校園組織成員對於資訊安全管理之認知研究

Chien-Yu Lin; 林建宇

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/44586

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	許瑋元(Carol Hsu)
dc.contributor.author	Chien-Yu Lin	en
dc.contributor.author	林建宇	zh_TW
dc.date.accessioned	2021-06-15T03:51:25Z	-
dc.date.available	2010-07-21
dc.date.copyright	2010-07-21
dc.date.issued	2010
dc.date.submitted	2010-07-13
dc.identifier.citation	中文部份： 1.林金定、嚴嘉楓、陳美花 (2005)，“質性研究方法：訪談模式與實施步驟分析”，身心障礙研究，第三卷第二期 2.林曙熙(2004)，“企業資訊安全管理之認知與實施研究”，清華大學工業工程與工程管理學研究所，碩士論文 3.李慧蘭(2007)，“國際資訊安全標準 ISO 27001 之網路架構設計–以國網中心為例探討風險管理”，國家實驗室研究院國家高速網路與計算中心 4.孟昊晨(2007)，“以TCSEC標準為基礎對我國政府機關內部網路安全問題的探討”，國土諮詢信息化，2007年第二期 5.洪國興、季延平、趙榮耀（2003），“資訊安全政策對資訊安全之影響”，臺灣經濟研究月刊, 27(9), 89-93 6.陳向明(2002)，“社會科學質的研究”，台北市：五南 7.黃志榮(2009)，“以知識管理手法建置資通安全之可行性研究”，成功大學工程管理研究所碩士在職班，碩士論文 8.張清雲(2003)，“以科技框架理論模式探討企業應用產品資料管理系統之研究”，國立中山大學資訊管理研究所在職專班碩士論文 9.張玲星(2008)，“組織導入資訊系統時各部門成員之權力運作 —「科技思維框架與華人關係理論之觀點」”，Journal of Management & Systems, Vol. 15, No. 3, 377-410 10.萬文隆(2004)，“深度訪談在質性研究中的應用”，生活科技教育月刊，2004年三十七卷第四期 11.詹燦芳(2008)，“國內ISMS導入效益、成功要素與遭遇困難之研究”，台灣科技大學資訊管理所碩士班，碩士論文 12.褚麗絹(2006)，“以策略觀點探討組織資訊安全管理系統之導入與管理模式”，中央警察大學行政警察學系暨警察政策研究所 13.樊國楨、林樹國、鄭東昇(2005)，“資訊安全保證框架標準初探：根基於 ISO/IEC”，94年度資通安全分析專論。 14.樊國楨、黃健銘(2008)，“重要民生基礎建設與資訊安全--以醫療產業資訊安全之風險管理為例”，經濟部標準檢驗局資料中心 15.謝惠玲(2007)，“資訊安全機制規劃及建置之現況調查與分析─以國內大學校園系統為例”，靜宜大學資訊管理研究所碩士班，碩士論文英文部分： 1.Annapoornima, M. S., Sho, P. H.(2004)”Determinants of Technological Frames: A Study of E-learning Technology”, International Engineering Management Conference. 2.Aron, R., Clemons, E. K., Reddi, S.(2005)“Just Right Outsourcing: Understanding and Managing Risk.”, Journal of Management Information Systems, Vol. 22, No. 2, 37-55. 3.Backhouse, J., Hsu, C., Silva, L.(2006)“Circuits of Power in Creating De Jure Standards: Shaping an International Information Systems Security Standard.”,MIS Quarterly, 30(Special issue) 413-438. 4.Barki, H., Rivard, S., Talbot, J.(2001)“An Integrative Contingency Model of Software Project Risk Management.”, Journal of Management Information Systems, Vol. 17, No. 4, 37-69. 5.Benaroch, M., Jeffery, M., Kauffman, R. J., Shah,S. (2007)“Option-Based Risk Management: A Field Study of Sequential Information Technology Investment Decisions.”,Journal of Management Information Systems, Vol 24, No. 2, 103-140. 6.Benaroch, M., Lichtenstein, Y., Robinson, K.(2006)“Real options in information technology risk management: an empirical validation of risk-option relationships.”, MIS Quarterly, Vol. 30, No. 2, 827. 7.Brenner, J.(2007)“ISO 27001: Risk management and compliance.”, Risk Management, Vol 54, issue 1, ABI/INFORM Global, 24. 8.Cavusoglu, H., Raghunathan, S., Yue, W. T.(2008)“Decision-Theoretic and Game-Theoretic Approaches to IT Security Investment.”, Journal of Management Information Systems, Vol. 25, No.2, 281-304. 9.Cooper, R. B., Zmud, R. W.(1990)“Information Technology Implementation Research: A Technological Diffusion Approach”, Management Science, Vol. 36, issue 2, 123-139. 10.Currie, W. L., Willcocks, L. P.(1998)“Analysing four types of IT sourcing decisions in the context of scale, client/supplier interdependency and risk mitigation.”, Information Systems Journal, Vol. 8, issue 2, 119–143. 