT Outsourcing) () (IT Outsourcing)

() (IT Outsourcing)

() o

151 ()

()

()

..

152 ()

( )

.......... ............................ .. ..............

......................................................................................... ................................................................................................................. ........................................................................ ........................................ ......................................... ............

1. ...................................... .................................................................. 2. ...................................... .................................................................. 3. ...................................... .................................................................. 4. ...................................... .................................................................. 5. ...................................... ..................................................................

( 5 )

(e-Money ) .. 2551

.

(1)

(2)

(1) (2)

()

()

........... / 25....

153 ()

- -

(1) (2)

(3) (4) (5) (6)

.

(1) 1.1 1.2

1.2.1 1.2.2 1.2.3

1.2.4

1.3

1.3.1 1.3.2

1.3.3

1.4

1.5 ()

1.6 (Outsourcing)

(2)

(3)

154 ()

- -

(4)

..........................................................

( )

( )

155 ()

( )

.......... ............................ .. ..............

......................................................................................... ................................................................................................................. ........................................................................ ........................................ ......................................... ............

1. ...................................... .................................................................. 2. ...................................... .................................................................. 3. ...................................... .................................................................. 4. ...................................... .................................................................. 5. ...................................... ..................................................................

( 5 )

.. 2551 ( )

(1) (Credit Card Network) (2) (EDC Network) (3) (Transaction

Switching )

(4) (e-Money )

........... / 25....

()

()

156 ()

- 2 -

.

(1) (2)

(1) (2) (3) (4) (5) (6)

. (1)

1.1 1.2 1.3

1.3.1 1.3.2

1.3.3

1.4

1.5 ()

1.6 (Outsourcing)

(2)

(3)

(4) (5)

157 ()

- 3 -

(6) (Business Continuity Management: BCM)

6.1 6.2

6.2.1 (Strategic Risk) 6.2.2 (Liquidity Risk) 6.2.3 (Operation Risk) 6.2.4 (Legal Risk) 6.2.5 (Reputation Risk)

6.3 (Business Continuity Planning: BCP)

6.4 BCP (7)

7.1 7.2 (Outsourcing)

( )

(8) (Feasibility Study)

(9) (.)

(10) ()

158 ()

- 4 -

..........................................................

( )

( )

159 ()

- 5 -

(e-Money )

1.

1.1

1.2

1.3

1.4

()

2. ()

2.1

2.2

2.3

2.4

3

3.1

3.2

3.3

-

-

-

-

-

-

-

-

160 ()

( )

.......... ............................ .. ..............

......................................................................................... ................................................................................................................. ........................................................................ ........................................ ......................................... ............

1. ...................................... .................................................................. 2. ...................................... .................................................................. 3. ...................................... .................................................................. 4. ...................................... .................................................................. 5. ...................................... ..................................................................

( 5 )

.. 2551 ( )

(1) (Clearing) (2) (Settlement) (3)

(4) (Transaction Switching )

(5) (6) (e-Money )

........... / 25....

()

()

161 ()

- -

. (1) (2)

(3) (4) (5) (6) (7)

6 ()

. (1)

1.1 1.2 1.3

1.3.1 1.3.2

1.3.3

1.4

1.5 ()

1.6 (Outsourcing)

(2)

(3)

(4) 3

162 ()

- -

(5)

(6) (Business Continuity Management: BCM)

6.1 6.2

6.2.1 (Strategic Risk) 6.2.2 (Liquidity Risk) 6.2.3 (Operation Risk) 6.2.4 (Legal Risk) 6.2.5 (Reputation Risk)

6.3 (Business Continuity Planning: BCP)

6.4 BCP (7)

7.1 7.2 (Outsourcing)

( )

(8) (Feasibility Study)

(9) (.)

(10) ()

163 ()

- -

..........................................................

( )

( )

164 ()

- -

1. (e-Money )

1.1

1.1.1

1.1.2

1.1.3

1.1.4

()

1.2 ()

1.2.1

1.2.2

1.2.3

1.2.4

1.3

1.3.1

1.3.2

1.3.3

-

-

-

-

-

-

-

-

165 ()

- -

2. (Clearing)

2.1

2.2

2.3

2.4 ()

3. (Settlement)

3.1

3.2

3.3 (Finality)

(Irrevocable)

3.4 ()

4. (Transaction switching )

4.1

4.2

4.3 ()

5.

5.1

5.2

5.3

166 ()

.......... ............................ .. ..............

......................................................................................... ................................................................................................................. ........................................................................ ........................................ .........................................

