跳到主要內容

臺灣博碩士論文加值系統

(98.82.120.188) 您好!臺灣時間:2024/09/13 04:39
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:劉珀易
研究生(外文):LIU, PO-YI
論文名稱:探討企業員工對於遵守資訊安全政策之主動角色外行為
論文名稱(外文):Understanding employees’ proactive extra-role behaviors on information security policies
指導教授:洪郁雯洪郁雯引用關係
指導教授(外文):HUNG, YU-WEN
口試委員:黃恊弘洪郁雯張芳凱
口試委員(外文):HUANG, HSIEH-HONGHUNG, YU-WENCHANG, FANG-KAI
口試日期:2024-07-17
學位類別:碩士
校院名稱:國立高雄科技大學
系所名稱:資訊管理系
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2024
畢業學年度:112
語文別:中文
論文頁數:95
中文關鍵詞:資訊安全政策角色外行為主動角色外行為遵守行為
外文關鍵詞:Information Security PolicyExtra-Role BehaviorProactive Extra-Role BehaviorCompliance Behavior
相關次數:
  • 被引用被引用:0
  • 點閱點閱:63
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
鑒於現階段數位科技化蓬勃發展的關係,政府組織及私人企業將面臨著諸多資訊安全相關的威脅與困境,應如何嚴格把關組織資訊為近年來重大之資訊安全議題,其中,以組織內部發生的資訊安全事件尤為重要,而這些資訊安全事件與員工的行為息息相關,員工若能發揮主動角色外行為,對於組織資訊安全將帶來正向的影響,從而提高組織整體之安全性,因此,本研究在瞭解企業員工的主動角色外行為(以想法實施為導向與以解決問題為導向)與遵守資訊安全政策(規範性遵守與自願性遵守)之間的關係。

本研究採用問卷調查法來進行資料蒐集,填答者為具備資訊政策的企業之員工,有效樣本為 342 份。資料分析結果顯示,資訊安全身份、保護動機、獎勵會提升員工以想法實施為導向的主動角色外行為(發聲、管理層、公民道德);懲罰、認知好奇心、自主動機則會提升以解決問題為導向的主動角色外行為(個人自主性、檢舉)。以想法實施為導向與以解決問題為導向的主動角色外行為皆會提升員工的自願性遵守行為,但對於規範性遵守卻不具顯著效果。藉由本次的研究將能提供組織改善現有狀況之方向,以及提供組織在遵守資訊安全政策方面更進一步的見解。
The rapid advancement of digital technology has exposed governments and private
enterprises to numerous information security threats. Ensuring robust organizational information control has become crucial, particularly regarding internal security incidents related to employee behavior. Employee proactivity can significantly enhance an organization's overall information security posture.

This study investigates the relationship between employees' proactive extra-role
behaviors (idea implementation-oriented and problem solving-oriented) and their
compliance with information security policies (instrumental and voluntary). Data was collected through a survey of 342 employees from companies with established
information security policies.

Results indicate that information security role identity, protection motivation, and rewards foster idea implementation-oriented proactive behaviors (voice, stewardship, and civic virtue). Conversely, sanctions, intellectual curiosity, and autonomous motivation promote problem-solving-oriented proactive behaviors (individual initiative and whistleblowing). Both types of proactive behaviors influence employees' voluntary compliance, but not instrumental compliance.

This research provides valuable insights for organizations to enhance their
information security practices and offers a deeper understanding of factors influencing compliance with information security policies.