11.Davidson, E., D, Pai.(2004)“ Making Sense of Technological Frames: Promise, Progress, and Potential”, IFIP Working Group 8.2 Conference, UK: Manchester. 12.Gallivan, M. J., Oh, W., Kim, J. W.(2006)“The Market's Perception of the Transactional Risks of Information Technology Outsourcing Announcement.”, Journal of Management Information Systems , Vol. 22, No. 4, 271-303. 13.Gewald, H., Dibbern, J.(2009)“Risks and benefits of business process outsourcing: A study of transaction services in the German banking industry.”, Information & Management, Vol. 46, issue 4, 249-257. 14.Gordon, L. A., Loeb, M, P., Lucyshyn,W., Richardson,R.(2006)“2006 CSI/FBI Computer crime and security survey”, Computer Security Institute. 15.Herath, S. B., Herath, T. C.(2008)“Investments in Information Security: A Real Options Perspective with Bayesian Postaudit.”, Journal of Management Information Systems, Vol. 25, No. 3, 337-375. 16.Hong, K. S., Chi, Y. P., Chao, L. R., Tang, J. H.(2003)“An integrated system theory of information security management”，Information Management & Computer Security, Vol. 11, issue 5, 243-248 17.Hsu, C (2009) “Frame misalignment: interpreting the implementation of information systems security certification in an organization”, European Journal of Information Systems, Vol. 18, 140-150 18.Huang, S. J., Han, W. M.(2008)“Exploring the relationship between software project duration and risk exposure: A cluster analysis.”, Information & Management, Vol. 45, issue 3, April 2008, Pages 175-182. 19.Jianga, J., Klein, G.(1999)“Risks to different aspects of system success.”, Information and Management, Vol. 36, No. 5, 263. 20.Kauffman, R. J., Sougstad, R.(2008)“Risk Management of Contract Portfolios in IT Services: The Profit-at-Risk Approach.”, Journal of Management Information Systems, Vol. 25, No. 1, 17-48. 21.Keil, M., Bernard, C, Y, Tan., Wei, K., Saariene, T.(2000)“A cross-cultural study on escalation of commitment behavior in software project.”, MIS Quarterly, Vol. 24, No. 2, 299-325. 22.Keil, M., Tiwana, A.,Bush, A.(2002)“Reconciling user and project manager perceptions of IT project risk: a Delphi study.”, Information Systems Journal (2002) 12, 103-119. 23.Khoo, M.(2001)“Community Design of DLESE's Collections Review Policy: A Technological Frames Analysis”, First ACM/IEEE-CS Joint Conference on Digital Libraries, USA: Virginia. 24.Kotulic, A. G., Clark, J. G.“Why there aren’t more information security research studies. ”, Information & Management, Vol. 41, issue 5, 597-607. 25.Kumar, R. L.(1996)“A Note on Project Risk and Option Values of Investments in Information Technologies.”, Journal of Management Information Systems, Vol. 13, issue 1, 187-193. 26.Kumar, R. L.(2002)“Managing risks in IT projects: an options perspective.”, Information & Management, Vol 40, issue 1, Pages 63-74. 27.Lassila, K, S., Brancheau, J, C.(1999)“Adoption and Utilization of Commercial Software Packages: Exploring Utilization Equilibria, Transitions, Triggers, and Tracks.”, Journal of Management Information Systems; Fall99, Vol. 16, issue 2, 63-90. 28.Marble, R. P.