跳到主要內容

臺灣博碩士論文加值系統

(44.192.67.10) 您好!臺灣時間:2024/11/15 04:15
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:郭家宏
研究生(外文):Chia-Hung Kuo
論文名稱:從組織決策觀點探討資訊安全控管程度及其有效性之研究--以企業資訊部門為例
論文名稱(外文):From organization decision viewpoint to explore degree of information security control and its degree of effectiveness—examples by business information department
指導教授:蔡裕源蔡裕源引用關係
指導教授(外文):Yu-Yuan Tsai
學位類別:碩士
校院名稱:國立東華大學
系所名稱:企業管理學系
學門:商業及管理學門
學類:企業管理學類
論文種類:學術論文
論文出版年:2005
畢業學年度:93
語文別:中文
論文頁數:76
中文關鍵詞:有效性高階主管組織決策資訊安全控管
外文關鍵詞:Information security controlExecutivesOrganization decisionEffectiveness
相關次數:
  • 被引用被引用:15
  • 點閱點閱:568
  • 評分評分:
  • 下載下載:156
  • 收藏至我的研究室書目清單書目收藏:6
隨著資訊科技的普及應用,資訊安全事故對企業的衝擊也日益嚴重,但是目前的學術研究及企業管理者,仍停留在重視資訊安全控管的技術性議題上,忽略了資訊安全控管制度的規劃與整合等管理面議題的重要性,因此,在目前的企業資訊安全管理工作上,常出現事倍而孕b的情況。
資訊科技的普及應用提昇了組織內部與跨組織間的資訊流通效率,改善企業原本的內部流程,增加跨組織間的互動連結,為企業帶來釵h難以估量的利益。但是隨著企業專屬性資訊資產透過跨組織間的快速流動,同時也帶來新的競爭機會,因此,企業資訊資產的安全控管,也逐漸成為企業資訊管理的重要工作。
本研究主要發現:(1)高階主管對資訊安全的重視程度越高,則資訊安全的控管程度也會越高;(2)認知的資訊安全風險程度越高,資訊安全的控管程度並不會越高;(3)資訊安全的控管程度越高,則資訊安全控管的有效性也會越高;(4)企業的資訊科技應用程度越高,則資訊安全控管程度也會越高。
With the universal application of information technology (IT) on business, the impact of information security accidents to business operations is also critical with each passing day. Even so, the existent academic researchers and business managers still focus on the technical issues of information security control, and overlook the important issues of managing information security control and integration. Therefore, the existing enterprises often get half the result with twice the effort on the works of information security control.
The universal applications of IT raise the information circulation efficiency within and between the organizations, improve the original internal technological processes, promote the interactive connections between the organizations, and bring about the inestimable benefits for business. With the exclusive information assets of the enterprises circulate quickly across the organizations, the enterprises confront with many opportunities of competition. Therefore, how to control and manage information assets gradually becomes an important work of business information management.
The research’s main results are: (1) the more the high-level managers value the information security, the more the extent of information security control is; (2) the more the extent of cognitive information security is, the more the effectiveness of information security control is; (3) the more the level of information security control is, the more the effectiveness of information security control is; and (4) the more the applications of the enterprise information technology, the more the level of information security control is.
第一章 緒論 - 6 -
第一節 研究背景 - 6 -
第二節 研究動機 - 7 -
第三節 研究目的 - 9 -
第四節 研究對象與範圍 - 10 -
第五節 研究流程 - 10 -
第二章 文獻探討 - 12 -
第一節 資訊安全 - 12 -
第二節 高階主管對資訊安全決策的影響 - 15 -
第三節 風險管理 - 18 -
第四節 資訊安全控管 - 21 -
第五節 資訊安全控管有效性 - 26 -
第三章 研究方法 - 30 -
第一節 研究架構 - 30 -
第二節 研究假說 - 31 -
第三節 研究變項與操作性定義 - 34 -
第四節 資料蒐集方法 - 38 -
第五節 資料分析方法 - 38 -
第四章 資料分析與研究成果 - 41 -
第一節 樣本基本資料分析 - 41 -
第二節 因素分析 - 44 -
第三節 信效度分析 - 46 -
第四節 假設實證分析 - 51 -
第五章 結論與建議 - 56 -
第一節 研究結果 - 56 -
第二節 研究貢獻與管理意涵 - 60 -
第三節 研究限制 - 61 -
第四節 後續研究建議 - 63 -
參考文獻 - 65 -
附錄一、研究問卷 - 72 -
一、中文部分
1.李東峰、林子銘(2002),《資訊主管企業資訊安全之風險控管決策》,資訊管理研究,第四卷,第二期,頁1-42。
2.李東峰(2003),《企業資訊安全控管決策之研究--從組織決策理論觀點探討》,國立中央大學資訊管理研究所博士論文。
3.洪國興、趙榮耀(2003),《資訊安全管理理論之探討》,資管評論,第十二期,頁17-47。
4.黃俊英(2000),《多變量分析》,華泰文化:台北。
5.鄧家駒(1998),《風險管理》,華泰文化:台北。
6.經濟部標準檢驗局(2002),《CSN 17799資訊技術—資訊安全管理作業要點》,經濟部標準檢驗局。
7.經濟部標準檢驗局(2002),《CSN 17800資訊技術—資訊安全管理規範》,經濟部標準檢驗局。


二、英文部分
1.Beach, L. R. and R. Mitchell(1996), “Image Theory: The Unifying Perspective,” in L. R. Beach Eds. Decision Making in the Workplace: A Unified Perspective, New Jersey: Lawrence Erlbaum Associations, 1-20.
