[1]王大為、郭旭崧、蔡國煇、林育民 (民90)。衛生醫療資訊安全與隱私保障之策略研究。行政院衛生署委託中央研究院資訊科學研究所研究報告(計畫編號:89shu20),未出版。
[2]曾淑芬、呂瓊雯、謝豫立、何錦昌(民88)。資訊專業倫理與醫療資料安全之研究。行政院衛生署科技研究發展計畫(計畫編號:DOH89-TD-1090) ,未出版。
[3]吳俊德(民90)。ISO 17799資訊安全管理關鍵重點之探討。國立中正大學企業管理研究所之碩士論文,未出版,嘉義縣。[4]楊澤泉、彭啟釗、張音(民86)。台灣診所採用資訊科技之關鍵因素研究。管理學報,14(4), 507-531。[5]黃興進(民90)。資訊管理於醫療產業相關議題之探討。資訊管理學報,9,101-106。
[6]莊逸洲、黃崇哲(民89)。醫療機構管理制度。台北市:華杏。
[7]宋振華、楊子劍(民89)。 組織資訊安全體系與資訊安全整體架構。資訊系統可信賴作業體制研討會論文集,114-125。
[8]劉永禮(民91)。以BS7799 資訊安全管理規範建構組織資訊安全風險管理模式之研究。元智大學工業工程與管理研究所之碩士論文,未出版,桃園縣。[9]曾淑惠(民91)。以BS7799為基礎評估銀行業的資訊安全環境。私立淡江大學資訊管理學系碩士論文,未出版,台北縣。[10]陳信章(民90)。服務業推動BS7799認證關鍵因素之研究。國立中正大學資訊管理研究所碩士論文,未出版,嘉義縣。[11]蘇耿弘(民91)。以BS7799為基礎探討石化產業導入資訊安全管理機制之關鍵因素。國立中正大學資訊管理研究所碩士論文,未出版,嘉義縣。[12]李東峰(民91)。企業資訊安全控管決策之研究--從組織決策理論觀點探討。國立中央大學資訊管理研究所博士論文,未出版,桃園縣。[13]洪國興(民91)。資訊安全「影響因素與評估模式」之研究。國立政治大學資訊管理研究所博士論文,未出版,台北市。[14]葉相妤(民90)。運用BS 7799檢測醫療院所資訊安全管理作業文件之研究。國立陽明大學衛生資訊與決策研究所碩士論文,未出版,台北市。
[15]蔡佳婷(民90)。台灣醫療資訊安全之立法與實踐研究-由個資法的經驗到推動HIPAA之可行性。國立陽明大學衛生資訊與決策研究所碩士論文,未出版,台北市。
[16]蕭如玲(民91)。影響發展護理計劃系統關鍵因素之研究。國立中正大學資訊管理研究所碩士論文,未出版,嘉義縣。[17]樊國楨、方仁威、林樹國(民92)。資訊安全管理系統評估之研究--資產、威脅與脆弱性。資訊安全論壇,14(10), 19-35。[18]樊國楨(主編)(民92)。資訊安全管理系統與稽核。台北市:行政院國家科學委員會科學技術資料中心。
英文部分
[19]Anderson, J. M. (2003).Why we Need a New Definition of Information Security. Computers & Security, 22(4), 308-313.
[20]Adam, F., and Haslam, J.A. (2001).The Irish Experience with Disaster Recovery Planning: High Level of Awareness May Not Sufficien. in G. Dhillon Eds. Information Security Management: Global Challenge in the New Millennium, Hershey PA: Idea Group Publishing, 85-100.
[21]Applegate, L.M., and Elam, J.J. (1992).New Information Systems Leader: A Changing Role in a Changing World.MIS Quterly, 16(4), 456-469.
[22]Basic von Solms (2001).Information Security-A Multidimensional Discipline. Computer & Security, 20(6), 504-508.
[23]Bemmel, Rotterdam & Musen M.A. (1999).Handbook of Medical Informatic.
[24]BS7799-1 (1999).Information Security Management- Part1: Code of Practice for Information Security Management.BS 7799-1 : 1999, British Standards Institution (BSI), London.
[25]BS7799-2 (1999). Information Security Management- Part2: Specification for Information security management systems.BS7799-2:1999, British Standards Institution (BSI), London.
[26]Buckovich, Suzy A. et al. (1999). Driving toward Guiding Principles: A Goal for Privacy, Confidentiality, and Security of Health Information. JAMIA,122-133.
[27]Carter, D.L. Katz A.J. (1996). Computer Crime and Security: The Perceptions and Experience of Corporate Security Directors,” Security Journal, 7, 101-108.
[28]Caminada, M. (1998). Internet security incidents, a survey within Dutch organizations. Computer & Security, Amsterdam,17(5),417-433.
[29]Cash, J.I., McFarlan, F.W., McKenney, J.L., and Applegate, L.M. (1992). Corporate Information Systems Management: Text and Cases, Irwin: MA.
