王平、羅濟群、趙國銘與王子夏,2012,雲端運算服務之風險分析,管理評論,第31卷第1期:5-23。
王旭正、姚深淵、黃嘉宏與詹前隆,2008,Firewall-based遠端網路的數位證據蒐集,電子商務學報,第10卷第1期:235-253。王怡心,2012,新COSO內部控制整合架構,內部稽核,第79期:4-8。
王連杰、陳正鎔與孫屏台,2011,改良式ElGamal-like數位簽章於電子商務環境之應用,資訊管理學報,第18卷第3期:2-25。
甘偉中,2012,雲端運算漸普及 調查:虛擬化成為核心技術,引用自http://www. nownews.com/2012/02/09/91-2783327.htm。
朱柔若譯,Neuman, W. L.原著,2000,社會研究方法-質化與量化取向,台北:揚智文化。
江淑玲與林麗容,2006,我國中小企業盈餘管理行為之探索性研究-德爾菲法之應用,東吳經濟商學學報,第57期:79-109。
行政院,2011,公開發行公司建立內部控制制度處理準則,引用自http://www. selaw.com.tw/Scripts/Query4B.asp?FullDoc=%A9%D2%A6%B3%B1%F8%A4%E5&Lcode=G0100200。
行政院,2012,雲端運算,引用自http://www.ey.gov.tw/policy8/cp.aspx?n=243D 7E99 3A404388。
吳芝儀、廖梅花譯,Strauss, A. 與 J. Corbin原著,2001,紮根理論研究方法,嘉義:濤石文化。
吳建樺與邱瑞科,2011,供應鏈管理安全電子資料交換系統建立之研究,資訊管理學報,第18卷第3期:101-123。
吳裕群,2010,透過內部控制落實公司治理,內部稽核,第71期:16-21。
宋佩貞、古政元與陳加屏,2012,以系統動力學探討電腦病毒防治政策,資訊管理學報,第19卷第3期:621-652。
周濟群,2012,雲端運算對於企業內部控制與稽核的影響,內部稽核,第79期,18-25。
林岦毅,2012,淺談雲端運算,證卷交易資料,第600期:14-22。
林柄滄,2003,內部稽核理論與實務,第五版,台北:中華民國內部稽核協會。
徐華鍈譯,內田治與醍醐昭美原著,2000,問卷調查應用入門,初版,台北:小知堂。
財團法人中華民國會計研究發展基金會,2009,審計準則公報及審計實務指引,台北:財團法人中華民國會計研究發展基金會。
財團法人資訊工業策進會,2012,台灣大型企業雲端投資現況與展望,引用自http://www.iii.org.tw/。
馬嘉應,2013,財務與非財務查核簽證之異同-以企業併購為例,會計研究月刊,第330期:124-129。
張紹勳,2004,研究方法,初版,台中:滄海。
張碩毅與吳承志,2008,企業資源規劃系統建置與管理,台北:文魁資訊。
曹偉駿與黃美治,2010,適用於網路服務之高效率整合式存取控制系統設計與實作,管理與系統,第17卷第1期:159-182。
陳志誠、林淑瓊與李興漢,2009,資訊資產分類與風險評鑑之研究-以銀行業為例,資訊管理學報,第16卷第3期:55-84。
彭玉樹、梁奕忠、于卓民與梁晉嘉,2010,台灣管理學門質性研究之回顧與展望,中山管理評論,第18卷第1期:11-40。
黃士銘、張碩毅與蘇耿弘,2006,企業導入BS7799資訊安全管理系統之關鍵成功因素-以石化產業為例,資訊管理學報,第13卷第2期:171-192。黃中河與林谷鴻,2012,應用網路分析法探討企業導入ERP系統之關鍵成功因素,工程科技與教育學刊,第9卷第3期:353-367。
黃永婷與殷書庸,2012,從雲端參考架構,剖析雲端服務管理挑戰,引用自http://www.deloitte.com/view/tc_tw/tw/199cbc99d5d74310VgnVCM2000001b56f00aRCRD.htm。
黃劭彥、林琦珍與邱安安,2011,電腦稽核導入之成效,電腦稽核,第23期:16-25。
葉桂珍與張榮庭,2006,企業之資訊安全策略與其產業別及資訊化程度關係探討,第13卷第2期:113-143。
廖鴻圖、范修維、邱孟佑、蕭麗齡與瞿鴻斌,2005,資訊安全風險評鑑驗證系統,電子商務學報,第7卷第4期:395-414。數位時代,2008,雲端運算風暴來襲,引用自http://www.bnext.com.tw/article/ view/cid/0/id/10163。
盧正宗、李大千與林靖傑,2012,整合雲端運算技術與服務導向架構(SOA)建構審計支援系統,電子商務學報,第14卷第2期:281-306。
蕭瑞麟與許瑋元,2010,資安洞見:由使用者痛點提煉創新來源,組織與管理,第3卷第2期:93-128。
諶家蘭,2012a,雲端治理,會計研究月刊,第324期:78-89。
諶家蘭,2012b,雲端運算與電腦稽核-商機與治理,會計研究月刊,第322期:88-95。
賴虹燕譯,酒井隆原著,2006,問卷設計市場調查與統計分析實務入門,三版,台北:博誌。
