淡江大學覺生紀念圖書館 (TKU Library)
進階搜尋


系統識別號 U0002-0908201714174000
中文論文名稱 從個案研究探討安全之執行架構
英文論文名稱 Applying the Case Study to Explore the Security Implementation Framework
校院名稱 淡江大學
系所名稱(中) 資訊管理學系碩士班
系所名稱(英) Department of Information Management
學年度 105
學期 2
出版年 106
研究生中文姓名 許薰元
研究生英文姓名 Hsun-Yuan Hsu
學號 604630367
學位類別 碩士
語文別 中文
口試日期 2017-06-04
論文頁數 56頁
口試委員 指導教授-游佳萍
委員-施盛寶
委員-黃燕忠
中文關鍵字 資訊安全管理  資訊安全架構  紮根理論 
英文關鍵字 Information Security Management  Information Security Framework  Grounded Theory 
學科別分類
中文摘要 資訊是公司主要的資產,於現今資訊快速傳遞的時代,為了妥善保護資料,資訊安全日趨重要。本研究探討組織在推行資訊安全的過程中,需要各個單位的投入,因此如何在不同單位的合作之下,讓他們能分享資源,形成良好的合作模式,並且建立共同的目標。
本研究從訪談中得到實務上的經驗,透過紮根理論的方式,將資料依其特性,定義三十一項子類別,並歸納六種不同概念的類別:角色、資源、準則、活動、價值以及目標,並整理出一套三大主軸之編碼準則。為了探討本研究之研究問題,透過編碼準則之間的比較,發現系統效能、系統安全、完整性與滿意度是各單位合作的共同目標。
英文摘要 Information is the main assets of the company, in today's fast delivery of information in the era, to properly protect the information, information security is becoming increasingly important. This study explores how organizations need inputs from various units in the process of implementing information security, so how can they share resources, form a good model of cooperation, and build common goals under the cooperation of different units.
This study provides practical experience from the interview, according to its characteristics, defined them into thirty-one sub-categories and grouped into six major concepts, which are Roles, Resources, Policies, Activities, Values and Goal through the grounded theory. Then we compiled them into a set of coding principles with three major spindle. To explore the research problem in this study, we found that system performance, system security, integrity and performance are the common goal of cooperation among all units through the comparison between coding standards.
論文目次 目錄
=========================
第一章 緒論 1
第二章 文獻探討 4
2.1 資訊安全目標與價值 4
2.2 資訊安全管理 5
2.3 資訊安全資源 7
第三章 研究方法 9
3.1 樣本資料 9
3.2 訪談流程 12
3.3 資料分析 12
3.4 信度與效度衡量 15
第四章 資料分析與結果 17
4.1 開放性編碼與結果 17
4.1.1 「角色」之編碼統計 18
4.1.2 「資源」之編碼統計 19
4.1.3 「準則」之編碼統計 20
4.1.4 「活動」之編碼統計 22
4.1.5 「價值」之編碼統計 24
4.1.6 「目標」之編碼統計 25
4.2 主軸編碼與結果 27
4.2.1 資訊安全目標與價值 28
4.2.2 資訊安全管理 30
4.3 選擇性編碼與結果 32
4.3.1 技術單位 33
4.3.2 協力廠商 38
4.3.3 業務單位 41
4.3.4 整體 43
第五章 結論 46
5.1 研究結果與貢獻 46
5.2 研究限制 47
參考文獻 49
附錄 54
附錄一 研究訪談問卷 54
附錄二 研究編碼定義表 56

表目錄
=========================
表3-1:訪談對象分類表 11
表4-1:開放性編碼計算表 17
表4-2:角色之開放性編碼統計表 19
表4-3:資源之開放性編碼統計表 20
表4-4:準則之開放性編碼統計表 21
表4-5:活動之開放性編碼統計表 23
表4-6:價值之開放性編碼統計表 25
表4-7:目標之開放性編碼統計表 27

圖目錄
=========================
圖4-1:技術單位(內部)選擇性編碼示意圖 35
圖4-2:技術單位(外部)選擇性編碼示意圖 37
圖4-3:協力廠商(內部)選擇性編碼示意圖 39
圖4-4:協力廠商(外部)選擇性編碼示意圖 40
圖4-5:業務單位(內部)選擇性編碼示意圖 43
圖4-6:技術單位合作關係圖 45