摘要 i
ABSTRACT ii
誌謝 iii
目錄 iv
表目錄 vi
圖目錄 viii
一、緒論 1
1.1 研究背景 1
1.2 研究動機 4
1.3 研究目的 5
1.4 研究流程 6
二、文獻探討 7
2.1 資訊安全政策(Information Security Policy) 7
2.2 主動角色外行為(Proactive Extra-Role Behavior) 10
2.3 遵守行為(Compliance Behavior) 17
三、研究方法 20
3.1 研究模型 20
3.2 研究假說 21
3.3 操作型定義 26
3.4 研究設計 28
四、資料分析 35
4.1 樣本結構分析 35
4.2 衡量模型 38
4.3 結構方程式分析 47
4.3.3 假說檢定結果 54
五、結論與建議 55
5.1 結論 55
5.2 理論與實務面意涵 56
5.3 研究限制與未來建議 59
參考文獻 61
附錄:研究問卷 77
一、中文部份
Jon Clay. (2023). 讓員工成為企業另一道重要的防禦:藉由網路資安意識訓練來對抗勒索病毒. 趨勢科技 Retrieved from https://www.trendmicro.com/zh_tw/research/23/h/cybersecurity-awareness-trainin
g-to-fight-ransomware.html
Trend Micro. (2023). 預先防範風險:趨勢科技 2023 上半年網路資安報告. 趨勢科技 Retrieved from
https://www.trendmicro.com/content/dam/trendmicro/global/zh_tw/security-intelli
gence/threat-report/report/2023%20mid-year%20roundup%20full%20report_Final. pdf
國家高速網路與計算中心. (2020). ISMS 資訊安全管理系統. 國家高速網路與計算中心 Retrieved from https://noc.twaren.net/~liangmc/nuk/nsm991/Lesson6.pdf
羅正漢. (2023). 2021 政府機關資安現況揭露,近年三級事件通報人為疏失是主因. IT 之家 Retrieved from https://www.ithome.com.tw/news/148431
國家資通安全研究院. (2023). 政府機關資安威脅與防護重點. 國家資通安全研究院 Retrieved from https://download.nics.nat.gov.tw/UploadFile/attachfilehandout/
議題二:政府機關資安威脅與防護重點.pdf 台灣電腦網路危機處理暨協調中心. (2023). 調查指出多數公司不夠重視資安,將造成嚴重後果. 台灣電腦網路危機處理暨協調中心 Retrieved from
https://www.twcert.org.tw/newepaper/cp-65-7122-cde20-3.html
資安人科技網. (2023). 調查:74%的資料洩露始於人為疏失或社交工程攻擊. 資安人科技網 Retrieved from
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10529

二、英文部份
Amabile, T. M., Conti, R., Coon, H., Lazenby, J., & Herron, M. (1996). Assessing the work environment for creativity. Academy of Management Journal, 39(5), 1154-1184.
Argote, L., & Ingram, P. (2000). Knowledge transfer: a basis for competitive advantage in firms. Organizational Behavior and Human Decision Processes, 82(1), 150-169.
Appelbaum, S. H., Cottin, J., Paré, R., & Shapiro, B. T. (2006). Employee theft: from behavioural causation and prevention to managerial detection and remedies. Journal of American Academy of Business, 9(2), 175-182.
Ali, R. F., Dominic, P. D. D., Ali, S. E. A., Rehman, M., & Sohail, A. (2021). Information security behavior and information security policy compliance: a systematic literature review for identifying the transformation process from noncompliance to compliance. Applied Sciences, 11(8), 3383.
Alsharif, M., Mishra, S., & Alshehri, M. (2022). Impact of human vulnerabilities on cybersecurity. Computer Systems Science & Engineering, 40(3), 1154-1166.
Berlyne, D. E. (1949). Interest as a psychological concept. British Journal of Psychology, 39(4), 184-195.
Berlyne, D. E. (1950). Novelty and curiosity as determinants of exploratory behaviour. British Journal of Psychology, 41(1), 68-80.
Berlyne, D. E. (1954). A theory of human curiosity. British Journal of Psychology, 45(3), 180-191.
Berlyne, D. E. (1960). Conflict, arousal, and curiosity. McGraw-Hill Book Company. Retrieved from https://doi.org/10.1037/11164-000
Berlyne, D. E. (1966). Curiosity and exploration. Science, 153, 25-33. Retrieved from https://doi.org/10.1126/science.153.3731.25
Burke, P. J., & Reitzes, D. C. (1981). The link between identity and role performance. Social Psychology Quarterly, 44(2), 83-92.
Barron, F., & Harrington, D. M. (1981). Creativity, intelligence, and personality. Annual Review of Psychology, 32(1), 439-476.
