請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/64332
完整後設資料紀錄
DC 欄位 | 值 | 語言 |
---|---|---|
dc.contributor.advisor | 許瑋元(Wei-Yuan Hsu) | |
dc.contributor.author | Tzu Lin | en |
dc.contributor.author | 林孜 | zh_TW |
dc.date.accessioned | 2021-06-16T17:41:13Z | - |
dc.date.available | 2013-08-17 | |
dc.date.copyright | 2012-08-17 | |
dc.date.issued | 2012 | |
dc.date.submitted | 2012-08-14 | |
dc.identifier.citation | 一、英文部分
Beccaria, C. On Crimes and Punishments Bobbs-Merrill, Indianapolis, 1963. Blumstein, A., Cohen, J., and Nagin, D. Deterrence and incapacitation: Estimating the effects of criminal sanctions on crime rates, 1978. Chin, W. W., Marcolin, B. L., and Newsted, P. R. ' A partial least squares latent variable modeling approach for measuring interaction effects: Results from a Monte Carlo simulation study and voice mail emotion/adoption study,' Information Systems Research (14:2) 2003, pp 21-41. Crockford, N. 'An Introduction to Risk Management,') 1980. Cronbach, L. J. 'Coefficient alpha and the internal structure of tests,' Psychometrika (16:3) 1951, pp 297-334. Cusson, M. 'Situational Deterrence: Fear During the Criminal Event,' Crime prevention studies) 1993, pp 55-68. D'Arcy, J., Hovav, A., and Galletta, D. 'User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach,' Information Systems Research (20:1) 2008, pp 79-98. Deloitte 'Raising the Bar.' Dhillon, G., and Backhouse, J. 'Information System Security Management in the New Millennium,' Communications of the ACM (43:7) 2000, pp 125-128. Erickson, M. L., Gibbs, J. P., and Jensen, G. F. 'The Deterrence Doctrine and the Perceived Certainty of Legal Punishments,' American Sociological Review (42:2) 1977, pp 305-317. Ernst&Young 'Borderless security.' Farrar, D. E., and Glauber, R. R. 'Multicollinearity in Regression Analysis: The Problem Revisited,' The Review of Economics and Statistics (49:1) 1967, pp 92-107. Fornell, C., and Bookstein, F. L. 'Two Structural Equation Models: LISREL and PLS Applied to Consumer Exit-Voice Theory,' Journal of Marketing Research (19:4) 1982, pp 440-452. Gibbs, J. P. Crime, Punishment, and Deterrence Elsevier, New York, 1975. Hone, K., and Eloff, J. H. P. 'Information security policy-what do international information security standards say?,' Computer & Security (21:5) 2002, pp 402-409. Herath, T., and Rao, H. R. 'Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness,' Decision Support Systems (47:2) 2009, pp 154-165. Hoffer, J. A., and Detmar W. Straub, J. 'The 9 to 5 Underground: Are You Policing Computer Crimes,' Sloan Management Review (30:4) 1989, pp 35-43. Hollinger, R. C., and Clark, J. P. 'Deterrence in the Workplace: Perceived Certainty, Perceived Severity, and Employee Theft,' Social Forces (62:2) 1983, pp 398-418. Hulland, J. 'Use of partial least squares (PLS) in strategic management research: A review of four recent studies,' Strategic Management Journal (20:2) 1999, pp 195-204. ISO 'ISO/IEC 17799:2005,' 2005. Kaiser, H. F. 