臺灣博碩士論文加值系統

近幾年來，企業經營環境有著顯著性的改變，企業採用資訊科技以創造多樣化的服務、產品、改善品質等，由於資訊科技的採用，所衍生的安全風險越來越被重視，風險管理就目的而言，將管控或降低意外事件所可能造成的損失，能夠辨識出可能發生的意外事件或風險並有對應的做法，進而提升企業組織資訊韌性及競爭力。
企業在數位轉型的同時進行資訊科技風險管理的效益，可提升衡量企業的優質表現與市場競爭力，故本研究將進一步探討企業組織透過NIST網路安全架構進行管理資訊科技風險，以期改善企業組織績效之關連性。
本研究透過MCDM評估法產生具有價值的結果，利用DEMATEL瞭解「資訊科技(IT)專案風險」「NIST網路安全架構」「組織績效」構面及準則間的動態影響關係，透過專家問卷分析結果發現，(1)使用者風險對資訊科技(IT)專案風險為高度影響之因素；(2)NIST網路安全架構中以了解組織相關的業務、識別支持關鍵功能的資源以及相關內部、外部的風險，根據風險管理及業務需求以制定網路安全戰略，進而實現業務目標的重要性且關係強度越強；(3)組織績效以財務面為相對高度影響之因素，同時代表具有理想投資報酬率專案對組織績效有著顯著的影響力。研究結果可提供透過網路安全架構管理改善資訊科技(IT)專案風險，進而提升組織績效之相關建議。

In recent years, the business environment of enterprises has undergone significant changes. Enterprises have adopted information technology to create diversified services, products, and improve quality. Due to the adoption of information technology, more and more attention has been paid to the security risks derived from it, and risk management has become an important issue. The purpose is to control or reduce the possible losses caused by unexpected events, identify possible unexpected events or risks and take corresponding measures, thereby enhancing the information resilience and competitiveness of enterprise organizations.
The benefits of IT risk management while companies are undergoing digital transformation can improve the measurement of their high-quality performance and market competitiveness. Therefore, this study will further explore how corporate organizations manage IT risks through the NIST cybersecurity framework, with a view to improving corporate organizations. Correlation of performance.

This research produces valuable results through the MCDM assessment method, uses DEMATEL to understand the dynamic impact relationship between the dimensions of "Information Technology (IT) Project Risk", "NIST Cybersecurity Architecture", "Organizational Performance" and criteria, and analyzes the results through expert questionnaires It was found that (1) user risk is a highly influential factor on information technology (IT) project risk; (2) in the NIST cybersecurity framework, it is necessary to understand the organization's related business, identify resources supporting key functions, and related internal and external Risk, according to risk management and business needs to formulate network security strategies, and then achieve the importance of business goals and the stronger the relationship strength; (3) The financial aspect of organizational performance is a relatively highly influential factor, and it also represents an ideal return on investment. Projects have a significant impact on organizational performance. The findings can provide recommendations for improving information technology (IT) project risk through cybersecurity architecture management, thereby enhancing organizational performance.

摘要 i
Abstract ii
誌謝 iii
目錄 iv
表目錄 v
圖目錄 vi
第一章 緒論 1
1.1 研究背景與動機 1
1.2 研究目的 2
1.3 研究方法 4
第二章 文獻探討 5
2.1 NIST網路安全架構概述 5
2.2 資訊科技(IT)專案風險 14
2.3 組織績效衡量 15
第三章 研究方法與設計 17
3.1 研究架構 17
3.2 研究變數定義與衡量項目 17
3.3 研究對象 22
3.4 問卷設計 22
3.5 研究工具 23
第四章 研究分析 29
4.1 專家的代表性 29
4.2 應用DEMATEL建立影響關係圖 32
4.3 應用DANP獲得準則之權重 42
4.4 研究成果 49
第五章 結論與建議 51
5.1 研究結論 51
5.2 學術意涵與管理意涵 51
5.3 研究限制 52
5.4 未來方向 53
參考文獻 54
附錄 57