Bagchi, K., & Udo, G. (2003). An analysis of the growth of computer and Internet security breaches. Communications of the Association for Information Systems, 12(1), 684-700.
Bachrach, D. G., Powell, B. C., Collins, B. J., & Richey, R. G. (2006). Effects of task interdependence on the relationship between helping behavior and group performance. Journal of Applied Psychology, 91(6), 1396-1405.
Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34(3), 523-548.
Bolino, M. C., Valcea, S., & Harvey, J. (2010). Employee, manage thyself: the potentially negative implications of expecting employees to behave proactively. Journal of Occupational and Organizational Psychology, 83(2), 325-345.
Burris, E. R. (2012). The risks and rewards of speaking up: managerial responses to employee voice. Academy of Management Journal, 55(4), 851-875.
Boss, S. R., Galletta, D. F., Lowry, P. B., Moody, G. D., & Polak, P. (2015). What do systems users have to fear? using fear appeals to engender threats and fear that motivate protective security behaviors. MIS Quarterly, 39(4), 837-864.
Chow, C. W. (1995). The effects of pay schemes and probabilistic management audits on subordinate misrepresentation of private information: an experimental investigation in a resource allocation context. Behavioral Research in Accounting, 7, 1-16.
Crant, J. M. (1995). The proactive personality scale and objective job performance among real estate agents. Journal of Applied Psychology, 80(4), 532-537.
Chin, W. W. (1998). The partial least squares approach to structural equation modeling. Modern Methods for Business Research, 295(2), 295-336.
Crant, J. M. (2000). Proactive behavior in organizations. Journal of Management, 26(3), 435-462.
Crant, J. M., & Bateman, T. S. (2000). Charismatic leadership viewed from above: The impact of proactive personality. Journal of Organizational Behavior, 21(1), 63-75.
Chen, C. J., Shih, H. A., & Yeh, Y. C. (2011). Individual initiative, skill variety, and creativity: the moderating role of knowledge specificity and creative resources. The International Journal of Human Resource Management, 22(17), 3447-3461.
Chen, Y., Ramamurthy, K., & Wen, K. W. (2012). Organizations' information security policy compliance: stick or carrot approach? Journal of Management Information Systems, 29(3), 157-188.
Chatterjee, S., Sarker, S., & Valacich, J. S. (2015). The behavioral roots of information systems security: exploring key factors related to unethical IT use. Journal of Management Information Systems, 31(4), 49-87.
Cram, W. A., Proudfoot, J. G., & D’arcy, J. (2017). Organizational information security policies: a review and research framework. European Journal of Information Systems, 26(6), 605-641.
Cram, W. A., D’arcy, J., & Proudfoot, J. G. (2019). Seeing the forest and the trees: a meta-analysis of the antecedents to information security policy compliance. MIS Quarterly, 43(2), 525-554.
Chen, Y., Galletta, D. F., Lowry, P. B., Luo, X., Moody, G. D., & Willison, R. (2021). Understanding inconsistent employee compliance with information security policies through the lens of the extended parallel process model. Information Systems Research, 32(3), 1043-1065.
Chen, Y., Xia, W., & Cousins, K. (2022). Voluntary and instrumental information security policy compliance: an integrated view of prosocial motivation, self-regulation and deterrence. Computers & Security, 113(1), 102568.
Dutton, J. E., & Ashford, S. J. (1993). Selling issues to top management. Academy of Management Review, 18(3), 397-428.
Dyne, L. V., Cummings, L. L., & Parks, J. M. (1995). Extra-role behaviors: in pursuit of construct and definitional clarity (a bridge over muddied waters). Research in Organizational Behavior, 17, 215-285.
Dyne, L. V., & LePine, J. A. (1998). Helping and voice extra-role behaviors:evidence of construct and predictive validity. Academy of Management Journal, 41(1),108-119.
Dooley, R. S., & Fryxell, G. E. (1999). Attaining decision quality and commitment from dissent: the moderating effects of loyalty and competence in strategic decision-making teams. Academy of Management Journal, 42(4), 389-402.
