資訊管理學報
蘇建源;江琬瑂;阮金聲;
頁: 61-87
日期: 2010/10
摘要: 隨著組織對資訊化依賴程度愈深,所面對的資訊安全威脅就愈多。組織除了擁有資訊安全技術外更須要一套資訊安全政策供組織有一致的管理標準來遵循。然而許多組織已建立資訊安全政策,還是難以避免許多資訊安全事件發生,究其原因是輕忽安全管理重要性的組織文化。本研究將探討資訊安全政策實施的管理活動與建立資訊安全文化之關係與影響性。針對國內大型企業的資訊主管進行問卷調查並使用結構方程模型進行資料分析。研究結果顯示: 1. 資訊安全教育與宣導、高階主管支持、違反資訊安全規範懲處對資訊安全文化有正向顯著的影響。 2. 資訊安全文化對知覺資訊安全有效性有正向顯著影響。 3. 資訊安全政策維護對制訂資訊安全政策文件有顯著的影響。
關鍵字: 資訊安全政策;資訊安全文化;資訊安全有效性;
Abstract: Organizations nowadays rely highly on the information technology to achieve its daily operation demand. Due to the continual occurrence of many information security incidents, the protection of information systems is a major problem faced by organization. For an organization's information security, it is not only a technical issue but also a management issue. The application of an IS security policy is one of the major mechanisms employed by IS security management. The purpose of this study is to explore the effect of implementing an information security policy on information security culture and information security effectiveness in promoting the activities about information security policy. According to the large business ranking of top 1000 by China Credit Information Service, Ltd., we conducted a questionnaire survey of the MIS department manager. Structural Equations Modeling (SEM) was applied to analyze the data and the main findings of the study are as follows. 1. The implementation of an information security policy has positive impacts on information security culture. 2. Information security culture has positive impacts on perceived information security effectiveness. 3. The maintenance of an information security policy has positive impacts on making the documents of information security policy.
Keywords: Information Security Policy;Information Security Culture;Information Security Effectiveness;
瀏覽次數: 23907 下載次數: 386
引用 導入Endnote
頁: 61-87
日期: 2010/10
摘要: 隨著組織對資訊化依賴程度愈深,所面對的資訊安全威脅就愈多。組織除了擁有資訊安全技術外更須要一套資訊安全政策供組織有一致的管理標準來遵循。然而許多組織已建立資訊安全政策,還是難以避免許多資訊安全事件發生,究其原因是輕忽安全管理重要性的組織文化。本研究將探討資訊安全政策實施的管理活動與建立資訊安全文化之關係與影響性。針對國內大型企業的資訊主管進行問卷調查並使用結構方程模型進行資料分析。研究結果顯示: 1. 資訊安全教育與宣導、高階主管支持、違反資訊安全規範懲處對資訊安全文化有正向顯著的影響。 2. 資訊安全文化對知覺資訊安全有效性有正向顯著影響。 3. 資訊安全政策維護對制訂資訊安全政策文件有顯著的影響。
關鍵字: 資訊安全政策;資訊安全文化;資訊安全有效性;
A Study of the Effect of Implementing Information Security Policy on Information Security Culture and Information Security Effectiveness in an Organization
Abstract: Organizations nowadays rely highly on the information technology to achieve its daily operation demand. Due to the continual occurrence of many information security incidents, the protection of information systems is a major problem faced by organization. For an organization's information security, it is not only a technical issue but also a management issue. The application of an IS security policy is one of the major mechanisms employed by IS security management. The purpose of this study is to explore the effect of implementing an information security policy on information security culture and information security effectiveness in promoting the activities about information security policy. According to the large business ranking of top 1000 by China Credit Information Service, Ltd., we conducted a questionnaire survey of the MIS department manager. Structural Equations Modeling (SEM) was applied to analyze the data and the main findings of the study are as follows. 1. The implementation of an information security policy has positive impacts on information security culture. 2. Information security culture has positive impacts on perceived information security effectiveness. 3. The maintenance of an information security policy has positive impacts on making the documents of information security policy.
Keywords: Information Security Policy;Information Security Culture;Information Security Effectiveness;
瀏覽次數: 23907 下載次數: 386
引用 導入Endnote