請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/10787
完整後設資料紀錄
DC 欄位 | 值 | 語言 |
---|---|---|
dc.contributor.advisor | 許瑋元(Wei-Yuan Hsu) | |
dc.contributor.author | Yu-Fan Chen | en |
dc.contributor.author | 陳禹帆 | zh_TW |
dc.date.accessioned | 2021-05-20T21:58:47Z | - |
dc.date.available | 2013-07-23 | |
dc.date.available | 2021-05-20T21:58:47Z | - |
dc.date.copyright | 2010-07-23 | |
dc.date.issued | 2010 | |
dc.date.submitted | 2010-07-19 | |
dc.identifier.citation | Alpar, P., & Saharia, A. (1995). Outsourcing information system functions: an organization economics perspective. Journal of Organizational Computing, 5(3), 197-217.
Amit, R., & Schoemaker, P. (1993). Strategic assets and organizational rent. Strategic management journal, 14(1), 33-46. Anderson, J., & Gerbing, D. (1988). Structural equation modeling in practice: A review and recommended two-step approach. Psychological bulletin, 103(3), 411-423. Aral, S., & Weill, P. (2007). IT assets, organizational capabilities and firm performance: How resource allocations and organizational differences explain performance variation. Organization Science, 18(5), 763-780. Axelrod, C. (2004). Outsourcing information security: Artech House Publishers. Backhouse, J., & Dhillon, G. (1996). Structures of responsibility and security of information systems. European Journal of Information Systems, 5(1), 2-9. Barney, J. (1986). Strategic factor markets: expectations, luck, and business strategy. Management science, 32(10), 1231-1241. Barney, J. (1991). Firm resources and sustainable competitive advantage. Journal of management, 17(1), 99-120. Bentler, P. (1995). EQS structural equations program manual: Multivariate Software. Bentler, P. (2006). EQS 6 structural equations modeling program manual. Encino, CA: Multivariate Software: Inc. Bentler, P., & Bonett, D. (1980). Significance tests and goodness of fit in the analysis of covariance structures. Psychological bulletin, 88(3), 588-606. Boukhonine, S., Krotov, V., & Rupert, B. (2005). Future security approaches and biometrics. Communications of the Association for Information Systems 16, 937-966. Bruder, C. (2006). Outsourcing information security. Smart Business Detroit. Bussolati, U., & Martella, G. (1981). Treating data privacy in distributed systems. Information & Management, 4(6), 305-315. Byrne, B. (2006). Structural equation modeling with EQS: Basic concepts, applications, and programming: Lawrence Erlbaum. Carr, N. (2003a). It Doesn t Matter. Harvard Business Review, 81(5), 41-49. Carr, N. (2003b). Why IT doesn't matter anymore. Harvard Business Review, 81(5). Cattela, R. (1981). Information as a corporate asset. Information & Management, 4(1), 29-37. Chan, Y.-C. (2005). A Study of Factors Affecting Information Systems Security Outsourcing. National Chung Cheng University. Chang, H. (2002). A model of computerization of manufacturing systems: an international study. Information & Management, 39(7), 605-624. Cheon, M., Grover, V., & Teng, J. (1995). Theoretical perspectives on the outsourcing of information systems. Journal of Information Technology, 10(4), 209-219. Claver, E., Gonzalez, R., Gasco, J., & Llopis, J. (2002). Information systems outsourcing: reasons, reservations and success factors. Logistics Information Management, 15(4), 294-308. Conner, K. (1991). A historical comparison of resource-based theory and five schools of thought within industrial organization economics: do we have a new theory of the firm? Journal of management, 17(1), 121. Cronk, J., & Sharp, J. (1995). A framework for deciding what to outsource in information technology. Journal of Information Technology, 10(4), 259-267. D'Arcy, J., & Hovav, A. (2007). Deterring internal information systems misuse. Communications of the ACM, 50(10), 117. Deshpande, D. (2005). Managed security services: an emerging solution to security. Dewar, R., & Dutton, J. (1986). The adoption of radical and incremental innovations: an empirical analysis. Management