探討員工舉發資訊安全違規事件之意圖研究

Liang-Cheng Wei; 魏良丞

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/57462

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	許瑋元(Carol Hsu)
dc.contributor.author	Liang-Cheng Wei	en
dc.contributor.author	魏良丞	zh_TW
dc.date.accessioned	2021-06-16T06:47:08Z	-
dc.date.available	2014-07-29
dc.date.copyright	2014-07-29
dc.date.issued	2014
dc.date.submitted	2014-07-25
dc.identifier.citation	Ajzen, I. (1991). The theory of planned behavior. Organizational behavior and human decision processes, 50(2), 179-211. Ajzen, I. (2002), Perceived Behavioral Control, Self-Efficacy, Locus of Control, and the Theory of Planned Behavior. Journal of Applied Social Psychology, 32: 665–683. Ajzen, I. (2011). Constructing a theory of planned behavior questionnaire. Unpublished manuscript. Retrieved, 1. Becker, G. S. (1968). Crime and punishment: an economic approach. Journal of Political Economy, 76(2), 169-217. Bock, G.-W., Zmud, R. W., Kim, Y.-G., & Lee, J.-N. (2005). Behavioral intention formation in knowledge sharing: Examining the roles of extrinsic motivators, social-psychological forces, and organizational climate. MIS quarterly, 87-111. Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS quarterly, 34(3), 523-548. Cenfetelli, R. T., & Bassellier, G. (2009). Interpretation of Formative Measurement in Information Systems Research. Mis Quarterly, 33(4). Chen, C. X., Nichol, J., & Zhou, F. H. (2013, November). The Effect of Financial Incentive Framing and Descriptive Norms on Internal Whistleblowing. AAA. Cortina, L. M., & Magley, V. J. (2003). Raising voice, risking retaliation: Events following interpersonal mistreatment in the workplace. Journal of occupational health psychology, 8(4), 247. D'Arcy, J., Hovav, A., & Galletta, D. (2009). User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach. Information Systems Research, 20(1), 79-98. Diamantopoulos, A., & Siguaw, J. A. (2006). Formative versus reflective indicators in organizational measure development: a comparison and empirical illustration. British Journal of Management, 17(4), 263-282. Dozier, J. B., & Miceli, M. P. (1985). Potential predictors of whistle-blowing: A prosocial behavior perspective. Academy of Management Review, 10(4), 823-836. ERIC, M., & Goetz, E. (2007). Embedding information security into the organization. Gefen, D., & Straub, D. (2005). A PRACTICAL GUIDE TO FACTORIAL VALIDITY USING PLS-GRAPH: TUTORIAL AND ANNOTATED EXAMPLE. Communications of the Association for Information systems, 16. Grant, C. (2002). Whistle blowers: Saints of secular culture. Journal of Business Ethics, 39(4), 391-399. Goode, W. J. (1997). Rational choice theory. The American Sociologist, 28(2), 22-41. Herath, T., & Rao, H. R. (2009). Encouraging information security behavior in organizations: Role of penalties, pressures and perceived effectiveness. Decision Support Systems, 47(2), 154-165. Hu, Q., Dinev, T., Hart, P., & Cooke, D. (2012). Managing Employee Compliance with Information Security Policies: The Critical Role of Top Management and Organizational Culture. Decision Sciences, 43(4), 615-660. Jarvis, C. B., MacKenzie, S. B., & Podsakoff, P. M. (2003). A critical review of construct indicators and measurement model misspecification in marketing and consumer research. Journal of consumer research, 30(2), 199-218. Johnston, A. C., & Warkentin, M. (2010). Fear Appeals and Information Security Behavior: An Empirical Study. MIS quarterly, 34(3). Keil, M., Tiwana, A., Sainsbury, R., & Sneha, S. (2010). Toward a Theory of Whistleblowing Intentions: A Benefit‐to‐Cost Differential Perspective. Decision Sciences, 41(4), 787-812. Kroll (2013). 2013/2014 Global Fraud Report. Liao, C., Lin, H.-N., & Liu, Y.-P. (2010). Predicting the use of pirated software: A contingency model integrating perceived risk with the theory of planned behavior. Journal of Business Ethics, 91(2), 237-252. Lindell, M. K., & Whitney, D. J. (2001). Accounting for common method variance in cross-sectional research designs. Journal of applied psychology, 86(1), 114. Lowry, P. B., Moody, G. D., Galletta, D. F., & Vance, A. (2013). The drivers in the use of online whistle-blowing reporting systems. Journal of Management Information Systems, 30(1), 153-190. MacNab, B. R., & Worthley, R. (2008). Self-efficacy as an intrapersonal predictor for internal whistleblowing: A US and Canada examination. Journal of Business Ethics, 79(4), 