薛夙珍與陳星百,2006,具便捷性與安全性之行動消費者主導交易協定,第13卷第4期:103-132。
謝錫堃與陳柏誠,2012,雲端計算,科學發展,第473期:64-69。
鍾志恒,2012,平安夜不平安 亞馬遜雲端平台當機 客戶抓狂,引用自http://news.chinatimes.com/world/11050401/122012122800154.html。
蘇建源、江琬瑂與阮金聲,2010,資訊安全政策實施對資訊安全文化與資訊安全有效性影響之研究,資訊管理學報,第17卷第4期:61-87。
鐘嘉德、高天助與楊嘉栩,2010,雲端運算與產業發展,研考雙月刊,第34卷4期,20-31。
Ahmed, A. 2011. Using COBIT to Manage Benefits, Risks and Security of Outsourcing Cloud Computing. Information Systems Audit and Control Association 2: 13-16.
Allen, B. 1977. The biggest computer frauds: lessons for CPAs. The Journal of Accountancy 5:52-62.
August, T., and T. I. Tunca. 2008. Let the pirates patch? An economic analysis of software security patch restrictions. Information Systems Research 19 (1): 48-70.
Bandyopadhyay, T., V. Jacob, and S. Raghunathan. 2010. Information security in networked supply chains: impact of network vulnerability and supply chain integration on incentives to invest. Information Technology & Management 11 (1): 7-23.
Benbasat, I., D. K. Goldstein, and M. Mead. 1987. The case research strategy in studies of information systems. MIS Quarterly 11(3): 369-386.
Bojanc, R., B. J. Blazic, and M. Tekavcic. 2012. Managing the investment in information security technology by use of a quantitative modeling. Information Processing & Management 48 (6): 1031-1052.
Cavusoglu, H., B. Mishra, and S. Raghunathan. 2005. The value of intrusion detection systems in information technology security architecture. Information Systems Research 16 (1): 28-46.
Cavusoglu, H., S. Raghunathan, and H. Cavusoglu. 2009. Configuration of and Interaction Between Information Security Technologies: The Case of Firewalls and Intrusion Detection Systems. Information Systems Research 20 (2): 198-217.
Chen, Y., and A. Bharadwaj. 2009. An Empirical Analysis of Contract Structures in IT Outsourcing. Information Systems Research 20 (4): 484-506.
Chiu, C. M. 2005. Applying means-end chain theory to eliciting system requirements and understanding users perceptual orientations. Information & Management 42 (3): 455-468.
Choudhury, V., and R. Sabherwal. 2003. Portfolios of control in outsourced software development projects. Information Systems Research 14 (3): 291-314.
