請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/8048
完整後設資料紀錄
DC 欄位 | 值 | 語言 |
---|---|---|
dc.contributor.advisor | 許瑋元(Wei-Yuan Hsu) | |
dc.contributor.author | YU-CHI CHIANG | en |
dc.contributor.author | 江昱其 | zh_TW |
dc.date.accessioned | 2021-05-19T18:04:20Z | - |
dc.date.available | 2022-10-23 | |
dc.date.available | 2021-05-19T18:04:20Z | - |
dc.date.copyright | 2012-08-01 | |
dc.date.issued | 2012 | |
dc.date.submitted | 2012-07-26 | |
dc.identifier.citation | [1] Abbasi, A., Zhang, Z., Zimbra, D., Chen, H., and Nunamaker, J. J. F. 2010. Detecting fake websites: the contribution of statistical learning theory. MIS Quarterly, 34:435‐461.
[2] Adams, R. and D. Ferreira 2007. A theory of friendly boards. The Journal of Finance, 62(1):217-250 [3] Agrawal, A. and C. Knoeber. 1996. Firm performance and mechanisms to control agency problems between managers and shareholders. Journal of Financial and Quantitative Analysis, 31: 377-397. [4] Ashbaugh-Skaife, H., D. W. Collins, and W. R. Kinney Jr. 2007. The Discovery and Reporting of Internal Control Deficiencies prior to SOX-Mandated Audits. Journal of Accounting and Economics, 44: 166-192. [5] Baliga, B. R., N. C. Moyer, and R. S. Rao 1996. CEO duality and firm performance: What’s the fuss. Strategic Management Journal, 17(1):41–53. [6] Baysinger, B. D., and R. E. Hoskisson 1990. The Composition of Boards of Directors and Strategic Control: Effects on Corporate Strategy. Academy of Management Review, 15:72-87. [7] Beasley, M. S. 1996. An empirical Analysis of the Relation between the Board of Director Composition and Financial Statement Fraud. The Accounting Review, 71: 443-465. [8] Becker, G. 1964. Human Capital. New York: Columbia University Press. [9] Berle, A. and Means. G. C. 1932. The Modern Corporation and Private Property, New York: Macmillan Publishing Co. [10] Besnard, D and Arief, B. 2004. Computer security impaired by legitimate users. Computers and Security, 23:253–64. [11] Bilbao A. TUAR 1992. A model of risk analysis in the security field. CH3119-5/92. IEEE. [12] Boss, S. R., Kirsch, L. J., Angermeier, I., Shingler, R. A., and Boss, R. W. 2009. If Someone is Watching, I’ll Do What I’m Asked: Mandatoriness, Control, and Information Security. European Journal of Information Systems, 18:151-164. [13] Boyd, B. 1990. Corporate Linkages and Organizational Environment: A Test of the Resource Dependence Model. Strategic Management Journal, 11:419-430. [14] Boyd, B. K. 1994. Board Control and CEO Compensation. Strategic Management Journal, 15: 335-344. [15] CGTF (Corporate Governance Task Force) Report, (2004) Information Security Governance, A Call to Action, National Cyber Security Summit Task Force, URL www.cyberpartnership.org/InfoSecGov4_04.pdf , Accessed 17 May 2004. [16] Dalton, D. R., Daily, C. M., Ellstrand, A. E., and Johnson, J. L. 1998. Meta-analytic reviews of board composition, leadership structure, and financial performance. Strategic Management Journal, 19: 269-290. [17] Dalton, D. R., Daily, C. M., Ellstrand, A. E., and Johnson, J. L. 1999. Number of directors and financial performance: A meta-analysis. Academy of Management Journal, 42: 674-686. [18] Damianides M. 2005. Sarbanes-oxley and IT governance: new guidance on IT control and compliance. Information Systems Management, 22(1):77–85. [19] D’Arcy, J., Hovav, A., and Galletta, D. F. 2009. User Awareness of Security Countermeasures and its Impact on Information Systems Misuse: A Deterrence Approach. Information Systems Research , 20(1): 79-98. [20] Davis, J.H., Schoorman, F.D., and Donaldson, L. 1997. Toward a stewardship theory of management. Academy of Management Review, 22: 20-47. [21] Dhillon, G. and Mishra, S. 2006. The Impact of Sarbanes-Oxley Act on Information Security Governance. In Enterprise Information Systems Assurance and Systems Security: Managerial and Technical Issues. Eds Warkentin, M. and Vaughn, R. Hershey PA, Idea Gr. [22] Dhillon G. 2001. Violation of safeguards by trusted personnel and understanding related information security concerns. Computers and Security, 20:165e72. [23] DiPietro, R. and L. V. Mancini. 