science, 32(11), 1422-1433. Dierickx, I., & Cool, K. (1989). Asset stock accumulation and sustainability of competitive advantage. Management science, 1504-1511. Due, R. T. (1992). The Real Costs of Outsourcing. Information Systems Management, 9(1), 78-81. Duffy, N. (1980). Countdown services: Fire and its aftermath in a computer bureau. Information & Management, 3(3), 103-111. Duncan, N. (1998). Beyond opportunism: a resource-based view of outsourcing risk. E&Y (2009). The Global Information Security Survey: Ernst & Young. Fornell, C., & Larcker, D. (1981). Evaluating structural equation models with unobservable variables and measurement error. Journal of marketing research, 39-50. Gartner (2007). Defining the Security-as-a-Service Market. Gilbert, F. (1993). Issues to consider before outsourcing. The National Law Journal, 16(11), S7. Grant, R. (1991). “The Resource-Based Theory of competitive advantage: Implications for strategy formulation.”. California Management Review, 33(3), 114-135. Grover, V., Cheon, M., & Teng, J. (1996). The effect of service quality and partnership on the outsourcing of information systems functions. Journal of Management Information Systems, 12(4), 116. Grover, V., Joong Cheon, M., & Teng, J. (1994). A descriptive study on the outsourcing of information systems functions. Information & Management, 27(1), 33-44. Hair, J., Anderson, R., Tatham, R., & Black, W. (1998). Multivariate data analysis. New Jersey, NJ: Prentice-hall. Hair Jr, J., Anderson, R., Tatham, R., & Black, W. (1995). Multivariate data analysis: with readings: Prentice-Hall, Inc. Upper Saddle River, NJ, USA. Harris, S., & Katz, J. (1991). Firm size and the information technology investment intensity of life insurers. MIS quarterly, 15(3), 333-352. Hitt, M., & Ireland, R. (1986). Relationships among corporate level distinctive competencies, diversification strategy, corporate structure and performance. Journal of Managcmmt Studies, 23(4), 0022-2380. Hoyle, R., & Panter, A. (1995). Writing about structural equation models. Structural equation modeling: Concepts, issues, and applications, 158-176. Hunt, S. (2001). Market overview: Managed security services, from http://bt.counterpane.com/giga3.pdf IBM (2006). IBM Information Security Reference Model, from web.esaugumas.lt/.../IBM_ISF%20presentation.%2016-17%20Nov%202006%20(RRT).pps Icove, D., Seger, K., & VonStorch, W. (1995). Computer Crime. A Crimefighter's Handbook. No.: ISBN 1-56592-086-4, 455. IDC (2007). Worldwide IT Security Software, Hardware, and Services 2007-2011 Forecast:The Big Picture James, L., Mulaik, S., & Brett, J. (1982). Causal analysis: Assumptions, models, and data: Sage Publications, Inc. Kankanhalli, A., Teo, H., Tan, B., & Wei, K. (2003). An integrative study of information systems security effectiveness. International Journal of Information Management, 23(2), 139-154. Kline, R. (1998). Principles and practice of structural equation modeling New York: Guilford Press. Krell, K., & Matook, S. (2009). Competitive advantage from mandatory investments: An empirical study of Australian firms. Journal of Strategic Information Systems, 18(1), 31-45. Lee, J., Huynh, M., Kwok, R., & Pi, S. (2003). IT outsourcing evolution---: past, present, and future. Lee, J., & Kim, Y. (1999). Effect of partnership quality on IS outsourcing success: conceptual framework and empirical validation. Journal of Management Information Systems, 15(4), 61. Lee, S. (2003). Business use of Internet-based information systems: the case of Korea. European Journal of Information Systems, 12(3), 168-181. Lockman, A., & Minsky, N. (1984). Designing financial information systems for auditability. Journal of Management Information Systems, 1(1), 50-62. McFarlan, F., & Nolan, R. (1995). How to manage an IT outsourcing alliance. Sloan Management Review, 36(2), 9. Melville, N., Kraemer, K., & Gurbaxani, V. (2004). Review: Information technology and organizational performance: An