(2000)“Operationalising the implementation puzzle: an argument for eclecticism in research and in practice.”, European Journal of Information Systems (2000) 9, 132–147. 29.McDaniel, G. (1994)“IBM Dictionary of Computing” New York, NY: McGraw-Hill, Inc. 30.Munkvold, B. E.(1999)“Challenges of IT implementation for supporting collaboration in distributed organizations.”, European Journal of Information Systems (1999) 8, 260–272. 31.Nidumolu, S.(1996)“Standardization, requirements uncertainty and software project performance.”, Information & Management, Vol. 31, issue 3, 135-150. 32.Orlikowski, W. J., Baroudi, J. J.(1991)“The institute of Management Sciences”,Information Systems Research 2:1, studying information technology in organizations: Research approaches and assumptions, 1-28. 33.Orkiloswki, W. J., Gash, D.(1994)”Technological Frames: Making Sense of Information Technology in Organizations”,ACM Transactions on Information Systems, Vol. 12, No. 2, 174-207 34.Orlikowski, W. J., Robey, D.(1991)“ Information Technology and the Structuring of Organizations”, Information Systems Research, Vol. 2, No. 2, 1991, 143-169. 35.Patton, M.Q. (1995)“質的評鑑與研究” (Qualitative evaluation and research methods，吳芝儀、李奉儒譯)。臺北市 : 桂冠 36.Ramachandran, S., Rao, S.(2006)”Security cultures in organizations: a theoretical model Americas Conference on Information Systems”, Acapulco. 37.Venkatraman, N., Loh, L., Koh, J.(1994)”The Adoption of Corporate Governance Mechanism: A Test of Competing Diffusion Models.”, Management Science, Vol. 40, issue 4, 496-507. 38.Robbie, T. N., Charalambos L. I(2009)“A comparative study of important risk factors involved in offshore and domestic outsourcing of software development projects: A two-panel Delphi study.”, Information & Management, Vol. 46, issue 1, 57-68. 39.Schmidt, R., Lyytinen, K., Keil, M., Cule, P.(2001)“dentifying Software Project Risks: An International Delphi Study.”, Journal of Management Information Systems, Vol. 17, No. 4 , 5-36. 40.Siponen, M.(2000)“A concenptual foundation for organizational information security awareness.”,Information Management & Computer Security, Vol. 8, issue 1, 31-41. 41.Siponen, M (2003)“Information security management standards: problems and solutions.”In Proceedings of the Seventh Pacific Asia Conference on Information Systems p 1550–1561, Adelaide, Australia. 42.Siponen, M.(2006)“Information Security Standards Focus on the Existence of Process, Not Its Content?” Communications of the ACM vol. 49, issue 8, 97–100. 43.Siponen, M., Iivari, J.(2006)“Six Design Theories for IS Security Policies and Guidelines.”, Journal of Associations for Information Systems, Vol. 7, issue 7, 445-472. 44.Siponen, M., Willison, R.(2007)“A critical assessment of IS security research between 1990-2004.”, J.S.a.R.W. Hubert Österle, ed. 15th European Conference on Information Systems, St. Gallen, Switzerland, 1551-1559. 45.Wallace, L., Keil, M., Rai, A.(2004)“Understanding software project risk: a cluster analysis.”, Information & Management, Vol. 42, issue 1, Pages 115-125. 46.Willcocks, L. P., Lacity, M. C.(1999)“IT outsourcing in insurance services: risk, creative contracting and business advantage.”, Information Systems Journal, Vol.9, issue 3, 163-180. 47.Wiander, T (2008) “Implementing the ISO/IEC 17799 standard in practice–experiences on audit phases.” In Proceedings of the Australasian Information ecurity Conference, Wollongong, Australia.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/44586	-
