請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/46739
完整後設資料紀錄
DC 欄位 | 值 | 語言 |
---|---|---|
dc.contributor.advisor | 許瑋元(Wei-Yuan Hsu) | |
dc.contributor.author | Wei-Ming Chan | en |
dc.contributor.author | 詹偉銘 | zh_TW |
dc.date.accessioned | 2021-06-15T05:26:38Z | - |
dc.date.available | 2013-07-22 | |
dc.date.copyright | 2010-07-22 | |
dc.date.issued | 2010 | |
dc.date.submitted | 2010-07-15 | |
dc.identifier.citation | [1] Ader, H., Mellenbergh, G., & Hand, D. (2008). Advising on research methods: A consultant's companion: Johannes van Kessel Publ.
[2] Akerlof, G. (1970). The market for' lemons': Quality uncertainty and the market mechanism. The quarterly journal of economics, 488-500. [3] Aldrich, H., & Pfeffer, J. (1976). Environments of organizations. Annual review of sociology, 2(1), 79-105. [4] Allen, J., Gabbard, D., May, C., Hayes, E., & Sledge, C. (2003). Outsourcing managed security services. [5] Anderson, E., & Schmittlein, D. (1984). Integration of the sales force: an empirical examination. The Rand Journal of Economics, 15(3), 385-395. [6] Ang, S., & Cummings, L. (1997). Strategic response to institutional influences on information systems outsourcing. Organization Science, 8(3), 235-256. [7] Aubert, B., Dussault, S., Parry, M., & Rivard, S. (1999). Managing the risk of IT outsourcing. [8] Aubert, B., Patry, M., & Rivard, S. (2005). A framework for information technology outsourcing risk management. ACM SIGMIS Database, 36(4), 28. [9] Aubert, B., Patry, M., Rivard, S., & CIRANO. (1998). Assessing the risk of IT outsourcing. [10] Aubert, B., Patry, M., Rivard, S., & Smith, H. (2001). IT outsourcing risk management at British Petroleum. [11] Aubert, B., Rivard, S., & Patry, M. (1996). A transaction cost approach to outsourcing behavior: some empirical evidence. Information & Management, 30(2), 51-64. [12] Axelrod, C. (2004). Outsourcing information security: Artech House Publishers. [13] Bahli, B., & Rivard, S. (2003). The information technology outsourcing risk: a transaction cost and agency theory-based perspective. Journal of Information Technology, 18(3), 211-221. [14] Bahli, B., & Rivard, S. (2005). Validating measures of information technology outsourcing risk factors. Omega, 33(2), 175-187. [15] Bandyopadhyay, K., Mykytyn, P., & Mykytyn, K. (1999). A framework for integrated risk management in information technology. Management Decision, 37(5), 437-445. [16] Barney, J. (1986). Strategic factor markets: expectations, luck, and business strategy. Management Science, 1231-1241. [17] Belsley, K., Kuh, E., & Welsch. (1980). Regression Diagnostics: Identifying Influential Data and Sources of Collinearity. J. Wiley. [18] Bennett, R., & Robinson, S. (2000). Development of a measure of workplace deviance. Journal of applied psychology, 85(3), 349-360. [19] Bentler, P. (2006). EQS 6 structural equations modeling program manual. Encino, CA: Multivariate Software: Inc. . [20] Bhattacherjee, A. (2001). Understanding information systems continuance: An expectation-confirmation model. MIS quarterly, 25(3), 351-370. [21] Boehm, B., & DeMarco, T. (1989). Software risk management: IEEE Computer Society Press CA. [22] Broderick, D. J. S. (2001). Information Security Risk Management –When Should It be Managed? Information Security Technical Report, 6(3). [23] Carr, N. (2004). IT doesn't matter. IEEE Engineering Management Review, 32(1), 24-32. [24] Cheon, M., Grover, V., & Teng, J. (1995). Theoretical perspectives on the outsourcing of information systems. Journal of Information Technology, 10(4), 209-219. [25] Cisco. Securing Your Business Information—Strategies for Outsourcing Security Measures. [26] Coase, R. (1937). The nature of the firm. Economica, 386-405. [27] Collier, P. (2009). Fundamentals of Risk Management for Accountants and Managers: Tools & Techniques: Butterworth-Heinemann. [28] Conner, K. (1991). A historical comparison of resource-based theory and five schools of thought within industrial organization economics: do we have a new theory of the firm? Journal of management, 17(1), 121. [29] Debar, H., & Viinikka, J. (2006). Security information management as an outsourced service. Information Management & Computer Security, 14(5), 417-435. [30] Deshpande, D. (2005). Managed security services: an emerging solution to security. Paper presented at the Proceedings of the 2nd annual conference on Information security curriculum