integrative model of IT business value. MIS quarterly, 283-322. Minoli, D. (1995). Analyzing outsourcing: reengineering information and communication systems: McGraw-Hill, Inc. New York, NY, USA. Mishra, D. (2006). The role of certification in service relationships: theory and empirical evidence. Journal of Retailing and Consumer Services, 13(1), 81-96. Nunnally, J. (1978). Psychometric theory New York: McGrew-Hill Nunnally, J., Bernstein, I., & Berge, J. (1994). Psychometric theory: McGraw-Hill New York. Penrose, E. (1959). The Theory of the Growth of the Firm (1995): Oxford: Oxford University Press. Peteraf, M. (1993). The cornerstones of competitive advantage: a resource-based view. Strategic management journal, 14(3), 179-191. Poppo, L., & Zenger, T. (1998). Testing alternative theories of the firm: transaction cost, knowledge-based, and measurement explanations for make-or-buy decisions in information services. Strategic management journal, 19(9), 853-877. PWC (2008). The Global State of Information Security Survey. PWC (2010). The Global State of Information Security Survey. Quinn, J. (1992). Intelligent enterprise: A knowledge and service based paradigm for industry: Free Pr. Richardson, R. (2008). CSI Computer Crime and Security Survey: Computer Security Institute. Richmond, W., & Seidmann, A. (1993). Software development outsourcing contract: Structure and business value. Journal of Management Information Systems, 10, 57-57. Roy, V., & Aubert, B. (2000). A resource based view of the information systems sourcing mode. Rubin, P. (1973). The expansion of firms. The Journal of Political Economy, 81(4), 936-949. Rumelt, R. (1974). Strategy, structure, and economic performance: Not Avail. Sanchez, R., Heene, A., & Thomas, H. (1996). Introduction: Towards the theory and practice of competence-based competition. Dynamics of Competence-Based Competition. Oxford, UK: Pergamon, 1–35. Segars, A., & Grover, V. (1993). Re-examining perceived ease of use and usefulness: A confirmatory factor analysis. MIS quarterly, 17(4), 517-525. Sethi, V., & King, W. (1994). Development of measures to assess the extent to which an information technology application provides competitive advantage. Management science, 40(12), 1601-1627. Shim, J., Varshney, U., Dekleva, S., & Nickerson, R. (2007). Wireless Telecommunications Issues: Cell Phone TV, Wireless Networks in Disaster Management, Ubiquitous Computing, and Adoption of Future Wireless Applications. Communications of the Association for Information Systems, 20(1), 29. Siponen, M., Baskerville, R., & Heikka, J. (2006). A Design Theory for Secure Information Systems Design Methods. Journal of the Association for Information Systems, 7(11), 31. Siponen, M., & Oinas-Kukkonen, H. (2007). A review of information security issues and respective research contributions. ACM SIGMIS Database, 38(1), 80. Smith, M. (1989). Computer security- threats, vulnerabilities and countermeasures. INF. AGE., 11(4), 205-210. Srivastava, R., Shervani, T., & Fahey, L. (1998). Market-based assets and shareholder value: a framework for analysis. The Journal of Marketing, 62(1), 2-18. Stevenson, H. (1976). Defining corporate strengths and weaknesses. Sloan Management Review, 17(3), 51-68. Straub Jr, D., & Nance, W. (1990). Discovering and disciplining computer abuse in organizations: a field study. MIS quarterly, 14(1), 45-60. Sumner, M. (1986). An assessment of alternative application development approaches. Information & Management, 10(4), 197-206. Tanaka, J. (1993). Multifaceted conceptions of fit in structural equation models. Testing structural equation models, 10, 39. Teng, J., Cheon, M., & Grover, V. (1995). Decisions to outsource information systems functions: testing a strategy-theoretic discrepancy model. Decision Sciences, 26(1), 75-103. Thompson, A., & Strickland, A. (1983). Strategy formulation and implementation: tasks of the general manager: Business Publications. Von Solms, R., & van der