Deci, E. L., & Ryan, R. M. (2000). The "what" and "why" of goal pursuits: human needs and the self-determination of behavior. Psychological Inquiry, 11(4), 227-268.
Dyne, L. V., Ang, S., & Botero, I. C. (2003). Conceptualizing employee silence and employee voice as multidimensional constructs. Journal of Management Studies, 40(6), 1359-1392.
Detert, J. R., & Burris, E. R. (2007). Leadership behavior and employee voice: is the door really open? Academy of Management Journal, 50(4), 869-884.
D’Arcy, J., Hovav, A., & Galletta, D. F. (2009). User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach. Information Systems Research, 20(1), 79-98.
Deci, E. L., & Ryan, R. M. (2012). Self-determination theory. Handbook of Theories of Social Psychology, 1(20), 416-436.
Etzioni, A. (1975). A comparative analysis of complex organizations: on power, involvement, and their correlates (Rev. and enl. ed). Free Press.
Eisenhardt, K. M. (1985). Control: organizational and economic approaches. Management Science, 31(2), 134-149.
Esteves, J., Ramalho, E., & De Haro, G. (2017). To improve cybersecurity, think like a hacker. MIT Sloan Management Review.
Ernst & Young. (2008). Ernst & Young 2008 global information security survey Retrieved from https://faisaldanka.wordpress.com/2008/10/20/ernst-young-2008-global-information-security-survey/
Ernst & Young. (2010). Borderless security-Ernst and Young’s 2010 global information security survey. Retrieved from https://www.slideshare.net/slideshow/2010-giss-ey/5604353
Ernst & Young. (2020). How does security evolve from bolted on to built-in? EY global information security survey 2020. Retrieved from https://assets.ey.com/content/dam/ey-sites/ey-com/en_gl/topics/advisory/ey-global-information-security-survey-2020-report.pdf
Fornell, C., & Larcker, D. F. (1981). Evaluating structural equation models with unobservable variables and measurement error. Journal of Marketing Research, 18(1), 39-50.
Frese, M., Kring, W., Soose, A., & Zempel, J. (1996). Personal initiative at work: differences between East and West Germany. Academy of Management Journal, 39(1), 37-63.
Frese, M., & Fay, D. (2001). 4. Personal initiative: an active performance concept for work in the 21st century. Research in Organizational Behavior, 23, 133-187.
Frederickson, J. R., & Waller, W. (2005). Carrot or stick? contract frame and use of decision‐influencing information in a principal‐agent setting. Journal of Accounting Research, 43(5), 709-733.
Farmer, S. M., Tierney, P., & Kung-McIntyre, K. (2003). Employee creativity in Taiwan: an application of role identity theory. Academy of Management Journal, 46(5), 618-630.
Frank, M., & Kohn, V. (2023). Understanding extra-role security behaviors: an integration of self-determination theory and construal level theory. Computers & Security, 132, 103386.
Gibbs, J. P. (1968). Crime, punishment, and deterrence. The Southwestern Social Science Quarterly, 48(4), 515-530.
Gilligan, G. (2003). Whistleblowing initiatives-are they merely secrecy games and/or blowing in the wind? The Company Lawyer, 24(2), 38-41.
Grant, A. M., & Ashford, S. J. (2008). The dynamics of proactivity at work. Research in Organizational Behavior, 28, 3-34.
Goo, J., Yim, M. S., & Kim, D.J. (2014). A path to successful management of employee security compliance: an empirical study of information security climate. IEEE Transactions on Professional Communication, 57(4), 286-308.
Guan, B., & Hsu, C. (2022). Investigating employees’ proactive extra-role information security behaviors through security mindfulness. International Conference on Information Systems 2022 Proceedings, 5. Retrieved from https://aisel.aisnet.org/icis2022/security/security/5
Hair, J. F., Black, W. C., Babin, B. J., Anderson, R. E., & Tatham, R. (2006). Multivariate data analysis. (6th ed.). Upper Saddle River, NJ: Pearson Prentice Hall.
Herath, T., & Rao, H. R. (2009). Encouraging information security behaviors in organizations: role of penalties, pressures and perceived effectiveness. Decision Support Systems, 47(2), 154-165.
