一、中文部分
1.李東峰、林子銘(2002),《資訊主管企業資訊安全之風險控管決策》,資訊管理研究,第四卷,第二期,頁1-42。2.李東峰(2003),《企業資訊安全控管決策之研究--從組織決策理論觀點探討》,國立中央大學資訊管理研究所博士論文。
3.洪國興、趙榮耀(2003),《資訊安全管理理論之探討》,資管評論,第十二期,頁17-47。4.黃俊英(2000),《多變量分析》,華泰文化:台北。
5.鄧家駒(1998),《風險管理》,華泰文化:台北。
6.經濟部標準檢驗局(2002),《CSN 17799資訊技術—資訊安全管理作業要點》,經濟部標準檢驗局。
7.經濟部標準檢驗局(2002),《CSN 17800資訊技術—資訊安全管理規範》,經濟部標準檢驗局。
二、英文部分
1.Beach, L. R. and R. Mitchell(1996), “Image Theory: The Unifying Perspective,” in L. R. Beach Eds. Decision Making in the Workplace: A Unified Perspective, New Jersey: Lawrence Erlbaum Associations, 1-20.
2.Bourgeois III, L. J. and K. M. Eisenhardt(1988), “Strategic Decision Processes in High Velocity Environments: Four Cases in Microcomputer Industry,” Management Science, 34(7), 816-835.
3.BS 7799-1(2000), “Information Security Management- Part 1: Code of Practice for Information Security Management,” British Standards Institution, London.
4.BS 7799-2(2002), “Information Security Management- Part 2: Specification for Information Security Management,” British Standards Institution, London.
5.Carter, D. L. and A. J. Katz(1996), “Computer Crime and Security: the Perceptions and Experiences of Corporate Security Directors,” Security Journal, 7, 101-108.
6.Cash, J. I., F. W. McFarlan, J. L. Mckenney, and L. M. Applegate(1992), Corporate Information Systems Management: Test and Cases, Irwin: MA..
7.Cyert, R. M., H. A. Simon, and D. B. Trow(1956), “Observation of a Business Decision,” The Journal of Business, 29, 237-248.
8.Cyert, R. M., March, J. G.(1963), “A Behavioral Theory of the Firms,” Englewood Cliffs, New Jersey: Prentice-Hall.
9.Davis, G. B. and M. H. Olson(1985), “Management Information Systems: Conceptual Foundations, Structure and Development,” 3rd Ed., New York: McGraw-Hill.
10.Dean, J. W. Jr. and M. P. Sharfman(1993), “The Relationship between Procedural Rationality and Political Behavior in Strategic Decision Making,” Decision Sciences, 24(6), 1069-1083.
11.Dhillon, G. and J. Backhouse(2000), “Information System Security Management in the New Millennium,” Communication of the ACM, 43(7), 125-128.
12.Dutton, J. E.(1986), “Understanding Strategic Agenda Building and Its Implications for Managing Change,” Scandinavian Journal of Management Studies, 3-21.
13.Fry, B. G. P. and W. F. Main(1983), “A Conceptual Methodology for Evaluating Security Requirements for Data Assets,” Computers and Security, 2(3), 237-241.
14.Fung, A. R. W., K. J. Farn, and A. C. Lin(2003) “Paper: a study on the certification of the information security management systems,” Computer Standards and Interfaces, 25, 447-461.
15.Hoffer, J. A. and D. W. Straub Jr.(1989), “The 9 To 5 Underground: Are You Policing Computer Crimes?,” Sloan Management Review, 30(4), 35-43.
16.Höne, K. and J. H. P. Eloff(2002), “Information Security Policy—What Do International Information Security Say?” Computers and Security, 21(3), 402-409.
17.Hong, K. S., Y. P. Chi, L. R. Chao, and J. H. Tang(2003), “An integrated system theory of information security management,” Information Management and Computer Security, 11(5), 243-248.
18.ISO/IEC 17799(2000), “Information technology- Code of practice for information security management,” First edition 2000/12/01.
19.Jarvenpaa, S. L. and B. Ives(1991a), “Executive Involvement and Participation in the Management of Information Technology,” MIS Quarterly, 15(2), 205-227.
20.Jarvenpaa, S. L. and B. Ives(1991b), “Information technology and corporate strategy: A view from the top,” Information Systems Research, 1(4), 351-375.
21.Kahneman, D., and A. Tversky(1979a), “Intuitive Prediction: Biases and Corrective Procedures,” Management Science, 12, 313-327.
22.Kahneman, D., and A. Tversky(1979b), “Prospect Theory: An Analysis of Decision under Risks,” Econometrical, 47(2), 263-291.
23.Kankanhalli, A., H. H. Teo, Bernard C. Y. Tan, and K. K. Wei(2003), “An Integrative Study of Information Systems Security Effectiveness,” International Journal of Information Management, 23(2), 139-154.
24.Keen, P., C. Balance, S. Chan, and S. Schrump(2000), Electronic Commerce Relationships: Trust by Design, NJ: Prentice Hall.