development. [31] Dhar, S., & Balakrishnan, B. (2006). Risks, benefits, and challenges in global IT outsourcing: Perspectives and practices. Journal of Global Information Management, 14(3), 59-89. [32] Due, R. (1992). The real costs of outsourcing. Information Systems Management, 9(1), 78-81. [33] Earl, M. (1996). The risks of outsourcing IT. Sloan Management Review, 37, 26-32. [34] Efron, B. (1979). Bootstrap methods: another look at the jackknife. The annals of statistics, 7(1), 1-26. [35] Efron, B. (1982). The jackknife, the bootstrap and other resampling plans. [36] Eisenhardt, K. (1988). Agency-and institutional-theory explanations: The case of retail sales compensation. Academy of Management Journal, 31(3), 488-511. [37] Elam, J., & Jimenez, S. (1988). Transforming the IS organization: Intl Center for Information. [38] Endorf, C. (2004). Outsourcing Security: The need, the risks, the providers, and the process. Information Security Journal: A Global Perspective, 12(6), 17-23. [39] Epstein, M., & Rejc, A. (2006). Identifying, measuring, and managing organizational risks for improved performance. RISK Management Accounting Guideline. [40] Gupta, U., & Gupta, A. (1992). Outsourcing the is function: it is necessary for your organization? Information Systems Management, 9(3), 44-50. [41] Jensen, M., & Meckling, W. (1976). Theory of the firm: Managerial behavior, agency costs and ownership structure. Journal of financial economics, 3(4), 305-360. [42] Jurison, J. (1995). The role of risk and return in information technology outsourcing decisions. Journal of Information Technology, 10, 239-248. [43] Kaplan, S., & Garrick, B. (1981). On the quantitative definition of risk. Risk analysis, 1(1), 11-27. [44] Kavanagh, K., & Pescatore, J. (2007). Magic Quadrant for MSSPs, North America, 1H07: Gartner. [45] Kerlinger, F. (1970). Foundations of behavioral research: Educational and psychological inquiry: Holt, Rinehart & Winston. [46] Klein, B., Crawford, R., & Alchian, A. (1978). Vertical integration, appropriable rents, and the competitive contracting process. The journal of Law and Economics, 21(2), 297. [47] Kline, R. (2005). Principles and practice of structural equation modeling: The Guilford Press. [48] Kotulic, A., & Clark, J. (2004). Why there aren't more information security research studies. Information & Management, 41(5), 597-607. [49] Lacity, M., & Hirschheim, R. (1993). Information systems outsourcing: Wiley New York. [50] Lacity, W. (1995). IT outsourcing: Maximize flexibility and control. Harvard Business Review, 73(3). [51] Lee, J., & Kim, Y. (1999). Effect of partnership quality on IS outsourcing success: conceptual framework and empirical validation. Journal of Management Information Systems, 15(4), 29-61. [52] Loh, L., & Venkatraman, N. (1992). Determinants of information technology outsourcing: A cross-sectional analysis. Journal of Management Information Systems, 9(1), 7-24. [53] Mathieson, K. (1991). Predicting user intentions: comparing the technology acceptance model with the theory of planned behavior. Information Systems Research, 2(3), 173-191. [54] Nam, K., Rajagopalan, S., Rao, H. R., & Chaudhury, A. (1996). A two-level investigation of information systems outsourcing. Communications of the ACM, 39(7). [55] Navarro, L. (2001). Information Security Risks and Managed Security Service. Information Security Technical Report, Vol 6(3). [56] Nunnally, J. (1967). Psychometric methods. New York. [57] Peter, J. (1979). Reliability: a review of psychometric basics and recent marketing practices. Journal of marketing research, 16(1), 6-17. [58] Pfeffer, J., & Salancik, G. (1978). The external control of organizations. New York, 263. [59] Porter, M. (1979). How competitive forces shape strategy. Harvard business Review. [60] Protivity. (2004). Managing the risks of outsourcing : a survey of current Practices and their Effectiveness. [61] PWC. (2010). Global state of information security survey. [62] Riordan Oliver, E., & Michael, H. (1985). Asset specificity and economic organization. International Journal of Industrial Organization, 3(4), 365-378. [63] Ross, S. (1973). The economic theory of agency: The principal's problem. The American Economic Review, 134-139. [64] Schneier, B. (2002). The case for outsourcing security. Computer, 35(4), 20-26. [65] Thomson, J. (1967). Organizations in action. New York. [66] Van de