隨著資訊科技的日益普遍,人們對於資訊安全的警覺心也逐漸提昇,雖然可以靠一些資訊安全的實體設備來加強企業內的防護以降低資訊安全的威脅,但是資訊安全的漏洞大部分都是來自於人為地疏失。鑑於透過網路的社交工程對人們有著強大的威脅,本研究以使用者資訊安全的自我效能上之相關因素來分析人們可能遭受社交工程誘導的原因,本研究的結果顯示,使用者是否會被社交工程誘導與使用者對於Email 的認知風險高低有很大的關聯性,而與資訊安全的自我效能較無關聯性。在目前各界漸漸重視資訊安全的環境中,組織的管理者除了要讓使用者瞭解各種如何保護資訊安全的行為外,亦需要讓終端使用者瞭解Email 所來帶之風險,進而保護組織內之資訊安全。
As information technology becomes increasingly common, the vigilance people have toward information security has also heightened gradually. Though there are physical devices for information security that can be relied on to strengthen protection within an enterprise in order to reduce threats to information security, the loopholes of information security are mostly caused by human negligence. Seeing that social engineering via the Internet is strongly threatening the information security of individuals, in this study, we analyze the possible reasons why individuals are seduced via social engineering, using the related factors of users’ self-efficacy in information security. The results of this study indicate that whether users are seduced via social engineering is substantially correlated to the risk they perceive in e-mails. Nowadays, as people from all fields have gradually put more emphasis on information security, in addition to helping users to understand all kinds of ways to enhance the security of information, organizational managers must also let end-users understand the risks in using e-mail, thereby securing information within their organizations.