Hair, J. F., Ringle, C. M., & Sarstedt, M. (2011). PLS-SEM: indeed a silver bullet. Journal of Marketing theory and Practice, 19(2), 139-152.
Hsu, J. S. C., Shih, S. P., Hung, Y. W., & Lowry, P. B. (2015). The role of extra-role behaviors and social controls in information security policy effectiveness. Information Systems Research, 26(2), 282-300.
Humaidi, N., & Balakrishnan, V. (2015). Leadership styles and information security compliance behavior: the mediator effect of information security awareness. International Journal of Information and Education Technology, 5(4), 311-318.
Hagger, M. S., Hankonen, N., Chatzisarantis, N. L., & Ryan, R. M. (2020). Changing behavior using self-determination theory. The Handbook of Behavior Change, 104-119.
Hair, J. F., Hult, G. T. M., Ringle, C. M., Sarstedt, M., Danks, N. P., & Ray, S. (2021). Partial least squares structural equation modeling(PLS-SEM)using R: A workbook. Springer Nature.
James, W. (1890). The principles of. Psychology, 2, 94.
Johnston, A. C., & Warkentin, M. (2010). Fear appeals and information security behaviors: an empirical study. MIS Quarterly, 34(3), 549-566.
Johnston, A. C., Wech, B., & Jack, E. (2013). Engaging remote employees: the moderating role of “remote” status in determining employee information security policy awareness. Journal of Organizational and End User Computing(JOEUC), 25(1), 1-23.
Johnston, A. C., Warkentin, M., & Siponen, M. (2015). An enhanced fear appeal rhetorical framework: leveraging threats to the human asset through sanctioning rhetoric. MIS Quarterly, 39(1), 113-134.
Jaeger, L., & Eckhardt, A. (2018). When colleagues fail: examining the role of information security awareness on extra-role security behaviors. European Conference on Information Systems, 124.
Johnston, A. C., Warkentin, M., Dennis, A. R., & Siponen, M. (2019). Speak their language: designing effective messages to improve employees’ information security decision making. Decision Sciences, 50(2), 245-284.
Kolekofski, K. E., & Heminger, A. R. (2003). Beliefs and attitudes affecting intentions to share information in an organizational setting. Information & Management, 40(6), 521-532.
Kirsch, L. J. (2004). Deploying common systems globally: the dynamics of control. Information Systems Research, 15(4), 374-395.
Kirsch, L. J., & Boss, S. R. (2007). The last line of defense: motivating employees to follow corporate security guidelines. International Conference on Interaction Sciences, Proceedings, 103.
Kaplan, S. E., Pope, K. R., & Samuels, J. A. (2010). The effect of social confrontation on individuals’ intentions to internally report fraud. Behavioral Research in Accounting, 22(2), 51–67.
Kline, R. B. (2016). Principles and practice of structural equation modeling (4th ed.). Guilford Press.
Koohang, A., Nowak, A., Paliszkiewicz, J., & Nord, J. H. (2020). Information security policy compliance: leadership, trust, role values, and awareness. Journal of Computer Information Systems, 60(1), 1-8.
Lorange, P., & Morton, M. S. S. (1974). A framework for management control systems. MIT Sloan Management Review, 16(1), 47-56.
Loewenstein, G. (1994). The psychology of curiosity: a review and reinterpretation. Psychological Bulletin, 116(1), 75-98.
Luft, J. (1994). Bonus and penalty incentives contract choice by employees. Journal of Accounting and Economics, 18(2), 181-206.
LePine, J. A., & Dyne, L. V. (1998). Predicting voice behavior in work groups. Journal of Applied Psychology, 83(6), 853-868.
Leach, J. (2003). Improving user security behaviour. Computers & Security, 22(8), 685-692.
Liang, J., Farh, C. I., & Farh, J. L. (2012). Psychological antecedents of promotive and prohibitive voice: a two-wave examination. Academy of Management Journal, 55(1), 71-92.
Lowry, P. B., Moody, G. D., Galletta, D. F., & Vance, A. (2013). The drivers in the use of online whistle-blowing reporting systems. Journal of Management Information Systems, 30(1), 153-190.
