(3.236.214.19) 您好!臺灣時間:2021/05/09 23:05
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

: 
twitterline
研究生:劉昊雯
研究生(外文):Liou, Hao-Wun
論文名稱:員工的工作情境相關態度與其遵循資訊安全政策之關聯性研究
論文名稱(外文):An Empirical Study of the Effects of Organization Commitment and Job Satisfaction on Information Security Policy Compliance
指導教授:張榮庭張榮庭引用關係吳祉芸
指導教授(外文):Chang, Jung-TingWu, Chih-Yun
口試委員:鄭菲菲吳金山應鳴雄
口試委員(外文):Cheng, Fei-FeiWu, Chin-ShanYing, Ming-Hsiung
口試日期:2011-07-11
學位類別:碩士
校院名稱:東海大學
系所名稱:企業管理學系碩士班
學門:商業及管理學門
學類:企業管理學類
論文種類:學術論文
論文出版年:2011
畢業學年度:99
語文別:中文
論文頁數:95
中文關鍵詞:資訊安全政策資訊安全措施的態度工作滿意度組織承諾
外文關鍵詞:information security policyattitude toward information security policyjob satisfactionorganizational commitment
相關次數:
  • 被引用被引用:1
  • 點閱點閱:297
  • 評分評分:系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔
  • 下載下載:26
  • 收藏至我的研究室書目清單書目收藏:1
企業仰賴資訊系統與資訊科技來處理日常生活與工作的比重日漸增加,面臨資訊風險與資訊威脅的程度也隨之提升。過去資訊方面的相關研究,大多將心力放注在維護企業的資訊系統安全以及提出相對因應的策略,但最近漸漸發現員工的工作相關情境態度與組織資訊系統安全之間具有關聯性。
在本研究,將員工對資訊安全政策措施的行為意圖分為程序性控制措施的遵循意圖與技術性控制措施的採用意圖,探討工作滿意度、組織承諾和資安措施的態度這三項變數對員工行為意圖之影響,並且進一步比較三種態度對員工行為意圖的影響程度。
本研究採問卷調查法,利用滾雪球抽樣方式蒐集樣本資料,研究對象以需要仰賴電腦來完成大部份工作的員工為問卷主要發放對象,不限制產業以及部門。研究結果發現,資安措施的態度及組織承諾對員工遵循程序性措施的意圖與採用技術性措施的意圖有正向影響;工作滿意度對程序性措施的遵循意圖有正向影響。在員工的三種態度中,以資安措施的態度對資訊安全政策措施之行為意圖最具影響力。
相對於過去研究聚焦於資訊系統安全的因應措施與員工對資安措施的態度,本研究加入組織行為的工作滿意度與組織承諾兩項重要態度變數,並分別就資安政策中的程序性控制措施與技術性控制措施納入考量,希冀能幫助學術界與實務界對於資訊安全政策之遵循意圖與採用意圖的前因理解更臻完整。

Employees rely on information system and technologies to deal with daily work increasingly, and the issue of information security rise up as well. Most of past research focused on how to maintain information system security and propose some countermeasures. However, the interrelatedness between job-related attitudes and information systems was proposed recently.
We separate information security policies as compliance of information security policy and adoption of information security policy in this current work, and test and compare the effect of job satisfaction, organizational commitment and the attitude toward information security policy.
Data was collected from survey questionnaire by snowball sampling. The respondents should rely on computer for work from different industries and departments. The results showed that attitude toward to information security policy and organizational commitment were positively related to employee’s behavioral intention, and job satisfaction were positively related to employee’s compliance of information security policy. Overall speakin, the attitude toward to information security policy exerted greater effect on employee behavioral intention.

