專案成員的認知對於IT專案實施之影響：
以資安軟體公司執行JSOX為例之個案研究

Hong-Jen Chang; 張宏仁

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/33696

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	許瑋元(Carol Hsu)
dc.contributor.author	Hong-Jen Chang	en
dc.contributor.author	張宏仁	zh_TW
dc.date.accessioned	2021-06-13T05:44:43Z	-
dc.date.available	2011-08-04
dc.date.copyright	2011-08-04
dc.date.issued	2011
dc.date.submitted	2011-07-26
dc.identifier.citation	1. 台灣證劵交易所公司治理簡介 http://www.twse.com.tw/ch/listed/governance/cg_01.php 2. 台灣上市上櫃公司治理實務守則 (民國 99 年 11 月 10 日修正) http://www.selaw.com.tw/Scripts/Query4B.asp?FullDoc=所有條文&Lcode=G0100259 3. 敦南資安電子報 (2007年2月號)：http://www.sti.com.tw/eportal/html/index9602all.htm 4. 質性研究訪談模式 - 質性研究方法 P122~P136：訪談模式與實施步驟分析 (林金定、嚴嘉楓、陳美花) 5. 台灣大學資訊管理研究所，碩士論文，校園組織成員對於資訊安全管理之認知研究，林建宇，P23~P26，科技框架(Technological Frame)的意義 6. 簡報: 研究方法質性研究，邱美文博士 7. 公司治理與評等系統，柯承恩、葉銀華、李存修 8. 簡報: 訪談研究，陳繁興，國立彰化師範大學技術及職業教育學院 9. 簡報: 訪談-Interviewing ，高麗娟博士，國立台北體育學院 10. 企業內部控制測驗講義，張首席，高點企業文化 11. 教學視導與評鑑，專業的交談，張清濱，P407-P411 12. 以資源導向方法分析資訊系統實行過程中關鍵成員框架不一致之因素，羅卓雄、魏上傑，朝陽科技大學資訊管理系 13. 以資源導向方法分析資訊系統實型過程中關建成員框架不一致之因素，羅卓雄、魏上傑，朝陽科技大學資管系 14. 科技創新與組織變革，蕭瑞麟，P112~115，科技框架 15. COBIT 4.1 Expert – Executive Summary Framework, IT Governance Institute, http://www.itgi.org 16. Compliance Forum (ISO27001 Requirement Checklist)：http://www.compliancesforum.com/download-iso-2700127000-control-objective-checklist-and-statement-applicability 17. COSO Enterprise Risk Management – Understanding the New ERM Framework, Robert R. Moeller 18. COSO Framework/GRC Resource：http://www.grc-resource.com/?page_id=32 19. COSO Guidance Page；http://www.coso.org/guidance.htm 20. Framing implementation Management, Angeia Lin and Tony Cornford, ACM Digital Library 2000-12, pp. 197-205 21. ISACA COBIT Main Page/COBIT Framework for IT Governance and Control：http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx 22. ISO20000 Introduction：http://www.bsigroup.com/en/Assessment-and-certification-services/management-systems/Standards-and-Schemes/ISO-IEC-20000/ 23. ISO27001，ISO27002 Introduction：http://www.27000.org/iso-27001.htm; http://www.27000.org/iso-27002.htm 24. ISO27001 Central – PDCA：http://www.17799central.com/pdca.htm 25. ITIL/ITSM/ISO27001 Comparison/IT Service Strategy：http://www.itservicestrategy.com/ 26. ITIL/ITSM/ISO27001 Comparison/IT Service Strategy：http://www.itservicestrategy.com/ 27. ITIL/ITSM/ISO27001 Comparison/IT Service Strategy：http://www.itservicestrategy.com/ 28. Organization Behavior Theories - Organization Behavior，13th Edition，Robbins/Judge，Pearson Education 29. Organization Introduction； http://www.coso.org/ 30. Orlikowski, W. J. and D. C. Gash, Technological Frames: Making Sense of In-formation Technology in Organizations, ACM Transaction on Information Sys-tems, Vol. 12, No. 2, 1994, pp. 174-207. 31. Orlikowski, W. J. and D. Robey, Information Technology and the Structuring of Organizations, Information Systems Research, Vol. 2, No. 2, 1991, pp. 143-169. 32. Orlikowski, W. J. Using Technology and Constituting Structures: A Practice Lens for Studying Technology in Organizations, Organization Science, Vol. 11, No. 4, 2000, pp. 404-428. 