本研究使用質性研究以及紮跟理論的三種編碼方法,希望從中探究資訊系統開發過程應注意之資訊安全議題。在研究結果中發現,第一,組織對於不同資訊安全議題,其所注重的程度也不盡相同。第二,各種不同的資訊安全議題,也會互相影響。第三,一個資訊安全議題,可能在數個不同的系統開發階段中受到重視,組織在進行資訊系統開發時,應該注重這些在不同開發階段都會引起討論的議題。 基於本研究的結果,第一,我們建議資訊系統開發的管理者,在系統開發的階段中,應該更重視資訊安全的議題,以建立更完善的資訊安全管理機制。第二,各個資訊安全議題之間可能互相影響。因此組織在進行系統開發時,應該注意到許多的資訊安全議題都是會互相影響的。最後,組織所看重的資訊安全議題,會因不同的系統開發階段,而有所區別。也可以讓組織更加注意到,在多個系統開發階段中都會引起重視的資訊安全議題。 This research used qualitative research and grounded theory, to explore information security issues in the information system development process. In this study, there are several findings. First, the organizations identify various information security issues to implement the information security mechanisms. Second, there are strong connections between security issues. Third, several critical security issue are addressed in the system development process.
Based on our findings, first, we suggest the information system managers have to establish robust information security mechanism to implement high quality services. Second, organizations should focus on different information security issues in different system development processes, because there are significant mutual operations between several critical security mechanisms. Finally, the managers have to focus on key information security mechanism from the initial to the end of the system development phases.