2003. Security and privacy issues of handheld and wearable wireless devices. Communications ACM, 46(9):74–79. [24] Donaldson, L., and Davis, J.H. 1989. CEO governance and shareholder returns: Agency theory or stewardship theory. Paper presented at the annual meeting of the Academy of Management, Washington, DC. [25] Donaldson, L., and Davis, J. H. 1991. Stewardship theory or agency theory: CEO governance and shareholder returns. Australian Journal of Management, 16: 49-64. [26] Donaldson, L., 1985, In Defence of Organization Theory. A Reply to the Critics (Cambridge, Cambridge University Press). [27] Douma, S., R. George, and R. Kabir. 2006. Foreign and Domestic Ownership, Business Groups, and Firm Performance: Evidence from a Large Emerging Market. Strategic Management Journal, 27: 637-657. [28] Eisenhardt, K. M. 1989. Agency theory: An assessment and review. Academy of Management Review, 14: 57-74. [29] Eloff, J. H. P., Labuschagne, L., and Badenhorst, K. P. 1993. A Comparative Framework for Risk Analysis Methods, Computers and Security, 12 (6) :597-603. [30] Evans, D. S. 1987. The Relationship between Firm Growth, Size, and Age: Estimates for 100 Manufacturing Industries. Journal of Industrial Economics, 35(4):567-81. [31] Farber, D. B. 2005. Restoring trust after fraud: Does corporate governance matter? The Accounting Review , 80: 539-561. [32] Fama, E. F., and M. C. Jensen. 1983. Separation of ownership and control. Journal of Law and Economics, 26: 301-325. [33] Finkelstein, S., and D'Aveni, R. A. 1994. CEO duality as a double-edged sword: How boards of directors balance entrenchment avoidance and unity of command. Academy of Management Journal, 37: 1079-1108. [34] Golden, B. R. and E. J. Zajac. 2001. When will boards influence strategy? Inclination×Power=Strategic change. Strategic Management Journal, 22: 1087-1111. [35] Gordon, L. A., M. P. Loeb, and C. Y. Tseng. 2009. Enterprise Risk Management and Firm Performance: A Contingency Perspective. Journal of Accounting and Public Policy, 28: 301-327. [36] Harris S. 2003. All-in-one CISSP certification exam guide, second edition, McGraw-Hill/Osborne Media, pp20-21. [37] Heracleous, L. 2001. What is the impact of corporate governance on organizational performance? Corporate Governance: An International Review, 9 (3):165-73 [38] Hone K, Eloff JHP. 2002. Information security policy – what do international standards say? Computers and Security, 21(5):402–9. [39] Huse, M. 2005. Accountability and Creating Accountability: a Framework for Exploring Behavioural Perspectives of Corporate Governance. British Journal of Management, 16: S65-S79. [40] ISACF (2001). Information Security Governance: Guidance for Boards of Directors and Executive Management. Information Systems Audit and Control Foundation. (online). (cited 05 May 2005). Available on Internet: URL http://www.isaca.org/Content/ContentGroups/ITGI3/Resources1/Information_Security_Governance_Guidance_for_Boards_of_Directors_and_Executive_Management/infosecurity.pdf. [41] ISO/IEC. Information technology – code of practice for information security management, ISO/IEC 27002:2005. The International Organization for Standardization/The International Electrotechnical Commission; 2005. [42] ITGI 1(IT Governance Institute), 2001. Information