跳到主要內容

臺灣博碩士論文加值系統

(18.97.9.168) 您好!臺灣時間:2025/01/16 18:10
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:鍾惠琦
研究生(外文):Whi-Chi Chung
論文名稱:影響國內醫院導入與發展資訊安全管理系統關鍵因素之研究
論文名稱(外文):An Empirical Study of Critical Factors in Influencing the Adoption of Information Security Management Systems in Taiwan hospital
指導教授:黃興進黃興進引用關係
指導教授(外文):Hsin-Ginn Hwang
學位類別:碩士
校院名稱:國立中正大學
系所名稱:資訊管理所
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2005
畢業學年度:93
語文別:中文
論文頁數:81
中文關鍵詞:資訊安全資訊安全管理系統BS7799
外文關鍵詞:Information SecurityInformation Security Management SystemBS7799
相關次數:
  • 被引用被引用:11
  • 點閱點閱:529
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:4
由於資訊與通訊技術之快速發展,加速醫療資訊的電子化並大幅的提升醫療照護的品質與水準。Martin et al. (1995) 認為資訊安全管理是資訊科技應用的衍生議題中,最容易造成重大危害的一項議題。儘管醫療院所在傳統上比較保守,也無法抗拒資訊化與電子化所帶來的衝擊。如何在醫療資訊電子化的同時,避免資訊安全帶來的危害實為當務之急。因此,本研究將以醫院整體的資訊安全管理程度做為分析單位,討論國內醫院目前導入與發展內部的資訊安全管理系統之現況及影響其導入與發展資訊安全管理系統之關鍵因素。
本研究的研究調查對象,以行政院衛生署衛生統計資訊網所公告的九十二年度醫院評鑑合格名單中的地區級以上醫院為研究母體,共計467家醫院。以問卷進行調查,調查對象為地區級以上醫院資訊部門主管,有效問卷為63份,有效回收率為13.49%。利用區別分析探討影響醫院導入與發展資訊安全管理系統之關鍵因素,研究結果顯示,供應商、組織特性、損失嚴重程度、資訊安全技能以及安全防護能力,會顯著影響醫院導入與發展資訊安全管理系統。本研究調查結果認為國內醫院會因為環境因素、組織因素與資訊科技因素的影響而開始導入與發展資訊安全管理系統,在導入過程中除了資訊技術層面,更必須透過管理層面配合執行,如此才能建構出有效且完整的醫院資訊安全管理系統。
Because of the explosive development of information and communication technology, the electronization of medical information accelerated and the quality in medical care improved by a wide margin. Martin et al.(1995) hold the opinion that information security management, as a derive topic from the applications of information science and technology, was the topic which aptest to endangered if not properly copied with. Though used to be conservative, the medical institutes were unable to resist the benefit from informationization and electronization. While the medical information electronized, how to prevent the hospitals from risks and damages that the information security problems associated was the task in top priority. This research tried to identify the level of information security management in the domestic hospitals as the construct, to explore the present status how the domestic hospitals had inducted and developed the information security management system and which key successful factors had impact in the induction and development of the system.
According to the data from National Health Administration in 2003, there were 467 qualified hospitals listed as medical centers, regional hospitals and community hospitals. With questionnaires survey, all the officers in the information section was including in the list. There were 63 copies of qualified questionnaires responded.(The responded rate was 13.49%). By discriminant analysis, the KSFs that had impacts in induction and development of information security management systems were identified. It revealed that vendors, characteristics of organization, severity from damage, ability in information security technology and capacities of security protection had significant influences in the induction and development of information security management system. The results proposed that owing to the influences from environmental, organizational, and informative technological factors, the domestic hospitals started to induce and develop the information security management system. And in the processes of the induction, besides the information technology consideration, the hospitals need more cooperations from the administrative officers in execution, thereby to build up a more effective and perfect medical information security system.