目錄
目錄 IV
表目錄 VII
圖目錄 VIII
第一章 緒論 1
第一節 研究背景與動機 1
第二節 研究目的 6
第三節 研究流程 8
第二章 文獻探討 10
第一節 資訊系統安全 10
一、資訊系統安全定義 10
二、BS7799介紹 12
第二節 資訊安全政策措施 15
一、資訊安全政策 15
二、行為意圖相關理論 17
三、影響執行資訊安全措施的意圖之重要因素 22
第三節 工作情境相關態度 25
一、工作滿意度 25
二、組織承諾 29
三、工作滿意度和組織承諾與組織公民行為的關係 31
第四節 資訊安全政策之遵循意圖及採用意圖 33
第三章 研究方法 34
第一節 研究假設 34
第二節 研究架構 41
第三節 問卷設計與操作性定義 42
一、資訊系統安全 42
二、工作滿意度 44
三、組織承諾 45
四、個人基本資料 45
第四節 研究對象與資料分析方法 47
一、研究對象 47
二、資料分析方法 47
三、問卷前測 48
第四章 研究結果 49
第一節 基本資料分析與敘述統計 49
一、受試者基本資料分析 49
二、敘述統計分析 53
第二節 信度分析 55
第三節 相關分析與階層式迴歸分析 59
一、相關分析 59
二、階層式迴歸分析 62
三、非層次集群分析法 67
第五章 結論與建議 70
第一節 研究結論 70
第二節 研究貢獻與管理義涵 72
一、研究貢獻 72
二、管理意涵 72
第三節 研究限制與後續研究建議 74
一、研究限制 74
二、後續研究方向 74
參考文獻 75
附錄一 82



表目錄
表1-1 台灣個人電腦設置及使用概況 2
表2-1 工作滿意度相關理論 27
表3-1 資訊安全變數操作化彙整表 44
表4-1 受試者基本資料分析 51
表4-2 公司資訊安全設置之描述統計分析 53
表4-3 各研究構念之描述統計分析 54
表4-4 本研究問項之內部一致性及分項對總項相關係數 57
表4-5 Pearson相關分析 61
表4-6 員工的三種態度對組織資訊安全政策行為意圖迴歸分析 63
表4-7 工作滿意度對技術性及程序性控制措施的行為意圖之迴歸分析 64
表4-8 組織承諾對技術性及程序性資訊安全措施的行為意圖之迴歸分析 65
表4-9 資安措施的態度對技術性及程序性控制措施的行為意圖之迴歸分析 66
表4-10 組織承諾與資訊安全政策行為意圖之關聯性 68
表4-11 工作滿意度與資訊安全政策行為意圖之關聯性 69
表5-1 研究假設檢定結果摘要表 70


圖目錄
圖1-1 95年到98年台灣企業投入的資安經費 2
圖1-2 員工非惡意攻擊造成的損失 4
圖1-3 員工惡意攻擊所造成的損失 4
圖1-4 研究流程圖 9
圖2-1 資訊安全威脅來源 12
圖2-2 BS7799發展流程 14
圖2-3 理性行為理論 17
圖2-4 計劃行為理論 18
圖2-5 分解式計劃行為模式 21
圖2-6 科技接受模式 22
圖2-7 預期效能與預期結果影響自我效能 23
圖3-1 員工之組織承諾與其資訊安全政策行為意圖之關係 35
圖3-2 員工之工作滿意度與其資訊安全政策行為意圖之關係 36
圖3-3 員工之資安措施的態度與其資訊安全政策行為意圖之關係 38
圖3-4 員工之自我效能與其資訊安全政策行為意圖之關係 39
圖3-5 員工之主觀規範與其資訊安全政策行為意圖之關係 40
圖3-6 研究架構 41


英文部分
1.Anderson, C. L., & Agarwal, R. (2010). Particing Safe Computing: A Multimethod Empirica Examination of Home Computer User Security Behavioral Intentions.. MIS Quarterly, 34(3), 613-A615.
2.Agarwal, R. and Prasa, J. (1998a), “The antecedents and consequents of user perceptions in information technology adoption”, Decision Support Systems, Vol. 22, No. 1, pp. 15–29.
3.Agarwal, R. and Prasa, J. (1998b), “A conceptual and operational definition of personal innovativeness in the domain of information technology”, Information Systems Research, Vol. 9, No. 2, pp. 204–215.