Security Governance: Guidance for Board of Directors and Executive Management, IT Governance Institute (ITGI), URL www.itgi.org, Accessed 17 May 2005. [43] ITGI 2 (IT Governance Institute), 2003. IT Governance Executive Summary, URL www.itgi.org, Accessed 18 April 2004. [44] Jahner, S., and Krcmar, H. 2005. Beyond Technical Aspects of Information Security: Risk Culture as a Success Factor for IT Risk Management. In Proceedings of the 11 th Americas Conference on Information Systems, Omaha, NE, August 11-14. [45] James, H. S. 1999. Owner as manager, extended horizons and the family firm. International Journal of the Economics of Business, 6 (1): 41-56. [46] Jensen, M.C and W.H. Mecking 1976. Theory of The Firm: Managerial Behavior, Agency Costs and Ownership Structure. Journal of Financial Economics ,3: 305-360. [47] Kailey MP and Jarratt P. 1995. RAMeX: a prototype expert system for computer security risk analysis and management. Computers and Security, 14(5):449 e 63. [48] Knapp, K. J., Franklin, M. R., Marshall, T. E., and Byrd, T. A. 2009. Information Security Policy: An Organizational-Level Process Model. Computers and Security, 28(7): 493-508. [49] Knapp K, Marshall T. E., Rainer R. K., Ford F. N. 2006. Information security: management’s effect on culture and policy. Information Management and Computer Security, 14(1):24–36. [50] Kor, Y. Y. 2006. Direct and interaction effects of top management team and board compositions on R&D investment strategies. Strategic Management Journal, 27: 1081–99. [51] Kosnik, R. D. 1987. Greenmail: A study of board performance in corporate governance. Administrative Science Quarterly, 32:163-185. [52] Kraemer, S., Carayon, P. and Clem, J. 2009. Human and organizational factors in computer and information security: Pathways to vulnerabilities. Computers and Security, 28. [53] Kritzinger and E. Smith 2008. Information security management: an information security retrieval and awareness model for industry. Computers and Security, 27:224–231. [54] La Porta, R., F. Lopez-de-Silanes, and A. Shleifer. 1999. Corporate ownership around the world. Journal of Finance, 54: 471-517. [55] Letza, S., Sun, X. and Kirkbride, J. 2004. Shareholding versus Stakeholding: a critical review of corporate governance. Corporate Governance: An International Review, 12(3): 242–262. [56] Lihong, Z., Casconcelos, A., and Nunes, M. 2008. Supporting decision making in risk management through an evidence-based information systems project risk checklist. Information Management and Computer Security, 16 (2):166–186. [57] Luthy D. and Forcht K. 2006. Laws and regulations affecting information management and frameworks for assessing compliance. Information Management and Computer Security, 14(2):155-166. [58] Ning, P., Y. Cui, D. S. Reeves, D. Xu. 2004. Techniques and tools for analyzing intrusion alerts. ACM Trans. Inform. System Security, 7(2): 274–318. [59] Nosworthy J. 2000. Implementing information security in the 21stCentury – do you have the balancing factors? Computers and Security, 19(4):337–47. [60] Pahnila, S., Siponen, M., and Mahomood, A. 2007. Employees’ Behavior Towards IS Security Policy Compliance. Proceedings of the 40th Annual Hawaii International Conference on System Sciences, IEEE Computer Society, p.156b. [61] Pfeffer, J. 1972. Size and composition of corporate boards of directors: The organization and its environment. Administrative Science Quarterly, 17: 218–28. [62] Pfeffer, J. and Salancik, G. R. 1978. The External Control of Organizations: A Resource Dependency Perspective. Harper and Row, NewYork. [63] Pound, J. 1988. Proxy Contests and the Efficiency of Shareholder Oversight. Journal of Financial Economics, 20:237-265 [64] Posthumus S and Von Solms R. 2004. A framework for the governance of information security. Computers and Security, 23(8):638–46. [65] Rechner, P. L. and D. R. Dalton 1989. The Impact of CEO as Board Chairperson on Corporate Performance. Academy of Management Executive, 2:141-143 [66] Rechner, P. L. and D. R. Dalton 1991. CEO duality and organizational performance: A longitudinal analysis. Strategic Management Journal, 12(2):155–160. [67] Richard P. W. 1997. Iris recognition: An emerging biometric technology, Proc. IEEE 85 (9):1348–1363. [68] Ruighaver AB, Maynard SB, and Chang S. 2007. Organizational security culture: extending the end-user perspective. Computers and Security, 26(1):56–62. [69] Sarathy, R. and K. Muralidhar. 2002. The security of confidential numerical data in databases. Information Systems Research, 13(4) :389–403. [70] Sandhu, R. and P. Samarati. 1996. Authentication, access control, and audit. ACM Computing Surveys, 28(1): 241–243. [71] Shleifer, Andrei, and Robert Vishny 1986. Large shareholders and corporate control. Journal of Political Economy, 94: 461-488. [72] Shleifer, Andrei, and Robert W. Vishny, 1997, A survey of corporate governance, Journal of Finance, 52: 737-783. [73] Siponen, M. T. 2005. An analysis of the traditional is security approaches: implications for research and practice. European Journal of Information Systems, 14 (3):303–315. [74] Straub D. W. 1990. Effective IS security: an empirical study. Information Systems Research, 1(3):255–76. [75] Straub, D. W. and Welke, R. J. 1998. Coping with systems risk: Security planning models for management decision making. MIS Quarterly, 23(4): 441–469. [76] Siponen, M. T. and Vance, A. 2010. Neutralization: New Insight into the Problem of Employee Information Systems Security Policy Violations. MIS Quarterly, 34(3):487-502. [77] Ransbotham, S. and S. Mitra 2009. Choice and chance: A conceptual model of paths to information security compromise. Information Systems Research , 20 (1): 121–139. [78] Thomson, M.E. and von Solms, R. 1998. Information security awareness: educating our users effectively. Information Management and Computer Security, 6( 4):167-73. [79] Volonino L, Gessner GH, Kermis GF. 2004. Holistic compliance with sarbanes-oxley. Communications of the Association for Information Systems, 14:219–33. [80] Von Solms, B. 2000. Information Security – The Third Wave? Computers and Security, 19:615–620. [81] Von Solms, B. 2006. Information security – the fourth wave. Computers and Security, 25:165–168. [82] Von Solms, B. and von Solms, R. 2006(a). Information security governance: Due care. Computers and Security, 25(7): 494-497. [83] Walsh, J. P., and J. K. Seward. 1990. On the Efficiency of Internal and External Corporate Control Mechanisms. The Academy of Management Review, 15: 421-458. [84] Warkentin, M., and Willison, R. 2009. Behavioral and Policy Issues in Information Systems Security: The Insider Threat. European Journal of Information Systems, 18 (2) :101-105. [85] Werlinger R, Hawkey K, Beznosov K. 2009. An integrated view of human, organizational, and technological challenges of IT security management. Information Management and Computer Security, 17(1):4–49. [86] Westphal, J. D. and E. J. Zajac 1995. Who shall govern? CEO/board power, demographic similarity, and new director selection. Administrative Science Quarterly, 40:60–83. [87] Westphal, J. D. 1999. Collaboration in the boardroom: Behavioral and performance consequences of CEO-board social ties. Academy of Management Journal, 42: 7-24. [88] Whitman, M. 2003. Enemy at the Gate: Threats to Information Security. Communications of the ACM, 46 (8) : 91-95. [89] Woodhouse, Steven, 2007 .Information Security: End User Behavior and Corporate Culture. 