25.Knights, D. and F. Murray(1992), “Politics and Pain in Managing Information Technology: A Case Study for Insurance,” Organization Studies, 13(2), 221-228.
26.Kotulic, A. G. and J. G. Clark(2004), “Why there aren’t more information security research studies,” Information and Management, 41(5), 597-607.
27.Krabuanrat, K. and R. Phepls(1998), “Heuristics and Rationality in Strategic Decision Making: An Exploratory Study,” Journal of Business Research, 41, 83-93.
28.Langely, A.(1990), “Patterns in the Use of Formal Analysis in Strategic Decision,” Organization Studies, 11(1), 17-45.
29.Laudon, K. C. and J. P. Laudon(1998), Management Information Systems: New Approaches to Organization and Technology, New Jersey: Prentice Hall.
30.Lewis, B. R., C. A. Snyder, and R. K. Rainer(1995), “An Empirical Assessment of the Information Resource Management Construct,” Journal of Management Information Systems, 12(1), 199-223.
31.March, J. G. and H. A. Simon(1958), Organizations, New Work: John Wiley and Sons.
32.Martin, B. L., G. Batchelder, J. Newcomb, J. E. Rockart, W. P. Yetter, and J. H. Grossman(1995), “The End of Delegation? Information Technology and the CEO,” Harvard Business Review, Sept.-Oct., 161-172.
33.Mata, J. G., W. L. Fuerst, and J. B. Barney(1995), “Information Technology and Sustained Competitive Advantage: A Resource-Based Analysis,” MIS Quarterly, 19(4), 487-505.
34.Mintzberg, H., D. Raisinghani, and A. Theoret(1976), “The Structure of ‘Unstructured’ Decision Process,” Administrative Science Quarterly, 21, 246-275.
35.Neumann, P. G.(1995), Computer Related Risks, New York: ACM Press.
36.Office of the Law Revision Counsel of the U.S. House of Representatives (2000), United States Code, U.S. Government Printing Office.
37.Pfleeger C. P.(1996), Security in Computing, 2nd Eds., New Jersey: Prentice Hall PTR.
38.Preffer, J.(1992), Managing with Power: Politics and Influence in Organization, Boston: Harvard Business School.
39.Premkumar, G. and W. R. King(1994), “Organizational Characteristics and Information Systems Planning: An Empirical Study,” Information Systems Research, 5(2), 75-104.
40.Rainer, R. K. Jr., C. A. Snyder, and H. H. Carr(1991), “Risk Analysis for Information Technology,” Journal of Management Information Systems, 8(1), 129-147.
41.Ross, T.(1991), “An Overview of CRAMM,” Central Computer and Telecommunication Agency.
42.Sarasvathy, D. K., H. A. Simon, and L. Lave(1998), “Perceiving and Managing Business Risk: Differences between Entrepreneurs and Bankers,” Journal of Economic Behavior and Organization, 33, 207-225.
43.Simon, H. A.(1947), Administrative Behavior, New York: Free Press.
44.Straub Jr., D. W.(1990), “Effective IS Security: An Empirical Study,” Information Systems Research, 1(3), 255-277.
45.Straub Jr., D. W. and R. J. Welke(1998), “Coping with systems risk: Security planning models for management decision making,” MIS Quarterly, 22(4), 441-469.
46.Tallon, P. P., K. L. Kraemer, V. Grbaxani(2000), “Executives’ Perceptions of the Business Value on Information Technology: A Process-Oriented Approach,” Journal of Management Information Systems, 16(4), 145-173.
47.Teo, Thompson S. H. and James S. K. Ang(1999), “Critical success factors in the alignment of IS plans with business plans,” International Journal of Information Management, 19(2), 173-185.
48.Thomas, K. W.(1979), “Organization Conflict,” in Kerr, S. Eds. Organization Behavior, New York: John Wiley and Sons, 115-181.
49.Trilling, S.(2003), “Understanding clean pipe solutions,” Symantec Inc, Accessed form http://www.symantec.com/procomm/reviews.html.
50.Tversky, A.(1972a), “Choice by Elimination,” Journal of Mathematical Psychology, 19, 173-185.
51.Tversky, A.(1972b), “Elimination by Aspects: A Theory of Choice,” Psychological Review, 79, 281-299.
52.Venkatraman, N. and J. H. Grant(1996), “Construct Measurement in Organizational Strategy Research: A Critique and Proposal,” Academy of Management Review, 11(1), 71-87.
53.von Solms, R., H. van Haar, S. H. von Solms, and W. J. Caelli(1994), “A Framework for Information Security Evaluation,” Information and Management, 26, 143-153.
54.von Solms, R.(1998), “Information Security Management (1): why information security is so important,” Information Management and Computer Security, 6(4), 174.
55.Wang, E. T. G.(2001), “Linking Organizational Context with Structure: A Preliminary Investigation of the Information Processing View,” Omega the International Journal of Management Science, 29, 429-443.
56.Zviran, M. and W. J. Haga(1999), “Password security: An empirical study,” Journal of Management Information Systems, 15(4), 161-185.