4.Agarwal, R. and Karahanna, E. (2000), “Time Files When You’re Having Fun: Cognitive Absorption and Beliefs about Information Technology Usage”, MIS Quarterly, Vol. 24, No. 4, pp. 665–694.
5.Ajjan, H., & Hartshorne, R. (2008). Investigating faculty decisions to adopt Web 2.0 technologies: Theory and empirical tests. The Internet and Higher Education, 11(2), 71-80.
6.Ajzen, I., & Fishbein, M. (1980). Understanding attitudes and predicting social behavior. Englewood Cliffs, NJ: Prentice-Hall.
7.Ajzen, I. (1991). The theory of planned behavior. Organizational behavior and human decision processes, 50(2), 179-211.
8.Allen, N. J., & Meyer, J. P. (1990). The measurement and antecedents of affective, continuance and normative commitment to the organization. Journal of occupational psychology, 63(1), 1-18.
9.Anderson, C. L., & Agarwal, R. (2010). Particing Safe Computing: A Multimethod Empirica Examination of Home Computer User Security Behavioral Intentions. [Article]. MIS Quarterly, 34(3), 613-A615.
10.Bandura, A. (1977). Self-efficacy: toward a unifying theory of behavioral change. Psychological review, 84(2), 191.
11.Bandura, A. (1986). Social foundations of thought and action: A social cognitive theory: Prentice-Hall, Inc.
12.Bateman, T. S., and Organ, D. W. (1983). Job Satisfaction and the Good Soldier: The Relationship Between Affect and Employee "Citizenship". Academy of Management Journal, 26(4), 587-595.
13.Bell, S., and Menguc, B. (2002). The employee-organization relationship, organizational citizenship behaviors, and superior service quality. Journal of Retailing 78(2), 131-146.
14.Brancheau, J. C., and Wetherbe, J. C. (1990), “The Adoption of Spreadsheet Software Testing innovation diffusion theory in the Context of End-User Computing”, Information Systems Research, Vol. 1, No. 1, pp. 41–64.
15.Brown, K., & Mitchell, T. (1993). Organizational obstacles: Links with financial performance, customer satisfaction, and job satisfaction in a service environment. Human Relations, 46(6), 725.
16.Bulgurcu, B., Cavusoglu, H., and Benbasat, I. (2010). Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness. MIS Quarterly, 34(3), 523-548.
17.Cavusoglu, H., Cavusoglu, H., Son, J.-Y., and Benbasat, I. 2009.“Information Security Control Resources in Organizations: A Multidimensional View and Their Key Drivers,” working paper,Sauder School of Business, University of British Columbia.
18.Chan, M., Woon, I., & Kankanhalli, A. (2005). Perceptions of information security in the workplace: linking information security climate to compliant behavior. Journal of Information Privacy and Security. v1 i3.
19.Chang, A.J.T. and Yeh, Q.J. (2006), “Coping With Systems Threats: A Study of the Adequacy of Security in Taiwan”, The 3rd IEEE International Conference on Management of Innovation and Technology (ICMIT 2006), June, Singapore.
20.Chang, A. J.-T. (2010) Roles of perceived risk and usefulness in information system security adoption. The 5th IEEE International Conference on Management of Innovation and Technology (ICMIT 2010), Singapore.
21.Chenoweth, T., Minch, R., & Gattiker, T. (1899). Application of Protection Motivation Theory to Adoption of Protective Technologies. Paper presented at the 42nd Hawaii International Conference on System Science.
22.CNSS, National Information Assurance (IA) Glossary (CNSS Instruction No.4009), Committee on National Security Systems, Revised in June 2006, http://www.cnss.gov/instructions.html. [Cited July 5, 2006].
23.Cronbach, L. J., & Meehl, P. E. (1955). Construct validity in psychological tests. Psychological Bulletin, 52(4), 281.
24.Davis, F. (1989). Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Quarterly, 13(3), 319-340.
