淡江大學覺生紀念圖書館 (TKU Library)

系統識別號 U0002-0207201816564800
中文論文名稱 資安威脅對使用者持續使用資安防護軟體意圖的影響
英文論文名稱 The Impact of Security Threats on Users’ Continuing Use of Information Security Software Intentions
校院名稱 淡江大學
系所名稱(中) 資訊管理學系碩士在職專班
系所名稱(英) On-the-Job Graduate Program in Advanced Information Management
學年度 106
學期 2
出版年 107
研究生中文姓名 秦宗輝
研究生英文姓名 Tsung-Hui Chin
學號 705630167
學位類別 碩士
語文別 中文
口試日期 2018-06-02
論文頁數 50頁
口試委員 指導教授-吳錦波
中文關鍵字 資訊安全  恐懼訴求  社會影響力  知覺有用性  使用者持續使用意圖 
英文關鍵字 information secuity  fear appearl  social influence  perceived usefulness  user’s continuance intention 
中文摘要 現代社會以大量資訊設備與連結的網路為基礎,建構出能夠快速大量交換資訊的現代生活面貌。從中創造出各種新興經濟模式並產生龐大利益,但也衍生出透過網路攻擊個人或組織的新型犯罪模式。個人使用者面對資安威脅持續存在的情況下,其態度與反應的情況又是如何?
英文摘要 Modern society which is based on a huge numbers of information devices and connected with networks that can quickly and massively exchange information. It creates a variety of emerging economic models and generates huge benefits, but it also derives new type of criminal models that attack individuals or organizations through the Internet. What is the attitude and reaction of individual users when facing the continued threat of security?
This study aims to investigate whether external threats affect the user’s intention to continue using the security software, and from the perspective of fear appeal, the existing security threat is used as the main component to drive the perceived usefulness to explore external threats and users. Also analyzes influences from society have become influential factors for users’ continuous use intentions or not
The results show that the existence of an security threat does have a positive effect on the user's perceived usefulness, while the social influence also has a positive effect on the user's continuous use intention. However, the biggest factor affecting the user comes from the security software's satisfaction. The contribution of this research is to increase the understanding of the influencing factors of the user's network security protection software and to serve as a basis for future research.
論文目次 目 次

目 次 VI
表目錄 VII
圖目錄 VIII
第一章 緒論 1
第一節 研究背景與動機 1
第二節 研究目的 2
第三節 研究流程 3
第四節 論文架構 4
第二章 文獻探討 5
第一節 資訊安全威脅 5
第二節 恐懼訴求 7
第三節 期望確認理論與IS持續使用意圖理論 9
第三章 研究方法 12
第一節 研究架構 12
第二節 研究假設 13
第三節 操作型定義與衡量問項 19
第四節 問卷設計 26
第四章 資料分析與結果 27
第一節 基本資料分析 27
第二節 問卷資料分析 30
第三節 信度與效度檢定 32
第四節 假說與理論模型之驗證 33
第五章 結論與建議 36
第一節 結論 36
第二節 理論與實務意涵 38
第三節 研究限制 39
第四節 研究建議與未來方向 39
參考文獻 41
附錄A:問卷 45
附錄B:研究模型之路徑分析結果 50


表2-1 部分資安威脅事件類型統計 6
表4-1 基本資料分析 27
表4-1 基本資料分析(續) 28
表4-2 因素分析 30
表4-2 因素分析(續) 31
表4-3 信效度分析表 32
表4-4 路徑係數分析結果 34
表4-5 11組假說檢定結果 35


