系統識別號 | U0002-1707202010095500 |
---|---|
DOI | 10.6846/TKU.2020.00482 |
論文名稱(中文) | 資安威脅對企業使用資安防護硬體意圖之影響 |
論文名稱(英文) | The Impact of Security Threat on Enterprises' Intention to Use Security Protection Hardware |
第三語言論文名稱 | |
校院名稱 | 淡江大學 |
系所名稱(中文) | 資訊管理學系碩士在職專班 |
系所名稱(英文) | On-the-Job Graduate Program in Advanced Information Management |
外國學位學校名稱 | |
外國學位學院名稱 | |
外國學位研究所名稱 | |
學年度 | 108 |
學期 | 2 |
出版年 | 109 |
研究生(中文) | 楊昇原 |
研究生(英文) | Sheng-Yuan Yang |
學號 | 707630017 |
學位類別 | 碩士 |
語言別 | 繁體中文 |
第二語言別 | |
口試日期 | 2020-05-23 |
論文頁數 | 64頁 |
口試委員 |
指導教授
-
蕭瑞祥
委員 - 蕭瑞祥 委員 - 張昭憲 委員 - 蔡明志 |
關鍵字(中) |
資安認知 資安威脅 知覺品質 恐懼訴求 |
關鍵字(英) |
Security Awareness Security Threats Perceived Quality Fear Appeal |
第三語言關鍵字 | |
學科別分類 | |
中文摘要 |
資安防護硬體是企業面臨資安威脅網路攻擊、駭客入侵與破壞事件的首要防線,企業需要有效的安全防護機制,能擁有集中管理網路資訊安全政策及網路進出流量記錄的設備,來執行資安管控,資安防護硬體無疑是保護企業內部網路安全最有效的防護機制。 本研究以恐懼訴求模型,資安認知及資安威脅為主軸,並加入知覺品質,來探討企業因外部的資安威脅、內部的資安認知與資訊人員對資安防護硬體的知覺品質感知,以及企業周遭的社會影響力,是否為影響企業使用資安防護硬體意圖的影響因素。 研究成果顯示在資安威脅已經存在的情況下,企業使用資安防護硬體的行為意圖會受知覺品質的正向影響,而外在環境因素社會影響力同樣對企業的使用意圖亦為正向影響。本研究貢獻在於增加對企業資安防護硬體使用行為意圖脈絡影響因素的理解並作為未來研究方向的基礎。 |
英文摘要 |
Security protection hardware is the primary line of defense for companies facing security threats, cyber-attacks, hacker intrusions, and sabotage. Enterprises need an effective security protection mechanism that can have centralized management of network information security policies and network entry and exit traffic records to perform security management and control. Information security hardware is undoubtedly the most effective protection mechanism for protecting the internal network security of an enterprise. This study takes the fear appeal model, security awareness and security threats as the main axis, and adds perceptual quality to do research. To explore whether the company's external security threats, internal security awareness and information personnel's perception of the quality of security protection hardware, and the social influence around the company are the factors that affect the company's intention to use security protection hardware. The research results show that in the case of security threats already existing, the behavioral intention of enterprises to use security protection hardware will be positively affected by the perceived quality. The social influence of external environmental factors also has a positive impact on the use intentions of enterprises. The contribution of this research is to increase the understanding of the influencing factors of the intention of the enterprise's information security hardware use behavior and serve as the basis for future research directions. |
第三語言摘要 | |
論文目次 |
目錄 目錄 V 圖目錄 VII 表目錄 VIII 第一章 緒論 1 第一節 研究背景與動機 1 第二節 研究目的 2 第三節 研究流程 3 第四節 論文架構 4 第二章 文獻探討 5 第一節 資安防護硬體 5 第二節 恐懼訴求 7 第三節 品質-價值-行為意圖 9 第三章 研究方法 11 第一節 研究架構 11 第二節 研究假設 11 第三節 操作型定義與衡量問題 15 第四節 問卷設計 22 第四章 資料分析與結果 24 第一節 基本資料分析 24 第二節 問卷因素分析 27 第三節 信度分析 29 第四節 收斂效度分析 29 第五節 區分效度分析 31 第六節 假說與理論模型之驗證 38 第五章 研究討論 43 第一節 假說討論 43 第二節 訪談回饋 46 第六章 研究結論與建議 49 第一節 研究結論 49 第二節 管理意涵 50 第三節 研究限制 51 第四節 研究建議與方向 51 參考文獻 52 附錄A:問卷 55 附錄B:研究模型及PLS分析結果(路徑係數與預測能力) 61 附錄C:研究模型及PLS分析結果(T值與預測能力) 63 圖目錄 圖1-1 研究流程 3 圖2-1 恐懼訴求模型 8 圖2-2 品質-價值-行為意圖 9 圖2-3 研究架構 11 圖4-1 中小企業結構式模型路徑分析 38 圖4-2 大型企業結構式模型路徑分析 40 圖4-3 整體企業結構式模型路徑分析 41 表目錄 表3-1 資安認知構面衡量問題 16 表3-2 資安威脅構面衡量問題 17 表3-3 知覺品質構面衡量問題 18 表3-4 反應效能構面衡量問題 19 表3-5 自我效能構面衡量問題 20 表3-6 社會影響力構面衡量問題 21 表3-7 行為意圖構面衡量問題 22 表4-1 基本資料分析 26 表4-2 因素分析 27 表4-3 信度分析 29 表4-4 AVE值分析 30 表4-5 CR值分析 31 表4-6 中小企業區分效度(AVE平方根) 32 表4-7 大型企業區分效度(AVE平方根) 33 表4-8 整體企業區分效度(AVE平方根) 33 表4-9 中小企業區分效度(cross loading) 35 表4-10 大型企業區分效度(cross loading) 36 表4-11 整體企業區分效度(cross loading) 37 表4-12 中小企業路徑係數與T值 39 表4-13 大型企業路徑係數與T值 40 表4-14 整體企業路徑係數與T值 41 表4-15 假說檢定結果 42 表5-1 訪談回饋表 47 |
參考文獻 |