'An index of factorial simplicity,' Psychometrika (39:1) 1974, pp 31-36. Kankanhalli, A., Teo, H.-H., Tan, B. C. Y., and Wei, K.-K. 'An integrative study of information systems security effectiveness,' International Journal of Information Management (23:2) 2003, pp 139-154. Kaplow, L. 'Optimal deterrence, uninformed individuals, and acquiring infomation about whether acts are subject to sanctions,' Journal of Law Economics & Organization (6:1) 1990, pp 93-128. Lebow, R. N., and Stein, J. G. 'Rational Deterrence Theory: I Think, Therefore I Deter,' World Politics (41:2) 1989, pp 208-224. Lee, J., and Lee, Y. 'A holistic model of computer abuse within organization,' Information Management & Computer Security (10:2) 2002, pp 57-63. Lee, S. M., Lee, S.-G., and Yoo, S. 'An integrative model of computer abuse based on social control and general deterrence theories,' Information & Management (41:6) 2004, pp 707-718. Loch, K. D., Carr, H. H., and Warkentin, M. E. 'Threats to Information Systems: Today's Reality, Yesterday's Understanding,' MIS Quartely (16:2) 1992, pp 173-186. Mansfield, E. R., and Helms, B. P. 'Detecting multicollinearity,' The American Statistician (36:3) 1982, pp 158-160. Mathieson, K. 'Predicting User Intentions: Comparing the Technology Acceptance Model with the Theory of Planned Behavior,' Information Systems Research (2:3) 1991, pp 173-191. Pahnila, S., Siponen, M., and Mahmood, A. 'Employees' Behavior towards IS Security Policy Compliance,' in: System Sciences, 2007. Paternoster, R. 'The deterrent effect of the perceived certainty and severity of punishment: A review of the evidence and issues,' Justice Quarterly (4:2) 1987, pp 173-217. Puhakainen, P., and Siponen, M. 'Improving employees' compliance through information systems security training: an action research study,' MIS Quartely (34:4) 2010, pp 757-778. Richardson, R. 'The latest results from the longest-running project of its kind.' Scarfone, K., Grance, T., and Masone, K. 'Computer Security Incident Handling Guide,' NIST (ed.), Gaithersburg, 2008, p. 147. Schultz, E., and Shumway, R. Incident response: a strategic guide to handling system and network security breaches, (1 ed.) Indianapolis, 2001. Siponen, M., and Vance, A. 'Neutralization: New Insights into the Problem of Employee Information Systems Security Policy Violations,' MIS Quartely (34:3) 2010, pp 487-502. Siponen, M. T. 'A conceptual foundation for organizational information security awareness,' Information Management & Computer Security (8:1) 2000, pp 31-41. Stallings, W. Cryptography and Network Security, (5 ed.) Pearson, 2011. Stanton, J. M., Stam, K. R., Mastrangelo, P., and Jolton, J. 'Analysis of end user security behaviors,' Computers & Security (24:2) 2004, pp 124-133. Straub, D. W. 'Effective IS Security,' Information Systems Research (1:3) 1990, pp 255-276. Straub, D. W., and Nance, W. D. 'Discovering and Disciplining Computer Abuse in Organizations: A Field Study,' MIS Quartely (14:1) 1990, pp 45-60. Straub, D. W., and Welke, R. J. 