Chowdhury, G. 2012. An agenda for green information retrieval research. Information Processing & Management 48 (6): 1067-1077.
Cloud Security Alliance (CSA). 2011. Security Guidance for Critical Areas of Focus in Cloud Computing V3.0. Singapore.
Committee of Sponsoring Organizations of the Treadway Commission (COSO). 2012. Enterprise Risk Management For Cloud Computeing. US.
D’Arcy, J., A. Hovav, and D. Galletta. 2009. User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach. Information Systems Research 20 (1): 79-98.
Davila, A., G. Foster, and M. Li. 2009. Reasons for management control systems adoption: Insights from product development systems choice by early-stage entrepreneurial companies. Accounting Organizations and Society 34 (3-4): 322- 347.
Dhillon, G., and G. Torkzadeh. 2006. Value-focused assessment of information system security in organizations. Information Systems Journal 16 (3): 293-314.
Dinev, T., J. Goo, Q. Hu, and K. Nam. 2009. User behaviour towards protective information technologies: the role of national cultural differences. Information Systems Journal 19 (4): 391-412.
Ding, W. 2013. Research on Security Risk Assessment and the Solutions of Cloud Computing. Intelligence Computation and Evolutionary Computation 180: 481- 486.
Duan, Y., W. Nie, and E. Coakes. 2010. Identifying key factors affecting transnational knowledge transfer. Information & Management 47: 356–363.Eisenhardt, K. M., 1989, Building Theories from Case Study Research. Academy of Management Journal 14(4): 532-550.
Gartner. 2008. Assessing the Security Risks of Cloud Computing. Retrieved from SSRN: http://www.gartner.com/DisplayDocument?id=685308.
Grossman, R. L. 2009. The case for cloud computing. IT Professional 11(2): 23–27.
Guo, K. H., and Y. Yuan. 2012. The effects of multilevel sanctions on information security violations: A mediating model. Information & Management 49 (6): 320- 326.
Hsu, C., J. N. Lee, and D. W. Straub. 2012. Institutional Influences on Information Systems Security Innovations. Information Systems Research 23 (3): 918-939.
Hsu, M. K., J. J. Jiang, G. Kleinc, and Z. Tang. 2003. Perceived career incentives and intent to leave. Information & Management 40 (5): 361- 369.
Khajeh-Hosseini, A., D. Greenwood, J. W. Smith, and I. Sommerville. 2012. The cloud adoption toolkit: Supporting cloud computing adoption in the enterprise. Software: Practice and Experience 42(4): 447-65.
Korvin, A. D., M.F. Shipley, and K. Omer. 2004. Assessing risks due to threats to internal control in a computer-based accounting information system. Intelligent Systems In Accounting, Finance And Management 12:139-152.
Kotulic, A. G., and J. G. Clark. 2004. Why there aren't more information security research studies. Information & Management 41 (5): 597-607.
Koufaris, M., and W. Hampton-Sosa. 2004. The development of initial trust in an online company by new customers. Information & Management 41 (3): 377 -397.
Kshetri, N. 2012. Privacy and security issues in cloud computing: The role of institutions and institutional evolution. Telecommunications Policy 37:372-386.
Lawshe, C. H. 1975. A Quantitative Approach to Content Validity. Personnel Psychology 28(4):563-575.
Lee, S., and K. C. Lee. 2010. The relationship among formal EDI controls, knowledge of EDI controls, and EDI performance. Information Technology & Management 11 (1): 43-59.
Lin, A., and N.C. Chen. 2012. Cloud computing as an innovation: Percepetion, attitude, and adoption. International Journal of Information Management 32 (6): 533-540.
McAfee, A. 2011. What Every CEO Needs to Know About The Cloud. Harvard Business Review 63: 69-78.
Melville, N., and M. McQuaid. 2012. Generating Shareable Statistical Databases for Business Value: Multiple Imputation with Multimodal Perturbation. Information Systems Research 23 (2): 559-574.