dc.description.abstract	本研究意圖瞭解組織實施資訊安全管理時，其內部不同族群、角色成員之間的認知差異情況為何，並且探討此差異情況對於組織的資訊安全管理會造成哪些影響。本研究採用了科技框架理論概念和質性研究之訪談方法，以國內某所大學做為研究對象，探討組織內部不同族群之成員在面對資訊安全管理導入與建置的過程中，因受到不同認知框架的影響產生了理解與溝通上的隔閡而發生了阻礙的現象，並且進一步地找出其影響因素為何。研究結果發現，組織內部不同族群之間在對於組織導入資訊安全管理的認知上具有差異，並且實際影響了組織實作資訊安全管理的成效。本研究對於各族群成員的認知框架形成原因進行探討，根據自身在組織資訊環境中的角色認知將其歸納為使用者、執行者與溝通者等三種角色，並分析角色間認知差異對於組織資訊安全管理與溝通層面造成的諸多不良的影響。在研究結論的部分提供了理論面與實際面的研究貢獻，做為資訊安全管理領域文獻以及校園組織資訊安全管理導入與建置的參考。	zh_TW
dc.description.abstract	The aim of this research is to understand the perceptions of actors in different groups, and the influence of the incongruent perceptions on the information security management. This research adopts the concept of technological frames, and carries out a qualitative case study in a local university in Taiwan. The empirical results indicate that there exist different perceptions associated with information security management among various groups and the incongruence of frames have a consequent impact on the efficiency during the implementation process. We further analyze the underlying social and institutional context that might be relevant to the development of the frames incongruence. We conclude with the theoretical implications on the areas of information security management literature, and practical implications on how university can more effectively manage the implementation of information security management practices.	en
dc.description.provenance	Made available in DSpace on 2021-06-15T03:51:25Z (GMT). No. of bitstreams: 1 ntu-99-R97725043-1.pdf: 1699137 bytes, checksum: bcbf607109d24ce73bf212a6f18032cf (MD5) Previous issue date: 2010	en
dc.description.tableofcontents	謝辭 i 摘要 ii Abstract iii 圖目錄 vi 表目錄 vii 第一章：導論 1 第一節：研究背景與動機 1 第二節：研究目的 5 第三節：研究問題 6 第四節：研究流程 7 第二章：文獻探討 9 第一節：資訊安全的管理觀點 9 第二節：組織導入活動與資訊安全管理系統 12 第三節：風險管理與組織成員認知差異 15 第三章：研究架構 23 第一節：科技框架(Technological Frame)的意義 23 第二節：研究設計 26 第三節：研究方法 27 第四節：研究對象 32 第五節：場域描述 35 第四章：訪談分析 38 第一節：受訪對象描述 38 第二節：組織成員對於資訊安全與風險管理的認知 44 第三節：組織成員對於自身於組織資訊環境中的角色認定 91 第五章：結論與建議 95 第一節：結論 95 第二節：研究貢獻與建議 104 第三節：後續研究建議 109 參考文獻 111 附錄 119
dc.language.iso	zh-TW
dc.title	校園組織成員對於資訊安全管理之認知研究	zh_TW
dc.title	The Perceptions of Information Security Management in The University Environment	en
dc.type	Thesis
dc.date.schoolyear	98-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	張欣綠(Hsin-Lu Chang),王大維(Ta-wei Wang)
dc.subject.keyword	資訊安全管理,校園資訊安全管理,資訊安全管理系統,科技框架,質性研究,	zh_TW
dc.subject.keyword	Information security management,Campus information security management,Information security management system,Technological frame,Qualitative study,	en
dc.relation.page	126
dc.rights.note	有償授權
dc.date.accepted	2010-07-13
dc.contributor.author-college	管理學院	zh_TW
dc.contributor.author-dept	資訊管理學研究所	zh_TW
顯示於系所單位：	資訊管理學系

文件中的檔案：

檔案	大小	格式
ntu-99-1.pdf 目前未授權公開取用	1.66 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。