Responsive image
博碩士論文 etd-0817112-194405 詳細資訊
Title page for etd-0817112-194405
論文名稱
Title
探討員工非授權電腦存取行為意圖─整合中立化理論、差別接觸理論和遏制理論
A Study of Employee Unauthorized Computer Access Intention ─ An Integration of Neutralization, Differential Association and Containment Theory
系所名稱
Department
畢業學年期
Year, semester
語文別
Language
學位類別
Degree
頁數
Number of pages
78
研究生
Author
指導教授
Advisor
召集委員
Convenor
口試委員
Advisory Committee
口試日期
Date of Exam
2012-07-26
繳交日期
Date of Submission
2012-08-17
關鍵字
Keywords
未授權電腦存取、差別接觸理論、遏制理論、電腦駭客、中立化理論
Differential Association Theory, Neutralization Theory, Unauthorized Computer Access, Containment Theory, Computer Hacking
統計
Statistics
本論文已被瀏覽 5976 次,被下載 1281
The thesis/dissertation has been browsed 5976 times, has been downloaded 1281 times.
中文摘要
員工未授權電腦存取行為是最常在企業中看見的駭客行為。因此,我們有必要去了解為什麼員工會從事這樣的行為,並尋找有效的方法防範藉此降低犯罪率。過去在員工駭客行為的研究中都曾經以中立化理論、差別接觸理論和遏制理論來討論並解釋原因。然而,過去的研究都是單獨的引用這些理論和觀點,並沒有一個較整合性的研究模式來解釋是什麼原因影響員工未授權電腦存取行為的意圖。本研究中,我們結合中立化理論、差別接觸理論和遏制理論這三個觀點建構出一個整合性的研究模式來解釋員工電腦未授權存取行為的意圖。
本研究於台灣採集了351個有效樣本來驗證此研究假說及模式。其結果支持我們所作的部分推論,中立化理論和遏制理論都是影響員工決定是否採取未授權電腦存取行為的因素。最後,我們發現員工未授權電腦存取行為意圖中的中立化是影響員工最重要的因素。因此公司在制定和實施安全政策或教育時,可減少員工的中立化因素,藉此來降低員工犯下未授權電腦存取行為的意圖。
總而言之,本篇研究整合了過去幾個較常被拿來探討員工駭客行為的觀點,同時提出一個較為整合且清楚的研究模式來解釋「員工未授權電腦存取行為意圖」,甚至未來也能利用這個模式來解釋員工的其他非倫理行為。
Abstract
Unauthorized computer access by employees is the most common hacking behavior in every company. Hence, it is necessary to first understand why an employee engages to commit it and then find effective methods of prevention to reduce the crime rate. Many studies on computer hacking has discussed the reasons for the behavior, for example: neutralization theory, differential association theory and containment theory. However, those theories and perspectives were adopted independently in past research. In this study, we combine those perspectives and create an integrated model to explain the employee’s intention to commit unauthorized computer access.
Data collected from 351employees in Taiwan confirmed our hypotheses and were tested against the research model. The results support the theoretical model in explaining how neutralization theory and containment theory may affect an employee’s intention to commit unauthorized computer access. Finally, we found that neutralization is the most important factor to take into account when organizations develop and implement security policies or education which can decrease employees’ intentions to commit unauthorized computer access.
目次 Table of Contents
論文審定書 i
致謝 ii
摘要 iii
Abstract iv
Chapter 1 Introduction 1
Chapter 2 Theoretical Foundation and Literature Review 7
2.1 Social Learning and Social Control Theories 7
2.1.1 Social Learning Theories 7
2.1.2 Social Control Theory 8
2.2 Neutralization Theory 10
2.3 Differential Association Theory 17
2.4 Containment Theory 21
Chapter 3 Research Analysis 26
3.1 Research Design 26
3.2 Research Model 27
3.3 Subject 28
3.3.1 Sampling 28
3.3.2 Demographic Analysis 29
3.4 Constructs and Measurements 30
3.4.1 Non-Response Bias 32
3.4.2 Questionnaire Internal Reliability 33
3.5 Measurement Model 38
3.5.1 Common Method Variance 39
3.5.2 Reliability and Validity 41
Chapter 4 Analysis and Discussions 48
4. 1 Data Analysis 48
4. 2 Discussion 50
Chapter 5 Conclusions and Implications 52
5.1 Conclusions 52
5.2 Academic Applications 53
5.3 Practical Implications 55
5.4 Limitations and Suggestions for Future Study 56
References 59
Appendix - Questionnaire 65
參考文獻 References
Agnew, R., & Cullen, F. T. (2003). Criminological theory: Past to present (2nd ed.). Los Angeles: CA. Roxbury.
