隨著資訊科技的日益普及,使得資訊安全管理議題逐漸受到重視。目前在資訊安全政策順從方面的研究主要著重在一般嚇阻理論、保護動機理論來探討員工的資訊安全行為,但是這些研究以組織規範、個人行為動機觀點為考量,沒有注意到員工個人內心層面的影響。因此本研究以企業組織內的員工為研究對象,運用場理論的觀點,結合背景因素中的資訊安全氣候,以及個人因素中的心理所有權,探討其對組織承諾的影響,進而討論對資訊安全政策順從意圖的影響效果。本研究對象為天下雜誌的服務業行業別排名,以電信、資訊(通訊、IC通路)、資訊設備銷售與服務、建設等具有實行資訊安全政策的企業組織員工,以網路問卷和紙本問卷的方式來調查。研究結果發現,資訊安全氣候會顯著影響組織承諾中的情感承諾、持續承諾、規範承諾,也會顯著影響心理所有權和資訊安全政策順從意圖,而心理所有權會顯著影響組織承諾中的情感承諾、持續承諾與規範承諾,組織承諾中的規範承諾會顯著影響資訊安全政策順從意圖,同時,心理所有權也顯著影響資訊安全政策順從意圖;組織承諾中的情感承諾、持續承諾並沒有顯著影響資訊安全政策順從意圖。因此,本研究認為,藉由增加組織的資訊安全氣候可以提升員工心理所有權,進一步促進員工的組織承諾,來增加資訊安全政策順從意圖。 With the rapid development of information technology, information security management issues are more and more important. Currently, information security policy compliance research mainly investigates information security behaviors of employees from general deterrence theory and protection motivation theory lens. However, these studies focus on the discussions of security specifications of organization and the motivations of individual’s behavior but omit the influences of psychological factors on employee’s information security policy compliance. To fill this gap, based on the field theory, we considered information security climate as background factors and psychological ownership as personal factors, this study investigated employees in the service industry in Taiwan to explore the impacts of information security climate and psychological ownership on organizational commitment and information security policy compliance intentions. The survey employed web questionnaires and hard copied questionnaires to increase response rate. The results showed that the information security climate significantly impacted affective commitment, continuance commitment, and normative commitment. It also significantly affected psychological ownership and information security policy compliance intention. Psychological ownership significantly impacted affective commitment, continuance commitment, normative commitment, and information security policy compliance intention. The normative commitment significantly impacted information security policy compliance intention. Affective commitment and continuance commitment had no significant effects on information security policy compliance intention. In sum, this study suggests that information security climate and psychological ownership can promote organizational commitment of employees, and thereby increase the information security policy compliance intention.