407-421. Malhotra, N. K., Kim, S. S., & Patil, A. (2006). Common method variance in IS research: a comparison of alternative approaches and a reanalysis of past research. Management Science, 52(12), 1865-1883. McCarthy, B. (2002). New economics of sociological criminology. Annual Review of Sociology, 28(1), 417-442. Miceli, M. P., & Near, J. P. (1988). Individual and situational correlates of whistle‐blowing. Personnel Psychology, 41(2), 267-281. Miceli, M. P. (1992). Blowing the whistle: The organizational and legal implications for companies and employees: Lexington Books. Miethe, T. D., & Rothschild, J. (1994). Whistleblowing and the Control of Organizational Misconduct. Sociological Inquiry, 64(3), 322-347. Near, J. P., & Miceli, M. P. (1985). Organizational dissidence: The case of whistle-blowing. Journal of Business Ethics, 4(1), 1-16. Oh, L.-B., & Teo, H.-H. (2010). To blow or not to blow: An experimental study on the intention to whistleblow on software piracy. Journal of Organizational Computing and Electronic Commerce, 20(4), 347-369. Park, C., Im, G., & Keil, M. (2008). Overcoming the Mum Effect in IT Project Reporting: Impacts of Fault Responsibility and Time Urgency. Journal of the Association for Information Systems, 9(7). Park, C., & Keil, M. (2009). Organizational Silence and Whistle‐Blowing on IT Projects: An Integrated Model. Decision Sciences, 40(4), 901-918. Park, H., & Blenkinsopp, J. (2009). Whistleblowing as planned behavior–A survey of South Korean police officers. Journal of Business Ethics, 85(4), 545-556. Paternoster, R., & Pogarsky, G. (2009). Rational choice, agency and thoughtfully reflective decision making: The short and long-term consequences of making good choices. Journal of Quantitative Criminology, 25(2), 103-127. Petter, S., Straub, D., & Rai, A. (2007). Specifying formative constructs in information systems research. Mis Quarterly, 31(4), 623-656. Pierson, J. K., Forcht, K. A., & Bauman, B. M. (2007). Whistleblowing: an ethical dilemma. Australasian Journal of Information Systems, 1(1). Podsakoff, P. M., MacKenzie, S. B., Lee, J. Y., & Podsakoff, N. P. (2003). Common method biases in behavioral research: a critical review of the literature and recommended remedies. Journal of applied psychology, 88(5), 879. Ponemon Institute. (2011). 2010 Annual Study: Global Cost of a Data Breach: Ponemon Institute. PricewaterhouseCoopers. (2012). Changing the game: Key findings from The Global State of Information SecurityR Survey 2013. PRNewswire (2011). Unisys Security Index Shows Americans Will Take Action against Organizations That Compromise Their Personal Data. Scott, J. (2000). Rational choice theory. Understanding contemporary society: Theories of the present, 126-138. Scott & Scott LLP (2007). Business Impact of Data Security Breach. Siponen, M., & Vance, A. (2010). Neutralization: new insights into the problem of employee information systems security policy violations. MIS quarterly, 34(3), 487. Smith, H. J., Keil, M., & Depledge, G. (2001). Keeping mum as the project goes under: Toward an explanatory model. Journal of Management Information Systems, 18(2), 189-228. Straub, D. W., & Welke, R. J. (1998). Coping with systems risk: security planning models for management decision making. Mis Quarterly, 441-469. Stylianou, A. C., Winter, S., Niu, Y., Giacalone, R. A., & Campbell, M. (2013). Understanding the Behavioral Intention to Report Unethical Information Technology Practices: The Role of Machiavellianism, Gender, and Computer Expertise. Journal of business ethics, 117(2), 333-343. Sveen, F. O., Sarriegi, J. M., Rich, E., & Gonzalez, J. J. (2007). Toward viable information security reporting systems. Information Management & Computer Security, 15(5), 408-419. Symantec. (2012). 駭客攻擊與人為疏失並列企業資料外洩主因. Tan, B. C., Smith, H. J., Keil, M., & Montealegre, R. (2003). Reporting bad news about software projects: Impact of organizational climate and information asymmetry in an individualistic and a collectivistic culture. Engineering Management, IEEE Transactions on, 50(1), 64-77. TheARegister (2008). TJX employee fired for exposing shoddy security practices. Trend Micro Lab. (2012). The Human Factor in Data Protection. Trongmateerut, P., & Sweeney, J. T. (2013). The influence of subjective norms on whistle-blowing: A cross-cultural investigation. Journal of business ethics, 112(3), 437-451. Von Solms, B., & Von Solms, R. (2004). The 10 deadly sins of information security management. Computers & Security, 23(5), 371-376.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/57462	-