Lowry, P. B., Posey, C., Bennett, R. B. J., & Roberts, T. L. (2015). Leveraging fairness and reactance theories to deter reactive computer abuse following enhanced organisational information security policies: an empirical study of the influence of counterfactual reasoning and organisational trust. Information Systems Journal, 25(3), 193-273.
McDougall, W. (1921). An introduction to social psychology (14th ed). John W Luce & Company
Maddux, J. E., & Rogers, R. W. (1983). Protection motivation and self-efficacy: a revised theory of fear appeals and attitude change. Journal of Experimental Social Psychology, 19(5), 469-479.
Miceli, M. P., & Near, J. P. (1992). Blowing the whistle: the organizational and legal implications for companies and employees. Lexington Books.
MacKenzie, S. B., Podsakoff, P. M., & Ahearne, M. (1998). Some possible antecedents and consequences of in-role and extra-role salesperson performance. Journal of Marketing, 62(3), 87-98.
Morrison, E. W., & Phelps, C. C. (1999). Taking charge at work: extra role efforts to initiate workplace change. Academy of Management Journal, 42(4), 403-419.
Miron, E., Erez, M., & Naveh, E. (2004). Do personal characteristics and cultural values that promote innovation, quality, and efficiency compete or complement each other? Journal of Organizational Behavior, 25(2), 175-199.
Moller, A. C., Ryan, R. M., & Deci, E. L. (2006). Self-determination theory and public policy: improving the quality of consumer decisions without using coercion. Journal of Public Policy & Marketing, 25(1), 104-116.
Morrison, E. W. (2011). Employee voice behavior: integration and directions for future research. Academy of Management Annals, 5(1), 373-412.
Menard, P., Bott, G. J., & Crossler, R. E. (2017). User motivations in protecting information security: protection motivation theory versus self-determination theory. Journal of Management Information Systems, 34(4), 1203-1230.
Near, J. P., & Miceli, M. P. (1985). Organizational dissidence: the case of whistle-blowing. Journal of Business Ethics, 4(1), 1-16.
Nemeth, C. J., & Staw, B. M. (1989). The tradeoffs of social control and innovation in groups and organizations. Advances in Experimental Social Psychology, 22, 175-210.
Nemeth, C. J. (1997). Managing innovation: when less is more. California Management Review, 40(1), 59-74.
NCSAM. (2021). Cybersecurity awareness Month 2021 results report. Retrieved from https://staysafeonline.org/wp-content/uploads/2022/06/Cybersecurity-Awareness-Month-2021-Results-Report.pdf
Nead, N. (2021). How to prevent a data breach in your company. Retrieved from https://www.forbes.com/sites/forbesbusinesscouncil/2021/07/30/how-to-prevent-a-data-breach-in-your-company/
Ouchi, W. G. (1978). The transmission of control through organizational hierarchy. The Academy of Management Journal, 21(2), 173-192.
Ouchi, W. G. (1979). A conceptual framework for the design of organizational control mechanisms. Management Science, 25(9), 833-848.
Ouchi, W. G. (1980). Markets, bureaucracies, and clans. Administrative Science Quarterly, 25(1), 129-141.
Organ, D. W. (1988). Organizational citizenship behavior: the good soldier syndrome. Lexington books.
O’Reilly, C. (1989). Corporations, culture, and commitment: motivation and social control in organizations. California Management Review, 31(4), 9-25.
Organ, D. W., & Ryan, K. (1995). A meta‐analytic review of attitudinal and dispositional predictors of organizational citizenship behavior. Personnel Psychology, 48(4), 775-802.
Oldham, G. R., & Cummings, A. (1996). Employee creativity: personal and contextual factors at work. Academy of Management Journal, 39(3), 607-634.
Oliver, D. (2003). Whistle-blowing engineer. Journal of Professional Issues in Engineering Education and Practice, 129(4), 246-256.
Ogbanufe, O. (2021). Enhancing end-user roles in information security: exploring the setting, situation, and identity. Computers & Security, 108, 102340.
