本研究探討台灣著名Y公司導入「資訊安全管理制度」(BS7799)後對於組織之資訊安全文化的影響程度,以及兩者之間的關聯性。本研究採取BS7799的管控領域為自變項,以及OECD所提出資訊安全文化概念為依變項,向該公司123位成員發送問卷進行調查,以因素分析、逐步多元迴歸分析等統計方法進行分析。研究結果發現,導入BS7799標準對於資訊安全文化的發展有顯著影響,其中以「安全政策」對於資訊安全文化整體發展的影響最重要;導入BS7799資訊安全管理制度對於資訊安全認知與責任的建立、反應與應變能力的強化、安全設計與執行上與存取控管的落實以及資訊倫理的內化等方面,皆有明顯的成效。
This paper tends to study the influence of information security management system (BS7799) on information security culture of an organization and the correlation between them in a famous Taiwan company named ‘Y’. The research chose management sections of BS7799 as independent variables and the conception of information security culture defined by OECD as dependent variable. Questionnaires were sent to 123 employees in Y company and the collected data were analyzed with statistical methods such as factor analysis and stepwise multiple regression analysis. The result shows that the introduction of BS7799 system has significant influence on the development of information security culture. Particularly, security policies have the most important influence on the development of information security culture as a whole. The introduction of information security management system (BS7799) also has significant influence on establishment of awareness and responsibility of information security, strengthening the capability of response and solving an emergency, security design and application, management of access control, endogenesis of ethics of information, etc.