請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/7025
完整後設資料紀錄
DC 欄位 | 值 | 語言 |
---|---|---|
dc.contributor.advisor | 許瑋元 | |
dc.contributor.author | Ang Lu | en |
dc.contributor.author | 呂昂 | zh_TW |
dc.date.accessioned | 2021-05-17T09:24:22Z | - |
dc.date.available | 2012-08-20 | |
dc.date.available | 2021-05-17T09:24:22Z | - |
dc.date.copyright | 2012-08-20 | |
dc.date.issued | 2012 | |
dc.date.submitted | 2012-08-19 | |
dc.identifier.citation | Reference
AM Lima, M., Resende, M., & Hasenclever, L. (2000). Quality certification and performance of Brazilian firms: an empirical study. International Journal of Production Economics, 66(2), 143–147. Anderson, M., Banker, R. D., & Hu, N. (2003). Returns on investment in information technology. Proceedings of Twenty-Fourth International Conference on Information Systems (pp. 563–575). Ashenden, D. (2008). Information Security management: A human challenge? Information Security Technical Report, 13(4), 195–201. Barber, B. M., & Lyon, J. D. (1996). Detecting abnormal operating performance: The empirical power and specification of test statistics. Journal of Financial Economics, 41(3), 359–399. Barber, B. M., & Lyon, J. D. (1997). Detecting long-run abnormal stock returns: The empirical power and specification of test statistics. Journal of Financial Economics, 43(3), 341–372. Boehmer, W. (2009). Cost-benefit trade-off analysis of an ISMS based on ISO 27001. Availability, Reliability and Security, 2009. ARES’09. International Conference on (pp. 392–399). Boehmer, Wolfgang. (2008). Appraisal of the Effectiveness and Efficiency of an Information Security Management System Based on ISO 27001 (pp. 224–231). IEEE. Calder, A. (2006). Information Security Based on ISO 27001/ISO 17799: A Management Guide. Van Haren Publishing. Campbell, K., Gordon, L. A., Loeb, M. P., & Zhou, L. (2003). The economic cost of publicly announced information security breaches: empirical evidence from the stock market. Journal of Computer Security, 11(3), 431–448. Carr, N. G. (2003). IT doesn’t matter. Educause Review, 38, 24–38. Casadesus, M., & Gimenez, G. (2000). The benefits of the implementation of the ISO 9000 standard: empirical research in 288 Spanish companies. The TQM Magazine, 12(6), 432–441. Chai, S., Kim, M., & Rao, H. R. (2011). Firms’ information security investment decisions: Stock market evidence of investors’ behavior. Decision Support Systems, 50(4), 651–661. Corbett, C. J., Montes-Sancho, M. J., & Kirsch, D. A. (2005). The financial impact of ISO 9000 certification in the United States: An empirical analysis. Management Science, 1046–1059. COSO. (2004). Enterprise Risk Management — Integrated Framework: Executive Summary. Docking, D. S., & Dowen, R. J. (1999). Market interpretation of ISO 9000 registration. Journal of Financial Research, 22(2), 147–60. Dos Santos, B. L., Peffers, K., & Mauer, D. C. (1993). The impact of information technology investment announcements on the market value of the firm. Information Systems Research, 4(1), 1–23. Foster, G. (1973). Stock Market Reaction to Estimates of Earnings per Share by Company Officials. Journal of Accounting Research, 11(1), 25–37. Goel, S., & Shawky, H. A. (2009). Estimating the market impact of security breach announcements on firm values. Information & Management, 46(7), 404–410. Hendricks, K. B., & Singhal, V. R. (1997). Does implementing an effective TQM program actually improve operating performance? Empirical evidence from firms that have