跳到主要內容

臺灣博碩士論文加值系統

(44.222.134.250) 您好!臺灣時間:2024/10/13 08:47
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:劉宜樺
論文名稱:預防組織內部威脅事件之檢核表發展
論文名稱(外文):A Model-based Checklist for Insider Threat Preven
指導教授:黃雪玲黃雪玲引用關係
學位類別:碩士
校院名稱:國立清華大學
系所名稱:工業工程與工程管理學系
學門:工程學門
學類:工業工程學類
論文種類:學術論文
論文出版年:2010
畢業學年度:98
語文別:英文
論文頁數:79
中文關鍵詞:內部威脅者工作壓力組織管理
外文關鍵詞:Insider threatwork stressorganization management
相關次數:
  • 被引用被引用:1
  • 點閱點閱:238
  • 評分評分:
  • 下載下載:19
  • 收藏至我的研究室書目清單書目收藏:0
  在台灣雖然有許多心理量表可以供組織來衡量員工的心智狀況,但其無法針對是否有內部破壞者進行判斷。本研究目的為發展出一份適用於主管的組織安全檢核表。由本研究所建構的特殊徵兆起因與組織安全的模式及分析文獻中曾經發生過的內部破壞者事件,可發現內部破壞者在進行對整個組織有巨大影響的破壞之前,會有些特殊徵兆出現,這些特殊徵兆其背後有著不盡相同的原因。若是能發現這些徵兆,並且在內部破壞者進行更進一步破壞行動前進行處理,將可避免重大危安產生。
  本研究先於某公司進行心理量測來了解該公司員工心理狀況與一般人的異同處,並利用結構式訪談了解目前組織使用何種策略來增加員工動機、向心力及排解員工壓力。而後建構出特殊徵兆起因與組織安全的模式,根據此模式發展出檢核表,分為「預防危害產生的策略」以及「內部破壞者可能徵兆」兩部分。藉由專家結構式訪談來修正檢核表中的策略及徵兆,使得檢核表具專家效度。最後利用問卷來評估檢核表的信度。
本研究發展出的檢核表邀請專家來進行評估,使此份檢核表具有內容效度。而檢核表在檢核特殊徵兆部分,其整體信度係數為0.91(Cronbach alpha) ,此檢核表信度達到可接受標準。此檢核表可用來協助組織單位,讓公司主管對於特殊徵兆與組織安全的關係有進一步的了解,利用此份檢核表找出組織內可能內部破壞者,以及了解使用何種策略來確保組織安全。本研究主要係發展一份檢核表來預防組織內部威脅事件進行探討,後續驗證則為未來研究目標。

  There are some psychology measures for the organization to evaluate the mental status of the employees in Taiwan, but those measures cannot detect the insiders. The purpose of this study is to develop a checklist for the supervisors or unit heads that can apply to ensure the organization safety. Based on the model for causes of specific precursor and organization safety that structured by this study and analysis of the insider threat events by literature review, before the insiders try to execute the major malicious activity, there are some precursors. And those precursors are caused by different factors. If those precursors can be detected and be handled before the insider takes further acts, hazard will not happen.
  At first, this study implements Chinese Basic Personality Inventory (CBPI) to figure out the similarities and differences of mental condition between the employees in certain company and the others, and takes place the structured interview to understand if the employee in certain company have stress what the strategies the supervisors will take. Then, the model for causes of specific precursor and organization safety is structured and the checklist is developed based on this model. The checklist is divided into two parts. One part is the strategies those are took to prevent risk happen, and the other part is the precursors those insider threats appear. Then, the structured interview with experts is taken place to modify those strategies and precursors in the checklist and to possess expert validity. Finally, the questionnaire is implemented to evaluate the reliability of the checklist.
The experts are recruited to evaluate this checklist to possess content validity. According to the high Cronbach’s alpha of the questionnaire (0.961), the reliability is acceptable. This checklist can be applied to the organization departments to help the supervisors to have a concept of the relationship between the precursors and the organization safety. It is helpful for the supervisors to check if there are potential insiders in their organization. Some strategies can be taken to ensure the safety of the organization. This study focuses on how to develop a checklist for insider threat prevention and applying this checklist is necessary for the further study.