目 錄 IV
圖目錄 VI
表目錄 VII
第一章 緒論 1
第一節 研究背景與動機 1
第二節 研究目的 4
第三節 研究流程 6
第四節 研究範圍 8
第五節 研究貢獻 8
第二章 文獻探討 10
第一節 醫療資訊隱私與資訊安全 10
第二節 資訊安全管理系統 12
2.2.1. 資訊安全管理系統之定義 13
2.2.2. 資訊安全管理系統驗證簡史 13
2.2.3. 資訊安全管理系統之架構 14
2.2.4. 資訊安全管理系統導入發展之規劃 15
2.2.5. 資訊安全管理系統稽核與驗證 18
2.2.6. BS7799 與其他資訊安全管理之標準 20
第三節 國內外資訊安全管理研究之整理 22
第三章 研究方法 26
第一節 研究架構 26
第二節 變數定義與衡量 29
3.2.1 環境構面 29
3.2.2 組織構面 30
3.2.3 資訊科技構面 31
3.2.4 資訊安全管理系統程度 32
第三節 研究假說 34
第四節 問卷設計、調查與回收 35
3.4.1 問卷設計 35
3.4.2 問卷調查對象 35
3.4.3 問卷郵寄與催收 35
第四章 資料分析與討論 36
第一節 基本資料分析 36
4.2.1 問卷回收情況 36
4.2.2 問卷填答者之基本資料 39
4.2.3 醫院在資訊安全管理組織規劃與人員配置情形 41
第二節 敘述性統計分析 43
4.2.1 環境構面敘述性統計分析 43
4.2.2 組織構面敘述性統計分析 45
4.2.3 資訊科技構面敘述性統計分析 48
4.2.4 資訊安全管理系統實施現況敘述性統計分析 50
第三節 信度與效度之檢定 56
4.3.1 信度分析 56
4.3.2 效度分析 58
第四節 研究假說之檢定 61
第五章 結論與建議 70
第一節 研究結論與建議 70
第二節 研究限制 73
第三節 未來研究方向 75
參考文獻 76
附錄 研究問卷…………….……………………………..………………....83
[1]王大為、郭旭崧、蔡國煇、林育民 (民90)。衛生醫療資訊安全與隱私保障之策略研究。行政院衛生署委託中央研究院資訊科學研究所研究報告(計畫編號:89shu20),未出版。
[2]曾淑芬、呂瓊雯、謝豫立、何錦昌(民88)。資訊專業倫理與醫療資料安全之研究。行政院衛生署科技研究發展計畫(計畫編號:DOH89-TD-1090) ,未出版。
[3]吳俊德(民90)。ISO 17799資訊安全管理關鍵重點之探討。國立中正大學企業管理研究所之碩士論文,未出版,嘉義縣。
[4]楊澤泉、彭啟釗、張音(民86)。台灣診所採用資訊科技之關鍵因素研究。管理學報,14(4), 507-531。
[5]黃興進(民90)。資訊管理於醫療產業相關議題之探討。資訊管理學報,9,101-106。
[6]莊逸洲、黃崇哲(民89)。醫療機構管理制度。台北市:華杏。
[7]宋振華、楊子劍(民89)。 組織資訊安全體系與資訊安全整體架構。資訊系統可信賴作業體制研討會論文集,114-125。
[8]劉永禮(民91)。以BS7799 資訊安全管理規範建構組織資訊安全風險管理模式之研究。元智大學工業工程與管理研究所之碩士論文,未出版,桃園縣。
[9]曾淑惠(民91)。以BS7799為基礎評估銀行業的資訊安全環境。私立淡江大學資訊管理學系碩士論文,未出版,台北縣。
[10]陳信章(民90)。服務業推動BS7799認證關鍵因素之研究。國立中正大學資訊管理研究所碩士論文,未出版,嘉義縣。
[11]蘇耿弘(民91)。以BS7799為基礎探討石化產業導入資訊安全管理機制之關鍵因素。國立中正大學資訊管理研究所碩士論文,未出版,嘉義縣。
[12]李東峰(民91)。企業資訊安全控管決策之研究--從組織決策理論觀點探討。國立中央大學資訊管理研究所博士論文,未出版,桃園縣。
[13]洪國興(民91)。資訊安全「影響因素與評估模式」之研究。國立政治大學資訊管理研究所博士論文,未出版,台北市。
[14]葉相妤(民90)。運用BS 7799檢測醫療院所資訊安全管理作業文件之研究。國立陽明大學衛生資訊與決策研究所碩士論文,未出版,台北市。
[15]蔡佳婷(民90)。台灣醫療資訊安全之立法與實踐研究-由個資法的經驗到推動HIPAA之可行性。國立陽明大學衛生資訊與決策研究所碩士論文,未出版,台北市。
[16]蕭如玲(民91)。影響發展護理計劃系統關鍵因素之研究。國立中正大學資訊管理研究所碩士論文,未出版,嘉義縣。
[17]樊國楨、方仁威、林樹國(民92)。資訊安全管理系統評估之研究--資產、威脅與脆弱性。資訊安全論壇,14(10), 19-35。
[18]樊國楨(主編)(民92)。資訊安全管理系統與稽核。台北市:行政院國家科學委員會科學技術資料中心。

英文部分
[19]Anderson, J. M. (2003).Why we Need a New Definition of Information Security. Computers & Security, 22(4), 308-313.
[20]Adam, F., and Haslam, J.A. (2001).The Irish Experience with Disaster Recovery Planning: High Level of Awareness May Not Sufficien. in G. Dhillon Eds. Information Security Management: Global Challenge in the New Millennium, Hershey PA: Idea Group Publishing, 85-100.
