ISO27001對組織市場價值之影響－以台灣市場為例

Shin Yang; 楊昕

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/65600

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	許瑋元(Wei-Yuan Hsu)
dc.contributor.author	Shin Yang	en
dc.contributor.author	楊昕	zh_TW
dc.date.accessioned	2021-06-16T23:53:06Z	-
dc.date.available	2013-07-27
dc.date.copyright	2012-07-27
dc.date.issued	2012
dc.date.submitted	2012-07-19
dc.identifier.citation	ANDERSON, S., DALY, J. & JOHNSON, M. 1999. Why firms seek ISO 9000 certification: regulatory compliance or competitive advantage? Production and Operations Management, 8, 28-43. ARMITAGE, S. 1995. Event study methods and evidence on their performance. Journal of Economic Surveys, 9, 25-52. BACKHOUSE, J., HSU, C. & SILVA, L. 2006. Circuits of power in creating de jure standards: shaping an international information systems security standard. Management information systems quarterly, 30, 413. BALL, R. & BROWN, P. 1968. An empirical evaluation of accounting income numbers. Journal of accounting research, 159-178. BAMBER, L. S. 1986. The information content of annual earnings releases: A trading volume approach. Journal of accounting research, 24, 40-56. BARBER, B. M. & LYON, J. D. 1996. Detecting abnormal operating performance: The empirical power and specification of test statistics. Journal of Financial Economics, 41, 359-399. BERGHEL, H. 2005. The two sides of ROI: return on investment vs. risk of incarceration. Communications of the ACM, 48, 15-20. BESEN, S. M. & FARRELL, J. 1994. Choosing how to compete: Strategies and tactics in standardization. The Journal of Economic Perspectives, 8, 117-131. BLAKLEY, B., MCDERMOTT, E. & GEER, D. Information security is information risk management. 2001. ACM, 97-104. BOJANC, R. & JERMAN-BLAZIC, B. 2008. An economic modelling approach to information security risk management. International Journal of Information Management, 28, 413-422. BONINO, M. & SPRING, M. 1991. Standards as change agents in the information technology market. Computer Standards & Interfaces, 12, 97-107. CAMPBELL, K., GORDON, L., LOEB, M. & ZHOU, L. 2003. The economic cost of publicly announced information security breaches: empirical evidence from the stock market. Journal of Computer Security, 11, 431-448. CARR, N. G. 2003. IT doesn't matter. Educause Review, 38, 24-38. CASCIO, W. F., YOUNG, C. E. & MORRIS, J. R. 1997. Financial consequences of employment-change decisions in major US corporations. Academy of Management Journal, 1175-1189. CAVUSOGLU, H., MISHRA, B. & RAGHUNATHAN, S. 2004. The effect of internet security breach announcements on market value: Capital market reactions for breached firms and internet security developers. International Journal of Electronic Commerce, 9, 70-104. CHAI, S., KIM, M. & RAO, H. R. 2011. Firms' information security investment decisions: Stock market evidence of investors' behavior. Decision Support Systems, 50, 651-661. CORBETT, C., MONTES-SANCHO, M. & KIRSCH, D. 2005. The financial impact of ISO 9000 certification in the United States: An empirical analysis. Management Science, 51, 1046-1059. D'ARCY, J., HOVAV, A. & GALLETTA, D. 2009. User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach. Information Systems Research, 20, 79-98. DAVIES, G., CHUN, R. & KAMINS, M. A. 2010. Reputation gaps and the performance of service organizations. Strategic Management Journal, 31, 530-546. DELOITTE 2009. The 6th Annual Global Security Survey. DHILLON, G. & BACKHOUSE, J. 2000. Technical opinion: Information system security management in the new millennium. Communications of the ACM, 43, 125-128. DHILLON, G. & TORKZADEH, G. 2006. Value‐focused assessment of information system security in organizations. Information Systems Journal, 16, 293-314. DINEV, T., GOO, J., HU, Q. & NAM, K. 2009. User behaviour towards protective information technologies: the role of national cultural differences. Information Systems Journal, 19, 