dc.description.abstract	近年來資訊安全事件層出不窮。許多企業組織因資料外洩而蒙受鉅額損失。追究其原因，發現內部人員行為是非常關鍵的一環。現今已有諸多的內部控制制度(例如:資訊存取權限控管、電腦監控、教育訓練等)被廣泛使用來對抗組織內部的員工疏失與惡意犯罪行為。然而，沒有一個對策手段能夠百分之百地防範所有潛藏的違規事件。有的時候，違規事件的發現者會是組織內部的其他成員，因此組織需要倚賴這些人的揭弊才能夠及早修正會侵害到組織資訊安全的不當行為。為了探討影響員工舉發資訊安全違規事件之意圖，本研究以一般計畫行為理論與理性選擇理論為基礎，歸納出組織層次與個人層次上影響舉發態度與意圖之因素。研究結果發現組織與個人層次的利弊考量皆會影響舉發態度的形塑過程，進而提升了我們在應用員工舉發於對抗組織內部資訊安全違規事件上的認知。	zh_TW
dc.description.abstract	Insider abuse has always been a significant threat to information security management in organizations. In order to address this issue, this research proposes whistleblowing as another complementary measure to other existent approaches to strengthen the internal information security management. In particular, we focus on an investigation of employee intention to whistle-blow information security policy (ISP) violation. Drawing on the theory of planned behavior and rational choice theory, we develop a theoretical model to understand the factors at both organizational and individual levels that influence whistleblowing attitude and whistleblowing intention. Through a survey-based empirical test, we discover that both altruistic and egoistic concerns are involved in the development of whistleblowing attitudes. The results not only extend our understanding of whistleblowing motivation but also offer managers directions to promote disclosure of internal security breach.	en
dc.description.provenance	Made available in DSpace on 2021-06-16T06:47:08Z (GMT). No. of bitstreams: 1 ntu-103-R00725052-1.pdf: 1448634 bytes, checksum: da8427805d4c94fc20027165bbddbdc2 (MD5) Previous issue date: 2014	en
dc.description.tableofcontents	謝辭 II 摘要 IV Abstract V Table of Content VI List of Figures VIII List of Tables VIII Chapter 1. Introduction 1 　1.1 Research Background 1 　1.2 Research Motivation and Objective 2 Chapter 2. Literature Review 4 　2.1 Employee Compliance of Information Security Policy 4 　2.2 IT-related Whistleblowing 5 　2.3 Summary of Literature Review 8 Chapter 3. Model 9 　3.1 Theory of Planned Behavior 10 　3.2 Rational Choice Theory 11 　3.3 Altruistic Factors 13 　3.4 Egoistic Factors 14 　　Extrinsic Reward 15 　　Intrinsic Benefit 15 　　Work Retaliation Victimization 16 Chapter 4. Research Methodology 17 　4.1 Survey Design 17 　　Measure Development 17 　　Online Survey Layout 19 　　Pilot Test 20 　4.2 Data Collection 20 　　Sampling Procedure 20 　　Respondent Profile 21 Chapter 5. Analysis and Result 25 　5.1 Measurement Model 25 　　Reflective Measure 25 　　Formative Measure 26 　　Common Method Variance 31 　5.2 Structural Model 32 Chapter 6. Discussion and Implication 35 　6.1 Discussion 35 　6.2 Theoretical Contribution 37 　6.3 Managerial Implication 39 　6.4 Limitations and Future Research Direction 40 Chapter 7. Conclusion 43 References 44 Appendix A: A Thorough Review of Rational Choice Theory 48 Appendix B: Positive Consequences of Whistleblowing to Employing Organization 50 　Employee Problem Resolution 50 　Managerial Problem Resolution 51 　Avoidance of Accountability to External Parties 52 Appendix C: Negative Consequences of Whistleblowing to Employing Organization 54 Appendix D: Questionnaire Items (English) 56 Appendix E: Additional Analysis of Respondents with Whistleblowing Experience 58
dc.language.iso	en
dc.subject	資訊安全違規事件	zh_TW
dc.subject	內部舉發	zh_TW
dc.subject	資訊安全個人行為研究	zh_TW
dc.subject	一般計畫行為理論	zh_TW
dc.subject	理性選擇理論	zh_TW
dc.subject	theory of planned behavior	en
dc.subject	internal whistleblowing	en
dc.subject	Information security policy violation	en
dc.subject	behavioral issues of information security	en
dc.subject	rational choice theory	en
dc.title	探討員工舉發資訊安全違規事件之意圖研究	zh_TW
dc.title	Employee Intention to Whistle-Blow Information Security Policy Violation	en
dc.type	Thesis
dc.date.schoolyear	102-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	張欣綠(Hsin-Lu Chang),王凱(Kai Wang)
dc.subject.keyword	資訊安全違規事件,內部舉發,資訊安全個人行為研究,一般計畫行為理論,理性選擇理論,	zh_TW
dc.subject.keyword	Information security policy violation,internal whistleblowing,behavioral issues of information security,theory of planned behavior,rational choice theory,	en
dc.relation.page	59
dc.rights.note	有償授權
dc.date.accepted	2014-07-25
dc.contributor.author-college	管理學院	zh_TW
dc.contributor.author-dept	資訊管理學研究所	zh_TW
顯示於系所單位：	資訊管理學系

文件中的檔案：

檔案	大小	格式
ntu-103-1.pdf 未授權公開取用	1.41 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。