Haar, S. (1994). A framework for information security evaluation. Information & Management, 26(3), 143-153. Wade, M., & Hulland, J. (2004). Review: T HE Resource-Based View AND Information Systems Research: Review, Extension, AND Suggestions FOR Future Research. MIS quarterly, 28(1), 107-142. Wernerfelt, B. (1984). A resource-based view of the firm. Strategic management journal, 171-180. West, S., Finch, J., & Curran, P. (1995). Structural equation models with nonnormal variables: Problems and remedies. Structural equation modeling: Concepts, issues, and applications, 56–75. Yang, S., Chatterjee, S., & Chan, C. (2004). Wireless communications: myths and reality. Communications of the Association for Information Systems, 13(1), 39. Zafar, H., & Clark, J. G. (2009). Current State of Information Security Research In IS. Communications of the Association for Information Systems, 24. Zhou, K., Brown, J., & Dev, C. (2009). Market orientation, competitive advantage, and performance: A demand-based perspective. Journal of business research, 62(11), 1063-1070. Zviran, M., & Erlich, Z. (2006). Identification and authentication: technology and implementation issues. Communications of the Association for Information Systems, 17(1), 4. 王義智 (2009). 剖析台灣中小企業資安投資現況: Market Intelligence & Consulting Institute, MIC. | |
dc.identifier.uri | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/10787 | - |
dc.description.abstract | 現今的經營環境中,企業大量的運用資訊科技來輔助業務之運作,資訊已經變成企業的重要資產,伴隨而來的資訊安全風險也逐漸提高,但是想要建構完善的資訊安全環境需要龐大且複雜的資源,企業難以一己之力達成目標,因此組織試圖利用委外的方式,將資訊安全委由外部的服務供應商來完成,此舉促使企業能以較低的成本獲取較佳的資訊安全效益,包括基礎設備、科技能力、管理建議、事故回應能力等等,讓企業能夠更加專注於核心業務、降低資安風險,並透過與外部供應商合作創造出獨特的競爭優勢。
本研究以資源基礎理論之觀點,將資訊安全視為企業的資源,並且考慮企業在將資訊安全委外之後,所擁有或者觸及的資安資源與企業之競爭優勢之間的相互關係,期望能藉此深入了解資安委外是否能夠為企業帶來實質上的效益。透過實證研究後發現,委外後所獲得的資訊安全資產的確能夠為企業帶來競爭優勢,不論在降低成本或者差異化方面都有顯著的影響。但是在委外後企業所獲得的資訊安全能力方面,與降低成本或者差異化的關係,並非如預期般的呈現正向顯著相關。 本研究建議企業必須先確定對於資訊安全之定位,才能夠選擇適合自己的資安策略。而商業環境變化快速,維護資訊安全所需的要素及條件可能瞬間改變,單獨憑藉自身力量難以確保資訊安全,更多的是需要仰賴專業的服務供應商給予建議或協助,在互信互惠的情況下發展資訊安全,才能夠達成雙贏的局面,並且為企業帶來競爭優勢。 | zh_TW |
dc.description.provenance | Made available in DSpace on 2021-05-20T21:58:47Z (GMT). No. of bitstreams: 1 ntu-99-R97725028-1.pdf: 962474 bytes, checksum: 6d8dadfd301268e17a18a81e0063c574 (MD5) Previous issue date: 2010 | en |
dc.description.tableofcontents | 目錄
致謝 iii 摘要 iv Abstract v 目錄 vi 表目錄 viii 圖目錄 ix 第一章 緒論 1 第一節 研究背景與動機 1 1.1.1資訊安全的定位與特性 1 1.1.2 資訊安全委外的發展趨勢 2 1.1.3 研究動機 3 第二節 研究目的 5 第二章 文獻探討 6 第一節 資訊安全 6 2.1.1 資訊安全定義 6 2.1.2 資訊安全發展現況 7 2.1.3 資訊安全未來發展方向 11 第二節 委外服務 12 2.2.1 資訊系統委外 12 第三節 資訊安全委外 15 2.3.1 資訊安全委外概述 15 2.3.2資安委外與競爭優勢 16 第三章 理論架構與研究方法 19 第一節 資源基礎理論 19 3.1.1 資源基礎理論發展 19 3.1.2 資源理論相關應用 21 3.1.3 資源理論與競爭優勢 22 第二節 研究架構 23 第三節 研究假設 25 第四節 變項之衡量 26 3.4.1資訊安全資產 27 3.4.2資訊安全能力 28 3.4.3低成本競爭優勢 29 3.4.4差異化競爭優勢 29 第五節 測量方法 30 3.5.1問卷設計 30 3.5.2 控制變項 31 第四章 分析與結果 33 第一節 基本資料分析 33 4.1.1問卷回收 33 4.1.2 基本資料分析 34 第二節 信度與效度分析 36 4.2.1信度分析 37 4.2.2效度分析 37 第三節 常態性檢定 39 第四節 模型適配度檢定 41 第五節 假說檢定 43 4.5.1 資訊安全資產與低成本競爭優勢之分析 44 4.5.2 資訊安全資產與差異化競爭優勢之分析 46 4.5.3 資訊安全能力與低成本競爭優勢之分析 47 4.5.4 資訊安全能力與差異化競爭優勢之分析 48 4.5.5 控制變項與競爭優勢分析 50 4.5.6 補充分析 51 第五章 結論與建議 53 第一節 研究結果 53 第二節 研究貢獻 54 第三節 研究限制 55 第四節 未來研究建議 56 參考文獻 58 附錄 67 附錄一 問卷調查表 67 | |
dc.language.iso | zh-TW | |
dc.title | 資訊安全委外與企業競爭優勢之探討 | zh_TW |
dc.title | The Study of Information Security Outsourcing and
Competitive Advantage of the Enterprises | en |
dc.type | Thesis | |
dc.date.schoolyear | 98-2 | |
dc.description.degree | 碩士 | |
dc.contributor.oralexamcommittee | 張欣綠,王大維 | |
dc.subject.keyword | 資訊安全委外,資源基礎理論,競爭優勢, | zh_TW |
dc.subject.keyword | information security outsourcing,resource-based theory,competitive advantage, | en |
dc.relation.page | 71 | |
dc.rights.note | 同意授權(全球公開) | |
dc.date.accepted | 2010-07-20 | |
dc.contributor.author-college | 管理學院 | zh_TW |
dc.contributor.author-dept | 資訊管理學研究所 | zh_TW |
顯示於系所單位: | 資訊管理學系 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-99-1.pdf | 939.92 kB | Adobe PDF | 檢視/開啟 |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。