影響雲端運算服務使用意願之資安與風險因素探討

Wei-Cheng Chang; 張瑋宬

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/40998

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	曹承礎(Seng-Cho Chou)
dc.contributor.author	Wei-Cheng Chang	en
dc.contributor.author	張瑋宬	zh_TW
dc.date.accessioned	2021-06-14T17:10:59Z	-
dc.date.available	2013-09-20
dc.date.copyright	2011-09-20
dc.date.issued	2011
dc.date.submitted	2011-08-12
dc.identifier.citation	[中文部分] [1] 陳瑩等著（2010），雲端運算與虛擬化技術Cloud Computing Strategy，台北市：天下雜誌，58-79 [2] 台灣財團法人資訊工業策進委員會，http://mic.iii.org.tw/intelligence/, 2010. [3] 萬文隆（2004），”深度訪談在質性研究中的應用”，生活科技教育月刊，第三十七卷第四期 [4] 陳向明（2002），”社會科學質的研究”，台北市；五南 [5] 林金定、嚴嘉楓、陳美花（2005），”質性研究方法：訪談模式與時施步驟分析”，身心障礙研究，第三卷第二期 [6] 雲端運算使用案例討論小組（2010），”雲端運算使用案例白皮書”，第四版 [7] 王子夏、王平、林文暉、郭溥村、盧永翔（2010），”雲端運算服務之資安風險與挑戰”，資訊安全通訊期刊，第十六卷第二期 [8] 簡明宏（2010），”基於雲端運算防毒防駭策略之研究”，私立華梵大學資訊管理學系碩士論文 [9] 彭秀琴、張念慈（2011），”雲端運算下資訊安全之探討” [英文部分] [10] Merrill Lynch Estimates 'Cloud Computing' To Be $100 Billion Market, SYS-CON Media - Jul 8. 2008. [11] Armbrust M., Fox A., Griffith R., Joseph A., Katz R., Konwinski A., Lee G., Patterson D., Rabkin A., Stoica I., Zaharia M., “Above the Clouds: A Berkeley View of Cloud computing,” Technical Report No. UCB/EECS-2009-28, University of California at Berkley, USA, Feb. 10th, 2009. [12] DavisD.Fred.(1989), “Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology, ” MIS Quarterly, pp.319-340. [13] Cox, D.F. (1967), “Risk handling in consumer behavior: an intensive study of two cases”, in Cox,D.F. (Ed.), Risk Taking and Information Handling in Consumer Behavior, Harvard University Press, Boston, MA. [14] So, M.W.C. and Sculli, D. (2002), “The role of trust, quality, value and risk in conducting e-business”, Industrial Management & Data Systems, Vol. 102 No. 9, pp. 503-12. [15] Rogers, R. W. 1975. “A Protection Motivation Theory of Fear Appeals and Attitude Change,” Journal of Psychology (91), pp.93-114. [16] Rogers, R. W. 1983. “Cognitive and Physiological Processes in Fear Appeals and Attitude Change: A Revised Theory of Protected Motivation,” in Social Psychophysiology: A Sourcebook, J. T. Cacioppo, and R. E. Petty (eds.), New York: The Guilford Press. [17] Floyd, D. L., Prentice-Dunn, S., and Rogers, R. 2000. “A Meta-Analysis of Research on Protection Motivation Theory,” Journal of Applied Social Psychology (30:2), pp. 407-429. [18] Witte, K. 1992. “Putting the Fear Back into Fear Appeals: The Extended Parallel Process Model,” Communication Monographs (59), pp. 329-349. [19] Witte, K. 1994. “Fear Control and Danger Control: A Test of the Extended Parallel Process Model (EPPM),” Communication Monographs (61), pp. 113-134. [20] Witte, K., Cameron, K. A., McKeon, J. K., and Berkowitz, J. M.1996. “Predicting Risk Behaviors: Development and Validation f a Diagnostic Scale,” Journal of Health Communication (1), pp.317-341. [21] Lee, Y., and Larsen, K. R. 2009. “Threat or Coping Appraisal: Determinants of SMB Executives’ Decision to Adopt Anti-Malware Software,” European Journal of Information Systems (18), pp. 177-187. [22] LaRose, R., Rifon, N. J., and Enbody, R. 2008. “Promoting　Personal Responsibility for Internet Safety,” Communications of the ACM (51:3), pp. 71-76. [23] Woon, I. M. Y., Tan, G. W., and Low, R. T. 2005. “A Protection Motivation Theory Approach to Home Wireless Security,” in Proceedings of the 26th International Conference on Information Systems, D. Avison, D. Galletta, and J. I. DeGross, Las Vegas, December 11-14, pp. 367-380. [24] Bauer, R.A. (1960), “Consumer behaviour as risk taking”, in Hancock, R.F. (Ed.), Proceedings of the 43rd Conference of the American Marketing Association, American Marketing Association, Chicago, IL, pp. 389-98. [25] Cunningham, S.M. (1967), “The major dimensions of perceived risk”, in Cox, D.F. (Ed.), Risk Taking and Information Handling in Consumer Behavior, Harvard University Press,Boston, MA, pp. 82-108. [26] Jacoby, J. and Kaplan, L.B. (1972), “The components of perceived risk”, in Venkatesan, M. (Ed.), Proceedings of the 3rd Annual Conference of the Association for Consumer Research, Association for Consumer Research, College Park, MD, pp. 382-92. [27] Kaplan, L.B., George, J.S. and Jacoby, J. (1974), “Components of perceived risk in product purchase”, Journal of Applied Psychology, Vol. 59, June, pp. 287-91. [28] Roselius, T. (1971), “Consumer rankings of risk reduction methods”, Journal of Marketing, Vol. 35 No. 1, pp. 56-61. [29] Dowling, R. and Staelin, R. (1994), “A model of perceived risk and intended risk-handling activity”, Journal of Consumer Research, Vol. 21 No. 6, pp. 110-34. [30] Zikmund, W.G., and Scott, J.L., Proceedings of the Southern Marketing Association, Southern Marketing Association, Houston, TX, 1973, pp. 207-232 [31] Kogan, N., and Wallach, M.A. “Risk taking, a study in cognition and personality,” Greenwood Publishing Group, 1964. [32] Lim, N. (2003), “Consumers’ perceived risk: sources versus consequences”, Electronic Commerce Research and Applications, Vol. 2 No. 3, pp. 216-28. [33] Jarvenpaa, S.L. and Toad, P.A. (1996), “Consumer reactions to electronic shopping on the world wide web”, International Journal of Electronic Commerce, Vol. 1 No. 2, pp. 59-88. [34] Castaňeda, J.A., Montoso, F.J. and Luque, T. (2007), “The dimensionality of customer privacy concern on the internet”, Online Information Review, Vol. 31 No. 4, pp. 420-39. [35] Hoffman, D.L., Novak, T.P. and Peralta, M. (1999), “Building consumer trust online”, Communications of the ACM, Vol. 42 No. 4, pp. 80-5. [36] Doolin, B., Dillon, S., Thompson, F. and Corner, J.L. (2005), “Perceived risk, the internet shopping experience and online purchasing behavior: a New Zealand perspective”, Journal of Global Information Management, Vol. 13 No. 2, pp. 66-88. [37] Mukherjee, A. and Nath, P. (2007), “Role of electronic trust in online retailing: a re-examination of the commitment-trust theory”, European Journal of Marketing, Vol. 41 Nos 9/10, pp. 1173-202. [38] Poon, W.