33. Process Catalyst Solutions (ITIL Training Page) http://www.processcatalyst.com/itil.php 34. Product and service acquisition (CMMI for Acquisition model) http://www.sei.cmu.edu/library/abstracts/reports/10tr032.cfm 35. Product and service development (CMMI for Development model) http://www.sei.cmu.edu/library/abstracts/reports/10tr033.cfm 36. Service establishment, management, and delivery (CMMI for Services model) http://www.sei.cmu.edu/library/abstracts/reports/10tr034.cfm 37. Standard CMMI Appraisal Method for Process Improvement (SCAM-PI) http://www.sei.cmu.edu/library/abstracts/reports/06hb002.cfm 38. The ISO27001 Certification Processes： http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx http://www.bsigroup.com/en/Assessment-and-certification-services/management-systems/Standards-and-Schemes/ISO-IEC-27001/
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/33696	-
dc.description.abstract	在早期，當一家公司嘗試著去實施一個大型的資訊系統相關的專案，多數專案的實施關鍵在於新技術的成熟度與公司對於此種技術的專業導入能力。是以能夠找到有技術與經驗的開發人員，一般說來，就已經成功了一半。但是近年來，由於網際網路的發達，網路程式的多功能化與越來越少新的程式技術會影響到公司專案執行並造成問題。技術障礙的因素越來越不是問題，取而代之的是企業運作流程的日新月異。為了融入變化趨大的市場與企業環境，如何溝通訂出一個最有效率的系統流程，變成了專案成功的關鍵因素。此篇論文針對一家在世界同業的佔有率領先公司之一的資訊安全軟體與服務公司，由於這家公司在近年內因為日本政府的法令改變，必須實施公司資訊相關的專案以符合日本證管會的要求，此法令被通稱為JSOX以呼應美國沙賓法案(SOX)的法令。由於個案所述的公司的競爭優勢在於公司的專業技術能力與對於新科技的快速導入能力，所以當JSOX實施的需求發生之初，所需規劃的制式流程與層層管控的核可制度，多少被認為違背了公司長久以來的主要優勢與公司文化。無論如何，法令勢必得遵守，公司於是成立一個專案小組負責這一個法令相關的資訊專案，期待盡可能的通過法規的查核。然而，在過去連續兩年的專案實施成果卻是成功的，連續兩年通過了外部稽核單位的考核。為了瞭解這個專案小組成功的原因，依此發現一些有用與有效的結論，可以提供其他相似專案實施的建議，以個案研究的方式，有邏輯的找出有價值與有趣的特點來解釋其成功的緣由。在此研究實施的過程當中，我們將探討JSOX的由來與其歷史因素、相關的機構認證的需求、組織行為與個人行為的連結要素、科技框架理論與方法與質性研究與訪談的工具介紹。透過訪談以得到此研究所想要得到的資料與其架構。最後，根據分析與個人的工作經驗，提供有價值的發現、分析與建議。	zh_TW
dc.description.abstract	For a corporation to implement an IT project, in general, had been treated as a “technology” deployment. During the recent years, due to the technology has become more standardized and less additional new technology needed, the business process has become more and more impor-tant to introduce a successful project. This thesis is base on a business case of a leading security software corporation to deliver an IT JSOX compliance project which is newly announced by Japan government to enforce the pub-lic companies which are listed in Japan stock exchange market. According to the nature of this company are a technology leading corporation which might need to closely chase the fast pace technology in the world in order to sustain its leading position. Once the company needs to adopt the JSOX requirements, it introduces the necessities of standard processes and tight approval processes which somehow violate the core culture of this company. However, this is a legal requirements to comply; therefore, there is a specific project team has been formed and successfully passed auditing for 2 successive years. In order to understand how the project team has been successful to give an analysis to generate the valuable key factors for other similar corporation which might have similar type of projects to implement for refer-ences, this research using the technological frame theory model to identify the indicators by giv-ing interviewing with several key members of this project team and try to find out something in-teresting and valuable findings