Chapter1 Introduction 1
1.1 Background 1
1.2 Motivation 3
1.3 Objectives 3
1.4 Research framework 5
Chapter 2 Literature review 6
2.1 Insider threat problem 6
2.1.1 Definition of insider threats 6
2.1.2 Case studies of insider threats 7
2.1.3 Factors of insider threats 10
2.2 Models of the insider threat 12
2.3 Stresses on employee 18
2.3.1 The relationship between insider threats & stressful employee 18
2.3.2 The causes of stress 18
2.3.3 The effects of stress 19
2.3.4 The symptoms of stress 19
2.4 Organization management 20
2.4.1 Motivator factor 20
2.4.2 Work group cohesion 20
Chapter 3 Methodology 21
3.1 Pilot study 22
3.1.1 Psychological test on employee 22
3.1.2 Structured interview 22
3.2 Strategy collection 23
3.3 Precursor Collection 24
3.4 Structured interviews with experts 28
3.5 Questionnaire for Precursor 29
Chapter 4 Analysis and Discussion 30
4.1 Pilot study 30
4.1.1 Results of psychological test on employee 30
4.1.2 Results of structured interview 32
4.2 Strategy collection 35
4.3 Structured interviews with experts 38
4.3.1 Results of precursor data 38
4.3.2 Results of strategy data 40
4.4 Questionnaire for Precursor 42
4.4.1 Participant backgrounds 42
4.4.2 Analysis of questionnaire 43
4.5 Discussion 45
4.5.1 Pilot study 45
4.5.2 Structured interviews with experts 46
4.5.3 Questionnaire for Precursor 46
4.6 Limitations 47
Chapter5 Conclusion 48
5.1 Summarized Results 48
5.2 Future work 49
References 50
Appendix I Structured questionnaire for certain organization 54
Appendix II Preliminary Checklist 56
Appendix III Questionnaire for Precursor 66
Appendix IV Item-Total Statistics 70
Appendix V A Model-based Checklist for Insider Threat Prevention 72

Andersen, D. F., Cappelli, D., Gonzalez, J. J., Mojtahedzadeh, M., Moore, A. P., Rich, E., Sarriegui, J. M., Shimeall, T. J., Stanton, J. M., Weaver, E., and Zagonel, A. (2004). Preliminary system dynamics maps of the insider cyber-threat problem. In Proceedings of the 22nd International Conference of the System Dynamics Society.
Band, S. R., Cappelli, D. M., Fisher, L. F., Moore, A. P., Shaw, E. D., and Trzeciak, R. F. (2006). Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis. Carnegie Mellon University Software Engineering Institute.
Bosma, H., Peter, R., Siegrist, J., Marmot, M. (1998). Two alternative job stress models and the risk of coronary heart disease. Am J Public Health 88:68–74
Carnegie Mellon University's Computer Emergency Response Team (CERT) http://www.cert.org/
Casey, E. (2004). Digital Evidence and Computer Crime, p159-164 Second Edition, ACADEMIC PRESS
Chang, C.P. and Chang, F.J (2010), Relationships among traditional Chinese personality traits, work stress, and emotional intelligence in workers in the semiconductor industry in Taiwan. Qual Qunat 44: 733-748
Cheng, Y., Guo, Y.L., and Yeh, W.Y. (2001), A national survey of psychosocial job stresses and their implications for health among working people in Taiwan. International Archives of Occupational and Environment Health 74: 495-504
Cohen, S., & Bailey, D. E. (1997). What makes teams work: Group effectiveness research from the shop floor to the executive suite. Journal of Management, 23, 239-290.
Central Statistics Office (CSO) (2010). 2010 E-Crime Watch Survey- Survey Results. CSO magazine, U.S. Secret Service, Software Engineering Institute CERT Program at Carnegie Mellon University, and Deloitte. Retrieved May 25, 2010, from http://www.cert.org/archive/pdf/ecrimesummary10.pdf
Geritzer, F.L., Moore, A.P., Cappelli, D.M., Andrews, D.H., Carroll, L.A., and Hull, T.D. (2008). Combating the Insider Cyber Threat. IEEE Security and Privacy, 6(1), 61-64
Herzberg, F., Maunser, B. and Snyderman, B. (1959). The Motivation to Work, John Wiley and Sons Inc., New York
Hirsch, D. (1987). The Truck Bomb and Insider Treats to Nuclear Facilities. in Paul Leventhal and Yonah Alexander, eds., Preventing Nuclear Terrorism: Report and Papers of the International Task Force On Prevention of Nuclear Terrorism (Lanham, MD: Rowan & Littlefield)
Hogg, M. (1992). The social psychology of group cohesiveness: From attraction to socialidentity. New York: John Wiley
Honnellio, A.L. and Rydell, S. (2007). Sabotage vulnerability of nuclear power plants. Int. J. Nuclear Governance, Economy and Ecology, Vol. 1, No. 3, pp.312–321.
Krantz, G., Berntsson, L., and Lundberg, U. (2005). Total workload, work stress and perceived symptoms in Swedish male and female white-collar employees. European Journal of Public Health, Vol. 15, No. 2, 209–214
Lee, H.Y., Yeh, W.Y., Chen, C.W., and Wang, J.D. (2005). Prevalence and Psychosocial Risk Factors of Upper Extremity Musculosketletal Pain in Industries of Taiwan: A Nationwide Study. Journal of occupational Health, 47: 311-318
Melara, C., Sarriegui, J.M., Gonzalez, J.J., Sawicka, A. and Cooke, D.L. (2003). A System Dynamics Model of an Insider Attack on an Information System. In Proceedings of the 21st International Conference of the System Dynamics Society.
Maslow, A.H. (1954). Motivation and Personality. Harper & Row Publishers, New York, NY
Moore, A. P., Cappelli, D. M., and Trzeciak, R. F. (2008). The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures. Insider Attack and Cyber Security, vol. 39, 17-52
Nunnally, J. C. & Berstein, I.H. (1994). Psychometric theory (3rd ed.), New York: McGraw-Hill.
Parsons, E. & Broadbridge, A. (2006). Job motivation and satisfaction: Unpacking the key factors for charity shop managers. Journal of Retailing and Consumer Services 13: 121-131
Probst, C.W., Hansen, R.R., and Nielson, F. (2007). Where can an Insider Attack ?, in Formal Aspects in Security and Trust. Springer Berlin / Heidelberg. p. 127-142.
Randazzo, M. R., Keeney, M. M., Kowalski, E. F., Cappelli, D. M., and Moore, A. P. (2004). Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector. U.S. Secret Service and CERT Coordination Center /Software Engineering Institute: 25
Sakai, Y., Akiyama, T., Miyake, Y., Kawamura, Y., Tsuda, H., Kurabbayashi, L., Tominaga, M., Noda, T., Akiskal, K., Akiskal, H. (2005). Temperament and job stress in Japanese company employees. Journal of Affective Disorders 85: 101-112
Stanton, J. M., Stam, K. R., Mastrangelo, P., and Jolton, J. (2005). Analysis of end user security behaviors. Computers & Security, 24, 124-133
Stranks, J. (2005). Stress at Work: Management and Prevention. 1st, p21, ELSEVIER
Terwee, C. B., Bot, S. D.M., Boer, M. R., Windt, D. A.W.M., knol, D. L., Dekker, J., Bouter, L. M., Vet, H. C.W. (2007) Quality criteria were proposed for measurement properties of health status questionnaires. Journal of Clinical Epidemiology, 60: 34-42.
Theoharidou, M., Kokolakis, S., Karyda, M., and Kiountouzis, E. (2005). The Insider Threat to Information Systems and the Effectiveness of ISO17799. Computers and Security, 24(6), 472-484.
Tietjen, M.A. and Myers, R.M. (1998). Motivation and job satisfaction. Management Decision 36/4, 226-231
Tuglular, T. (2000). A Preliminary Structural Approach to Insider Computer Misuse Incidents. EICAR 2000 Best Paper Proceedings (pp. 105-125). Aalborg, Denmark: EICAR.
Wu, W. T., Lin, H. T., Wang, J. D., & Kuo, C. C. (1999). Chinese basic personality inventory. Taipei, Psychological Publishing Co.