Ogbanufe, O., & Ge, L. (2023). A comparative evaluation of behavioral security motives: protection, intrinsic, and identity motivations. Computers & Security, 128, 103136.
Perrucci, R., Anderson, R. M., Schendel, D. E., & Trachtman, L. E. (1980). Whistle-blowing: professionals' resistance to organizational authority. Social Problems, 28(2), 149-164.
Podsakoff, P. M., & Organ, D. W. (1986). Self-reports in organizational research: problems and prospects. Journal of Management, 12(4), 531-544.
Podsakoff, P. M., MacKenzie, S. B., Moorman, R. H., & Fetter, R. (1990). Transformational leader behaviors and their effects on followers' trust in leader, satisfaction, and organizational citizenship behaviors. The Leadership Quarterly, 1(2), 107-142.
Premeaux, S. F., & Bedeian, A. G. (2003). Breaking the silence: the moderating effects of self‐monitoring in predicting speaking up in the workplace. Journal of Management Studies, 40(6), 1537-1562.
Puhakainen, P. (2006). A design theory for information security awareness.
Parker, S. K., Williams, H. M., & Turner, N. (2006). Modeling the antecedents of proactive behavior at work. Journal of Applied Psychology, 91(3), 636-652.
Puhakainen, P., & Siponen, M. (2010). Improving employees' compliance through information systems security training: an action research study. MIS Quarterly, 34(4), 757-778.
Parker, S. K., & Collins, C. G. (2010). Taking stock: integrating and differentiating multiple proactive behaviors. Journal of Management, 36(3), 633-662.
Posey, C., Roberts, T. L., Lowry, P. B., Bennett, R. J., & Courtney, J. F. (2013). Insiders' protection of organizational information assets: development of a systematics-based taxonomy and theory of diversity for protection-motivated behaviors. MIS Quarterly, 37(4), 1189-1210.
Pwc. (2014). 2014 Information Security Breaches Survey Technical Report. Retrieved from https://www.pwc.co.uk/assets/pdf/cyber-security-2014-technical-report.pdf
Pwc. (2018). The Global State of Information Security Survey 2018. Retrieved from https://www.pwc.com/sg/en/publications/assets/gsiss-2018.pdf
Parker, S. K., Wang, Y., & Liao, J. (2019). When is proactivity wise? a review of factors that influence the individual outcomes of proactive behavior. Annual Review of Organizational Psychology and Organizational Behavior, 6(1), 221-248.
Privacyrights. (2021). Data breaches. Retrieved from https://www.privacyrights.org/data-breaches
Rogers, R. W. (1975). A protection motivation theory of fear appeals and attitude change1. The Journal of Psychology, 91(1), 93-114.
Reio, T. G. (2012). The need for curiosity-driven scholarship in the field of human resource development. Human Resource Development Quarterly, 23(3), 281-284
Ryan, R. M., & Deci, E. L. (2017). Self-determination theory: basic Psychological needs in motivation, development, and wellness. Guilford publications.
Spielberger, C. D., & Starr, L. M. (2012). Curiosity and exploratory behavior. motivation: theory and research, 221.
Straub, D. W., & Welke, R. J. (1998). Coping with systems risk: security planning models for management decision making. MIS Quarterly, 22(4), 441-469.
Sheldon, K. M., & Kasser, T. (1998). Pursuing personal goals: skills enable progress, but not all progress is beneficial. Personality and Social Psychology Bulletin, 24(12), 1319-1331.
Seibert, S., Crant, J. M., & Kraimer, M. L. (1999). Proactive personality and career success. Journal of Applied Psychology, 84(3), 416-427.
Stryker, S., & Burke, P. J. (2000). The past, present, and future of an identity theory. Social Psychology Quarterly, 63(4), 284-297.
Stamper, C. L., & Dyne, L. V. (2001). Work status and organizational citizenship behavior: a field study of restaurant employees. Journal of Organizational Behavior, 22(5), 517-536.
Siponen, M., Pahnila, S., & Mahmood, A. (2007). Employees’ adherence to information security policies: an empirical study. International Federation for Information Processing-Publications-Ifip, 232, 133-144.
