  • 學位論文


A Study of Situation Awareness Model for Information Security

指導教授 : 蕭瑞祥


人是資訊安全弱點與威脅的連結,尤其在企業中組織人員普遍對資訊安全的認知不足,而難以防範資訊安全事件不斷重演,事件發生時往往錯失處理時機,造成企業內部極大損失。有鑑於此,本研究透過Endsley在1995年提出之情境認知(Situation Awareness:SA)動態決策方式與1986年提出的情境知覺全面評估技術(Situation Awareness Global Assessment technique:SAGAT),發展一套適合使用在資訊安全上的認知模式,並驗證其適用性與對使用者的成效。本研究採用實驗室實驗法,對象為大學生,在認知學習中以本研究發展的情境認知動畫作為學習上的互動,加深其印象。在最後評量上則利用腳本敘事理論所撰述之情境題,模擬資訊安全認知情境,當遇到類似資安事件時,知道該如何處理。從本研究結果得知,情境式學習會加深使用者資訊安全認知印象,達到顯著效果,因此情境式教學比傳統式教學有顯著成效。對資訊議題的注意程度則影響情境認知與行為成效,因此不管是否為資訊背景的人,在情境認知中若對資訊議題非常注意則在情境認知評量之行為成效上都會有顯著。本研究驗證情境認知模式應用在資訊安全的認知上是可行的,對資訊安全認知效果亦顯著。


People are the factor of threats and weakness in the information security. The lack of information security awareness, especially in employees, it was difficult to avoid the security incidents happened. When the event happened, it always missed the chance to deal with and caused mass of losses of the corporation. This study was referring to Endsley’s “Situation Awareness Dynamic Decision Model” proposed in 1995 and “The Situation Awareness Global Assessment Technique” proposed in 1986. To develop a model that can appropriately to use on information security issues, it verified the performance of user. This study was used the laboratory experiment and the participants were undergraduate students. This study impressed the participants’ information security awareness by the situation awareness animation. In last assessment, we use the Narrative theory to simulate the information security issues and to examine their. As the result, we discovered that situation awareness animation was more effective than the traditional method. The degree of ”Attention” for the information security issues can affect situation awareness and performance of action. Even people who are not with the background of information, they still had high performance in the situation awareness measure when they were more attention to the issues of the information security. The Model demonstrate applicability and performance of the user, so it was a feasible situation awareness model that used on the awareness of the information security that it had positive effect.