'Coping With Systems Risk: Security Planning Models for Management Decision Making,' MIS Quartely (22:4) 1998, pp 441-469. Sykes, G., and Matza, D. 'Techniques of Neutralization: A Theory of Delinquency,' American Sociological Review (22:6) 1957, pp 664-670. Theoharidou, M., Kokolakis, S., Karyda, M., and Kiountouzis, E. 'The insider threat to information systems and the effectiveness of ISO17799,' Computers & Security (24:6) 2005, pp 472-484. Tittle, C. R. Sanctions and Social Deviance: The Question of Deterrence Praeger, New York, 1980. Tittle, C. R., and Logan, C. H. 'Sanctions and Deviance: Evidence and Remaining Questions,' Law & Society Review (7:3) 1973, pp 371-392. Whitman, M. E. 'Enemy at the gate: Threats to Information Security,' Communications of the ACM (46:8) 2003, pp 91-95. Whitman, M. E., Townsend, A. M., and Aalberts, R. J. Information Systems Security and the Need for Policy, 2001. Williams, K. R., and Hawkins, R. 'Perceptual Research on General Deterrence: A Critical Review,' Law & Society Review (20:4) 1986, pp 545-572. Wortzel Multivariate analysis Prentice Hall, New Jersey, 1979. 二、中文部分 吳明隆 SPSS統計應用學習實務:問卷分析與應用統計,知城數位科技,台北, 2003。 呂金河 多變量分析,滄海書局,台北市,2005。 林山田 刑罰學,台灣商務,1992。 林東清 資訊管理:e化企業的核心競爭能力 (第四版),智勝,台灣,2010。 林震岩 多變量分析 SPSS的操作與應用,智勝文化,台北市,2006。 邱皓政 「當PLS遇上SEM:議題與對話」,αβγ量化研究學刊 (3:1) 2011,頁20-53。 洪國興,季延平,趙榮耀 「組織制定資訊安全政策對資訊安全影響之研究」,資訊管理研究 2003a。 洪國興, 趙榮耀 「資訊安全管理理論之探討」,資管評論 (12) 2003b,頁17-47。 張平吾 犯罪學 (第一版),空大,臺北縣蘆洲市,2009。 張嘉哲 「如何建立資安事件應變程序」,法務部調查局,台北,2010。 陳正昌,程炳林,陳新豐,劉子鍵 多變量分析方法-統計軟體應用 (第五版),五南出版社,台灣,2009。 傅粹馨 「主成份分析和共同因素分析相關議題之探究」,教育與社會研究 (3) 2002,頁107-132。 彭台光,高月慈,林鉦棽 「管理研究中的共同方法變異:問題本質、影響、測試和補救」,管理學報 (23:1) 2006,頁77-98。 游森期,余民寧 「網路問卷與傳統問卷之比較:多樣本均等性方法學之應用」, 測驗學刊 (53:1) 2006,頁103-128。 黃亮宇 資訊安全規劃與管理 松岡電腦圖書公司,1992。 黃財尉 「共同因素分析與主成份分析之比較」,彰化師大輔導學報 (25) 2003,頁 63-86。 楊馥菱 '經濟犯罪中法官量刑因素之研究—以證券交易法第155條及第157-1條之犯罪為例」,國立成功大學,碩士論文,2008。 | |
dc.identifier.uri | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/64332 | - |
dc.description.abstract | 隨著電腦設備、資訊科技與網際網路的快速發展,伴隨而來的是層出不窮的資訊安全事件,如何有效減少資訊安全漏洞與損失成為近年來組織最重要的議題之一。早期對於資訊安全的防範多著重在技術層面,然而,相關的學術文獻、產業調查報告與新聞事件皆逐漸突顯了管理層面的重要性。在這之中,內部使用者被視為最重要的因素之一,亦是組織資訊安全管理中最大的漏洞。
不同於相關文獻多以組織層面進行討論,本研究以使用者為研究目標,企圖探究其資訊安全相關認知,是否會對威嚇因子產生正向影響,進而嚇阻其電腦濫用意圖,以減少組織因內部使用者所造成的資訊安全漏洞與損失。透過整理與探討此領域的文獻,本研究採用使用者對於資訊安全風險、事件與政策的三項認知來衡量使用者的資訊安全相關認知,採用認知懲罰確定性與認知懲罰嚴重性做為衡量威嚇效果的因子,以一般威嚇理論為理論基礎,建立模型並設計問卷進行實證研究,以探究威嚇效果在資訊安全管理領域是否有效,以及使用者的資訊安全相關認知是否能有效影響威嚇強度。 研究結果發現,認知懲罰確定性與認知懲罰嚴重性皆顯著負向影響電腦濫用意圖,顯示一般威嚇理論可有效延伸應用至資訊安全管理領域,達到減少因使用者濫用電腦所造成之資訊安全損失的效果;而使用者對於資訊安全風險與政策之認知皆顯著正向影響兩項懲罰因子,顯示使用者在組織資訊安全政策的制定與風險的控管部分占有相當程度的重要性。另一方面,與本研究預測結果不同的是,使用者對於資訊安全事件之認知並未對兩項懲罰因子造成顯著影響;此結果突顯了使用者對於資訊安全事件之認知較為缺乏,以及本研究樣本來源年齡偏低的問題。綜合以上結果,組織應透過教育訓練或宣導等方式,加強使用者的相關認知,以有效減少資訊安全損失。 | zh_TW |
dc.description.abstract | With the rapid development of information technology, more and more information security breaches take place in the modern organizations. How to effectively reduce information security losses and vulnerabilities is now becoming a pressing issue for organizational managers; in particular, at the end-user level.