圖1-1 研究流程圖 3
圖2-1 Johnston & Warkentin恐懼訴求模型 8
圖2-2 期望確認理論模型 9
圖2-3 資訊系統持續使用意圖理論模型 11
圖3-1 本研究建立之威脅驅動-IS持續使用模型 13
圖4-1 研究模型驗證結果 33
參考文獻 [1] Ajzen, I. (1991). The theory of planned behavior. Organizational Behavior and Human Decision Processes, 50(2), 179-211. doi:https://doi.org/10.1016/0749-5978(91)90020-T
[2] Anderson, C. L., & Agarwal, R. (2010). Practicing Safe Computing: A Multimethod Empirical Examination of Home Computer User Security Behavioral Intentions. MIS Quarterly, 34(3), 613-643. doi:10.2307/25750694
[3] Anderson, E. W., & Sullivan, M. W. (1993). The Antecedents and Consequences of Customer Satisfaction for Firms. Marketing Science, 12(2), 125-143.
[4] Bargh, J. A., & McKenna, K. Y. A. (2004). The Internet and Social Life. Annual Review of Psychology, 55(1), 573-590. doi:10.1146/annurev.psych.55.090902.141922
[5] Baskerville, R. (1993). “Information Systems Security Design Methods: Implications for Information Systems Development” (Vol. 25).
[6] Bhattacherjee, A. (2001a). An empirical analysis of the antecedents of electronic commerce service continuance. Decision Support Systems, 32(2), 201-214. doi:https://doi.org/10.1016/S0167-9236(01)00111-7
[7] Bhattacherjee, A. (2001b). Understanding Information Systems Continuance: An Expectation-Confirmation Model. MIS Quarterly, 25(3), 351-370. doi:10.2307/3250921
[8] Boss, S. R., Kirsch, L. J., Angermeier, I., Shingler, R. A., & Boss, R. W. (2009). If someone is watching, I'll do what I'm asked: mandatoriness, control, and information security. European Journal of Information Systems, 18(2), 151-164. doi:10.1057/ejis.2009.8
[9] Castells, M. (1996). The rise of the network society. Malden, Mass.: Blackwell Publishers.
[10] Cronin, J. J., & Taylor, S. A. (1992). Measuring Service Quality: A Reexamination and Extension. Journal of Marketing, 56(3), 55-68. doi:10.2307/1252296
[11] D'Arcy, J., Hovav, A., & Galletta, D. (2009). User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach. Info. Sys. Research, 20(1), 79-98. doi:10.1287/isre.1070.0160
[12] Davis, F. D., Bagozzi, R. P., & Warshaw, P. R. (1989). User Acceptance of Computer Technology: A Comparison of Two Theoretical Models. Management Science, 35(8), 982-1003. doi:10.1287/mnsc.35.8.982
[13] Dwyer, F. R., Schurr, P. H., & Oh, S. (1987). Developing Buyer-Seller Relationships. Journal of Marketing, 51(2), 11-27. doi:10.2307/1251126
[14] Evans, P., & Wurster, T. S. (2000). Blown to bits : how the new economics of information transforms strategy. Boston, Mass.: Harvard Business School Press.
[15] Fishbein, M., & Ajzen, I. (1975). Belief, attitude, intention, and behavior : an introduction to theory and research. Reading, Mass.: Addison-Wesley Pub. Co.
[16] Hoffer, J. A., & Straub, D. W., Jr. (1989). The 9 to 5 underground: are you policing computer crimes? Sloan Management Review(4), 35.
[17] Hovland, C. I. (1953). Communication and persuasion; psychological studies of opinion change. New Haven,: Yale University Press.
[18] Johnston, & Warkentin. (2010). Fear Appeals and Information Security Behaviors: An Empirical Study. MIS Quarterly, 34(3), 549-566. doi:10.2307/25750691
[19] Karahanna, E., Straub, D., & Chervany, N. (1999). Information Technology Adoption Across Time: A Cross-Sectional Comparison of Pre-Adoption and Post-Adoption Beliefs (Vol. 23).
[20] L. Thompson, R., A. Higgins, C., & M. Howell, J. (1991). Personal Computing: Toward a Conceptual Model of Utilization (Vol. 15).
[21] Lewis, W., Agarwal, R., & Sambamurthy, V. (2003). Sources of Influence on Beliefs about Information Technology Use: An Empirical Study of Knowledge Workers. MIS Quarterly, 27(4), 657-678. doi:10.2307/30036552
[22] Lin, C. S., Wu, S., & Tsai, R. J. (2005). Integrating perceived playfulness into expectation-confirmation model for web portal context. Information & Management, 42(5), 683-693. doi:https://doi.org/10.1016/j.im.2004.04.003
[23] Maddux, J., & W. Rogers, R. (1983). Protection Motivation and Self-Efficacy: A Revised Theory of Fear Appeals and Attitude Change (Vol. 19).