-. (2008), “Users’ adoption of e-banking services: the Malaysian perspective”, Journal of Business & Industrial Marketing, Vol. 23 No. 1, pp. 59-69. [39] Jarvenpaa, S.L., Tractinsky, N. and Vitale, M. (2000), “Consumer trust in an internet store”, Information Technology and Management, Vol. 1, pp. 45-71. [40] Jarvenpaa, S.L., Tractinsky, N., Saarinen, L. and Vitale, M. (1999), “Consumer trust in an internet store: a cross-cultural validation”, Journal of Computer-Mediated Communication, Vol. 5 No. 2, pp. 61-74. [41] Mitchell, V.W. and Greatorex, M. (1993), “Risk perception and reduction in the purchase of consumer services”, The Service Industries Journal, Vol. 13 No. 4, pp. 179-200. [42] Chen, L., Gillenson, M.L. and Sherrell, D.L. (2002), “Enticing online consumers: an extended technology acceptance perspective”, Information & Management, Vol. 39 No. 8, pp. 705-19. [43] Koufaris, M. (2002), “Applying the Technology Acceptance Model and Flow Theory to online consumer behavior”, Information System Research, Vol. 13 No. 2, pp. 205-23. [44] Luo, W. and Strong, D. (2000), “Perceived critical mass effect on groupware acceptance”, European Journal of Information Systems, Vol. 9 No. 2, pp. 91-103. [45] Mathieson, K., Peacock, E. and Chin, W.C. (2001), “Extending the technology acceptance model: the influence of perceived user resources”, The Database for Advances in Information Systems, Vol. 32 No. 3, pp. 86-112. [46] Moon, J.W. and Kim, Y.G. (2001), “Extending the TAM for a world-wide-web context”, Information & Management, Vol. 38 No. 4, pp. 217-30. [47] Lu, H.P., Hsu, C-L., Hsu, H-Y.(2005), “An empirical study of the effect of perceived risk upon intention to use online applications”, Information Management & Computer Security, Vol. 13 No.2, pp. 106-120. [48] Roca, J.C., Garcia, J.J., de la Vega, J.J. (2009), “The importance of perceived trust, security and privacy in online trading systems”, Information Management & Computer Security, Vol. 17 No.2, pp. 96-113. [49] Johnston, A.C., Warkentin, M.(2010), ”Fear Appeals and Information Security Behaviors: an empirical study”, MIS Quarterly, Vol. 34 No.3, pp. 549-566. [50] Benaroch, M., Lichtenstein, Y., Robinson, K.(2006), “Real Options in Information Technology Risk Management: an Empirical Validation of Risk-option Relationship” , MIS Quarterly, Vol. 30 No.4, pp. 827-864. [51] Robert, E. S.(2010), “Qualitative Research :studying how things work”, The Guilford Press. [52] Thong, J.Y.L.(1999), “An integrated model of information systems adoption in small business.” Journal of Management Information Systems, Vol. 15 NO.4, pp. 187-214. [53] Eisenhardt, K. M.(1989), “Building Theories from Case Study Research,” Academy of Management Review, Vol.14 NO.4, pp. 532-550. [54] Joint, A., Baker, E., Eccles, E.(2009), “Hey, you, get off of that cloud?” Computer Law & Security Review, Vol. 25, pp. 270–274 [55] Buyya, R., Yeo, C.S., Venugopal, S., Broberg, J., and Brandic, I.(2009), “Cloud Computing and Emerging IT Platforms: Vision, Hype, and Reality for Delivering Computing as the 5th Utility.” Future Generation Computer Systems, Vol.25 NO.6, pp.599-616 [56] Smith, R.(2009), “Computing in the Cloud.”Research Technology Management, Vol.52 NO.5, pp. 65-68 [57] Chau, P.Y.K., Tam, K.Y.(2000), “Organizational adoption of open systems: a ‘technology-push, need-pull’ perspective.” Information and Management,Vol.37, pp. 229-239 [58] Looi, H.C.(2005), “E-commerce adoption in Brunei Darussalam: a quantitative analysis of factors influencing its adoption”, Communication of the Association for Information Systems, Vol.15, pp. 61-81 [59] Boehm, B.W.