This paper presents an extended deterrence theory model that combines criminology and information security management literature. We develop a theoretical model on the relationship between user awareness, deterrence impact, and user computer abuse. The results suggest that perceived certainty as well as severity of sanctions can significantly reduce the computer abuse intension. Furthermore, our empirical analysis shows that user awareness of information risk and policy can significantly reinforce the deterrence effect. Therefore, we argue that organizations should devote more effort in information security education to strengthen user's awareness, in order to effectively reduce the losses caused by internal users. | en |
dc.description.provenance | Made available in DSpace on 2021-06-16T17:41:13Z (GMT). No. of bitstreams: 1 ntu-101-R99725032-1.pdf: 2144243 bytes, checksum: ec31e22af46f0f1891aeb36c7093c3e4 (MD5) Previous issue date: 2012 | en |
dc.description.tableofcontents | 論文摘要.......................................i
目錄..........................................iv 圖目錄........................................vi 表目錄.......................................vii 第一章 緒論....................................1 第一節 研究背景..............................1 第二節 研究動機與目的........................3 第三節 研究架構..............................5 第二章 文獻探討................................6 第一節 資訊安全管理..........................6 第二節 一般威嚇理論..........................8 第三節 一般威嚇理論於資訊安全管理之應用.....10 第三章 研究架構...............................19 第一節 一般威嚇理論.........................19 3.1.1 認知懲罰確定性與認知懲罰嚴重性......20 3.1.2 電腦濫用意圖........................20 第二節 使用者對於資訊安全之相關認知.........21 3.2.1 使用者對於資訊安全風險之認知........22 3.2.2 使用者對於資訊安全事件之認知........23 3.2.3 使用者對於資訊安全政策之認知........24 第三節 研究設計.............................27 3.3.1 資訊安全誤用情境問項設計............28 3.3.2 使用者的資訊安全相關認知問項設計....29 3.3.3 研究問卷之信度與效度檢驗............29 第四章 資料分析...............................39 第一節 人口統計變數分析.....................39 第二節 偏最小平方分析.......................42 4.2.1 檢驗外模型..........................44 4.2.2 檢驗內模型..........................48 第三節 假說檢驗.............................51 第五章 結論與建議.............................53 第一節 研究貢獻.............................53 第二節 研究限制.............................54 第三節 未來研究建議.........................55 參考文獻......................................56 附錄一:資訊安全誤用情境與相關問項............60 附錄二:使用者的資訊安全相關認知之相關問項....63 附錄三:多元共線性問題檢驗....................64 附錄四:共同方法變異問題檢驗..................65 | |
dc.language.iso | zh-TW | |
dc.title | 使用者的資訊安全相關認知對於電腦濫用意圖之影響:以一般威嚇理論為基礎 | zh_TW |
dc.title | The Effect of User Awareness on Computer Abuse | en |
dc.type | Thesis | |
dc.date.schoolyear | 100-2 | |
dc.description.degree | 碩士 | |
dc.contributor.oralexamcommittee | 張欣綠,戴基? | |
dc.subject.keyword | 資訊安全管理,一般威嚇理論,電腦濫用,使用者認知, | zh_TW |
dc.subject.keyword | information security management,general deterrence theory,computer abuse,user awareness, | en |
dc.relation.page | 65 | |
dc.rights.note | 有償授權 | |
dc.date.accepted | 2012-08-15 | |
dc.contributor.author-college | 管理學院 | zh_TW |
dc.contributor.author-dept | 資訊管理學研究所 | zh_TW |
顯示於系所單位: | 資訊管理學系 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-101-1.pdf 目前未授權公開取用 | 2.09 MB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。