391-412. DOUGLAS, A., KIRK, D., BRENNAN, C. & INGRAM, A. 1999. Maximizing the benefits of ISO 9000 implementation. Total quality management, 10, 507-513. DTI/PWC 2008. Safeguarding the new currency of business - Findings from the 2008 Global State of Information Security Study. DYCKMAN, T., PHILBRICK, D. & STEPHAN, J. 1984. A comparison of event study methodologies using daily stock returns: A simulation approach. Journal of accounting research, 22, 1-30. ERNST&YOUNG 2009. Outpacing change - Ernst & Young's 2009 Global Information Security Survey. FAMA, E. F. 1970. Efficient capital markets: A review of theory and empirical work. Journal of finance, 25, 383-417. FAMA, E. F., FISHER, L., JENSEN, M. C. & ROLL, R. 1969. The adjustment of stock prices to new information. International Economic Review, 10, 1-21. FAMA, E. F. & FRENCH, K. R. 1992. The cross-section of expected stock returns. the Journal of Finance, 47, 427-465. FERGUSON, W. 1996. Impact of the ISO 9000 series standards on industrial marketing. Industrial Marketing Management, 25, 305-310. FORCHT, K. & AYERS, W. 2001. Developing a computer security policy for organizational use and implementation. Journal of computer information systems, 41, 52-57. GARG, A., CURTIS, J. & HALPER, H. 2003. Quantifying the financial impact of IT security breaches. Inf. Manag. Comput. Security, 11, 74-83. GERBER, M. & VON SOLMS, R. 2005. Management of risk in the information age. Computers & Security, 24, 16-30. GOPAL, R. D. & SANDERS, G. L. 1997. Preventive and deterrent controls for software piracy. Journal of Management Information Systems, 13, 29-47. GORDON, L. & LOEB, M. 2002. The economics of information security investment. ACM Transactions on Information and System Security (TISSEC), 5, 438-457. GOTZAMANI, K. D. & TSIOTRAS, G. D. 2001. An empirical study of the ISO 9000 standards’ contribution towards total quality management. International Journal of Operations & Production Management, 21, 1326-1342. GOTZAMANI, K. D. & TSIOTRAS, G. D. 2002. The true motives behind ISO 9000 certification: their effect on the overall certification benefits and long term contribution towards TQM. International Journal of Quality & Reliability Management, 19, 151-169. GULER, I., GUILLEN, M. F. & MACPHERSON, J. M. 2002. Global competition, institutions, and the diffusion of organizational practices: The international spread of ISO 9000 quality certificates. Administrative Science Quarterly, 47, 207-232. HEALY, P. M., PALEPU, K. G. & RUBACK, R. S. 1992. Does corporate performance improve after mergers? Journal of Financial Economics, 31, 135-175. HENDERSON, G. V. 1990. Problems and solutions in conducting event studies. The journal of risk and insurance, 57, 282-306. HENDRICKS, K. & SINGHAL, V. 1996. Quality awards and the market value of the firm: An empirical investigation. Management Science, 415-436. HERZBERG, F. 1987. One more time: How do you motivate employees. Harvard business review, 65, 109-120. HONE, K. & ELOFF, J. 2002. What makes an effective information security policy? Network Security, 2002, 14-16. HSU, C. W. 2009. Frame misalignment: interpreting the implementation of information systems security certification in an organization. European Journal of Information Systems, 18, 140-150. HUARNG, F. 1998. Integrating ISO 9000 with TQM spirits: a survey. Industrial Management & Data Systems, 98, 373-379. IM, K. S., DOW, K. E. & GROVER, V. 2001. Research Report: A Reexamination of IT Investment and the Market Value of the Firm--An Event Study Methodology. Information Systems Research, 12, 103-117. INTERNATIONAL REGISTER OF ISMS CERTIFICATES. 