[24] Moore, G. C., & Benbasat, I. (1991). Development of an Instrument to Measure the Perceptions of Adopting an Information Technology Innovation. Information Systems Research, 2(3), 192-222. doi:10.1287/isre.2.3.192
[25] Oliver, R. L. (1980). A Cognitive Model of the Antecedents and Consequences of Satisfaction Decisions. Journal of Marketing Research, 17(4), 460-469. doi:10.2307/3150499
[26] Oliver, R. L. (1993). Cognitive, Affective, and Attribute Bases of the Satisfaction Response. Journal of Consumer Research, 20(3), 418-430. doi:10.1086/209358
[27] Patterson, P. G., Johnson, L. W., & Spreng, R. A. (1997). Modeling the determinants of customer satisfaction for business-to-business professional services. Journal of the Academy of Marketing Science, 25(1), 4. doi:10.1007/BF02894505
[28] Rezabakhsh, B., Bornemann, D., Hansen, U., & Schrader, U. (2006). Consumer Power: A Comparison of the Old Economy and the Internet Economy. Journal of Consumer Policy, 29(1), 3-36. doi:10.1007/s10603-005-3307-7
[29] Roca, J. C., Chiu, C.-M., & Martínez, F. J. (2006). Understanding e-learning continuance intention: An extension of the Technology Acceptance Model. International Journal of Human-Computer Studies, 64(8), 683-696. doi:https://doi.org/10.1016/j.ijhcs.2006.01.003
[30] Rogers, E. M. (1995). Diffusion of innovations (4th ed.). New York: Free Press.
[31] Rogers, R. W. (1975). A Protection Motivation Theory of Fear Appeals and Attitude Change1. The Journal of Psychology, 91(1), 93-114. doi:10.1080/00223980.1975.9915803
[32] Siponen, M. T. (2005). Analysis of modern IS security development approaches: towards the next generation of social and adaptable ISS methods. Information and Organization, 15(4), 339-375. doi:https://doi.org/10.1016/j.infoandorg.2004.11.001
[33] Symantec. (2012). ISTR: Symantec internet security threat report. 2011 Trends. 17.
[34] Symantec. (2013). ISTR: Symantec internet security threat report. 2012 Trends. 18.
[35] Symantec. (2014). ISTR: Symantec internet security threat report. 2013 Trends. 19.
[36] Symantec. (2015). ISTR: Symantec internet security threat report. 2014 Trends. 20.
[37] Symantec. (2016). ISTR: Symantec internet security threat report. 2015 Trends. 21.
[38] Symantec. (2017). ISTR: Symantec internet security threat report. 2016 Trends. 22.
[39] Venkatesh, V., & Bala, H. (2008). Technology Acceptance Model 3 and a Research Agenda on Interventions. Decision Sciences, 39(2), 273-315. doi:10.1111/j.1540-5915.2008.00192.x
[40] Venkatesh, V., & Davis, F. D. (2000). A Theoretical Extension of the Technology Acceptance Model: Four Longitudinal Field Studies. Management Science, 46(2), 186-204. doi:10.1287/mnsc.
[41] Venkatesh, V., G Morris, M., B Davis, G., & Davis, F. (2003). User Acceptance of Information Technology: Toward a Unified View (Vol. 27).
[42] Villarroel, R., Fernández-Medina, E., & Piattini, M. (2005). Secure information systems development – a survey and comparison. Computers & Security, 24(4), 308-321. doi:https://doi.org/10.1016/j.cose.2004.09.011
[43] Wall, D. (2003). Cyberspace crime. Aldershot: Ashgate.
[44] Wall, D. (2004). What are Cybercrimes? Criminal Justice Matters, 58(1), 20-21. doi:10.1080/09627250408553239
[45] Wall, D. (2007). Cybercrime : the transformation of crime in the information age. Cambridge, UK ;
Malden, MA . Polity.
[46] Witte, K. (1992). Putting the fear back into fear appeals: The extended parallel process model. Communication Monographs, 59(4), 329-349. doi:10.1080/03637759209376276
[47] Workman, M., Bommer, W. H., & Straub, D. (2008). Security lapses and the omission of information security measures: A threat control model and empirical test. Computers in Human Behavior, 24(6), 2799-2816. doi:https://doi.org/10.1016/j.chb.2008.04.005

  • 同意紙本無償授權給館內讀者為學術之目的重製使用,於2023-07-23公開。
  • 同意授權瀏覽/列印電子全文服務,於2023-07-23起公開。

  • 若您有任何疑問,請與我們聯絡!
    圖書館: 請來電 (02)2621-5656 轉 2486 或 來信