2.Bourgeois III, L. J. and K. M. Eisenhardt(1988), “Strategic Decision Processes in High Velocity Environments: Four Cases in Microcomputer Industry,” Management Science, 34(7), 816-835.
3.BS 7799-1(2000), “Information Security Management- Part 1: Code of Practice for Information Security Management,” British Standards Institution, London.
4.BS 7799-2(2002), “Information Security Management- Part 2: Specification for Information Security Management,” British Standards Institution, London.
5.Carter, D. L. and A. J. Katz(1996), “Computer Crime and Security: the Perceptions and Experiences of Corporate Security Directors,” Security Journal, 7, 101-108.
6.Cash, J. I., F. W. McFarlan, J. L. Mckenney, and L. M. Applegate(1992), Corporate Information Systems Management: Test and Cases, Irwin: MA..
7.Cyert, R. M., H. A. Simon, and D. B. Trow(1956), “Observation of a Business Decision,” The Journal of Business, 29, 237-248.
8.Cyert, R. M., March, J. G.(1963), “A Behavioral Theory of the Firms,” Englewood Cliffs, New Jersey: Prentice-Hall.
9.Davis, G. B. and M. H. Olson(1985), “Management Information Systems: Conceptual Foundations, Structure and Development,” 3rd Ed., New York: McGraw-Hill.
10.Dean, J. W. Jr. and M. P. Sharfman(1993), “The Relationship between Procedural Rationality and Political Behavior in Strategic Decision Making,” Decision Sciences, 24(6), 1069-1083.
11.Dhillon, G. and J. Backhouse(2000), “Information System Security Management in the New Millennium,” Communication of the ACM, 43(7), 125-128.
12.Dutton, J. E.(1986), “Understanding Strategic Agenda Building and Its Implications for Managing Change,” Scandinavian Journal of Management Studies, 3-21.
13.Fry, B. G. P. and W. F. Main(1983), “A Conceptual Methodology for Evaluating Security Requirements for Data Assets,” Computers and Security, 2(3), 237-241.
14.Fung, A. R. W., K. J. Farn, and A. C. Lin(2003) “Paper: a study on the certification of the information security management systems,” Computer Standards and Interfaces, 25, 447-461.
15.Hoffer, J. A. and D. W. Straub Jr.(1989), “The 9 To 5 Underground: Are You Policing Computer Crimes?,” Sloan Management Review, 30(4), 35-43.
16.Höne, K. and J. H. P. Eloff(2002), “Information Security Policy—What Do International Information Security Say?” Computers and Security, 21(3), 402-409.
17.Hong, K. S., Y. P. Chi, L. R. Chao, and J. H. Tang(2003), “An integrated system theory of information security management,” Information Management and Computer Security, 11(5), 243-248.
18.ISO/IEC 17799(2000), “Information technology- Code of practice for information security management,” First edition 2000/12/01.
19.Jarvenpaa, S. L. and B. Ives(1991a), “Executive Involvement and Participation in the Management of Information Technology,” MIS Quarterly, 15(2), 205-227.
20.Jarvenpaa, S. L. and B. Ives(1991b), “Information technology and corporate strategy: A view from the top,” Information Systems Research, 1(4), 351-375.
21.Kahneman, D., and A. Tversky(1979a), “Intuitive Prediction: Biases and Corrective Procedures,” Management Science, 12, 313-327.
22.Kahneman, D., and A. Tversky(1979b), “Prospect Theory: An Analysis of Decision under Risks,” Econometrical, 47(2), 263-291.
23.Kankanhalli, A., H. H. Teo, Bernard C. Y. Tan, and K. K. Wei(2003), “An Integrative Study of Information Systems Security Effectiveness,” International Journal of Information Management, 23(2), 139-154.
24.Keen, P., C. Balance, S. Chan, and S. Schrump(2000), Electronic Commerce Relationships: Trust by Design, NJ: Prentice Hall.
25.Knights, D. and F. Murray(1992), “Politics and Pain in Managing Information Technology: A Case Study for Insurance,” Organization Studies, 13(2), 221-228.
