資訊安全管理有效性與董事會架構關聯性探討 -以台灣上市櫃公司為例

Abstract

本研究主要目的係探討台灣上市櫃公司之資安事件管理成效性與企業董事會架構組成之關聯性。透過代理理論與資源依賴理論之討論，以手動方式搜尋網站資源以取得資安事件相關資料樣本，並結合從台灣經濟新報資料庫(TEJ)中之公司資料庫取得董事會結構之資料，探討企業董事會組成結構，如董事席次、獨立董事比例、董事之薪酬以及董事持股比例是否能影響資安事件發生與否以及事件次數。結果顯示，董事席次越高，則資安管理成效性越低；而獨立董事佔董事席次比例越高之企業，其資安管理成效性越低。以本研究結果推論，企業應根據自身需求及環境調整董事會組成，將董事席次與獨立董事比例納入考量因素，尤以獨立董事為外部人士，對於企業營運之熟悉度不高，易造成監督與決策上的困難，而不易發揮董事於資安管理之監督性及提供資源之貢獻，故企業於董事選任上應審慎考慮獨立董事之比例，以期提高企業資安管理之成效性。

This thesis focuses on the association between the effectiveness of information security management and the board structure. We build our hypotheses on the agency theory and the resource dependence theory. After searching the samples of information security breaches manually in Information Security and UDN website and combining them with the data of board structure from Company DB of Taiwan Economic Journal, we investigate the how the composition of the board such as size of board, percentage of independent directors, compensation of board directors and percentage of stocks which is owned by board directors could affect the occurrence of information security breaches. Our result demonstrates that as the size of board and the percentage of independent directors increases, the effectiveness of information security management decreases. Our finding suggests that firm should consider the size of board and the percentage of independent board directors when hiring directors and supervisors. The firm needs to have a balanced composition of independent and inside directors in order to achieve a better effectiveness of information security management.