( ) (e-Money ) ............................... ..............................

( ) ............................... ..............................

(1) (Credit card network) (2) (EDC network) (3) (Transaction Switching )

(4) (e-Money )

( ) ............................... ..............................

(1) (Clearing) (2) (Settlement) (3)

(4) (Transaction Switching )

(5)

()

()

........... / 25....

167 ()

- -

(6) (e-Money )

..........................................................

( )

( )

168 ()

/.

()

.........................................................

8 9 .. 2551

/ 1. .. ........... 2. ............................................................................ ................................... / 8 9 .. 2551

()

169 ()

...........................................................................................

...........................................................................................

...........................................................................................

...........................................................................................

............................................. ....................................... .....................................................................

...........................................................................................

170 ()

30 " "

"" . "" "" "" "" "" "" " " "" "" " " // "" () //

171 ()

..

172 ()

..

/ / /

134 () 173 ()

..

.. ..

..

..

..

..

..

135 () 174 ()

..

.. ..

..

..

..

..

..

135 ()

136 () 175 ()

()

()

()

()

()

()

()

()

()

()

137 () 176 ()

()

()

()

()

()

()

()

()

()

()

137 ()

()

()

()

()

() ()

() ()

()

138 () 177 ()

() () () () () ()

.

..

139 () 178 ()

() () () () () ()

.

..

139 ()

140 () 179 ()

.

..

141 () 180 ()

.

..

141 ()

.

. / .

..

....................

.... .. .. .. .. ( .....................................................................................) (..)

.. ......... .. .............................................. (..) ..

.. ..................... .. ....

() (................................................)

142 () 181 ()

- -

.

../.. ...........................................

../ .

/... .. .. .. ... () (.) ... (.) ............................................

(.)

. ..

143 () 182 ()

- -

.

../.. ...........................................

../ .

/... .. .. .. ... () (.) ... (.) ............................................

(.)

. ..

143 ()

. /

183 ()

. /

/ / /

184 ()

. /

.

.

.. .. (.)

. . /

..

.

..

. .

.. ( ) ( ) ( )

185 ()

( ) (e-Money )

( ) () (Credit Card Network) () (EDC Network) () (Transaction Switching

) ()

(e-Money )

( ) () (Clearing) () (Settlement) ()

() (Transaction Switching ) () ()

(e-Money )

. (e-Money) ..

..

.. ..

186 ()

. . ..

.. .. . .

. /

.

() . .

() . . .

.. .. .. . .

187 ()

.

.. .. .

.. .. .. .. . . .

. (Settlement)

(Finality) (Irrevocable)

. ..

..

. ..

188 ()

..

() ()

()

. . .

. ..

. .. .

..

189 ()

....

........

........

........

........

........

.......

........

........

........

........

........

........

...

....

........

........

........

........

........

.......

..

........

........

......

30

:

(1)

(2)

6

(1)/(2

)x100

/

.

.

190 ()

30

6 6

.

1) 2) 6

191 ()

. /

192 ()

. /

. /

/ / /

180 () 193 ()

. /

.

.

..

.

..

.

.

.

181 () 194 ()

. /

.

.

..

.

..

.

.

.

181 ()

.

..

182 () 195 ()

. /

196 ()

. /

/ / /

190 () 197 ()

. /

.

.

.. (.) .

.. .

..

. ()

191 () 198 ()

. /

.

.

.. (.) .

.. .

..

. ()

191 ()

()

() () () () .

. ()

192 () 199 ()

.

..

193 () 200 ()

.

..

193 ()

1.

1.1

(1)

(2)

194 () 201 ()

- 2 -

(3)

1.2

(1)

(2)

(3)

(3.1)

(3.2)

(3.3)

1.3

(Password) (Personal Identification Number) (Token or Smart Card) (Biometric) (Public Key Infrastructure)

195 () 202 ()

- 2 -

(3)

1.2

(1)

(2)

(3)

(3.1)

(3.2)

(3.3)

1.3

(Password) (Personal Identification Number) (Token or Smart Card) (Biometric) (Public Key Infrastructure)

195 ()

- 3 -

(1)

(2)

2.