(1989), “Software Risk Management”, IEEE-CS Press [60] Barki, H., Rivard, S., Talbot, J.(1993), “An Integrative Contingency Model of Software Project Risk Management”, Journal of Management Information Systems, Vol.17 No.4, pp. 37-69 [61] Keil, M., Cule, P.E., Lyytinen, K., Schmidt, R.C.(1998), “A framework for identifying software project risks”, Communications of the ACM, Vol.41 No. 11, pp. 76-83 [62] Ropponen, J., Lyytinen, K.(2000), “Components of software development risk: how to address them? A project manager survey”, IEEE Transactions on Software Engineering, Vol. 26 NO. 2, pp. 98-112 [63] Schmidt, R., Lyytinen, K., Keil, M., Cule, P.(2001), “Identifying Software Project Risks: An International Delphi Study”, Journal of Management Information Systems, Vol.17 NO. 4, pp. 5-36 [64] Clemons, E.K.(1991), “Evaluating Strategic Investments in Information Systems”, Communications of the ACM, Vol.34 NO. 1, pp. 22-36 [65] Kemerer, C.F., Sosa, G.L.(1991), “Systems Development Challenges in Strategic Use of Information Systems”, Information and Software Technology, Vol. 33 NO. 3, pp. 212-223 [66] Eisenhardt, K. M.(1989), “Building Theories from Case Study Research”, Academy of Management Review,Vol.14 NO. 4, pp. 532-550 [67] Clemons, E.K., and Weber, B.(1990), “Strategic Information Technology Investments: Guidelines for Decision Making”, Journal of Management Information Systems, Vol.7 NO. 2, pp. 9-28 [68] Schwartz, E.S., and Zozaya-Gorostiza, C.(2003), “Investment Under Uncertainty in Information Technology: Acquisition and Development Projects”, Management Science, Vol.49 NO. 1, pp.55-70 [69] Sullivan, K., Chalasani, P., Jha, S., and Sazawal, V.(1999), “Software Design as an Investment Activity: A Real Option Perspective”, in Real Options and Business Strategy: Applications to Decision-Making, L. Trigeorgis(ed.), Risk Books [70] Erdogmus, H., and Favaro, J.(2002), “Keep Your Options Open: Extreme Programming and Economics of Flexibility”, in XP Perspectives, Addison-Wesley Professional Series [71] Techopitayakul, D., and Johnson, B.(2001), “ASP-based Software Delivery: A Real Options Analysis”, 5th Annual Real Options Conference(Real Options Theory Meets Practice), UCLA, Los Angeles [72] Kim, Y.J., and Sanders, L.G.(2002), “Strategic Actions in Information Technology Investment Based on Real Option Theory”, Decision Support Systems, Vol. 33, pp.1-11 [73] Moran, H.(2002), “Real Options for Strategy development in the Introduction of Technology for Business and Process Innovation: New Applications for the Automatic Identification Technology in the Healthcare Industry”, MBA Dissertation Thesis, Judge Institute of Management, University of Cambridge [74] Yin, R. K.(2003), Case Study Research Design and Methods (3rd ed.), Thousand Oaks, CA: Sage Publications [75] Armstrong, C., and Sambamurthy, V.(1999), “Information Technology Assimilation in Firms: The Influence of Senior Leadership and IT Infrastructures”, Information Systems Research , Vol.10 NO.4, pp. 304-327 [76] Weill, P., and Olson, M. H.