本研究主要在探討影響企業資訊安全投資決策之變數,針對企業組織內資訊相關的從業人員,透過專家訪談與問卷設計,將取得的資料進行樣本分類與整理。從外在環境與內部組織等不同構面出發,思考企業對資訊安全投資的影響因素,透過文獻探討,將影響的因子加以定義,同時列舉資訊安全投資項目,如資安人力、軟體、硬體、管理、委外與服務等等,再透過統計迴歸方式,將影響因子與資訊安全投資間做比較分析,以評估不同構面變數對於資訊安全投資會有多大的影響力。研究結果發現: 一、外部環境因素對資訊安全投資影響不顯著。 二、以「資訊安全投資」為依變數,探討各構面影響資訊安全投資之相關係數時,發現以「高階主管對資安控管的態度」最顯著。其次是「認知的資訊安全風險」、「企業規模」與「組織資訊科技的應用程度」。 三、企業規模對預測變項與資訊安全投資之間的關係,不具有顯著的調節效果。
This study is focusing on the impact of decision variables for enterprises information security investment. We collected data from those decision makers involving in information technology investment through interviews with experts and questionnaires. The factors affecting enterprises information security investment were classified into internal and external factors, including information security manpower, software, hardware, management, outsourcing and service. By regression analysis, the variables influenced information security investments were found. The results showed as below: 1、External environmental factors have no significant effect on enterprises information security investment. 2、There are significant correlation between "information security investment" and "the senior executives’ attitude toward control of information security". The other factors are "information security risk index", "the scale of enterprise" and "the degree of how organization apply technology". 3、The scale of enterprise has no moderating effect on the relationship between decision variables and information security investment.