1.Chang, B., Chang, C.-W., & Wu, C.-H. (2011). Fuzzy DEMATEL method for developing supplier selection criteria. Expert Systems with Applications, 38(3), 1850-1858.
2.Chen, F.-H., Hsu, T.-S., & Tzeng, G.-H. (2011). A balanced scorecard approach to establish a performance evaluation and relationship model for hot spring hotels based on a hybrid MCDM model combining DEMATEL and ANP. International Journal of Hospitality Management, 30(4), 908-932.
3.Cleland D. I. and King W.R. (1983). Systems Analysis and Project Management. New York: McGraw-Hill.
4.Denzin, N. K., & Lincoln, Y. S. (1998). The landscape of qualitative research: theories and issues. Sage Publications.
5.Devine, K., et al. (2010). "Project Measurement and Success: A Balanced Scorecard Approach." Editorial Board 36(4): 38-50.
6.Dyer, R. F., & Forman, E. H. (1991). An analytic approach to marketing decisions. Englewood Cliffs, N.J.: Prentice Hall.
7.Gareth R. Jones, Charles W. L. Hill (2012). Theory of Strategic Management, South-Western/Cengage Learning.
8.Han, W.-M. and S.-J. Huang (2007). "An empirical analysis of risk components and performance on software projects." Journal of Systems and Software 80(1): 42-50.
9.Hung, Y.-H., Huang, T.-L., Hsieh, J.-C., Tsuei, H.-J., Cheng, C.-C., & Tzeng, G.-H. (2012). Online reputation management for improving marketing by using a hybrid MCDM model. Knowledge-Based Systems, 35(0), 87–93.
10.IBM Project Management Fundamentals Handbook. (1997). IBM.
11.Jack Gido, James P. Clements, Successful Project Management (5th Edition), Thomson Learning Press, 2012
12.Jun, L., et al. (2011). "The effects of project uncertainty and risk management on IS development project performance: A vendor perspective."International Journal of Project Management 29(7): 923-933.
13.Kaplan, R. S., & Norton, D. P. (1992). The balanced scorecard--measures that drive performance. Harv Bus Rev, 70(1), 71-79. 38
14.Kearns, G. S. (2007). "How the internal environment impacts information systems project success: an investigation of exploitative and explorative firms." Journal of Computer Information Systems 48(1): 63.
15.Kerzner,（1984）”Project management: A systems approach to planning, scheduling, and controlling”Van Nostrand Reinhold, New York.
16.Lee, Y.-C., Li, M.-L., Yen, T.-M., & Huang, T.-H. (2010). Analysis of adopting an integrated decision making trial and evaluation laboratory on a technology acceptance model. Expert Systems with Applications, 37(2), 1745-1754.
17.Northcutt, N., & McCoy, D. (2004). Interactive Qualitative Analysis: A Systems Method for Qualitative Research. SAGE.
18.Pinto,J.K. & Slevin,D.P. (1987). Critical factors in successful project implementation. IEEE Transactions on Engineering Management, 34(1).
19.Saaty, T. L. (1996). Multicriteria Decision Making: The Analytic Hierarchy Process: R W S Publications.
20.Strauss, A., & Corbin, J. M. (1998). Basics of Qualitative Research: Techniques and Procedures for Developing Grounded Theory. SAGE.
21.Schwalbe, K. (2010). Information Technology: Project Management: Course Technology Ptr.
22.Tseng, M.-L. (2009). A causal and effect decision making model of service quality expectation using grey-fuzzy DEMATEL approach. Expert Syst. Appl., 36(4), 7738-7748. doi: 10.1016/j.eswa.2008.09.011
23.Tzeng, G.-H., Chiang, C.-H., & Li, C.-W. (2007). Evaluating intertwined effects in e-learning programs: A novel hybrid MCDM model based on factor analysis and DEMATEL. Expert Syst. Appl., 32(4), 1028-1044. doi: 10.1016/j.eswa.2006.02.004
24.Wang, E. T., et al. (2006). "User diversity impact on project performance in an environment with organizational technology learning and management review processes." International Journal of Project Management 24(5): 405-411.
25.Wang, J., Lin, W., & Huang, Y.-H. (2010). A performance-oriented risk management framework for innovative R&D projects. Technovation, 30(11–12), 601-611.
26.Wen-Ming Han, Sun-Jen Huang, An empirical analysis of risk components and performance on software projects, Journal of Systems and Software, Volume 80, Issue1, January 2007, Pages 42-50, ISSN 0164-1212, 10.1016/j.jss.2006.04.030.
27.Wu, W.-W. (2008). Choosing knowledge management strategies by using a combined ANP and DEMATEL approach. Expert Systems with Applications, 35(3), 828-835.
28.Wu, W.-W., & Lee, Y.-T. (2007). Developing global managers’ competencies using the fuzzy DEMATEL method. Expert Systems with Applications, 32(2), 499-507.
29.張詠翔 (2005). 結合BS7799與資訊安全藍圖建構資訊安全評估機制之研究, 銘傳大學. 碩士論文.
30.陳品靜 (2013). 企業實施ISMS之研究, 華梵大學. 碩士論文.
31.陳妏綺 (2013). 資訊安全評估、資訊素養與資訊倫理的關聯性研究 -以台灣銀行業為例, 大同大學.
32.陳秀蓉(2010). 從資訊人員觀點探討企業導入資訊安全管理系統之影響—以金融業為例, 淡江大學. 碩士論文.
33.黃文賓 (2013). 以多重準則決策分析改善資訊系統專案風險管理之研究, 雲林科技大學. 碩士論文.
34.Fintech周報第197期 (2021). 金管會
35.英國標準協會BSI (2021). 風險管理所帶來的效益具
36.National Institute of Standards and Technology Cybersecurity Framework
https://www.nist.gov/cyberframework
37.台灣檢驗科技 (2021). 資訊安全三大要素說明