資訊科技對現代人而言,可以說是形影不離的存在,組織對其更是高度依賴。但隨其應用高速成長,接踵而來的是層出不窮的資訊安全問題。根據電腦危機處理暨協調中心(Computer Emergency Response Team,簡稱CERT)的統計結果,資訊安全事件回報數量逐年攀升。然而,現今的資訊安全研究大都針對特定問題的解決,對於整體資安研究的觀察相對顯得片段與瑣碎,以致無法看出資安研究之全盤發展。因此,本研究之目的為藉由歷史性的文獻分析,完整呈現資安研究的現況與研究議題之發展趨勢。我們採用內容分析法,以優質資訊科學之管理與技術的英文期刊論文為分析對象,並以ISO27001做為歸類工具將每篇論文給予適當的分類,以瞭解近年資訊安全研究議題的重心與發展趨勢。 研究結果發現,資安研究的期刊論文發表數量逐年增加,資安研究的分佈呈現管理類特性與技術類特性並重,研究主題則以『通訊與操作管理』、『資訊系統獲取、開發及維護』和『營運持續管理』議題為主流。論文作者之工作區域主要以美洲為最大宗,工作機構則以大學為主,發表資安研究期刊論文最多的是Rao、Siponen及Zhang,而所有文獻中最常被引用的議題為『資訊流安全』、『RFID安全及隱私』以及『客戶信任與安全控制感知對電子商務接受度之影響』。
Information technology (also known as IT) is inseparable existence for people in modern age. Many organizations are highly dependent on IT, however, information security problems are emerging endlessly with the rapid growth of IT usage. According to CERT, the number of reported information security events is increasing over time. Nowadays, most information security research focuses on solving specific security issues. It is difficult to have a good understanding for the overall development of information security research trend. Therefore, the goal of this study is to present the current research situation of information security by reviewing related literatures historically. By adopting content analysis as the main research method, we analyze top-quality computer science journal articles published in English, and use ISO27001 to properly classify these papers into certain research interests in order to get a clearer picture of research trend for information security. The results showed that information security research articles published at the top-quality journals were increasing by years. Research for management- orientedtype drew equal attention as the type of technical-oriented in the field of information security in recent years. Research subjects focusing on "Communication and operational management", "Systems development and maintenance" and "Business continuity management" were major trends for information security research. Working area for most of the authors was America, and many of them worked at universities or institutions. Comparing to other authors, Rao, Siponen and Zhang were the most active researchers publishing research articles in the field of information security. Studies titled "Language-based information- flow security", "RFID security and privacy: a research survey" and "Impact of customer trust and perception of security control on the acceptance of electronic commerce" were found to be the most commonly cited journal articles in this study.