2012. International Register of ISMS Certificates [Online]. Available: http://www.iso27001certificates.com/. JIANG, R. J. & BANSAL, P. 2003. Seeing the need for ISO 14001. Journal of Management Studies, 40, 1047-1067. KIM, S. & LEE, H. J. 2005. Cost-benefit analysis of security investments: methodology and case study. Computational Science and Its Applications–ICCSA 2005, 1239-1248. LYON, J. D., BARBER, B. M. & TSAI, C. L. 1999. Improved methods for tests of long‐run abnormal stock returns. the Journal of Finance, 54, 165-201. MARTINEZ-COSTA, M. & MARTINEZ-LORENTE, A. 2003. Effects of ISO 9000 certification on firms performance: a vision from the market. Total Quality Management & Business Excellence, 14, 1179-1191. MARTINEZ-LORENTE, A. R. & MARTINEZ-COSTA, M. 2004. ISO 9000 and TQM: substitutes or complementaries?: An empirical study in industrial companies. International Journal of Quality & Reliability Management, 21, 260-276. MATHIESON, K. 1991. Predicting user intentions: comparing the technology acceptance model with the theory of planned behavior. Information Systems Research, 2, 173-191. MCWILLIAMS, A. & SIEGEL, D. 1997. Event studies in management research: Theoretical and empirical issues. Academy of Management Journal, 626-657. MEARS, L. & VON SOLMS, R. 2007. Corporate Information Security Governance: a Holistic Approach. Citeseer. MEEK, B. L. 1990. Changing people's attitudes: personal views. Computer Standards & Interfaces, 10, 29-36. MUTH, J. F. 1961. Rational expectations and the theory of price movements. Econometrica: Journal of the Econometric Society, 29, 315-335. NCC 1992. Security Breaches Survey. Manchester, UK: National Computing Centre. PWC 2010. Trial by fire – What global executives expect of information security. RAO, H. 1994. The social construction of reputation: Certification contests, legitimation, and the survival of organizations in the American automobile industry: 1895-1912. Strategic Management Journal, 15, 29-44. RAO, S. S., RAGU-NATHAN, T. & SOLIS, L. E. 1997. Does ISO 9000 have an effect on quality management practices? An international empirical study. Total Quality Management & Business Excellence, 8, 335-346. RICHARDSON, R. 2008. CSI computer crime and security survey. Computer Security Institute, 1-30. SIPONEN, M. & WILLISON, R. 2009. Information security management standards: Problems and solutions. Information & Management, 46, 267-270. SIPONEN, M. T. 2000. A conceptual foundation for organizational information security awareness. Information Management & Computer Security, 8, 31-41. SIPONEN, M. T. 2005. An analysis of the traditional IS security approaches: implications for research and practice. European Journal of Information Systems, 14, 303-315. SMITH, E. & ELOFF, J. H. P. 2002. A prototype for assessing information technology risks in health care. Computers & Security, 21, 266-284. STRAUB, D. W. & STRAUB, W. 1990. Effective IS security. Information Systems Research, 1, 255-276. SUN, L., SRIVASTAVA, R. P. & MOCK, T. J. 2006. An information systems security risk assessment model under the Dempster-Shafer theory of belief functions. Journal of Management Information Systems, 22, 109-142. TEJAY, G. 2005. Making sense of information systems security standards. AMCIS 2005 Proceedings, 450. TERLAAK, A. & KING, A. A. 2006. The effect of certification with the ISO 9000 Quality Management Standard: A signaling approach. Journal of Economic Behavior & Organization, 60, 579-602. TERZIOVSKI, M., SAMSON, D. & DOW, D. 1997. The business value of quality management systems certification. Evidence from Australia and New Zealand. Journal of operations management, 15, 1-18. TSEC 2001. 台灣股市相關政策對股市之影響. VON SOLMS, B. 2000. Information security-The third wave. Computers & Security, 19, 615-620. VON SOLMS, B. 2001a. Corporate governance and information security. Computers & Security, 20, 215-218. VON SOLMS, B. 2001b. Information Security--A Multidimensional Discipline. Computers & Security, 20, 504-508. VON SOLMS, R. 1999. Information security management: why standards are important. Information Management & Computer Security, 7, 50-58. WIANDER, T. Positive and negative findings of the ISO/IEC 17799 framework. 2007. WIANDER, T. Implementing the ISO/IEC 17799 standard in practice: experiences on audit phases. 2008. Australian Computer Society, Inc., 115-119. WITHERS, B. & EBRAHIMPOUR, M. 2000. Does ISO 9000 certification affect the dimensions of quality used for competitive advantage? European Management Journal, 18, 431-443. 張維君 2008. 揭開ISO 27001輔導－驗證內幕. 資安人.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/65600	-