[21]Applegate, L.M., and Elam, J.J. (1992).New Information Systems Leader: A Changing Role in a Changing World.MIS Quterly, 16(4), 456-469.
[22]Basic von Solms (2001).Information Security-A Multidimensional Discipline. Computer & Security, 20(6), 504-508.
[23]Bemmel, Rotterdam & Musen M.A. (1999).Handbook of Medical Informatic.
[24]BS7799-1 (1999).Information Security Management- Part1: Code of Practice for Information Security Management.BS 7799-1 : 1999, British Standards Institution (BSI), London.
[25]BS7799-2 (1999). Information Security Management- Part2: Specification for Information security management systems.BS7799-2:1999, British Standards Institution (BSI), London.
[26]Buckovich, Suzy A. et al. (1999). Driving toward Guiding Principles: A Goal for Privacy, Confidentiality, and Security of Health Information. JAMIA,122-133.
[27]Carter, D.L. Katz A.J. (1996). Computer Crime and Security: The Perceptions and Experience of Corporate Security Directors,” Security Journal, 7, 101-108.
[28]Caminada, M. (1998). Internet security incidents, a survey within Dutch organizations. Computer & Security, Amsterdam,17(5),417-433.
[29]Cash, J.I., McFarlan, F.W., McKenney, J.L., and Applegate, L.M. (1992). Corporate Information Systems Management: Text and Cases, Irwin: MA.
[30]Cohen, M.D., March, J.G., and Olsen, J.P. (1972) .A Garbage Can Model of Organizational Choice. Administrative Science Quarterly, 17, 1-25.
[31]Ein-Dor, P. & Segev, Z. (1978).Organizational Context and the Success of Management Information System. Management Science, 24(10), 1046 -1077.
[32]Eloff, J. H. P. (1988). Computer Security Policy: Important Issues. Computer & Security, 7 (6), 559-562.
[33]Eloff, M. M. & Von Sloms, S. H. (2000a). Information Security Management: An Approach to Combine Process Certification and Product Evaluation. Computers & Security, 19(8), 698-709.
[34]Eloff, M. M. & Von Solms, S. H. (2000b). Information Security management: A Hierarchical Framework for Various Approaches. Computers & Security, 19(3), 243-256.
[35]Finne, T. (1996). The Information Security Chain in a Company. Computer & Security, 15(4),297-316.