[30]Cohen, M.D., March, J.G., and Olsen, J.P. (1972) .A Garbage Can Model of Organizational Choice. Administrative Science Quarterly, 17, 1-25.
[31]Ein-Dor, P. & Segev, Z. (1978).Organizational Context and the Success of Management Information System. Management Science, 24(10), 1046 -1077.
[32]Eloff, J. H. P. (1988). Computer Security Policy: Important Issues. Computer & Security, 7 (6), 559-562.
[33]Eloff, M. M. & Von Sloms, S. H. (2000a). Information Security Management: An Approach to Combine Process Certification and Product Evaluation. Computers & Security, 19(8), 698-709.
[34]Eloff, M. M. & Von Solms, S. H. (2000b). Information Security management: A Hierarchical Framework for Various Approaches. Computers & Security, 19(3), 243-256.
[35]Finne, T. (1996). The Information Security Chain in a Company. Computer & Security, 15(4),297-316.
[36]Fry, B.G.P. and Main, W.F. (1983). A Conceptual Methodology for Evaluating Security Requirements for Data Asset. Computer & Security, 2(3),237-241.
[37]Grover, V. & Goslar, M.D. (1993). The Initiation, Adoption and Implementation of Telecommunications Technologies in U.S. Organization. Journal of Management Information Systems, 10(1), 141-163.
[38]Hair, J.F., Anderson, R.E., Tatham, R.L., & Black, W.C. (1998). Multivariate Data Analysis. Prentice-Hall Inc.
[39]Haley, B.J. (1997). Implementing the Decision Support Infrastracture: Key Success Factors in Data Warehousing. Unpublished PhD. Dissertation, University of Georgia.
[40]Hartman, B., Flinn, D.J., and Beznosov, K. (2001). Enterprise Security with EJB and COBRA. USA, John Wiley and Sons.
[41]Haywood, Trevor. (1998). Global Networks and the Myth of Equality: Trickle Down or Trickle Away? Edited by Loader, Brian D., Cyberspace Divide-Equality, Agency and Policy in the Information Society.
[42]Hoffer, J.A., and Straub, D.W. Jr. (1989). The 9 to 5 Underground: Are you Policing Computer Crimes? Sloan Management Review,30(4), 35-43.
[43]Jarvenpaa, S.L. and Ives, B. (1991). Executive Involvement and Participation in the Management of Information Technology. MIS Quarterly, 15(2), 205-227.
[44]Lewis, B.R., Synder, C.A., and Raiiner, R.K. (1995). An Empirical Assessment of the Information Resource Management Construct. Journal Information Technology Systems, 12(1), 199-223.
[45]Lo, Bernard and Alpers, A. (2000). Uses and Abuses of Prescription Drug Information in Pharmacy Benefits Management Programs. Journal of the American Medical Association, 283(6), 801-806.
[46]Martin, B.L. Batchelder, G., Newcomb, J., Rockart, J.E., Yetter, W.P., and Grossman, J.H. (1995). The End of Delegation? Information Technology and the CEO. Harvard Business Review, Sept.-Oct., 161-172.
[47]Miller, R.B. (1998). Libraries and Computers: Disaster Prevention and Recovery. Information Technology and Libraries, December, 349-358.
[48]Mohr, J.J. (1996).The Management and Controls of Information in High-Technology Firms. The Journal of High Technology Management Research, 7(2), 245-268.
[49]Neumann, P.G. (1995). Computer Related Risk. NY, ACM Press.
[50]Orlikowski, W., & Gash. D (1992).Changing Frames: Understanding Technological Change in Organization. Center for Information Systems Research, Working Paper, Massachusetts Institute of Technology.
[51]Pfleeger, C.P. (1996). Security in Computing. (2nd Ed). NJ, USA Prentice Hall PTR.
[52]Post, G., and Kagan, A. (2000). Management Tradeoffs in Anti-Virus Strategies. Information and Management, 37, 13-24.
[53]Powell, D. (1993). To Outsouring or not to Outsouring? Networking Management, 2, 56-61.
[54]Premkumar, G., and King, W.R. (1994). Organizational Characteristics and Information Systems Planning: An Empirical Study. Information Systems Research, 5(2), 75-104.
[55]Simpson, Roy L. (1996). Security threats are usually an inside job.Nursing Management. 27(12), 43.
[56]Straub, D.W. Jr. (1990). Effective IS Security: An Empirical Study. Information Systems Research, 1(3), 255-276.
[57]Teo, T.S.H., and Ang, J.S.K. (1999). Critical Success Factors in the Alignment of IS Plans with Business Plans. International Journal of Information Management, 19, 173-185.
[58]Von Solms R., Van Haar H., Von Solms S.H., and Caelli W.J. (1994). A Framework for Information Security Evaluation. Information and Management, 26, 143-153.
[59]Wang, E.T.G. (2001). Linking Organizational Context with Structure: A Preliminary Investigation of the Information Processing View. The International Journal of Management Science, 29, 429-443.