參考文獻 [1]Agle, B. R., and Caldwell, C. B. "Understanding research on values in business: A level of analysis framework," Business & Society (38:3), 1999, pp. 326-387.
[2]Andersen, T. B. "E-government as an anti-corruption strategy, " Information Economics and Policy (21:3), 2009, pp. 201-210.
[3]Canavan, S. "An information security policy development guide for large companies," SANS Institute, 2003.
[4]Cao, G., Wiengarten, F., and Humphreys, P. "Towards a contingency resource-based view of IT business value," Systemic Practice and Action Research (24:1), 2011, pp. 85-106.
[5]Das, T. K., and Teng, B. "A resource-based theory of strategic alliances," Journal of management (26:1), 2000, pp. 31-61.
[6]Dhillon, G., and Torkzadeh, G. "Value‐focused assessment of information system security in organizations," Information Systems Journal (16:3), 2006, pp. 293-314.
[7]Doherty, N. F., and Fulford, H. "Do information security policies reduce the incidence of security breaches: an exploratory analysis," Information Resources Management Journal (18:4), 2005, pp. 21-39.
[8]Donaldson, B., and O’Toole, T. "Strategic marketing relationship, " John and Wiley & Sons, Chichester, 2001, pp. 115-119.
[9]Drnevich, P. L., and Croson, D. C. "Information technology and business-level strategy: Toward an integrated theoretical perspective," Mis Quarterly (37:2), 2013, pp. 483-509.
[10]Dubé, L., and Paré, G. "Rigor in information systems positivist case research: current practices, trends, and recommendations," MIS quarterly, 2003, pp. 597-636.
[11]Dyer, J. H., and Singh, H. "The relational view: Cooperative strategy and sources of interorganizational competitive advantage," Academy of management review (23:4), 1998, pp. 660-679.
[12]Friedman, B., Kahn, P., and Borning, A. "Value sensitive design and information systems In P. Zhang & D. Galletta (Eds.)," Human-computer interaction in management information systems: Foundations, 2006, pp. 348–372.
[13]Glaister, K., and P. Buckley. "Strategic Motives for International Alliance Formation," Journal of Management Studies (33:3), 1996, pp. 301-332.
[14]Grant, R. M. "The resource-based theory of competitive advantage: implications for strategy formulation," California management review (33:3), 1991, pp. 114-135.
[15]Hedström, K. "The values of IT in elderly care," Information Technology & People (20:1), 2007, pp. 72-84.
[16]Hedström, K., Kolkowska, E., Karlsson, F., and Allen, J. P. "Value conflicts for information security management," The Journal of Strategic Information Systems (20:4), 2011, pp. 373-384.
[17]Höne, K., and Eloff, J. "What makes an effective information security policy?" Network Security (2002:6), 2002, pp. 14-16.
[18]Hsu, C. W. "Frame misalignment: interpreting the implementation of information systems security certification in an organization," European Journal of Information Systems (18:2), 2009, pp. 140-150.
[19]Humphreys, E. "Information security management standards: Compliance, governance and risk management," information security technical report (13:4), 2008, pp. 247-255.
[20]ISO/IEC 27002. Code of practice for information security management
[21]Keeney, R. L. "Value-focused thinking, Harvard Un", 1992
[22]Kemp, M., and Kemp, M. "Beyond trust: security policies and defence-in-depth," Network Security (2005:8), 2005, pp. 14-16.
[23]Kim, S., and Seong Leem, C. "Enterprise security architecture in business convergence environments," Industrial Management & Data Systems (105:7), 2005, pp. 919-936.
[24]Lee, S. M., Lee, S., and Yoo, S. "An integrative model of computer abuse based on social control and general deterrence theories," Information & Management (41:6), 2004, pp. 707-718.
[25]Luna-Reyes, L. F., and Gil-García, J. R. "Using institutional theory and dynamic simulation to understand complex e-Government phenomena," Government Information Quarterly (28:3), 2011, pp. 329-345.
[26]Ma, Q., Johnston, A. C., and Pearson, J. M. "Information security management objectives and practices: a parsimonious framework, " Information Management & Computer Security (16:3), 2008, pp. 251-270.
[27]Markus, M. L. "Case selection in a disconfirmatory case study," The information systems research challenge: Qualitative research methods (1), 1989, pp. 20-26.
[28]Mays, N., & Pope, C. "Rigour and qualitative research." BMJ: British Medical Journal (311:6997), 1995, pp. 109.