(1989), “Managing Investment in Information Technology: Mini Case Examples and Implications”, MIS Quarterly, Vol.13 NO.1, pp. 3-17 [77] Miles, M. B., and Huberman, A. M.(1994), Qualitative Data Analysis (2nd ed.), Thousand Oaks, CA: Sage Publications, Inc. [網路部分] [78] Oracle, Architectural Strategies for Cloud Computing, http://www.oracle.com/technology/architect/entarch/pdf/architectural_strategies_for_cloud_computing.pdf , 2009. [79] BroadGroup, http://www.broad-group.com, 2010. [80] Google, http://google.com, 2010. [81] Salesforce.com, http://salesforce.com, 2010. [82] Amazon Elastic Compute Cloud (Amazon EC2), http://www.amazon.com/ec2, 2010. [83] Amazon Simple Storage Service (Amazon S3), http://www.amazon.com/s3, 2010. [84] Amazon Web Service, http://aws.amazon.com/ , 2010. [85] Wikipedia, http://zh.wikipedia.org/zh-tw/%E9%A6%96%E9%A1%B5, 2010. [86] Cloud Security Alliance, “Top Threat to Cloud Computing V1.0” http://www.cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf, 2010. [87] Gartner, http://www.gartner.com/technology/home.jsp, 2010 [88] Digitimes, http://www.digitimes.com.tw/ ,2010.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/40998	-
dc.description.abstract	近年來雲端運算的興起引起各大業界的關注，紛紛成為業界討論的焦點，然儘管雲端運算替產業界創造機會，它同時也面臨了許多挑戰，由資策會針對台灣大型企業對雲端服務的採用疑慮調查中顯示，「資訊安全問題揮之不去」占了38.5%，名列8大疑慮之首，顯示企業對於資訊安全的保障仍缺乏信心，成為影響使用者使用雲端運算服務意願的首要因素。　　為此本研究的研究目的便是要找出「哪些資安及風險因素會影響使用者採用或建置雲端運算服務的使用意願」以及「因素是如何對使用者產生影響」。在影響因素部分，本研究採用雲端安全聯盟所提出之七大資安威脅（不安全的介面與應用程式介面、惡意的內部員工、共享環境所造成的議題、資料遺失或外洩、帳號或服務被竊取、稽核與蒐證、其他未知的風險）以及Benaroch et al.（2006）在其研究中匯整之IT投資面臨的八大風險因素（成本、效益、專案、功能、組織、競爭對手、環境、技術），統整共十五項資安威脅及風險假設因素。　　本研究採用個案研究的研究方法，以國內七間企業和一間學校為個案研究對象，衡量其對於雲端運算的資安考量，並驗證這些資安威脅和風險因素會影響雲端服務的採用意願。研究結果顯示，惡意的內部員工、共享環境所造成的議題、資料遺失或外洩、帳號或服務被竊取、其他未知的風險、功能風險等六項因素會嚴重影響雲端運算服務的採用意願；專案風險、環境風險、技術風險等三項因素對於雲端運算服務的採用意願負面影響程度是中等；稽核與蒐證、不安全的介面與應用程式介面、成本風險、效益風險、組織風險、競爭對手風險對於雲端運算服務採用意願的負面影響程度是低的。最後，本研究亦透過整合的觀點替雲端運算的環境建立一套風險管控的依循步驟，依照採用服務的使用流程，分別針對合約前、合約中、與合約後提出資安威脅與風險的評估步驟與建議，提供企業做為採用此項新科技的風險評估參考。	zh_TW
dc.description.abstract	Recently, the rising of cloud computing has drawn each industry’s attention. While cloud computing creates some opportunities for industries, it also encounters many challenges. According to the result of Institute for Information Industry’s research about large company’s concern when considering using cloud-based services in Taiwan, “the existence of information systems security problem” accounts for 38.5%, being the top 1 of all of the concerns. It shows that many corporations have little confidence in security protection provided by cloud service provider, thus information systems security problem becomes the primary factor affecting user’s will to adopt cloud-based services This study’s objective is to find out which security and risk factors will affect user’s will to use or establish cloud-based services and how these factors affect users in their unique contexts. For the influence factors, this study adopts “Top 7 Threats to Cloud Computing” introduced by Cloud Security Alliance: insecure interfaces and APIs, malicious insiders, shared technology issues, data loss or leakage, account or service hijacking, auditing and evidence gathering, unknown risk profile, and 8 risk fields for information technology investment collected by Benaroch et al.