連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供,不一定有電子全文可供下載,若連結有誤,請點選上方之〝勘誤回報〞功能,我們會盡快修正,謝謝!
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關論文
 
1. 44、陳麗桂:〈《淮南子》裡的黃老思想〉,《中國學術年刊》第14期,1993年,頁113-160。
2. 29、封思毅:〈道家抑制君權的兩大著作─簡析《呂氏春秋》及《淮南子》書中相關思想〉,《中國國學》第二十四期,1996年10月
3. 27、周紹賢:〈黃老思想在西漢〉,《國立政治大學學報》第二十六期,1972年12月,頁85-102。
4. 40、陳貞吟:〈老子思想中之「有」與「無」〉,《中國國學》第20期,頁163-179。
5. 10、朱心怡:〈略論漢初之黃老思想〉,《人文與社會學報》第一卷第五期,2004年12月,頁45-64。
6. 28、洪錦淳:〈漢文帝「遺詔」透顯的視域〉,《中國學術年刊》,2005年9月,頁1-21。
7. 34、張鴻愷:〈《黃帝四經》對《老子》思想的轉承〉,《宗教哲學》,2009年6月,頁33-46。
8. 43、陳麗桂:〈《呂氏春秋》裡的黃老思想〉,《中國學術年刊》第13期,1992年,頁75-107。
9. 22、林宗昱:〈《史記》中的王者師──以張良為考察中心〉,《人文研究期刊》,2008年1月,頁95-120。
10. 25、林素英:〈從《史記》論張良的生命智慧〉,《花蓮師院學報》,2000年10期, 頁231-248。
11. 36、張友驊:〈由《黃帝四經》論漢初黃老政治〉,《簡牘學報》,1977年1月,頁417-442。
12. 4、王曉波:〈漢初的黃老之治與法家思想〉,《食貨月刊》,1982年1月,頁441-464。
13. 42、陳麗桂:〈《黃老帛書》裏的道法思想─帛書〈經法〉等四篇和〈九主〉思想研究〉,《中國學術年刊》第十一期,1990年,頁9-52。
14. 5、王曉波:〈論「歸本於黃老」─《韓非子》論道〉,《國立臺灣大學哲學論評》, 1999年1月,頁187-213。
15. 33、張踐:〈政治與教化──秦漢之際的文化選擇,兼論儒教的形成〉,《人文與社會學報》,2010年1月,頁129-152。