Akers, R. L. (2009). Social learning and social structure: A general theory of crime and deviance: Transaction Pub.
Alexander, C. S., & Becker, H. J. (1978). The use of vignettes in survey research. The Public Opinion Quarterly, 42(1), 93-104.
Alvarez, A., & Bachman, R. (2003). Murder american style. Belmont: CA:Wadsworth.
AMA. (2005). Electronic monitoring and surveillance survey: American Management Association, New York.
Armstrong, J. S., & Overton, T. S. (1977). Estimating nonresponse bias in mail surveys. Journal of Marketing Research, 14(3), 396-402.
Arora, A. (1996). Testing for complementarities in reduced-form regressions: A note. Economics Letters, 50(1), 51-55.
Association, A. B. (1984). Report on Computer Crime.
Avolio, B. J., Yammarino, F. J., & Bass, B. M. (1991). Identifying common methods variance with data collected from a single source: An unresolved sticky issue. Journal of Management, 17(3), 571.
Bachman, R., Paternoster, R., & Ward, S. (1992). The rationality of sexual offending: Testing a deterrence/rational choice conception of sexual assault. Law & Society Review, 26(2), 343-372.
Bandura, A., Adams, N. E., Hardy, A. B., & Howells, G. N. (1980). Tests of the generality of self-efficacy theory. Cognitive Therapy and Research, 4(1), 39-66.
Banerjee, D., Cronan, T. P., & Jones, T. W. (1998). Modeling IT ethics: A study in situational ethics. MIS Quarterly, 22(1), 31-60.
Berinato, S. (2005). The global state of information security 2005. CIO Magazine, 15.
Bollen, K. A. (1984). Multiple indicators: Internal consistency or no necessary relationship. Quality & Quantity, 18(4), 377-385.
Byers, B., Crider, B. W., & Biggers, G. K. (1999). Bias crime motivation: A study of hate crime and offender neutralization techniques used against the amish. Journal of Contemporary Criminal Justice, 15(1), 78-96.
Cassiman, B., & Veugelers, R. (2006). In search of complementarity in innovation strategy: Internal R&D and external knowledge acquisition. Management Science, 52(1), 68-82.
Chin, W. (2000). Partial least squares for IS researchers: An overview and presentation of recent advances using the PLS approach. Paper presented at the International Conference on Information Systems.
Chin, W. W., Marcolin, B. L., & Newsted, P. R. (2003). A partial least squares latent variable modeling approach for measuring interaction effects: Results from a monte carlo simulation study and an electronic-mail emotion/adoption study. Information Systems Research, 14(2), 189-217.
Cromwell, P., & Thurman, Q. (2003). The devil made me do it: use of neutralizations by shoplifters. Deviant Behavior, 24(6), 535-550.
D’Arcy, J., Hovav, A., & Galletta, D. (2009). User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach. Information Systems Research, 20(1), 79-98.
DeMelo, D. M. (1999). Criminological theory. from http://www.wku.edu/~john.faine/soc332/diane.pdf
Denning, D. (2000). Information warfare and security. EDPACS, 27(9), 1-2.
Dhillon, G., & Moores, S. (2001). Computer crimes: Theorizing about the enemy within. Computers & Security, 20(8), 715-723.
Fornell, C., & Bookstein, F. L. (1982). Two structural equation models: Lisrel and PLS applied to consumer exit-voice theory. Journal of Marketing Research, 19(4), 440-452.
Fornell, C., & Larcker, D. F. (1981). Evaluating structural equation models with unobservable variables and measurement error. Journal of Marketing Research, 18(1), 39-50.
Hamlin, J. E. (1988). The misplaced role of rational choice in neutralization theory. Criminology, 26(3), 425-438.
Harrington, S. J. (1996). The effect of codes of ethics and personal denial of responsibility on computer abuse judgments and intentions. MIS Quarterly, 20(3), 257-278.
Hickey, E. W. (2005). Serial murders and their victims (4th ed.). Belmont: CA:Wadsworth.
Hickey, E. W. (2010). Serial murders and their victims (5th ed.). Belmont: CA:Wadsworth.
Higgins, G. E., & Makin, D. A. (2004). Does social learning theory condition the effects of low self-control on college students’software piracy. Journal of Economic Crime Management, 2(2).
Hindelang, M. J. (1973). Causes of delinquency: A partial replication and extension. Social Problems, 20(4), 471-487.
Hirschi, T. (2002). Causes of delinquency: Transaction Pub.
Hogan, H. W., & Mookherjee, H. N. (1981). Delinquency and personal vs. social controls. Journal of Social Psychology, 114(1), 51-55.