won quality awards. Management Science, 1258–1274. Hsu, C. W. (2009). Frame misalignment: interpreting the implementation of information systems security certification in an organization. European Journal of Information Systems, 18(2), 140–150. Im, K. S., Dow, K. E., & Grover, V. (2001). Research Report: A Reexamination of IT Investment and the Market Value of the Firm–An Event Study Methodology. Information Systems Research, 12(1), 103–117. Jeng, Y. C. (1998). Performance evaluation of ISO 9000 registered companies in Taiwan. The TQM Magazine, 10(2), 132–138. Ku, C.-Y., Chang, Y.-W., & Yen, D. C. (2009). National information security policy and its implementation: A case study in Taiwan. Telecommunications Policy, 33(7), 371–384. Schultz, E. E. (2004). Sarbanes-Oxley–a huge boon to information security in the US. Computers & Security, 23(5), 353–354. Simmons, B. L., & White, M. A. (1999). The relationship between ISO 9000 and business performance: does registration really matter? Journal of Managerial Issues, 330–343. Terlaak, A., & King, A. A. (2006). The effect of certification with the ISO 9000 Quality Management Standard: A signaling approach. Journal of Economic Behavior & Organization, 60(4), 579–602. Terziovski, M., Power, D., & Sohal, A. S. (2003). The longitudinal effects of the ISO 9000 certification process on business performance. European Journal of operational research, 146(3), 580–595. Tong, C. K. ., Fung, K. ., Huang, H. Y. ., & Chan, K. . (2003). Implementation of ISO17799 and BS7799 in picture archiving and communication system: local experience in implementation of BS7799 standard. International Congress Series, 1256(0), 311–318. von Solms, B. (2000). Information Security — The Third Wave? Computers & Security, 19(7), 615–620. Weill, P. (1992). The relationship between investment in information technology and firm performance: a study of the valve manufacturing sector. Information Systems Research, 3(4), 307–333. Woolridge, J. R., & Snow, C. C. (1990). Stock market reaction to strategic investment decisions. Strategic Management Journal, 11(5), 353–363. | |
dc.identifier.uri | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/7025 | - |
dc.description.abstract | 近來,資訊安全成為了家喻戶曉的重要議題。由於企業及組織對於資訊科技的使用及依賴日益增加,以及資訊安全事件對於組織帶來的負面衝擊愈加嚴重,資訊安全已經成為管理階層最為重要的考量議題之一。另一方面,由於個人對於資訊安全的意識逐漸提昇,企業必須有效提昇其資訊安全的品質以增進消費者信心。然而,隨著資訊科技在組織中的角色轉變,資訊安全已經由單純的技術議題,轉變為企業層級的管理議題。一套建立良好資訊安全管理的有效辦法,是目前企業至為需要的。ISO 27001資訊安全標準提供了一套建立資訊安全管理系統的規範及指引。ISO 27001資訊安全認證更進一步展示了企業在資訊安全方面的規範遵循以及優越性。然而ISO 27001資訊安全認證的成本極高,我們想要了解究竟此認證是否可以作為一個競爭優勢,帶給企業正向的財務方面績效。我們採用了事件研究法,針對美國以及部分歐洲國家的公司進行研究分析。我們發現無論是以財務績效衡量,或者是以股票市場績效衡量,ISO 27001並未對認證公司帶來任何的正面衝擊。我們將這個結果歸因於ISO 27001的本質,即良好的資訊安全管理可能會被視為公司的責任與義務,而非競爭優勢。另一方面,我們發現大部分的樣本公司,其認證都只涵蓋了部分營業單位或廠房設施,而非整體公司的認證。這可能會被視為不盡完善的資訊安全管理規劃。 | zh_TW |
dc.description.abstract | In the recent years, information security has become a household name and gained enormous public attention. The extensive use and dependence on information technology (IT) of businesses and organizations, along with worsening impact that IT incidents brings has made information security one of the top concerns of the management. Moreover, individual awareness of information security would require corporations to invest and highlight their efforts in securing their handling of information to gain customer confidence. However, the extensive use of IT has made information security a complicated management issue at corporate level. The guidance of an information