目前企業對於資訊安全的防衛措施，幾乎是採取懲處的方式，以規定去限制員工的行為。但除了使用威嚇的方式之外，是否還可以從員工的其他心理層面著手，提升員工對於遵從資安政策規定的意願，是目前資訊安全相關研究的重點。本研究即是探討員工內心對公司內部資料的擁有感，能否激發出順從公司資訊安全規範的行為。
本研究利用問卷調查法，針對在工作上會使用到電腦資料的企業員工作調查，有效問卷共234份，並使用SPSS與PLS等統計軟體來進行資料分析。分析結果顯示影響心理擁有感的因素之中，只有控制權對於心理擁有感有顯著影響；其中，員工的資訊心理擁有感對於資訊安全規範的順從行為是呈現反效果。資訊安全自我效能的影響因素中，員工過去的經歷會產生反效果，而員工的相關背景與教育訓練皆呈現顯著影響；資訊安全的自我效能對於資訊安全規範的順從行為則有顯著的效果。並在本研究的最後，依照上述的研究結果提出對於實務上的建議與對於未來研究上的建議。

The most common approach taken by organization to insure information security is to punish deviating behaviors. However, recently studies argue the need to pay attention on enhancing employee's capability on and willingness to comply with information security policies. Following this research stream and viewing psychological ownership as willingness and self-efficacy as capability, this study attempts to understand the antecedents of these two variables and their impacts on the compliance of information security policies. We adopted survey approach and collected data from 234 employees who use computer intensively to support their work. Statistical analysis results show that among the proposed three antecedents, perceived control is one critical antecedent of psychological ownership. On the other hand, while past experience has negative impact, education background and training positively affect self-efficacy. Finally, self-efficacy functions as expected but, surprisingly, psychological ownership has negative impact on compliance.

論文審定書 i
摘要 ii
Abstract iii
目錄 iv
圖次 vi
表次 vii
第一章 導論 1
1.1 研究背景： 1
1.2 動機： 2
1.3 研究問題與目的： 3
1.4 研究流程 4
第二章 文獻探討 6
2.1 資訊安全的順從行為： 6
2.1.1 資訊安全順從行為的概念： 6
2.1.2 資訊安全順從行為之相關研究： 6
2.2 心理擁有感 8
2.2.1 擁有感的概念： 8
2.2.2 心理擁有感的概念： 8
2.2.3 心理擁有感的成因與產生途徑： 9
2.2.4 心理擁有感之相關研究： 11
2.3 自我效能 13
2.3.1 自我效能的概念： 13
2.3.2 自我效能的影響因素： 14
2.3.3 自我效能之相關研究： 15
2.4 電腦自我效能 17
2.4.1 電腦自我效能的概念： 17
2.4.2 電腦自我效能之相關研究： 17
2.5 資訊安全自我效能 19
2.5.1 資訊安全自我效能的定義： 19
2.5.2資訊安全自我效能之相關研究： 19
第三章 研究方法 20
3.1 研究架構： 20
3.2 研究模型： 21
3.3 研究假說： 21
3.4 變數定義與衡量： 25
3.5 研究設計： 28
第四章 結果與討論 30
4.1 樣本敘述統計 30
4.2 信度與效度 32
4.2.1 信度分析 32
4.2.2 效度分析 33
4.2.3 結構模式分析與假說檢定結果 36
第五章 結論 41
5.1 研究結果 41
5.2 研究貢獻與建議 42
5.2.1 理論面的貢獻 42
5.2.2 實務面的建議 43
5.3 研究限制與未來研究方向 43
附錄 (問卷) 45
參考文獻 49