and suggestions. Along with the research, we shall look into how and why the JSOX compliance been formed; key compliance framework in the IT industry that are also perform the similar approach-ing; the key factors and relationship of the organization behavior and personal behavior; also the theory of technological frame’s methodology. Base on the reference theories and frameworks; try to build up the linkage between the case itself with and gathering the finding in between. Also, base on the theories described, through the semi-constructed interviewing methodology to give individual interviewing with several key members of the JSOX project team of the company to come out the basis of this research. Finally, base on the findings have been generated from this research, also my past experience on the implementation of IT projects, summarize the key factors of the success of the im-plementation of the project described and also give the additional suggestions for further imple-mentation, hope to give a full set of reference items for a company who might have the same sit-uation and needs to deploy the compliance-like IT projects. Hopefully, from the planning till full implementation life cycle, the result can help this kind of enterprise to have a better provision to the potential situation they will need to face to.	en
dc.description.provenance	Made available in DSpace on 2021-06-13T05:44:43Z (GMT). No. of bitstreams: 1 ntu-100-P98747001-1.pdf: 1698957 bytes, checksum: c30a06f53da80f00e172ea2e418cc82e (MD5) Previous issue date: 2011	en
dc.description.tableofcontents	口試委員會審定書 I 誌謝 II 中文摘要 III 英文摘要 IV 目錄 VI 圖表目錄 VIII 圖目錄 VIII 表目錄 IX 第一章、緒論 1 第一節、前言 1 第二節、研究目的 5 第三節、研究動機與範圍 7 第二章、文獻探討 9 第一節、探討主題介紹 – SOX/JSOX 的原理 9 第二節、 SOX/JSOX 對公司治理的影響 12 第三節、實施 SOX/JSOX之工具與方法 17 第四節、組織管理的相關理論 32 第五節、文獻探討結論 37 第三章、研究主題與個案分析 38 第一節、研究架構 38 第二節、研究流程 39 第三節、研究工具 40 第四節、研究過程 43 第五節、研究對象 43 第六節、資料處理與結果 63 第四章、研究發現與建議 70 第一節、研究發現 70 第二節、討論與建議 74 第三節、研究限制與建議 83 參考文獻 85 附錄 89
dc.language.iso	zh-TW
dc.subject	公司治理	zh_TW
dc.subject	沙賓法案	zh_TW
dc.subject	科技框架	zh_TW
dc.subject	框架理論	zh_TW
dc.subject	資訊安全	zh_TW
dc.subject	安隆案	zh_TW
dc.subject	博達案	zh_TW
dc.subject	JSOX	en
dc.subject	MCI WorldCom	en
dc.subject	Enron	en
dc.subject	COSO	en
dc.subject	COBIT	en
dc.subject	ISO27001	en
dc.subject	CMMI	en
dc.subject	Compliance	en
dc.subject	Frame Theory	en
dc.subject	Corporate Governance	en
dc.subject	Information Security	en
dc.subject	SOX	en
dc.title	專案成員的認知對於IT專案實施之影響：以資安軟體公司執行JSOX為例之個案研究	zh_TW
dc.title	Interpreting the IT Project Implementation Process：A Case Study on Information Security Software Corporation’s JSOX Implementation	en
dc.type	Thesis
dc.date.schoolyear	99-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	曹承礎,陳鴻基
dc.subject.keyword	沙賓法案,公司治理,科技框架,框架理論,資訊安全,安隆案,博達案,	zh_TW
dc.subject.keyword	SOX,JSOX,Compliance,Information Security,Corporate Governance,Frame Theory,CMMI,ISO27001,COBIT,COSO,Enron,MCI WorldCom,	en
dc.relation.page	90
dc.rights.note	有償授權
dc.date.accepted	2011-07-27
dc.contributor.author-college	管理學院	zh_TW
dc.contributor.author-dept	資訊管理學研究所	zh_TW
顯示於系所單位：	資訊管理學系

文件中的檔案：

檔案	大小	格式
ntu-100-1.pdf 未授權公開取用	1.66 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。