security management would be urgently in need. ISO 27001 standard provides guidance to a sound information security management system (ISMS). The certification of ISO 27001 further shows compliance and excellence in it. As the costs incurred during the implementation and accreditation are considerable, we would like to discover whether the certification benefits financially by acting as a competitive advantage. We took the event study methodology with samples from United States and selected European countries to investigate the impact after certification. In the results, we have found no evidence that ISO 27001 certification brings positive impact in terms of financial and stock market performance. We attribute the results to the nature of ISO 27001 that a good information security management would bee seen as an obligation, or “meeting the requirements”, instead of a competitive advantage. We also took the scope of the certification as an explanation, where most of the certification only covers part of the organization, instead of a full-scope. This would be seen as a compromised commitment in information security. | en |
dc.description.provenance | Made available in DSpace on 2021-05-17T09:24:22Z (GMT). No. of bitstreams: 1 ntu-101-R99725002-1.pdf: 593173 bytes, checksum: 4065be13e05699374b64d9ea8f59e78e (MD5) Previous issue date: 2012 | en |
dc.description.tableofcontents | TABLE OF CONTENTS
CHAPTER 1. INTRODUCTION 1 1.1 Research Motivation 1 1.2 Research Objective 5 CHAPTER 2. LITERATURE REVIEW 7 2.1 Research Background 7 2.1.1 ISO 27001 Standard And Certification 7 2.1.2 ISO 27001 Research 10 2.1.3 IT Investment Research 12 2.1.4 ISO 9001 Certification Research 15 2.2 Hypotheses Development 19 2.2.1 Financial Approach 19 2.2.2 Market Approach 21 CHAPTER 3. RESEARCH METHODOLOGY 22 3.1 Event Study 22 3.2 Event Study on Operating Performance 24 3.3 Event Study on Stock Market Return 27 3.4 Samples 29 3.5 Control Firms 32 3.5.1 Matching Criteria for Operating Performance 32 3.5.2 Matching Criteria for Stock Market Performance 33 3.6 Statistical Test 35 CHAPTER 4. RESULTS AND ANALYSIS 37 4.1 Results 37 4.2 Analysis 42 CHAPTER 5. CONCLUSION 45 5.1 Conclusion 45 5.2 Limitations 46 5.3 Future Research 47 REFERENCE 48 LIST OF TABLES Table 2.1 Summary of IT Investment Studies 14 Table 2.2 Summary of ISO 9001 Studies 18 Table 4.1 Student’s t-test result, one-to-one matching 39 Table 4.2 Student’s t-test result, portfolio matching 39 Table 4.3 Wilcoxon signed-rank test result, one-to-one matching 40 Table 4.4 Wilcoxon signed-rank test result, portfolio matching 40 Table 4.5 Buy-and-Hold Abnormal Return, one-to-one matching 41 Table 4.6 Buy-and-Hold Abnormal Return, portfolio matching 41 | |
dc.language.iso | en | |
dc.title | ISO 27001認證對於企業績效之影響 | zh_TW |
dc.title | The Impact of ISO 27001 Certification on Firm Performance | en |
dc.type | Thesis | |
dc.date.schoolyear | 100-2 | |
dc.description.degree | 碩士 | |
dc.contributor.oralexamcommittee | 張欣綠,戴基? | |
dc.subject.keyword | 資訊安全,ISO 27001,資訊安全管理系統,事件研究, | zh_TW |
dc.subject.keyword | Information security,ISO 27001,ISMS,event study, | en |
dc.relation.page | 52 | |
dc.rights.note | 同意授權(全球公開) | |
dc.date.accepted | 2012-08-19 | |
dc.contributor.author-college | 管理學院 | zh_TW |
dc.contributor.author-dept | 資訊管理學研究所 | zh_TW |
顯示於系所單位: | 資訊管理學系 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-101-1.pdf | 579.27 kB | Adobe PDF | 檢視/開啟 |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。