English  |  正體中文  |  简体中文  |  Items with full text/Total items : 58270/91820 (63%)
Visitors : 13792968      Online Users : 54
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    Please use this identifier to cite or link to this item: http://tkuir.lib.tku.edu.tw:8080/dspace/handle/987654321/34176

    Title: 資訊安全認知評量表之研究
    Other Titles: A study of the development of information security awareness scale
    Authors: 蕭瑞祥;曹明玉
    Shaw, Ruey-shiang;Tsao, Ming-yu
    Contributors: 淡江大學資訊管理學系
    Keywords: 資訊安全;資訊安全認知;資訊安全認知評量表
    Information Security;Information Security Awareness;Information Security Awareness Scale
    Date: 2007-06
    Issue Date: 2010-01-11 05:00:06 (UTC+8)
    Publisher: 新北市:私立淡江大學資訊管理學系
    Abstract: 現今企業組織越來越依賴資訊科技,引發對於資訊安全議題的重視。目前越來越多的組織與企業開始導入資訊安全的相關的制度,不論是BS7799或COBIT等,都是由「組織」層面去檢驗資訊安全的機密性、完整性與可用性。但資訊安全事件的層出不窮,大多是由內部人員有意或無意的行為所造成。現階段資訊安全的相關文獻缺乏從「人員」為出發點,探討組織內的人員對於資訊安全認知的程度高低作評量與改善的研究。
    本研究目的是以NIST(美國國家標準技術學會) Special Publication 800-16所提出「ABC’s of Information Technology Security」的26項概念來作為發展資訊安全認知評量表之基礎,衡量受訪者是否有資訊安全各項概念之基本意義與內涵的認知。經過問卷設計、德菲法發展問項主體、建立評量表初稿、國內專家調查與訪談等一連串的評量表設計步驟後,與四個不同單位實施量測以進行分析探討,了解其資訊安全認知差異程度,驗證此評量表之適用性。本研究經驗證有以下幾項結果顯示: (1)人員有無受過資訊安全相關訓練,其資訊安全認知水準會有一定程度的差距;且不同的資訊安全訓練也會有成效上的差異,組織高層必須重視;(2)將認知程度區分成低、中、高三個不同的等級,組織可針對中低程度的認知概念進行另一階段的宣導與加強,或作為訓練教材的內容;(3)分析評量表問項的難易度高低,未來要以此評量表施測時,可選擇不同難易度的問項來做量測;而專家個別訪談中增列的問項,大部分難易度適中,符合適用性。目前國內外的學術文獻少有此方面的研究,因此本研究可作為衡量單位人員的資訊安全認知的水平,提供未來資訊安全訓練導入參考的依據,並可驗證人員在受過資訊安全訓練後,認知成效高低之評量。
    Today enterprises and organizations in the world depend on Information Technology more and more, which arouses managers thinking highly of the issues on Information Security. Presently, more and more enterprises and organizations start to bring in some standards or systems of Information Security. No matter of BS7799, COBIT and so on, are based on “organization” to examine the Confidentiality, Integrity, and Availability of Information Security. However, many Information Security incidents still emerge in an endless stream, most of which result from the internal staffs’ intentional or unintentional actions. References for Information Security nowadays are deficient of the notion taking “people” as a threshold into consideration, and few are researching the level of Information Security Awareness of the personnel in the enterprise the scale and improve it.
    Regarding twenty-six concepts of “ABC’s of Information Technology Security” of NIST Special Publication 800-16 as the basis of the development of Information Security Awareness Scale, it measures them whether people have the knowledge of basic significance of the concepts of Information Security, and meanwhile verifies the applicability of this scale. After a series of steps in designing the scale such as questionnaires design, Delphi Method development, first-edition of the scale establishment, and domestic experts survey and interview, we, together with four different units, proceed to analyze and probe, verifying the scale’s availability from the testes’ reaction to understand his or her discrepancy on Information Security knowledge. After verify, this research reveals as follows. (1) Were the staff taking training on Information Security related, his or her Information Security knowledge level would have difference to some extent, and different trainings would have different influence on the staff. Therefore, the high-ranking managers must take his or her subordinates’ knowledge level on this aspect seriously. (2) Mark off the level to three diverse ranks, low, middle, and high. The organization could be aimed at the middle-below grades to go forward another phase of advocacy and reinforcement, or being as the training materials. (3) Analyze the degree of difficulty of the scale. Were we in the future testing based on this scale, we could also choose different level questionnaire to make tests. And most of the supplementary questions on individual interview with experts are in the middle level which conforms to the availability. Since being lack of references in this aspect, the scale is used to measure staffs in the department the level of Information Security Awareness and supports the basis to do Information Security Training in the future. And it is able to verify people the degree of effects after they have taken some training of Information Security.
    Appears in Collections:[Graduate Institute & Department of Information Management] Thesis

    Files in This Item:

    File Description SizeFormat

    All items in 機構典藏 are protected by copyright, with all rights reserved.

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - Feedback