2.1

(1)

(2)

(3)

2.2

196 () 203 ()

- 4 -

(1)

(2)

(3) (3.1)

(3.2)

(3.3)

(3.4)

(3.5)

(4)

2.3

(1)

(1.1)

197 () 204 ()

- 4 -

(1)

(2)

(3) (3.1)

(3.2)

(3.3)

(3.4)

(3.5)

(4)

2.3

(1)

(1.1)

197 ()

- 5 -

(1.2) (1.3) (1.4)

(2)

3. (Peak Time)

3.1

(1) (2)

(3) (4)

3.2

198 () 205 ()

- 6 -

(1)

(2) (Vulnerability Assessment)

(3) (Penetration Test)

3.3

(1)

(2) (3)

3.4

(1)

(2)

(3)

199 () 206 ()

- 6 -

(1)

(2) (Vulnerability Assessment)

(3) (Penetration Test)

3.3

(1)

(2) (3)

3.4

(1)

(2)

(3)

199 ()

- 7 -

3.5

(1) (2) (Recovery Time Objectives) (3)

. . .

.

.

(4)

(5) 1

3.6

200 () 207 ()

- 8 -

4.

1

(1)

1

(2)

29 2552

201 () 208 ()

- 8 -

4.

1

(1)

1

(2)

29 2552

201 ()

..

209 ()

..

/ / /

203 () 210 ()

..

/ / /

203 ()

..

.. ..

..

..

204 () 211 ()

()

() () (information security)

(administrative security)

(physical security)

(confidentiality)

(integrity)

205 () 212 ()

()

() () (information security)

(administrative security)

(physical security)

(confidentiality)

(integrity)

205 ()

(availability)

(critical infrastructure)

() () ()

()

()

()

()

206 () 213 ()

() ()

() () () ()

()

()

() ()

()

207 () 214 ()

() ()

() () () ()

()

()

() ()

()

207 ()

..

208 () 215 ()

:- ..

209 ()

..

216 ()

:- ..

209 ()

..

217 ()

..

/ / /

211 () 218 ()

..

/ / /

211 ()

..

..

..

..

() ..

()

() ()

()

()

212 () 219 ()

() ()

()

() ()

() ()

()

()

()

()

() ()

213 () 220 ()

() ()

()

() ()

() ()

()

()

()

()

() ()

213 ()

()

()

() ()

..

214 () 221 ()

..

222 ()

..

..

/ / /

216 () 223 ()

..

..

..

..

..

217 () 224 ()

..

..

..

..

..

217 ()

.. -------------------------------------------------

(Confidentiality) (Integrity) (Availability)

. .

. . . .

.

.

. .

.

218 () 225 ()

.

.

.

.

.

. (Confidentiality agreement Non-Disclosure agreement)

.

.

.

. .

.

219 ()

.

.

.

.

. . (Security perimeter)

.

.

. (Power failure) (Supporting utilities)

.

.

.

.

.

.

.

220 () 226 ()

.

.

.

.

. . (Security perimeter)

.

.

. (Power failure) (Supporting utilities)

.

.

.

.

.

.

.

220 () 227 ()

.

.

.

.

.

.

. (Electronic commerce)

. (Online transaction)

.

. Audit log

.

. Log Log

. Log (System administrator System operator)

.

221 () 228 ()

.

.

. .

.

.

.

.

.

(Laptop Computer) (Smartphone)

.

.

.

.

.

222 () 229 ()

.

.

. .

.

.

.

.

.

.

. . .

.

223 ()

.

.

. .

.

.

. .

.

. Log Log

.

(Security domain) (Synchronization)

.

.

. .

224 () 230 ()

.

.

. .

.

.

. .

.

. Log Log

.

(Security domain) (Synchronization)

.

.

. .

224 () 231 ()

. Remote diagnostic Configuration facility

.

.

. Log-on .

(Interactive) .

. (Validate)

. (Validate)

. (Key)

.

. (Source code) .

.

.

.

.

225 ()

.

.

. .

.

.

(Compromise)

.

.

.

.

.

. .

.

.

226 () 232 ()

.

.

. .

.

.

(Compromise)

.

.

.

.

.

. .

.

.

226 () 233 ()

. (Secure area)

. (Secure area)

.

. (Interception)

.

.

.

.

.

.

. Mobile code ( Script ) (Configuration) Mobile code Mobile code Mobile code

. (Removable media)

. (Removable media)

227 ()

. (System documentation)

.

. (Electronic messaging) ( E - mail) EDI Instant messaging)

.

. . . Clear desk

Clear screen

. (Automatic equipment identification)

.

.

.

. (Teleworking)

.

. (Validate)

. (Authenticity) (Integrity)

. .

228 () 234 ()

. (Secure area)

. (Secure area)

.

. (Interception)

.

.

.

.

.

.

. Mobile code ( Script ) (Configuration) Mobile code Mobile code Mobile code

. (Removable media)

. (Removable media)

227 ()

. (System documentation)

.