Hollinger, R. C. (1991). Neutralizing in the workplace: An empirical analysis of property theft and production deviance. Deviant Behavior, 12(2), 169-202.
Hollinger, R. C., & Lanza-Kaduce, L. (1988). The process of criminalization: The case of computer crime laws. Criminology, 26(1), 101-126.
Huigang, L., Saraf, N., Qing, H., & Yajiong, X. (2007). Assimilation of enterprise systems: The effect of institutional pressures and the mediating role of top management. MIS Quarterly, 31(1), 59-87.
Jarvis, Cheryl B., MacKenzie, Scott B., & Podsakoff, Philip M. (2003). A critical review of construct indicators and measurement model misspecification in marketing and consumer research. Journal of Consumer Research, 30(2), 199-218.
Jensen, G. F. (Ed.) (2003) Encyclopedia of criminology. Chicago: Fitzroy Dearborn Publishers.
Joreskog, K. G., & Sorbom., D. (1993). PRELIS 2 User's Reference Guide.: Scientific Software International, Lincolnwood, IL.
Kim, J. h. (2011). Samsung Card latest in line of data hacks. from http://www.asiaone.com/News/Latest%2BNews/Science%2Band%2BTech/Story/A1Story20110910-298761.html
Klockars, C. B. (1974). The professional fence. New York: Free Press.
Kuo, F.-Y., & Hsu, M.-H. (2001). Development and validation of ethical computer self-efficacy measure: The case of softlifting. Journal of Business Ethics, 32(4), 299-315.
Kuo, F.-Y., Lin, C., & Hsu, M.-H. (2007). Assessing gender differences in computer professionals’ self-regulatory efficacy concerning information privacy practices. Journal of Business Ethics, 73(2), 145-160.
Law, K. S., & Wong, C.-S. (1999). Multidimensional constructs in structural equation analysis: an illustration using the job perception and job satisfaction constructs. Journal of Management, 25(2), 143-160.
Leidner, D. E., & Kayworth, T. (2006). Review: a review of culture in information systems research: Toward a theory of information technology culture conflict. MIS Quarterly, 30(2), 357-399.
Leonard, L. N. K., & Cronan, T. P. (2001). Illegal, inappropriate, and unethical behavior in an information technology context: A study to explain influences. Journal of the Association for Information Systems, 1(12), 1-31.
Leonard, L. N. K., Cronan, T. P., & Kreie, J. (2004). What influences IT ethical behavior intentions—planned behavior, reasoned action, perceived importance, or individual characteristics? Information & Management, 42(1), 143-158.
Lilly, J. R. (2006). Society as insulation: The origins of control theory. from http://www.sagepub.com/upm-data/13561_Chapter5.pdf
Lim, V. K. G. (2002). The it way of loafing on the job: Cyberloafing, neutralizing and organizational justice. Journal of Organizational Behavior, 23(5), 675-694.
Malhotra, N. K., Sung, S. K., & Agarwal, J. (2004). Internet users' information privacy concerns (IUIPC): The construct, the scale, and a causal model. Information Systems Research, 15(4), 336-355.
Minor, W. W. (1981). Techniques of neutralization: A reconceptualization and empirical examination. Journal of Research in Crime and Delinquency, 18(2), 295-318.
Panko, R. R., & Beh, H. G. (2002). Monitoring for pornography and sexual harassment. Communications of the ACM, 45(1), 84-87.
Parker, D. B. (1998). Fighting computer crime: A new framework for protecting information: John Wiley & Sons, Inc.
Pavlou, P. A., & Gefen, D. (2005). Psychological contract violation in online marketplaces: Antecedents, consequences, and moderating role. Information Systems Research, 16(4), 372-399.
Peace, A. G., Galletta, D. F., & Thong, J. Y. L. (2003). Software piracy in the workplace: A model and empirical test. Journal of Management Information Systems, 20(1), 153-177.
Petter, S., Straub, D., & Rai, A. (2007). Specifying formative constructs in information systems research. MIS Quarterly, 31(4), 623-656.
Piquero, N. L., Tibbetts, S. G., & Blankenship, M. B. (2005). Examining the role of differential association and techniques of neutralization in explaining corporate crime. Deviant Behavior, 26(2), 159-188.
Podsakoff, P. M., MacKenzie, S. B., Lee, J.-Y., & Podsakoff, N. P. (2003). Common method biases in behavioral research: A critical review of the literature and recommended remedies. Journal of Applied Psychology, 88(5), 879-903.
Pogarsky, G. (2004). Projected offending and contemporaneous rule-violation: Implications for heterotypic continuity. Criminology, 42(1), 111-136.