Miller, M. 2008. Cloud computing: Web-based applications that change the way you work and collaborate online. Indianapolis: Que.
Nakatsu, R. T., C. L. Iacovou. 2009. A comparative study of important risk factors involved in offshore and domestic outsourcing of software development projects: A two-panel Delphi study. Information & Management 46: 57–68.
National Institute of Standards and Technology (NIST). 2011. The NIST Definition of Cloud Computing (Special Publication 800-145). Gaithersburg: National Institute of Standards and Technology.
Nevo, D., and Y. E. Chan. 2007. A Delphi study of knowledge management systems:Scope and requirements. Information & Management 44: 583-597.
Okoli, C., and S. D. Pawlowski. 2004. The Delphi method as a research tool: an example, design considerations and applications. Information & Management 42: 15-29.
Open Data Center Alliance (ODCA). 2012. Cloud computing. Retrieved from SSRN: http://www.opendatacenteralliance.org/ourwork/cloudcomputing.
Paquette, S., P. T. Jaeger, and S. C. Wilson. 2010. Identifying the security risks associated with governmental use of cloud computing. Government Information Quarterly 27: 245–253.
Pieters, W. 2011. The (Social) Construction of Information Security. Information Society 27 (5): 326-335.
Price, M. 2011.Pinning down the cloud. Retrieved from SSRN: http://online.wsj. com/article/SB10001424052748704739504576067461795827534.html
Quan, J., and H. Cha. 2010. IT certifications, outsourcing and information systems personnel turnover. Information Technology & People 23 (4): 330-351.
Ransbotham, S., and S. Mitra. 2009. Choice and Chance: A Conceptual Model of Paths to Information Security Compromise. Information Systems Research. 20 (1): 121-139.
Russell, S., V. Yoon, and G. Forgionne. 2010. Cloud-based decision support systems and availability context: the probability of successful decision outcomes. Information Systems and E-Business Management 8 (3): 189-205.
Soliman, K. S., and B. D. Janz. 2004. An exploratory study to identify the critical factors affecting the decision to establish Internet-based interorganizational information systems. Information & Management 41 (6): 697-706.
Stahl, B. C., N. F. Doherty, and M. Shaw. 2012. Information security policies in the UK healthcare sector: a critical evaluation. Information Systems Journal 22 (1): 77-94.
Vijayasarathy, L. R. 2004. Predicting consumer intentions to use on-line shopping: the case for an augmented technology acceptance model. Information & Management 41 (6): 747-762.
Vila, N., and I. Kuster. 2011. Consumer feelings and behaviours towards well designed websites. Information & Management 48 (4-5): 166-177.
Wang, H., W. He, and F. K. Wang. 2012. Enterprise cloud service architectures. Information Technology & Management 13 (4): 445-454.
Wang, J., A. Chaudhury, and H. R. Rao. 2008. A value-at-risk approach to information security investment. Information Systems Research 19 (1): 106-120.
Ward, B. T. and C. Sipior. 2010. The Internet Jurisdiction Risk of Cloud Computing. Information Systems Management 27: 334-339.
Weihua, J. and S. Shibing. 2013. Research on the Security Issues of Cloud Computing. Intelligence Computation and Evolutionary Computation 180: 845- 848.
Wolfe C. J., E. G. Mauldin, and M. C. Diaz. 2009. Concede or Deny: Do Management Persuasion Tactics Affect Auditor Evaluation of Internal Control Deviations? Accounting Review 84 (6): 2013-2037.
Yeh, Q. J., and A. J. T. Chang. 2007. Threats and countermeasures for information system security: A cross-industry study. Information & Management 44 (5): 480-491.
Yin, R. K., 2009. Case Study Research- Design and Methods. Thousand Oaks: California.
Yiu, S. M., S. W. Yiu, L. K. Lee, E. K. Y. Li, and M. C. L. Yip. 2006. Sharing and access right delegation for confidential documents: A practical solution. Information & Management 43 (5): 607-616.