25.Durgin, M. 2007. “Understanding the Importance of and Implementing Internal Security Measures,” SANS Institute Reading Room (https://www2.sans.org/reading_room/whitepapers/policyissues/1901.php).
26.Ernst & Young. 2008. “Moving Beyond Compliance: Ernst &Young’s 2008 Global Information Security Survey” (available online at http://www.ey.com/Publication/vwLUAssets/2008_Global_Information_Security_Survey_english/$FILE/2008_GISS_ingles.pdf).
27.Fishbein, M., & Ajzen, I. (1975). Belief, attitude, intention, and behavior: An introduction to theory and research. Reading, MA: Addison-Wesley.
28.Forcht, K.A. (1994), Computer security management. Danvers, MA: Boyd and Fraser.
29.George, J., and Jones, G. (1997). Organizational spontaneity in context. Human Performance 10(2), 153-170.
30.Gerber, M. and von Solms, R. (2005), “Management of risk in the information age”, Computers & Security, Vol. 24, pp.16–30.
31.Greene, G. (2010). Assessing the Impact of Security Culture and the Employee-Organization Relationship on IS Security Compliance.
32.Herath, T., & Rao, H. (2009). Protection motivation and deterrence: a framework for security policy compliance in organisations. European Journal of Information Systems, 18(2), 106-125.
33.Hoffer, J.A. and Alexander M.B. (1992), “The Diffusion of Database Machines”, Data Base, Vol. 23, No.2, pp. 13-20.
34.Hoppock, R. (1935). Job satisfaction. New York: Harper.
35.Jahangir, N., Akbar, M. M., & Haq, M. (2004). organizational citizenship behavior:it's nature and antecedents. BRAC University Journal, 1(2), 75-85.
36.Johnston, A., & Warkentin, M. (2010). Fear Appeals and Information Security Behaviors: An Empirical Study. MIS Quarterly, 34(1).
37.Katz, D., & Kahn, R. L. (1978). The social psychology of organizations (2d ed.): Wiley.
38.Kankanhalli, A., Teo, H.-H., Tan, B. C.Y. and Wei, K.-K. (2003), “An integrative study of information systems security effectiveness”, International Journal of Information Management, Vol. 23, pp.139–154.
39.Lee, J., and Lee, Y. (2002). “A Holistic Model of Computer Abuse Within Organizations,” Information Management and Computer Security (10:2/3), pp. 57-63.
40.Lee, S. M., Lee, S. G., and Yoo, S.(2003). “An Integrative Model of Computer Abuse based on Social Control and General Deterrence Theories,” Information and Management (41:6), pp. 707-718.
41.Lee, Y., & Kozar, K. (2008). An empirical investigation of anti-spyware software adoption: A multitheoretical perspective. Information & Management, 45(2), 109-119.
42.Locke, E. A. (1976). The Nature and Causes of Job Satisfaction. Handbook of industrial and organizational psychology (1990) Dunnette, MD; Hough, LM. Palo Alto, CA: Consulting Psychologists Press., 1319-1328.
43.Madnick, E.S. (1978), “Management Policies and Procedures Needed for Effective Computer Security”, Sloan Management Review, Fall, pp.61–74.
44.Mayo, E. (1971). Hawthorne and the western electric company. Organisation Theory.
45.Moore, G.C. (1987), “End User Computing and Office Automation: A Diffusion of Innovations Perspective”, Infor, Vol. 25 No. 3, pp.214–235.
46.Morrow, P. C. (1983). Concept redundancy in organizational research: The case of work commitment. The Academy of Management Review, 8(3), 486-500.
47.Mowday, R. T., Steers, R. M., & Porter, L. W. (1979). The measurement of organizational commitment* 1. Journal of vocational behavior, 14(2), 224-247.
48.Mowday, R. T., Porter, L. W., & Steers, R. M. (1982). Employee-organization linkages: The psychology of commitment, absenteeism, and turnover: Academic Press New York.
49.Mowday, R. (1998). Reflections on the study and relevance of organizational commitment. Human Resource Management Review, 8(4), 387-401.
