資訊科技的使用與導入已經改變了傳統企業的經營方式,資訊系統與現今大部份企業已經密不可分。由於資訊安全事件頻傳,造成企業組織極大的損失,因此近年來資訊安全越來越受到企業組織的重視。但是,企業組織在進行資訊系統相關投資之後,資訊安全事件仍時有所聞;如何有效提升企業資訊安全,是現今企業所須面對的課題。本研究即以資源基礎觀點(Resource-Based View)探討資訊安全。企業有不同之資源,其中資訊系統資源(Information Systems Resources) 與資訊安全的有效提升關係最為密切。資訊系統資源包括資訊科技能力資源、人際關係資源以及資訊安全基礎設施資源等。本研究旨在探討資訊科技能力資源、人際關係資源、資訊安全基礎設施資源等構念對於資訊安全的影響,並依資源基礎觀點提出一研究模型。本文最後描述研究結果對業界及學術界可能之應用及意涵。
Recent studies suggest that the number of IS security (ISS) incidents has increased dramatically and has caused significant economic loss worldwide. Awareness of the significance of ISS is evidenced by a rapid increase in ISS investments. Despite the fact that information security has taken on a new level of importance, academic research on this subject is still in its infancy. A review of literature indicated that past studies largely took a resource based view, suggesting that organizations invest and develop a variety of IS resources so as to ease potential threats caused by ISS breaches. However, the resource-based perspective as used in previous studies was somewhat limited. Based on and extending from previous work, this study employed the resource-based view as a theoretical lens to examine the role that IS resources play in determining the level of information security. A field study was conducted to test the hypotheses. The results of the model testing show that IS resources have a significant impact on information security.