透過您的圖書館登入 IP:18.226.177.223
透過您的圖書館登入
IP:18.226.177.223
  • 精確檢索 : 冠狀病毒
  • 模糊檢索 : 冠狀病毒
  • 冠狀病毒感染
    冠狀病毒疾病
  • 查詢出版品: 冠狀病毒
進階查詢
查詢歷史
主題瀏覽
  • 學位論文

以風險的角度探討資訊安全委外意圖

Analyzing Information Security Outsourcing Intention: A Risk Perspective

詹偉銘(Wei-Ming Chan)
指導教授 : 許瑋元
國立臺灣大學/管理學院/資訊管理學研究所/碩士(2010年)
https://doi.org/10.6342/NTU.2010.01475
全文下載

摘要

近年來由於資訊科技的標準化和商品化,商業活動的進行高度仰賴資訊科技,但無形中也大幅增加企業的作業風險,為了有效將降低資訊科技帶來的營運風險,資訊安全的重要性與日俱增,甚至已成為企業營運上新的必需品。在這樣的背景條件下,企業漸漸透過資訊安全委外來降低成本或者獲取所需之資安技術能力,雖然委外資訊安全可為企業帶來豐碩的優勢,但涉及複雜的第三方關係,委外資訊安全可同時潛藏著極大的風險,如此利弊不易衡量情況令大多數企業決策是否委外資訊安全遭遇許多困難。本研究企圖了解資訊安全委外風險對於企業委外資安意圖之影響,並探討影響資訊安全委外風險的重要因素。 本研究主要應用交易成本理論以及代理人理論發展具有理論基礎的決策模型,並定義了影響資訊安全委外風險的五大因素,包括資產特殊性、不確定性、客戶端缺乏經驗及專業能力、供應商缺乏經驗及專業能力以及供應商數目稀少。研究方法上,本研究是以問卷調查實證研究方式進行,並以國內企業之資深資訊主管以及資訊安全專員為問卷調查對象。研究結果發現,資訊安全委外風險的確顯著影響企業委外資安的意願,其中不確定性將導致供應商投機性行為增加,是資訊安全委外風險來源的主因。

關鍵字

資訊安全管理 資訊系統委外 委外風險 交易成本理論 代理人理論

並列摘要

When information security has become a must-have function for a corporation, outsourcing information security begins to be recognized as a strategy to obtain security resources. However, most of information system managers are still confronted with difficulties when deciding whether to outsource information security or not. This research objective is to develop an integrative framework based on transaction cost theory and agency theory in assessing information security outsourcing intention. To test the usefulness of the research framework, this research adopt a quantitative method by surveying IT managers and security professionals in Taiwan. Results show that there is a strong relationship between information security outsourcing risk and information security outsourcing intention. In addition, although several predictors of information security outsourcing risk are not significant, this research found that uncertainty is the important influence on information security outsourcing risk.

並列關鍵字

Information security management Information technology outsourcing outsourcing risk Transaction cost theory Agency cost theory

參考文獻

[66] Van de Ven, A., & Ferry, D. (1980). Measuring and assessing organizations: John Wiley & Sons.
[44] Kavanagh, K., & Pescatore, J. (2007). Magic Quadrant for MSSPs, North America, 1H07: Gartner.
[1] Ader, H., Mellenbergh, G., & Hand, D. (2008). Advising on research methods: A consultant's companion: Johannes van Kessel Publ.
[2] Akerlof, G. (1970). The market for" lemons": Quality uncertainty and the market mechanism. The quarterly journal of economics, 488-500.
[3] Aldrich, H., & Pfeffer, J. (1976). Environments of organizations. Annual review of sociology, 2(1), 79-105.

延伸閱讀

全文下載