[36]Fry, B.G.P. and Main, W.F. (1983). A Conceptual Methodology for Evaluating Security Requirements for Data Asset. Computer & Security, 2(3),237-241.
[37]Grover, V. & Goslar, M.D. (1993). The Initiation, Adoption and Implementation of Telecommunications Technologies in U.S. Organization. Journal of Management Information Systems, 10(1), 141-163.
[38]Hair, J.F., Anderson, R.E., Tatham, R.L., & Black, W.C. (1998). Multivariate Data Analysis. Prentice-Hall Inc.
[39]Haley, B.J. (1997). Implementing the Decision Support Infrastracture: Key Success Factors in Data Warehousing. Unpublished PhD. Dissertation, University of Georgia.
[40]Hartman, B., Flinn, D.J., and Beznosov, K. (2001). Enterprise Security with EJB and COBRA. USA, John Wiley and Sons.
[41]Haywood, Trevor. (1998). Global Networks and the Myth of Equality: Trickle Down or Trickle Away? Edited by Loader, Brian D., Cyberspace Divide-Equality, Agency and Policy in the Information Society.
[42]Hoffer, J.A., and Straub, D.W. Jr. (1989). The 9 to 5 Underground: Are you Policing Computer Crimes? Sloan Management Review,30(4), 35-43.
[43]Jarvenpaa, S.L. and Ives, B. (1991). Executive Involvement and Participation in the Management of Information Technology. MIS Quarterly, 15(2), 205-227.
[44]Lewis, B.R., Synder, C.A., and Raiiner, R.K. (1995). An Empirical Assessment of the Information Resource Management Construct. Journal Information Technology Systems, 12(1), 199-223.
[45]Lo, Bernard and Alpers, A. (2000). Uses and Abuses of Prescription Drug Information in Pharmacy Benefits Management Programs. Journal of the American Medical Association, 283(6), 801-806.
[46]Martin, B.L. Batchelder, G., Newcomb, J., Rockart, J.E., Yetter, W.P., and Grossman, J.H. (1995). The End of Delegation? Information Technology and the CEO. Harvard Business Review, Sept.-Oct., 161-172.
[47]Miller, R.B. (1998). Libraries and Computers: Disaster Prevention and Recovery. Information Technology and Libraries, December, 349-358.
[48]Mohr, J.J. (1996).The Management and Controls of Information in High-Technology Firms. The Journal of High Technology Management Research, 7(2), 245-268.
[49]Neumann, P.G. (1995). Computer Related Risk. NY, ACM Press.
[50]Orlikowski, W., & Gash. D (1992).Changing Frames: Understanding Technological Change in Organization. Center for Information Systems Research, Working Paper, Massachusetts Institute of Technology.
[51]Pfleeger, C.P. (1996). Security in Computing. (2nd Ed). NJ, USA Prentice Hall PTR.
[52]Post, G., and Kagan, A. (2000). Management Tradeoffs in Anti-Virus Strategies. Information and Management, 37, 13-24.
[53]Powell, D. (1993). To Outsouring or not to Outsouring? Networking Management, 2, 56-61.
[54]Premkumar, G., and King, W.R. (1994). Organizational Characteristics and Information Systems Planning: An Empirical Study. Information Systems Research, 5(2), 75-104.
[55]Simpson, Roy L. (1996). Security threats are usually an inside job.Nursing Management. 27(12), 43.
[56]Straub, D.W. Jr. (1990). Effective IS Security: An Empirical Study. Information Systems Research, 1(3), 255-276.
[57]Teo, T.S.H., and Ang, J.S.K. (1999). Critical Success Factors in the Alignment of IS Plans with Business Plans. International Journal of Information Management, 19, 173-185.
[58]Von Solms R., Van Haar H., Von Solms S.H., and Caelli W.J. (1994). A Framework for Information Security Evaluation. Information and Management, 26, 143-153.
[59]Wang, E.T.G. (2001). Linking Organizational Context with Structure: A Preliminary Investigation of the Information Processing View. The International Journal of Management Science, 29, 429-443.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top