Siponen, M., & Vance, A. (2010). Neutralization: new insights into the problem of employee information systems security policy violations. MIS Quarterly, 34(3), 487-502.
Siponen, M., Pahnila, S., & Mahmood, M. A. (2010). Compliance with information security policies: an empirical investigation. Computer, 43(2), 64-71.
Schweizerische, S. N. V. (2013). Information technology-security techniques-information security management systems-requirements. ISO/IEC International Standards Organization.
Sommestad, T., Hallberg, J., Lundholm, K., & Bengtsson, J. (2014). Variables influencing information security policy compliance: a systematic review of quantitative studies. Information Management & Computer Security, 22(1), 42-75.
Sommestad, T., Karlzén, H., & Hallberg, J. (2015). A meta-analysis of studies on protection motivation theory and information security behaviour. International Journal of Information Security and Privacy(IJISP), 9(1), 26-46.
Safa, N. S., Sookhak, M., Solms, R.V., Furnell, S., Ghani, N.A., & Herawan, T. (2015). Information security conscious care behaviour formation in organizations. Computers & Security, 53, 65-78.
Sonnentag, S., & Starzyk, A. (2015). Perceived prosocial impact, perceived situational constraints, and proactive work behavior: Looking at two distinct affective pathways. Journal of Organizational Behavior, 36(6), 806-824.
Tyler, T. R. (2004). Promoting employee policy adherence and rule following in work settings-the value of self-regulatory approaches. Brooklyn Law Review, 70(4), 1287.
Thompson, J. A. (2005). Proactive personality and job performance: a social capital perspective. Journal of Applied Psychology, 90(5), 1011-1017.
Tyler, T. R., & Blader, S. L. (2005). Can businesses effectively regulate employee conduct? the antecedents of rule following in work settings. Academy of Management Journal, 48(6), 1143-1158.
Tangirala, S., & Ramanujam, R. (2008). Exploring nonlinearity in employee voice: the effects of personal control and organizational identification. Academy of Management Journal, 51(6), 1189-1203.
Tabachnick, B. G., & Fidell, L. S. (2013). Using Multivariate Statistics (6th ed.). Boston, MA: Pearson.
Tsohou, A., & Holtkamp, P. (2018). Are users competent to comply with information security policies? an analysis of professional competence models. Information Technology & People, 31(5), 1047-1068.
Trang, S., & Nastjuk, I. (2021). Examining the role of stress and information security policy design in information security compliance behaviour: an experimental study of in-task behaviour. Computers & Security, 104, 102222.
Turel, O., Xu, Z., & Guo, K. (2020). Organizational citizenship behavior regarding security: leadership approach perspective. Journal of Computer Information Systems, 60(1), 61-75.
Woodman, R. W., Sawyer, J. E., & Griffin, R. W. (1993). Toward a theory of organizational creativity. Academy of Management Review, 18(2), 293-321.
Willison, R., & Warkentin, M. (2013). Beyond deterrence: an expanded view of employee computer abuse. MIS Quarterly, 37(1), 1-20.
Wu, A. Y., Hanus, B., Xue, B., & Mahto, R. V. (2023). Information security ignorance: an exploration of the concept and its antecedents. Information & Management, 60(2), 103753.
Wang, D. D., Durcikova, A., & Dennis, A. R. (2023). Security is local: the influence of the immediate workgroup on information security. Journal of the Association for Information Systems, 24(4), 1052-1101.
Yen, H. R., Li, E. Y., & Niehoff, B. P. (2008). Do organizational citizenship behaviors lead to information system success?: testing the mediation effects of integration climate and project management. Information & Management, 45(6), 394-402.
Yin, Y., Hsu, C., & Zhou, Z. (2023). Employees' in-role and extra-role information security behaviors from the PE fit perspective. Computers & Security, 133, 103390.
Zhou, J., & George, J. M. (2001). When job dissatisfaction leads to creativity: encouraging the expression of voice. Academy of Management Journal, 44(4), 682-696.
電子全文 電子全文(網際網路公開日期:20270731)
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top