（2006）: costs, benefits, project, function, organizational, competition, environmental, technological. There are overall 15 security and risk factors proposed. This study use multiple case studies as methodology, choose 7 companies and 1 school as our case study subjects, and judge their security concerns as for cloud computing. We also justify our selection of factors influencing the willingness to adopt cloud-based services. The results of analyses show that malicious insiders, shared technology issues, data loss or leakage, account or service hijacking, unknown risk profile, and function risk factors will severely and negatively affect users’ willingness, which means their affecting level is high. The negative affecting level of project risk, environmental risk, and technological risk is medium. The negative affecting level of auditing and evidence gathering, insecure interfaces and APIs, costs, benefits, environmental risk, and competition risk is relatively low. Last, with an integration view, this study constructs some recommended steps in risk management for cloud computing environment. Based on the service adopting process, we propose a three-stage (before a contract, period of signing a contract, after a contract) security and risk assessing steps and come up with some suggestions. We hope the risk assessments provided by this study can be a useful reference for those companies that are willing to use this new IT.	en
dc.description.provenance	Made available in DSpace on 2021-06-14T17:10:59Z (GMT). No. of bitstreams: 1 ntu-100-R98725006-1.pdf: 1285828 bytes, checksum: d4ac1e8b8d6a853297b608a24681b632 (MD5) Previous issue date: 2011	en
dc.description.tableofcontents	中文摘要 III Abstract IV 目錄 VI 圖目錄 VIII 表目錄 VIII 第一章緒論 1 1.1 研究背景與動機 1 1.2 研究目的 4 1.3 研究流程 5 第二章文獻回顧 6 2.1 雲端運算 6 2.1.1 雲端運算定義 6 2.1.2 雲端運算服務供應商 8 2.1.3 雲端運算文獻探討 11 2.2 影響個人層級的科技採用因素 12 2.2.1 科技接受模型及相關文獻探討 13 2.2.2 保護動機理論及相關文獻探討 16 2.3 影響企業層級的科技採用因素 19 2.4 文獻探討小結 22 第三章研究方法 23 3.1 研究架構 23 3.1.1 雲端運算服務採用 23 3.1.2 影響雲端服務採用的資安及風險因素 25 3.2 研究設計 36 3.2.1 個案研究 36 3.2.2 資料蒐集 37 3.2.3 構面之操作 39 3.2.4 資料分析流程 40 第四章研究結果 42 4.1 雲端運算服務採用意願 42 4.2 影響雲端運算服務採用意願的因素 44 4.2.1 單一因素分析 45 4.2.2 整合因素分析 70 第五章結論與建議 77 5.1 討論 77 5.2 結論與研究貢獻 84 5.3 研究限制與未來研究建議 87 參考文獻 89 附錄一 95 附錄二 98
dc.language.iso	zh-TW
dc.subject	風險控管	zh_TW
dc.subject	雲端運算	zh_TW
dc.subject	雲端運算服務	zh_TW
dc.subject	資訊安全	zh_TW
dc.subject	risk management	en
dc.subject	cloud computing	en
dc.subject	cloud-based services	en
dc.subject	information systems security	en
dc.title	影響雲端運算服務使用意願之資安與風險因素探討	zh_TW
dc.title	Impact of Security and Risk Factors on Intention to Use Cloud-based Services	en
dc.type	Thesis
dc.date.schoolyear	99-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	杜志挺,許瑋元
dc.subject.keyword	雲端運算,雲端運算服務,資訊安全,風險控管,	zh_TW
dc.subject.keyword	cloud computing,cloud-based services,information systems security,risk management,	en
dc.relation.page	112
dc.rights.note	有償授權
dc.date.accepted	2011-08-12
dc.contributor.author-college	管理學院	zh_TW
dc.contributor.author-dept	資訊管理學研究所	zh_TW
顯示於系所單位：	資訊管理學系

文件中的檔案：

檔案	大小	格式
ntu-100-1.pdf 未授權公開取用	1.26 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。