[29]Mishra, S. and Dhillon, G. "Information systems security governance research: A behavioral perspective, " In 1st Annual Symposium on Information Assurance, Academic Track of 9th Annual NYS Cyber Security Conference, New York, USA, 2006, pp. 27-35.
[30]Montesdioca, G. P. Z., and Maçada, A. C. G. "Measuring user satisfaction with information security practices," Computers & security (48), 2015, pp. 267-280.
[31]Nnolim, A. L. A framework and methodology for information security management Lawrence Technological University, 2007.
[32]Patton, M. Q. "Enhancing the quality and credibility of qualitative analysis," Health services research (34:5 Pt 2), 1999, pp. 1189-1208.
[33]Phillips, B. "Information technology management practice: impacts upon effectiveness." Journal of Organizational and End User Computing (25:4), 2013, pp. 50-74.
[34]Rainer Jr, R. K., Marshall, T. E., Knapp, K. J., and Montgomery, G. H. "Do information security professionals and business managers view information security issues differently?" Information Systems Security (16:2), 2007, pp. 100-108.
[35]Ray, S., Ow, T., and Kim, S. S. "Security assurance: How online service providers can influence security control perceptions and gain trust," Decision Sciences (42:2), 2011, pp. 391-412.
[36]Rokeach, M. The nature of human values, Free press, 1973.
[37]Romm, C. T., and Pliskin, N. "The office tyrant-social control through e-mail," Information Technology & People (12:1), 1999, pp. 27-43.
[38]Safa, N. S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N. A., and Herawan, T. "Information security conscious care behaviour formation in organizations," Computers & Security (53), 2015, pp. 65-78.
[39]Saint-Germain, R. "Information security management best practice based on ISO/IEC 17799," Information Management (39:4), 2005, pp. 60.
[40]Singh, A. N., Picot, A., Kranz, J., Gupta, M. P., and Ojha, A. "Information security management (ism) practices: Lessons from select cases from India and Germany," Global Journal of Flexible Systems Management (14:4), 2013, pp. 225-239.
[41]Siponen, M., Mahmood, M. A., and Pahnila, S. "Employees’ adherence to information security policies: An exploratory field study, " Information & Management (51:2), 2014, pp. 217-224.
[42]Strauss, A., and Corbin, J. "Basics of qualitative research," Newbury Park, CA: Sage, 1990.
[43]Surendran, K., Ki-Yoon, K., and Harris, A. "Accommodating information security in our curricula," Journal of Information Systems Education (13:3), 2002, pp. 173.
[44]Thomas, G., and Botha, R. A. "Secure mobile device use in healthcare guidance from HIPAA and ISO17799," Information Systems Management (24:4), 2007, pp. 333-342.
[45]Werlinger, R., Hawkey, K., and Beznosov, K. "An integrated view of human, organizational, and technological challenges of IT security management," Information Management & Computer Security (17:1), 2009, pp. 4-19.
[46]Whitman, M. E., and Mattord, H. J. Principles of Information Security, 2nd Ed. Thomson Course Technology, Boston, MA, 2005.
[47]Whitman M.E. and Mattord H.J. Principles of information security, 3rd Ed. Thompson Course Technology, Boston, MA, 2009.
[48]White, G. "Strategic, tactical, & operational management security model, " Journal of Computer Information Systems (49:3), 2009, pp. 71-75.
[49]Wong, Y., and Thite, M. Human resource information systems: Basics, applications, and future directions, Sage Publications, 2009.
[50]Wickramasinghe, N., and Ginzberg, M. J. "Integrating knowledge workers and the organization: The role of IT," International Journal of Health Care Quality Assurance (14:6), 2001, pp. 245-253.
[51]Yin, R. K. Case Study Research, Design and Methods, 2nd ed. Sage Publications, Beverly Hills, CA, 1994.
[52]Yu, Y. W., Tsai, S., Liou, Y., Hong, C., and Chen, T. "Association study of two serotonin 1A receptor gene polymorphisms and fluoxetine treatment response in Chinese major depressive disorders," European Neuropsychopharmacology (16:7), 2006, pp. 498-503.
[53]Zafar, H. "Exploring organizational human resource information system security," 2012
[54]Zhao, F. "Management of information technology and business process re-engineering: A case study," Industrial Management & Data Systems (104:8), 2004, pp. 674-680.
[55]Zhao, J. J., & Zhao, S. Y. "Opportunities and threats: A security assessment of state e-government websites," Government Information Quarterly (27:1), 2010, pp. 49-56.
論文使用權限
  • 同意紙本無償授權給館內讀者為學術之目的重製使用,於2022-08-10公開。
  • 同意授權瀏覽/列印電子全文服務,於2022-08-10起公開。


  • 若您有任何疑問,請與我們聯絡!
    圖書館: 請來電 (02)2621-5656 轉 2486 或 來信