[1]Boudriga, N. (2009). Security of mobile communications: Auerbach Publications. [2]Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS quarterly, 34(3), 523-548. [3]De Hoog, N., Stroebe, W., & De Wit, J. B. (2005). The impact of fear appeals on processing and acceptance of action recommendations. Personality and social psychology bulletin, 31(1), 24-33. [4]Engel, J., Blackwell, R., & Miniard, P. (1995). Consumer Behavior. 8th, Forth Worth: Dryden Press, Texas. [5]Fornell, C.R., & Larcker, D.F. (1981). Evaluating Structural Equation Models with Unobservable Variables and Measurement Error, Journal of Marketing Research, 18(1), 39-50. [6]Erdheim, S. (2013). Deployment and management with next-generation firewalls. Network Security, 2013(10), 8-12. [7]Gauvin, W. (2010). System and method for unified threat management with a relational rules methodology: Google Patents. [8]Geier, E. (2011). Intro to Next Generation Firewalls [OL]. [9]Hair, J. F., Black, W. C., Babin, B. J., Anderson, R. E., & Tatham, R. L. (1998). Multivariate data analysis (Vol. 5): Prentice hall Upper Saddle River, NJ. [10]Hartwick, J., & Barki, H. (1994). Explaining the role of user participation in information system use. Management science, 40(4), 440-465. [11]Hovland, C. I. (1953). Communication and persuasion;psychological studies of opinion change. New Haven,: YaleUniversity Press. [12]Ioannidis, S., Keromytis, A. D., Bellovin, S. M., & Smith, J. M. (2000). Implementing a distributed firewall. Paper presented at the Proceedings of the 7th ACM conference on Computer and communications security. [13]Johnston, A. C., & Warkentin, M. (2010). Fear appeals and information security behaviors: an empirical study. MIS quarterly, 549-566. [14]Maddux, J. E., & Rogers, R. W. (1983). Protection motivation and self-efficacy: A revised theory of fear appeals and attitude change. Journal of experimental social psychology, 19(5), 469-479. [15]Nunnally, J. C., & Bernstein, I. H., Psychometric Theory, 3rd Edition, McGraw-Hill, New York, 1994. [16]Oppliger, R. (1997). Internet security: firewalls and beyond. Communications of the ACM, 40(5), 92-102. [17]QUADE, P. (2016).Fortinet Q4 2016 QUARTERLY Threat Landscape Report. [18]Rogers, R. W. (1975). A protection motivation theory of fear appeals and attitude change1. The journal of psychology, 91(1), 93-114. [19]Rogers, R. W. (1983). Cognitive and psychological processes in fear appeals and attitude change: A revised theory of protection motivation. Social psychophysiology: A sourcebook, 153-176. [20]Todd, M. A., & Guitian, C. (1989). Computer Security Training Guidelines. [21]Business Wire. (Q2 2017 ).UTM and Firewall Growth Drive the Worldwide Security Appliance Market Expansion in Q2 2017. [22]Venkatesh, V., & Davis, F. D. (2000). A theoretical extension of the technology acceptance model: Four longitudinal field studies. Management science, 46(2), 186-204. [23]Venkatesh, V., Morris, M. G., Davis, G. B., & Davis, F. D. (2003). User acceptance of information technology: Toward a unified view. MIS quarterly,(27)3,425-478. [24]Wall, D. S. (2007). The Transformation of crime in the information age. Polity, Cambridge. [25]Wilson, M., de Zafra, D. E., Pitcher, S. I., Tressler, J. D., & Ippolito, J. B. (1998). SP 800-16. Information Technology Security Training Requirements: a Role-and Performance-Based Model. [26]Wilson, M., & Hash, J. (2003). NIST Special Publication 800-50. Gaithersburg, MD: National Institute of Standards and Technology. [27]Witte, K. (1992). Putting the fear back into fear appeals: The extended parallel process model. Communications Monographs, 59(4), 329-349. [28]Witte, K. (1994). Fear control and danger control: A test of the extended parallel process model (EPPM). Communications Monographs, 61(2), 113-134. [29]Woodruff, R. B. (1997). Customer value: the next source for competitive advantage. Journal of the academy of marketing science, 25(2), 139. [30]Zeithaml, V. A. (1988). Consumer perceptions of price, quality, and value: a means-end model and synthesis of evidence. Journal of marketing, 52(3), 2-22. [31]Zeithaml, V. A., Berry, L. L., & Parasuraman, A. (1996). The behavioral consequences of service quality. Journal of marketing, 60(2), 31-46. |
論文全文使用權限 |
如有問題,歡迎洽詢!
圖書館數位資訊組 (02)2621-5656 轉 2487 或 來信