7th IEEE International Conference on Computer and Information Technology. [90] Zahra, S. A. and J. A. PearceⅡ. 1989. Boards of directors and corporate financial performance: A review and integrative model. Journal of Management, 15: 291–334. [91] Zajac, E. J. and J. D. Westphal. 1996. Director reputation, CEO-board power, and the dynamics of board interlocks. Administrative Science Quarterly, 41(3):507-529. [92] 洪國興、季延平、趙榮耀 ,2003,<組織制定資訊安全政策對資訊安全影響之研究>,《資訊管理研究》,第 3 期,頁65-96。 [93] 李存修、葉銀華、柯承恩,2002,公司治理與評等系統,商智文化 | |
dc.identifier.uri | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/8048 | - |
dc.description.abstract | 本研究的主要目的在於探討台灣上市(櫃)公司董事會組成對於公司資訊安全管理有效性的關聯性。透過管家理論的觀點,以台灣經濟新報資料庫(TEJ)取得董事會組成資料,如:總經理的雙元性、內部董事比例、獨立董事比例,結合手動搜尋網站資料所取得的資訊安全事件樣本,探討董事會組成是否影響資訊安全事件發生的可能性以及資訊安全事件發生的次數。結果顯示,獨立董事占董事總席次的比例愈高,其資訊安全管理有效性愈差。此外,本研究將進一步的透過股權型態的分類來探討探討董事會組成對於公司資訊安全管理有效性的影響,其結果發現,股權型態為家族型態,其內部董事比例愈高、公司規模愈小、獨立董事比例愈低,資訊安全管理成效愈高。股權型態為非家族型態,其董事長與總經理由不同人兼任的企業,資訊安全管理成效愈高。 | zh_TW |
dc.description.abstract | This thesis focuses on the relationship between the effectiveness of information security management and the composition of the board. We build our hypotheses based on the stewardship theory. Using the data from Corporate Governance DB of Taiwan Economic Journal and the manually-searched information security breaches from Information Security and UDN website, we investigate that whether the composition of the board could affect the occurrence of information security breaches. Our results demonstrate that as the percentage of independent director increases, the effectiveness of information security management decreases. Furthermore,we also investigate the association between the effectiveness of information security management and the composition of the board after classifying by ownership structure- family firm or non-family firm. Our results demonstrate that for family firm, as the percentage of insider director increases, the size of company decreases, and the percentage of independent director has a negative impact on the effectiveness of information security management increase. For non-family firm, chairman and chief executive officer taken by different people has a good impact on the effectiveness of information security management. | en |
dc.description.provenance | Made available in DSpace on 2021-05-19T18:04:20Z (GMT). No. of bitstreams: 1 ntu-101-R99725031-1.pdf: 1353198 bytes, checksum: f257b2ce84a8e10b3d738f72df805130 (MD5) Previous issue date: 2012 | en |
dc.description.tableofcontents | 目錄 i
表目錄 ii 第一章 導論 1 第一節 研究動機與目的 1 第二節 研究問題 3 第三節 研究架構 4 第二章 文獻探討 5 第一節 資訊安全管理相關議題探討 5 第二節 公司治理議題 9 第三章 研究方法 14 第一節 管家理論 14 第二節 研究假說 16 第四章 研究設計 19 第一節 研究資料 19 第二節 研究方法 26 第五章 實證結果與分析 28 第一節 模型之實證結果 28 第二節 整體討論與分析 32 第三節 額外測試 34 第六章 結果與建議 38 第一節 研究結果與貢獻 38 第二節 研究限制與建議 39 文獻參考 41 | |
dc.language.iso | zh-TW | |
dc.title | 董事會組成與資訊安全管理有效性之關聯性研究
-以管家理論為觀點 | zh_TW |
dc.title | The Effective of Information Security Management and Board Composition: A Stewardship Perspective | en |
dc.type | Thesis | |
dc.date.schoolyear | 100-2 | |
dc.description.degree | 碩士 | |
dc.contributor.oralexamcommittee | 張欣綠,戴基? | |
dc.subject.keyword | 資訊安全管理,公司治理,董事會架構,管家理論, | zh_TW |
dc.subject.keyword | information security management,corporate governance,board composition,stewardship theory, | en |
dc.relation.page | 47 | |
dc.rights.note | 同意授權(全球公開) | |
dc.date.accepted | 2012-07-26 | |
dc.contributor.author-college | 管理學院 | zh_TW |
dc.contributor.author-dept | 資訊管理學研究所 | zh_TW |
顯示於系所單位: | 資訊管理學系 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-101-1.pdf | 1.32 MB | Adobe PDF | 檢視/開啟 |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。