50.Nilikanta, S. and Scammell, R.W. (1990), “The effects of information sources and communication channels on the diffusion of innovation on a data base development environment”, Management Science, Vol. 36, No. 1, pp.24–40.
51.Organ, D. W. (1988). Organizational citizenship behavior: The ‘‘Good Soldier” syndrome. MA: Lexington Books.
52.Organ, D., and Ryan, K. (1995). A meta analytic review of attitudinal and dispositional predictors of organizational citizenship behavior. Personnel Psychology 48(4), 775-802.
53.Pahnila, S., Siponen, M., & Mahmood, A. (2007). Employees' behavior towards IS security policy compliance.
54.Podsakoff, P., and MacKenzie, S. (1994). Organizational citizenship behaviors and sales unit effectiveness. Journal of Marketing Research 31(3), 351-363.
55.Podsakoff, P., MacKenzie, S., Paine, J., and Bachrach, D. (2000). Organizational citizenship behaviors: A critical review of the theoretical and empirical literature and suggestions for future research. Journal of management 26(3), 513.
56.Porter, L. W., & Lawler, E. E. (1968). Managerial attitudes and performance. Irwin, New Jersey.
57.Porter, L., Steers, R., Mowday, R., & Boulian, P. (1974). Organizational commitment, job satisfaction, and turnover among psychiatric technicians. Journal of Applied Psychology, 59(5), 603-609.
58.Posthumus, S., & Von Solms, R. (2004). A framework for the governance of information security. Computers & Security, 23(8), 638-646.
59.Rainer, R.K. Jr., Snyderr, C.A. and Carr, H.H. (1991), “Risk analysis for information technology”, Journal of Management Information Systems, Vol. 8, No. 1, Summer, pp.192–197.
60.Randall, D. (1987). Commitment and the organization: The organization man revisited. Academy of management review 12(3), 460-471.
61.Richardson, R. L., & Institute, C. S. (2007). CSI survey 2007: The 12th annual computer crime and security survey: Computer Security Institute.
62.Robbins, S. P., & Langton, N. (1998). Organizational behavior: Concepts, controversies, and applications: Prentice Hall Upper Saddle River, New Jersey:.
63.Rogers, R. (1975). A Protection Motivation Theory of Fear Appeals and Attitude Change1. The Journal of Psychology, 91(1), 93-114.
64.Rogers, E.M. (1983), Diffusion of Innovations, 3rd ed., New York, NY: The Free Press.
65.Smith, P. C., Kendall, L. M., & Hulin, C. L. (1969). The measurement of satisfaction in work and retirement. Chicago:Rand McNally.
66.Smith, C. A., Organ, D. W., & Near, J. P. (1983). Organizational citizenship behavior: Its nature and antecedents. Journal of Applied Psychology, 68, 653-663.
67.Spector, P. E. (1985). Measurement of human service staff satisfaction: Development of the Job Satisfaction Survey. American journal of community psychology, 13(6), 693-713.
68.Spector, P. E. (1997). Job satisfaction: Application, assessment, cause, and consequences (Vol. 3): Sage Publications, Inc. Spector, P. E. (1997).
69.Stanton, J., Stam, K., Guzman, I., & Caledra, C. (2003). Examining the linkage between organizational commitment and information security. In IEEE Systems, Man, and Cybernetics Conference Washington DC,USA. ‘
70.Steers, R. M. (1977). Antecedents and outcomes of organizational commitment. Administrative Science Quarterly, 22(1), 46-56.
71.Stoneburner, G., Goguen, A., & Feringa, A. (2002). Risk management guide for information technology systems. Nist special publication, 800, 30.
72.Straub Jr, D. W., & Nance, W. D. (1990). Discovering and disciplining computer abuse in organizations: a field study. MIS Quarterly, 45-60.
73.Taylor, S., & Todd, P. A. (1995). Understanding information technology usage: A test of competing models. Information Systems Research, 6(2), 144-176.
74.Weiss, D. J., Dawis, R. V., & England, G. W. (1967). Manual for the Minnesota Satisfaction Questionnaire. Minnesota Studies in Vocational Rehabilitation.