. (Electronic messaging) ( E - mail) EDI Instant messaging)

.

. . . Clear desk

Clear screen

. (Automatic equipment identification)

.

.

.

. (Teleworking)

.

. (Validate)

. (Authenticity) (Integrity)

. .

228 () 235 ()

.

. (Software package)

. . .

.

.

()

.

.

.

.

-------------------------------------------------

229 () 236 ()

..

.

. (Software package)

. . .

.

.

()

.

.

.

.

-------------------------------------------------

229 () 237 ()

..

/ / /

238 ()

..

.. ..

()

..

..

239 ()


(EDC Network)


(Clearing)

(Settlement)

240 ()

.

.

() () ()

. () () () () () ()

241 ()

()

.

..

()

242 ()

() ()

243 ()

()

() ()

() ()

.

() () () () ()

()

. ()

. .

.

.

244 ()

. .

. ..

. . ..

() ..

() .

245 ()

246 ()

247 ()

:- ..

248 ()

..

249 ()

..

/ / /

231 () 250 ()

..

/ / /

231 ()

..

.. ..

..

232 () 251 ()

()

()

233 () 252 ()

()

()

233 ()

()

()

()

234 () 253 ()

()

()

()

()

() () () () ()

235 () 254 ()

()

()

()

()

() () () () ()

235 ()

()

()

()

()

()

()

()

()

236 () 255 ()

()

()

() () () () ()

() () () () ()

() () () () ()

()

()

237 () 256 ()

()

()

() () () () ()

() () () () ()

() () () () ()

()

()

237 ()

/

238 () 257 ()

239 () 258 ()

239 ()

240 () 259 ()

:-

241 () 260 ()

:-

241 ()

..

261 ()

..

/ / /

243 () 262 ()

..

/ / /

243 ()

..

..

..

..

244 () 263 ()

............................................... .............................................................. ............................................. ....................................... ............................................. .. () ........................................................... ......................................................... () ........................................................... ......................................................... ........................ ............................ .......................... .. .............................. ....................................... / ..................................... ................................ / ................................... / ........................................ ................................................................................. ............... ....................................................................................................................................................... ...................................................................................................................................................... .......... ............................................................... .......................................................................................................................................................

............................................... (..............................................) ............................................... (..............................................) ............................................... (..............................................) ............................................... (..............................................) ............................................... (..............................................) ............................................... (..............................................)

..

245 () 264 ()

............................................... .............................................................. ............................................. ....................................... ............................................. .. () ........................................................... ......................................................... () ........................................................... ......................................................... ........................ ............................ .......................... .. .............................. ....................................... / ..................................... ................................ / ................................... / ........................................ ................................................................................. ............... ....................................................................................................................................................... ...................................................................................................................................................... .......... ............................................................... .......................................................................................................................................................

............................................... (..............................................) ............................................... (..............................................) ............................................... (..............................................) ............................................... (..............................................) ............................................... (..............................................) ............................................... (..............................................)

..

245 ()

........................ ......................... ............... ............. ................. ............ / ............................ .......................................... / ....................................... / ................................ .............................. .............................................. .......................... .............................................................................................................

/

...........................

..

246 () 265 ()

()

1. ................... 1.1 ............................................................. ........................................................ (model) ...................................... (S/N) ...............................................

Case Type: Mini Tower Mid Tower Full Tower ............................. PC Stand-alone Server .......................... Client Workstation Mainframe ...........................................................................

................................................................................................................................ Drives

Floppy drive(s) 5 14 .......... Floppy drive(s) 3 12 .......... Zip drive(s) ................. Jazz drive(s) .................................... Tape drive(s) .................................. Speakers ......................CD-ROM drive(s) ......................... CD-ROM types .................... Parallel port(s) ........................ Serial port(s) ................................. USB port(s) ........................... Sound card/port ..................... . Modem card/port ....................Video card/port ................... External SCSI card/port.................. . NIC card/port ............................. ................................................................................................... Monitor ......................................................................................................................................... Printer ............................................................................................................................................ .......................................................................................................................

1.2 ............................................................. ........................................................ (model) ...................................... (S/N) ...............................................


................................................................................................................................ Drives


..

247 () 266 ()

()

1. ................... 1.1 ............................................................. ........................................................ (model) ...................................... (S/N) ...............................................


................................................................................................................................ Drives


1.2 ............................................................. ........................................................ (model) ...................................... (S/N) ...............................................


................................................................................................................................ Drives


..

247 ()

1.3 ............................................................. .........................