組織員工資訊安全行為意圖探討---整合控制與社會資本觀點 | |
---|---|
學年 | 101 |
學期 | 1 |
出版(發表)日期 | 2012-08-01 |
作品名稱 | 組織員工資訊安全行為意圖探討---整合控制與社會資本觀點 |
作品名稱(其他語言) | Encouraging Information Security Behavioral Intentions---an Integration of Control and Social Capital Perspective |
著者 | 施盛寶 |
單位 | 淡江大學資訊管理學系 |
描述 | 計畫編號:NSC101-2410-H032-014
 研究期間:201208~201307
 研究經費:403,000 |
委託單位 | 行政院國家科學委員會 |
摘要 | Information security has become increasingly important to organizations, and IT staffs or employees are required to comply with security policies. However, related information security problems, especially the inadequate security behaviors from employees, still occur in the organizations though the organizations have expressly devoted resources to information security standards and controls. Focusing on this issue, more academic information security research is shifting from the "security technology" side to "information security management". Draw on the information security management perspective, this study integrate security control mechanisms (specification, evaluation and reward) and social capital perspective to understand the effects on intentions to perform security behavior through three social influences, compliance, identification and internalization. Data will be collected from the employees work in the largest 500 service companies in Taiwan from CommonWealth 2011. We expect the following results: First, using specification, evaluation and reward of policies only influence the compliance of social influence levels. Second, structural, relational, and cognitive social capital improves three social influence levels. Third, identification and internalization have positive effects on employees’ intentions to perform security behavior while compliance has negative effect on employees’ intentions to perform security behavior. Managerial implications, research implications, and future research directions were also provided. 現今資訊安全的技術已日漸成熟,公司内的資訊人員或使用者也都能遵從資訊安 全的規範,然而組織卻仍常發生資訊安全的問題,雖然組織已明文規定相關的資訊安全 規範與控制,但問題仍會發生,且常常發生在人(即員工)身上。因此,過去資訊安全的 研究也從「資訊安全技術」的層面轉變到更重視「資訊安全管理」層面,本研究希望能 了解組織除規範、評估、獎酬的控制措施外,整合社會資本的角度,了解員工的結構資 本、關係資本、認知資本影響組織内員工社會影響的承諾程度,進而研究社會影響的承 諾程度與員工資訊安全行為意圖間的關係,研究預計針對天下雜誌2011年500大服務 業公司内的員工進行調查,本研究結果預期(1)組織對於資訊安全的規範、評估、獎酬控 制機制僅能增加員工的社會影響承諾程度中的遵從,(2)員工的結構資本、關係資本、 認知資本能強化社會影響承諾程度中的内化、認同與遵從程度,(3)社會影響承諾程度中 的内化、認同可以增加員工資訊安全行為的意圖,遵從卻降低員工資訊安全行為的意 圖。除了為學術界了解資訊安全管理開啟社會影響層面的討論外,也期望此結果提醒實 務界幫助員工增加社會資本,來更促進員工的資訊安全行為,使組織免於資訊安全的問 題與威脅。 |
關鍵字 | 控制理論; 社會資本; 社會影響; 資訊安全行為意圖; control theory; social capital; social influence; information security behavior |
語言 | zh_TW |
相關連結 |
機構典藏連結 ( http://tkuir.lib.tku.edu.tw:8080/dspace/handle/987654321/103023 ) |