- 期刊
資訊安全政策實施對資訊安全文化與資訊安全有效性影響之研究
A Study of the Effect of Implementing Information Security Policy on Information Security Culture and Information Security Effectiveness in an Organization
摘要
隨著組織對資訊化依賴程度愈深,所面對的資訊安全威脅就愈多。組織除了擁有資訊安全技術外更須要一套資訊安全政策供組織有一致的管理標準來遵循。然而許多組織已建立資訊安全政策,還是難以避免許多資訊安全事件發生,究其原因是輕忽安全管理重要性的組織文化。本研究將探討資訊安全政策實施的管理活動與建立資訊安全文化之關係與影響性。針對國內大型企業的資訊主管進行問卷調查並使用結構方程模型進行資料分析。研究結果顯示: 1. 資訊安全教育與宣導、高階主管支持、違反資訊安全規範懲處對資訊安全文化有正向顯著的影響。 2. 資訊安全文化對知覺資訊安全有效性有正向顯著影響。 3. 資訊安全政策維護對制訂資訊安全政策文件有顯著的影響。
並列摘要
Organizations nowadays rely highly on the information technology to achieve its daily operation demand. Due to the continual occurrence of many information security incidents, the protection of information systems is a major problem faced by organization. For an organization's information security, it is not only a technical issue but also a management issue. The application of an IS security policy is one of the major mechanisms employed by IS security management. The purpose of this study is to explore the effect of implementing an information security policy on information security culture and information security effectiveness in promoting the activities about information security policy. According to the large business ranking of top 1000 by China Credit Information Service, Ltd., we conducted a questionnaire survey of the MIS department manager. Structural Equations Modeling (SEM) was applied to analyze the data and the main findings of the study are as follows. 1. The implementation of an information security policy has positive impacts on information security culture. 2. Information security culture has positive impacts on perceived information security effectiveness. 3. The maintenance of an information security policy has positive impacts on making the documents of information security policy.
參考文獻
被引用紀錄
延伸閱讀
- 翁文宏(2009)。資訊倫理、資訊安全控管與高階主管支持對資訊安全之影響〔碩士論文,崑山科技大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0025-1306200917485400
- 陳俊德、杜台虎(2010)。探討資訊傳播對資安教育成效之影響。載於大葉大學資訊管理學系(主編),電子化企業經營管理理論暨實務研討會(頁356-367)。大葉大學資訊管理學系。https://doi.org/10.29709/ecmanagement.201005.0356
- 蕭瑞祥、羅雅萍、鄭哲斌(2012)。非營利組織資訊科技能力對資訊安全認知影響之研究。電腦稽核,(25),57-71。https://doi.org/10.30007/JICTA.201201.0005
- 楊禎祥(2007)。A Research of Using Service-Oriented Architecture to Construct the E-government-A Case Study of Company Registration and Administration Information System〔碩士論文,元智大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0009-1607200711043700
- 徐淑如、戴基峯、康晉維(2021)。The Impact of Organizational Justice Perceptions about Information Security Policy on Employees' Intentions of Workplace Behaviors: Mediating Effects of Organizational Trust。電子商務學報,23(2),179-226。https://doi.org/10.6188/JEB.202112_23(2).0004