Puhakainen, P. (2006). A design theory for Information security awareness. Oulu, Finland: University of Oulu.
Rahim, M. M. D., Seyal, A. H., & Rahman, M. N. (2001). Factors affecting softlifing intention of computing students: An empirical study. Journal of Educational Computing Research, 24.
Reckless, W. C. (1961). A new theory of delinquency and crime. Federal Probation, 25, 42-46.
Reckless, W. C. (1973a). American Criminology: New directions. New York: Appleton-Century-Crofts.
Reckless, W. C. (1973b). The Crime Problem. Pacific Palisades: Goodyear Publishing Company.
Richardson, R. (2007). CSI/FBI Computer Crime and Security Survey. San Francisco: Computer Security Institute.
Rogers, J. W., & Buffalo, M. D. (1974). Neutralization techniques: Toward a simplified measurement scale. The Pacific Sociological Review, 17(3), 313-331.
Rogers , M. (1999). Psychology of Computer Criminals. Paper presented at the Annual Computer Security Institute Conference.
Sacco, V. F., & Zureik, E. (1990). Correlates of computer misuse: Data from a self-reporting sample. Behaviour & Information Technology, 9(5), 353-369.
Sampson, R. J., & Laub, J. H. (1993). Crime in the Making: Pathways and Turning Points Through Life: Cambridge, MA: Harvard University Press.
Shoemaker, D. J. (1996). Theories of Delinquency: An Examination of Explanations of Delinquent Behavior (3rd ed.). New York: Oxford University Press.
Simpson, P. M., Banerjee, D., & Simpson Jr, C. L. (1994). Softlifting: A model of motivating factors. Journal of Business Ethics, 13(6), 431-438.
Siponen, M., & Iivari, J. (2006). Six design theories for is security policies and guidelines. Journal of the Association for Information Systems, 7(7), 445-472.
Siponen, M., & Vance, A. (2010). Neutralization: New insights into the problem of employee information systems security policy violations. MIS Quarterly, 34(3), 487-A412.
Skinner, W. F., & Fream, A. M. (1997). A social learning theory analysis of computer crime among college students. Journal of Research in Crime and Delinquency, 34(4), 495-518.
Stanton, J. M., Stam, K. R., Mastrangelo, P., & Jolton, J. (2005). Analysis of end user security behaviors. Computers & Security, 24(2), 124-133.
Straub, D. W., Jr, & Nance, W. D. (1990). Discovering and disciplining computer abuse in organizations: A field study. MIS Quarterly, 14(1), 45-60.
Straub, D. W., & Welke, R. J. (1998). Coping with systems risk: Security planning models for management decision making. MIS Quarterly, 22(4), 441-469.
Sutherland, E. H. (1939). Principles of Criminology: Philadelphia: Lippincott.
Sutherland, E. H. (1947). Principles of Criminology (4th ed.): Philadelphia : Lippincott.
Sykes, G. M., & Matza, D. (1957). Techniques of neutralization: A theory of delinquency. American Sociological Review, 22(6), 664-670.
Taylor , P. A. (Ed.). (1999). Hackers: Crime in the Digital Sublime. New York: Routledge.
Taylor, S., & Todd, P. A. (1995). Understanding information technology usage: A test of competing models. Information Systems Research, 6(2), 144-176.
Teo, H. H., Wei, K. K., & Benbasat, I. (2003). Predicting intention to adopt interorganizational linkages: An institutional perspective. MIS Quarterly, 27(1), 19-49.
Thompson, W. E., & Dodder, R. A. (1983). Juvenile delinquency explained: A test of containment theory. Youth and Society, 15(2), 171-194.
Trevino, L. K. (1992). Experimental approaches to studying ethical-unethical behavior in organizations. Business Ethics Quarterly, 2(2), 121-136.
Urbaczewski, A., & Jessup, L. M. (2002). Does electronic monitoring of employee internet usage work? Communications of the ACM, 45(1), 80-83.
Weber, J. (1992). Scenarios in business ethics research: Review, critical assessment, and recommendations. Business Ethics Quarterly, 2(2), 137-160.
Williams, L. J., Edwards, J. R., & Vandenberg, R. J. (2003). Recent advances in causal modeling methods for organizational and management research. Journal of Management, 29(6), 903-936.
電子全文 Fulltext
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。
論文使用權限 Thesis access permission:校內校外完全公開 unrestricted
開放時間 Available:
校內 Campus: 已公開 available
校外 Off-campus: 已公開 available


紙本論文 Printed copies
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。
開放時間 available 已公開 available

QR Code