26.Kotulic, A. G. and J. G. Clark(2004), “Why there aren’t more information security research studies,” Information and Management, 41(5), 597-607.
27.Krabuanrat, K. and R. Phepls(1998), “Heuristics and Rationality in Strategic Decision Making: An Exploratory Study,” Journal of Business Research, 41, 83-93.
28.Langely, A.(1990), “Patterns in the Use of Formal Analysis in Strategic Decision,” Organization Studies, 11(1), 17-45.
29.Laudon, K. C. and J. P. Laudon(1998), Management Information Systems: New Approaches to Organization and Technology, New Jersey: Prentice Hall.
30.Lewis, B. R., C. A. Snyder, and R. K. Rainer(1995), “An Empirical Assessment of the Information Resource Management Construct,” Journal of Management Information Systems, 12(1), 199-223.
31.March, J. G. and H. A. Simon(1958), Organizations, New Work: John Wiley and Sons.
32.Martin, B. L., G. Batchelder, J. Newcomb, J. E. Rockart, W. P. Yetter, and J. H. Grossman(1995), “The End of Delegation? Information Technology and the CEO,” Harvard Business Review, Sept.-Oct., 161-172.
33.Mata, J. G., W. L. Fuerst, and J. B. Barney(1995), “Information Technology and Sustained Competitive Advantage: A Resource-Based Analysis,” MIS Quarterly, 19(4), 487-505.
34.Mintzberg, H., D. Raisinghani, and A. Theoret(1976), “The Structure of ‘Unstructured’ Decision Process,” Administrative Science Quarterly, 21, 246-275.
35.Neumann, P. G.(1995), Computer Related Risks, New York: ACM Press.
36.Office of the Law Revision Counsel of the U.S. House of Representatives (2000), United States Code, U.S. Government Printing Office.
37.Pfleeger C. P.(1996), Security in Computing, 2nd Eds., New Jersey: Prentice Hall PTR.
38.Preffer, J.(1992), Managing with Power: Politics and Influence in Organization, Boston: Harvard Business School.
39.Premkumar, G. and W. R. King(1994), “Organizational Characteristics and Information Systems Planning: An Empirical Study,” Information Systems Research, 5(2), 75-104.
40.Rainer, R. K. Jr., C. A. Snyder, and H. H. Carr(1991), “Risk Analysis for Information Technology,” Journal of Management Information Systems, 8(1), 129-147.
41.Ross, T.(1991), “An Overview of CRAMM,” Central Computer and Telecommunication Agency.
42.Sarasvathy, D. K., H. A. Simon, and L. Lave(1998), “Perceiving and Managing Business Risk: Differences between Entrepreneurs and Bankers,” Journal of Economic Behavior and Organization, 33, 207-225.
43.Simon, H. A.(1947), Administrative Behavior, New York: Free Press.
44.Straub Jr., D. W.(1990), “Effective IS Security: An Empirical Study,” Information Systems Research, 1(3), 255-277.
45.Straub Jr., D. W. and R. J. Welke(1998), “Coping with systems risk: Security planning models for management decision making,” MIS Quarterly, 22(4), 441-469.
46.Tallon, P. P., K. L. Kraemer, V. Grbaxani(2000), “Executives’ Perceptions of the Business Value on Information Technology: A Process-Oriented Approach,” Journal of Management Information Systems, 16(4), 145-173.
47.Teo, Thompson S. H. and James S. K. Ang(1999), “Critical success factors in the alignment of IS plans with business plans,” International Journal of Information Management, 19(2), 173-185.
48.Thomas, K. W.(1979), “Organization Conflict,” in Kerr, S. Eds. Organization Behavior, New York: John Wiley and Sons, 115-181.
49.Trilling, S.(2003), “Understanding clean pipe solutions,” Symantec Inc, Accessed form http://www.symantec.com/procomm/reviews.html.
50.Tversky, A.(1972a), “Choice by Elimination,” Journal of Mathematical Psychology, 19, 173-185.
51.Tversky, A.(1972b), “Elimination by Aspects: A Theory of Choice,” Psychological Review, 79, 281-299.
52.Venkatraman, N. and J. H. Grant(1996), “Construct Measurement in Organizational Strategy Research: A Critique and Proposal,” Academy of Management Review, 11(1), 71-87.
53.von Solms, R., H. van Haar, S. H. von Solms, and W. J. Caelli(1994), “A Framework for Information Security Evaluation,” Information and Management, 26, 143-153.
54.von Solms, R.(1998), “Information Security Management (1): why information security is so important,” Information Management and Computer Security, 6(4), 174.
55.Wang, E. T. G.(2001), “Linking Organizational Context with Structure: A Preliminary Investigation of the Information Processing View,” Omega the International Journal of Management Science, 29, 429-443.
56.Zviran, M. and W. J. Haga(1999), “Password security: An empirical study,” Journal of Management Information Systems, 15(4), 161-185.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top