因應新冠肺炎疫情居家辦公的員工資訊安全認知與公司資訊安全風險關係之研究

為因應新冠肺炎疫情，居家辦公成為常態性的工作模式，企業更需要縝密規劃相關資訊安全風險控管探討，同時也須從居家辦公員工的角度，了解居家辦公員工的資訊安全認知，藉此發揮資訊安全風險管理的最大效益，因此為了瞭解居家辦公員工資訊安全認知與資訊安全風險管理現況，以及探討居家辦公員工其不同背景變項在資訊安全認知與資訊安全風險的差異，以及探討居家辦公員工資訊安全認知與資訊安全風險之間的關聯性，本研究將採用問卷調查方式，針對大台北地區在新冠肺炎疫情期間進行居家辦公的員工做為研究對象進行問卷調查，共回收210份，有效問卷為193份，有效問卷比例為91.90%。依據統計分析結果，本研究提出以下結論：(1)資訊安全認知以機密性構面平均值最高，介於同意到非常同意。(2)資訊安全風險平均值介於同意到非常同意。(3)不同性別、年齡、教育程度、工作職務、任職單位服務年資對資訊安全認知各構面有顯著差異。(4)不同年齡、教育程度、工作職務、任職單位服務年資對資訊安全風險有顯著差異。(5)資訊安全認知之機密性、完整性構面對資訊安全風險的影響程度達顯著水準。本研究建議企業可以加強員工資訊安全的基礎認知，以避免員工在居家辦公期間因一時的疏忽而發生資料外洩的資安風險事件，同時也建議由上到下帶領員工，才能打造完善的資安環境。

關鍵字

新冠肺炎；資訊安全認知；資訊安全風險

並列摘要

In response to the COVID-19 epidemic, home office has become the normal working mode, enterprises need to carefully plan the relevant information security risk control and discussion,and from the perspective of home office employees, understand the information security cognition of home office employees, so as to give full play to the maximum benefits of information security risk management. Therefor,in order to understand the current situation of information security cognition and information security risk management of home office employees, as well as to explore the differences between information security cognition and information security risks of different background variables of home office employees, as well as to explore the correlation between information security cognition and information security risks of office-from-home employees. Through questionnaire survey, the employees worked from home during the pandemic of COVID-19 in Taipei metropolitan are seen as the examinees. There are overall 210 shares of delivered questionnaire, and within the 193 shares of effective questionnaire, the effective returned ratios are 91.90%. Basing upon the statistical results, the study concludes first, the means of confidentiality structure are the highest in the cognition of information security, between agree and extremely agree; second, the means of the risks of information security are between agree and extremely agree; third, there are significant differences between sex, age, education, working position, working experience in unit in the cognition of information security; fourth, there are significant differences between age, education, working position, working experience in unit in the risks of information security; fifth, the effects of confidentiality and completeness within the cognition of information security are significantly on the risks of information security. The study recommends companies can reinforce the basic cognition of information security to employee, avoiding the possibilities of information breach from employee worked from home, and as well as suggests that a blameless information security environment can be built by top-down steering.