- 學位論文
ISO 27001 之採用 - 整合創新擴散及制度理論之角度
ISO 27001 Adoption - Integrating Innovation Diffusion and Institutional Theories
若您是本文的作者,可授權文章由華藝線上圖書館中協助推廣。
摘要
近年來,由於資訊安全事件對於組織的衝擊,使得資訊安全對於組織而言,其重要性不斷的攀升。改善其資訊安全的控制及管理,對於各種組織來說都是致關重要的。而在資訊安全管理領域當中,對於組織欲強化其資訊安全管理,ISO 27001一直扮演著重要的角色,然而在過去的文獻當中,對於ISO 27001的研究卻非常有限,而且幾乎沒有任何學術針對ISO 27001採用意圖作一深入的研究。因此我們結合了兩個過去經常被使用來研究採用意圖的重要理論,即創新擴散理論及制度理論,來發展我們的研究模型,並且收集了52個台灣的組織的資料來驗證此一模型。分析結果顯示ISO 27001的複雜性及台灣制度環境上的壓力,對於組織採用ISO 27001意圖的高低,具有顯著的影響力。本研究結果為學術上缺乏對於ISO 27001採用意圖的研究,做了一部分的補充,並且可以提供實務上組織在採用ISO 27001時的一個參考。此外,本研究亦使創新擴散理論及制度理論的文獻進一步延伸至資訊安全管理此一領域。
並列摘要
Since the importance of information security and its severe impacts on organizations, the improvements of information security controls as well as managements are crucial for all organizations. For the information security management, ISO 27001 is the most important standards and it plays an important role while the organizations are considering strengthening their security management. However, there are scanty of academic researches focus on the ISO 27001 issues and nearly no researches were studying the adoption intentions of ISO 27001. Therefore we develop the research model from two theories, and the hypothesized research model is tested using empirically data collect from 52 organizations in Taiwan. The results suggest that complexity and institutional influences have a strong impact on the adoption intention of ISO 27001. This study provides several implications on both academic and practical. It also extended the empirical literature of institutional and innovation diffusion studies to the area of information security.
參考文獻
Adams, D., Nelson, R., & Todd, P. (1992). Perceived usefulness, ease of use, and usage of information technology: a replication. MIS Quarterly, 16(2), 227-247.
Anderson, J., & Gerbing, D. (1988). Structural equation modeling in practice: A review and recommended two-step approach. Psychological bulletin, 103(3), 411-423.
Attewell, P. (1992). Technology diffusion and organizational learning: The case of business computing. Organization science, 3(1), 1-19.
Bentler, P., & Bonett, D. (1980). Significance tests and goodness of fit in the analysis of covariance structures. Psychological bulletin, 88(3), 588-606.
Bidgoli, H. (2006). Handbook of Information Security Volume 1-3. New Jersey: John Wiley & Sons.
延伸閱讀
- 蘇英傑(2009)。導入ISO/IEC 27001對資訊科技管理之影響〔碩士論文,元智大學〕。華藝線上圖書館。https://doi.org/10.6838/YZU.2009.00012
- 林宜隆、陳珮菁、陳高宏、李正元、劉世詳、謝宗翰、羅尹伶(2014)。整合ISO 27001與ISO 27799應用於護理資訊之探討。電腦稽核,(30),1-11。https://www.airitilibrary.com/Article/Detail?DocID=2073090X-201407-201408070021-201408070021-1-11
- 林宇溱(2015)。資訊安全政策導入ISO 27001之關鍵成功因素探討〔碩士論文,中原大學〕。華藝線上圖書館。https://doi.org/10.6840/cycu201500619
- 王正光(2007)。以 ISO/TS 16949 : 2002 建構新產品開發品質管理系統之研究〔碩士論文,元智大學〕。華藝線上圖書館。https://doi.org/10.6838/YZU.2007.00196
- 張順程(2016)。A Study on Adopting ISO 27001 from The Perspective of IT Dept. Process Reengineering Theory— A Case of Commercial Bank〔碩士論文,國立臺灣大學〕。華藝線上圖書館。https://doi.org/10.6342/NTU201601805