dc.description.abstract	ISO27001是一個近年來十分受到矚目的資訊安全管理制度(ISMS)標準，但實務上還很欠缺關於其效益的相關研究。因此，為了填補這個研究缺口，本研究採用事件研究法為主要研究方法，以財務指標探討ISO27001在取得認證的事件發生後，是否會帶來異常報酬。透過456家在台通過認證的組織，我們篩選出23家公開上市公司，並以統計方法驗證他們的股價和總資產報酬率(ROA) 在短期與長期上的表現。實驗結果指出，ISO27001的認證並無法帶來任何異常的財務表現，因此我們建議組織應重新評估導入認證的必要性，以找出更有效率的資訊安全管理方法，同時建議未來研究可更深入瞭解ISO27001對內部流程改善的效益，並擴展研究標的至其他層面的指標。	zh_TW
dc.description.abstract	ISO27001 is a popular certification on Information Security Management System (ISMS). However, there are very few empirical studies investigating the market impact of ISO27001. In this research, we employed event study to analyze the financial impact of organizations after obtaining ISO 27001 certification in Taiwan. Among 456 certified organizations, we selected 23 public firms as samples and tested their stock price as well as ROA performance in both short-term and long-term. The results indicate that ISO27001 certification did not lead to significant abnormal performance. Hence, we argue that the necessity of certification should be reconsidered and future research can pay more attention on ISO27001 certification’s value in other dimensions and its contribution on internal improvement.	en
dc.description.provenance	Made available in DSpace on 2021-06-16T23:53:06Z (GMT). No. of bitstreams: 1 ntu-101-R98725051-1.pdf: 689560 bytes, checksum: d581f5ecbcee483cadc6c1506148a81d (MD5) Previous issue date: 2012	en
dc.description.tableofcontents	Thesis Abstract 5 List of Tables 8 List of Figures 8 Chapter 1. Introduction 9 1.1 Research Motivation and Scope 9 1.2 Research Purpose 13 Chapter 2. Literatures Review 15 2.1 The evolution of information security research 16 2.2 The value of information security standard 21 2.3 The value of information security certification 23 2.4 Hypotheses development 24 Chapter 3. Methodology 27 3.1 Event Study 27 3.2 Sample Collection 28 3.3 Empirical study 31 3.3.1 Method for short-term effect 31 3.3.2 Method for long-term effect 32 3.3.3 Abnormal return calculation 34 3.3.4 Significant Test 36 Chapter 4. Result and Discussion 37 4.1 Short-term result 37 4.1.1 Event period (-1,0) 37 4.1.2 Event period (0,1) 40 4.1.3 Event period (-1,1) 40 4.1.4 Event period (-2,2) 40 4.1.5 Event period (-3,3) 41 4.1.6 Analysis of short-term result 41 4.2 Long-term result 42 4.3 Discussion 43 4.3.1 Analysis of the insignificant result 43 4.3.2 Suggestions 47 Chapter 5. Conclusion 48 5.1 Conclusion 48 5.2 Contribution 49 5.3 Limitation and future direction 49 References 50
dc.language.iso	en
dc.subject	ISO27001	zh_TW
dc.subject	資訊安全管理制度	zh_TW
dc.subject	資訊安全標準	zh_TW
dc.subject	資訊安全認證	zh_TW
dc.subject	事件研究法	zh_TW
dc.subject	information security standard	en
dc.subject	Information Security Management System	en
dc.subject	IS27001	en
dc.subject	Event Study	en
dc.subject	information security certification	en
dc.title	ISO27001對組織市場價值之影響－以台灣市場為例	zh_TW
dc.title	The impact of ISO27001 on organizations’ market value - - An empirical research in Taiwan	en
dc.type	Thesis
dc.date.schoolyear	100-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	張欣綠(Hsin-Lu Chang),戴基峰(Chi-Feng Tai)
dc.subject.keyword	ISO27001,資訊安全管理制度,資訊安全標準,資訊安全認證,事件研究法,	zh_TW
dc.subject.keyword	IS27001,Information Security Management System,information security standard,information security certification,Event Study,	en
dc.relation.page	55
dc.rights.note	有償授權
dc.date.accepted	2012-07-20
dc.contributor.author-college	管理學院	zh_TW
dc.contributor.author-dept	資訊管理學研究所	zh_TW
顯示於系所單位：	資訊管理學系

文件中的檔案：

檔案	大小	格式
ntu-101-1.pdf 未授權公開取用	673.4 kB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。