- 學位論文
資訊倫理對資訊安全潛在影響的探討-以台灣銀行業為例
THE POTENTIAL IMPACT OF INFORMATION ETHICS ON INFORMATION SECURITY WITH TAIWAN'S BANKING INDUSTRY AS AN EXAMPLE
摘要
隨著個人電腦和網路的普及,企業積極地進行e化。然而,e化卻帶來了網路犯罪,近年來網路犯罪的層出不窮,引起企業的注意,企業紛紛在資訊安全上進行投資。在眾多產業中,又以金融產業對資訊安全最為重視,因為金融業所擁有的資訊多為敏感機密的金融資訊(如信用資料等)。根據統計在違反資訊安全的實例裡,有一半以上是因為內部人員所造成的,主要原因多為未經許可的系統存取(Gordon, Leob, Lucyshny, and Richardson, 2005)。所以本研究探討資訊安全與資訊倫理之間的關係將有助於銀行業提升資訊安全的品質並進一步的穩定國內金融環境。先前學者對於資訊倫理研究的數量也相當的多,但卻沒有完整的探討整個資訊倫理的相關構成要素。因此本研究將以更為全面性的觀點來探討資訊倫理,並進一步的研究資訊倫理構成要素和資訊安全構成要素之間的關係,以彌補之前研究不足的地方。 本研究的研究架構以COBIT 5.0為基礎,進一步探討資訊倫理和資訊安全之間的關係。本研究根據文獻探討來設計問卷量表,並鎖定本國銀行從業人員發放問卷。為確保本問卷的內容效度,本研究邀請12位專家對本問卷的內容進行校對,最後使用Content Validity Ratio做內容效度的確認並利用驗證性因素分析檢驗問卷的效度。最後再以路徑分析檢驗研究假說。 研究結果發現倫理認知、資訊法律和資訊使用對於資訊安全有正向的影響。但本研究在道德規範和個資隱私上面發現知行不一的現象。根據社會認知理論,雖然員工認為道德規範很重要但卻可能因為環境(如同儕的影響)或行為(如行動的成敗、組織的相關獎勵措施)而產生「知行不一」的結果。因此銀行業在推行資訊安全政策的同時也必須注意公司環境及相關獎懲措施。藉由改善工作環境以及導入獎勵制度促使員工將資訊倫理相關認知反應在實際行為上。
並列摘要
With the popularization of personal computers and networks that many companies actively engaged in electronization that always brought the internet crime that causing the attention of companies and they have to invest in information security. In many industries, the financial industry is most attention the information security; because the financial industry has mostly sensitive information confidential financial information. It is estimated that at least half of the breaches to information systems security are made by internal personnel, attributed primarily to unauthorized system access. Therefore, this study suggests discussing the relationship between information security and information ethics will help the banking sectors to improve the quality of information security, based on staff hiring and promotion, and further stabilize the domestic financial environment. The research framework based on the COBIT 5.0, and explores the relationship between information ethics and information security. The questionnaire designed by the literature review. The study invited 12 experts to proofread the content of questionnaire in order to ensure the content validity of the questionnaire, and confirm the content validity by CVR. And then use the CFA to test the validity of the questionnaire. Finally, the study tests hypotheses by path analysis. The study found Ethics Cognition, Information Regulations and Information Usage of information security has a positive influence. However, this study found that the contradictory situations in Ethics Rule and Personal Date of information security. According to social cognitive theory, the individual actual behavior may be effect by environmental factors (such as: social perception, organizational culture) or behavioral outcomes (such as: the operation's success or failure). Therefore, the banking industry needs to pay attention to the environment and incentives in the implementation of information security policy. Motivating employees response the information ethics cognitive on the actual behavior by improving the working environment and import the reward system.
參考文獻
被引用紀錄
延伸閱讀
- 董毓國(2009)。實施資訊安全政策對銀行之影響〔碩士論文,淡江大學〕。華藝線上圖書館。https://doi.org/10.6846/TKU.2009.00572
- 陳秀蓉(2010)。從資訊人員觀點探討企業導入資訊安全管理系統之影響—以金融業為例〔碩士論文,淡江大學〕。華藝線上圖書館。https://doi.org/10.6846/TKU.2010.00838
- 蔡岡玲(2012)。人力資源管理對組織發展影響之研究─以台中銀行為例〔碩士論文,健行科技大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0022-1906201210100000
- 黃怡菁(2009)。銀行融資之關鍵影響因素-以台灣資訊電子產業為例〔碩士論文,亞洲大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0118-1511201215463028
- 吳振昀(2007)。The Influence of Applying Information System Security for the Financial〔碩士論文,國立臺北科技大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0006-0908200716454100