資訊安全的所包含的層面非常廣泛,企業追求資訊安全的保障並非僅是購置相關資訊設備或是軟體就可以解決,資訊安全相關軟硬體畢竟是輔助工具,真正使用的還是人。以往的文獻所著重的大多在探討資訊安全系統導入的關鍵影響因素,然而資訊安全系統並非導入後就已經解決所有問題,相反的在企業導入資訊安全系統以後更要深思的問題是「如何讓整個資訊安全系統能夠持續不斷的運作下去?」。本研究擬藉由「計劃行為理論」(Theory of Planned Behavior, TPB),並整合以往的文獻,從「管理系統」、「組織」、「使用者」等面向來探討影響持續使用資訊安全管理系統之關鍵因素,對企業導入資訊安全管理系統後持續維持系統有效運作提供了更深入而具體的方向。
For businesses in pursuit of information security, the acquiring of related hardware and software does not always solve the problem of implementing information security. Systems are after all used by human, who performs most of the security operations. In the past, literatures studying information security focus on identifying critical factors affecting successful introduction of information security management systems(ISMS). Questions on how to maintain the continuing and effective usage of the information security management systems are seldom explored.This study intends to explore the critical success factors affecting the continuance usage of ISMS, considering the dimensions from management information systems, organization, and individual users. Implications on research and practioners are also discussed.