Ven, A., & Ferry, D. (1980). Measuring and assessing organizations: John Wiley & Sons. [67] Wang, E. (2002). Transaction attributes and software outsourcing success: an empirical investigation of transaction cost theory. Information Systems Journal, 12(2), 153-181. [68] Williamson, O. (1973). Markets and hierarchies: some elementary considerations. The American Economic Review, 63(2), 316-325. [69] Williamson, O. (1979). Transaction-cost economics: the governance of contractual relations. The journal of Law and Economics, 22(2), 233. [70] Williamson, O. (1981). The economics of organization: The transaction cost approach. American journal of sociology, 87(3), 548. [71] Williamson, O. (1985). The Economic Institutions of Capitalism: Firms. Markets, Relational Contracting, New York. | |
dc.identifier.uri | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/46739 | - |
dc.description.abstract | 近年來由於資訊科技的標準化和商品化,商業活動的進行高度仰賴資訊科技,但無形中也大幅增加企業的作業風險,為了有效將降低資訊科技帶來的營運風險,資訊安全的重要性與日俱增,甚至已成為企業營運上新的必需品。在這樣的背景條件下,企業漸漸透過資訊安全委外來降低成本或者獲取所需之資安技術能力,雖然委外資訊安全可為企業帶來豐碩的優勢,但涉及複雜的第三方關係,委外資訊安全可同時潛藏著極大的風險,如此利弊不易衡量情況令大多數企業決策是否委外資訊安全遭遇許多困難。本研究企圖了解資訊安全委外風險對於企業委外資安意圖之影響,並探討影響資訊安全委外風險的重要因素。
本研究主要應用交易成本理論以及代理人理論發展具有理論基礎的決策模型,並定義了影響資訊安全委外風險的五大因素,包括資產特殊性、不確定性、客戶端缺乏經驗及專業能力、供應商缺乏經驗及專業能力以及供應商數目稀少。研究方法上,本研究是以問卷調查實證研究方式進行,並以國內企業之資深資訊主管以及資訊安全專員為問卷調查對象。研究結果發現,資訊安全委外風險的確顯著影響企業委外資安的意願,其中不確定性將導致供應商投機性行為增加,是資訊安全委外風險來源的主因。 | zh_TW |
dc.description.abstract | When information security has become a must-have function for a corporation, outsourcing information security begins to be recognized as a strategy to obtain security resources. However, most of information system managers are still confronted with difficulties when deciding whether to outsource information security or not. This research objective is to develop an integrative framework based on transaction cost theory and agency theory in assessing information security outsourcing intention. To test the usefulness of the research framework, this research adopt a quantitative method by surveying IT managers and security professionals in Taiwan. Results show that there is a strong relationship between information security outsourcing risk and information security outsourcing intention. In addition, although several predictors of information security outsourcing risk are not significant, this research found that uncertainty is the important influence on information security outsourcing risk. | en |
dc.description.provenance | Made available in DSpace on 2021-06-15T05:26:38Z (GMT). No. of bitstreams: 1 ntu-99-R97725029-1.pdf: 808539 bytes, checksum: 047ad8019c354b5e12d9424eb4bbbdd5 (MD5) Previous issue date: 2010 | en |
dc.description.tableofcontents | 謝詞 i
摘要 ii Abstract iii Contents iv List of Tables v List of Figures vi Chapter 1 Introduction 1 1.1 Research Background 1 1.2 Research Motivation 2 1.3 Research Objective 3 1.4 Structure of the Thesis 3 Chapter 2 Literature Review 4 2.1 Information System Security 4 2.2 IT Outsourcing 8 2.3 Risks Management of IT Outsourcing 10 Chapter 3 Research Framework 18 3.1 Transaction Cost Theory and Agency Theory 18 3.2 Research Hypothesis and Research Model 21 Chapter 4 Research Method 27 4.1 Development of Measures 27 4.2 Sample Sources 31 Chapter 5 Results and Data Analysis 33 5.1 Sample Characteristics 33 5.2 Descriptive Statistics and Analysis of Sample Distribution 35 5.3 Reliability & Validity 39 5.4 Regression Analysis 40 5.5 Bootstrapping Analysis 47 Chapter 6 Discussion 51 Chapter 7 Conclusion 57 Bibliography 61 Appendix: Questionnaire Items 65 | |
dc.language.iso | en | |
dc.title | 以風險的角度探討資訊安全委外意圖 | zh_TW |
dc.title | Analyzing Information Security Outsourcing Intention: A Risk Perspective | en |
dc.type | Thesis | |
dc.date.schoolyear | 98-2 | |
dc.description.degree | 碩士 | |
dc.contributor.oralexamcommittee | 王大維(Ta-Wei Wang),張欣綠(Hsin-Lu Chang) | |
dc.subject.keyword | 資訊安全管理,資訊系統委外,委外風險,交易成本理論,代理人理論, | zh_TW |
dc.subject.keyword | Information security management,Information technology outsourcing,outsourcing risk,Transaction cost theory,Agency cost theory, | en |
dc.relation.page | 69 | |
dc.rights.note | 有償授權 | |
dc.date.accepted | 2010-07-16 | |
dc.contributor.author-college | 管理學院 | zh_TW |
dc.contributor.author-dept | 資訊管理學研究所 | zh_TW |
顯示於系所單位: | 資訊管理學系 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-99-1.pdf 目前未授權公開取用 | 789.59 kB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。