75.White, G. B., Fisch, E. A. and Pooch, U.W. (1996), Computer system and network security, Boca Raton, FL: CRC Press.
76.Wiener, Y. (1982). Commitment in organizations: A normative view. Academy of management review 7(3), 418-428.
77.Williams, L., & Anderson, S. (1991). Job satisfaction and organizational commitment as predictors of organizational citizenship and in-role behaviors. Journal of Management, 17(3), 601.
78.Yeh, Q. J., & Chang, A. J. T. (2007). Threats and countermeasures for information system security: A cross-industry study. Information & Management, 44(5), 480-491.

中文部分
79.經濟部標準檢驗局,資訊技術-安全技術-資訊安全管理系統-要求事項CNS 27001,X6049,2006年6月16日.
80.經濟部標準檢驗局,資訊技術-安全技術-資訊安全管理之作業規範CNS 27002, X6040,2007年10月24日.
81.BSI標準組織台灣官網http://www.bsigroup.tw/zh-tw/.
82.Societe Generale de Surveillance(SGS)台灣檢驗科技股份有限公司台灣官網http://www.tw.sgs.com/zh_tw/mini_site_iso27001_tw_1-1.
83.行政院主計處,電腦應用概況報告http://www.dgbas.gov.tw/ct.asp?xItem=28145&CtNode=5526&mp=1.
84.許士軍(1991),管理學,台北:東華書局.
85.吳定, 張潤書, 陳德禹, 賴維堯, & 許立一 (Eds.). (2010). 行政學 (二版九刷 ed.): 國立空中大學.
86.吳萬益、林清河(2000),企業研究方法,台北:華泰書局。
87.邱皓政(2003)量化研究與統計分析:SPSS中文視窗版資料分析範例解析(二版三刷),台北:五南出版社.
88.陳淑玲. (2002). 影響新人類組織承諾相關因素之研究. 中華管理學報, 3(1), p.75-88.
89.李東峰、林子銘(2001),風險評估觀點的資訊安全規劃架構,台灣大學資訊管理學系第十二屆國際資訊管理學術研討會。
90.葉桂珍、張榮庭 (2006),企業之資訊安全策略與其產業別及資訊化程度關係探討,資訊管理學報,Vol. 13, No.2, pp. 113-144.

連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供,不一定有電子全文可供下載,若連結有誤,請點選上方之〝勘誤回報〞功能,我們會盡快修正,謝謝!
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
1. 內部行銷導向、組織承諾、工作滿意與學校效能關係之研究─以台南地區國民小學為例
2. 組織文化、領導行為與員工工作態度間關係之實證研究-台灣某一商業銀行之個案研究
3. 工作特性、工作滿足、組織承諾與離職意願之探討──以高雄市公民營銀行為例
4. 組織承諾、角色衝突與工作滿足及其相關因素之研究-以高雄市政府主計處外派人員為例
5. 組織變革策略對組織承諾之影響研究--以潤泰工業股份有限公司電腦化為例
6. 人格特質與工作特性之契合對工作滿足與組織承諾之影響
7. 非營利事業機構組織文化、轉換型領導與員工工作態度關係之研究─以南部七縣市政府為例
8. 兩岸員工工作價值觀與工作特性對工作態度之影響
9. 領導型態、工作特性與我國地方機關人事人員工作滿足、組織承諾關係之研究
10. 員工對組織變革認知、轉業訓練、組織承諾與工作滿足關係之研究:以台糖公司為例
11. 國小校長魅力領導與教師組織承諾及工作滿意度之研究
12. 海陸輪調制度對海陸勤人員工作滿足與組織承諾之相關探討─以A公司海陸勤人員為例
13. 電視臺業務部業務員工作壓力、工作滿足與組織承諾之關聯性研究
14. 領導型態與領導效能關係之研究-以中部某連鎖零售業為例
15. 影響員工離職傾向因素之探討-以台中地區國際觀光旅館為例
 
系統版面圖檔 系統版面圖檔