英文文獻：
Al-Shawabkeh, M., & Saudi, M. M. (2012). Computer Security Self-Efficacy Effect- an Extention of Technology-to-Performance Chain Model. ICSGRC.
Aurigemma, S., & Mattson, T. (2015). The Role of Social Status and Controllability on Employee Intent to Follow Organizational Information Security Requirements. Paper presented at the System Sciences (HICSS), 2015 48th Hawaii International Conference on.
Avey, J. B., Avolio, B. J., Crossley, C. D., & Luthans, F. (2009). Psychological ownership: Theoretical extensions, measurement and relation to work outcomes. Journal of Organizational Behavior, 30(2), 173-191.
Bandura, A. (1977). Self-efficacy: toward a unifying theory of behavioral change. Psychological Review, 84(2), 191.
Bandura, A. (1986). Social foundations of thought and action: A social cognitive theory: Prentice-Hall, Inc.
Bandura, A. (1997). Self-efficacy: The exercise of control: Macmillan.
Bandura, A., & Wood, R. (1989). Effect of perceived controllability and performance standards on self-regulation of complex decision making. Journal of Personality and Social Psychology, 56(5), 805.
Beggan, J. K. (1991). Using what you own to get what you need: The role of possessions in satisfying control motivation. Journal of Social Behavior & Personality.
Belk, R. (1988). Possessions and self: Wiley Online Library.
Best, B. B. (2014). Influencing employees’ compliance behavior towards Information Security Policy.
Buchem, I. (2012). Psychological Ownership and Personal Learning Environments: Do sense of ownership and control really matter? Paper presented at the PLE Conference Proceedings.
Buchem, I., Attwell, G., & Torres, R. (2011). Understanding personal learning environments: Literature review and synthesis through the activity theory lens.
Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34(3), 523-548.
Chachra, D., Dillon, A., Spingola, E., & Saul, B. (2014). Self-efficacy and task orientation in first-year engineering design courses. Paper presented at the Frontiers in Education Conference (FIE), 2014 IEEE.
Chai, S., Bagchi-Sen, S., Morrell, C., Rao, H. R., & Upadhyaya, A. J. (2009). Internet and online information privacy: An exploratory study of preteens and early teens. Professional Communication, IEEE Transactions on, 52(2), 167-182.
Chambliss, C., & Murray, E. J. (1979). Cognitive procedures for smoking reduction: Symptom attribution versus efficacy attribution. Cognitive Therapy and Research.
Chan, M., Woon, I., & Kankanhalli, A. (2005). Perceptions of information security in the workplace: linking information security climate to compliant behavior. Journal of Information Privacy and Security, 1(3), 18-41.
Chou, H.-W. (2001). Effects of training method and computer anxiety on learning performance and self-efficacy. Computers in Human Behavior, 17(1), 51-69.
Coffin, R., & MacIntyre, P. (1999). Motivational influences on computer-related affective states. Computers in Human Behavior, 15(5), 549-569.
Compeau, D. R., & Higgins, C. A. (1995a). Application of social cognitive theory to training for computer skills. Information Systems Research, 6(2), 118-143.
Compeau, D. R., & Higgins, C. A. (1995b). Computer self-efficacy: Development of a measure and initial test. MIS Quarterly, 189-211.
Cram, F., & Paton, H. (1993). PERSONAL POSSESSIONS AND SELF‐IDENTITY: THE EXPERIENCES OF ELDERLY WOMEN IN THREE RESIDENTIAL SETTINGS. Australian Journal on Ageing, 12(1), 19-24.
Detmar, S., & Richard, W. (1998). Coping with Systems Risk: Security Planning Models for Management Decision Making. MISQ.
Dittmar, H. (1992). The social psychology of material possessions: To have is to be: Harvester Wheatsheaf Hemel Hempstead.
Dreyfus, H. L. (1991). Being-in-the-world: A commentary on Heidegger's Being and Time, Division I: Mit Press.
Earley, P. C. (1994). Self or group? Cultural effects of training on self-efficacy and performance. Administrative Science Quarterly, 89-117.
Edward, H. (1966). The hidden dimension. Doubleday, Garden City, 14, 103-124.
Einwechter, N. (2002). Preventing and detecting insider attacks using ids. SecurityFocus, March.
Etzioni, A. (1991). The socio-economics of property. Journal of Social Behavior and Personality, 6(6), 465-468.
Feldman, D. C. (1989). Socialization, resocialization, and training: Reframing the research agenda.
Furby, L. (1978). Possession in humans: An exploratory study of its meaning and motivation. Social Behavior and Personality: an international journal, 6(1), 49-65.
Furby, L. (1991). Understanding the psychology of possessions and ownership : A person memoir and an appraisal of our progress. Journal of Social Behavior and Personality.
Garland, H., & Adkinson, J. H. (1987). Standards, Persuasion, and Performance A Test of Cognitive Mediation Theory. Group & Organization Management, 12(2), 208-220.
Gist, M. E., Schwoerer, C., & Rosen, B. (1989). Effects of alternative training methods on self-efficacy and performance in computer software training. Journal of applied psychology, 74(6), 884.
Gist, M. E., Stevens, C. K., & Bavetta, A. G. (1991). Effects of self-efficacy and post-training intervention on the acquisition and maintenance of complex interpersonal skills. Personnel Psychology, 44(4), 837.
Gouldner, A. W. (1960). The norm of reciprocity: A preliminary statement. American Sociological Review, 161-178.
Hackman, J. R., & Oldham, G. R. (1980). Work redesign.
Haeussinger, F., & Kranz, J. (2013). Information security awareness: Its antecedents and mediating effects on security compliant behavior.
Harman, H. H. (1976). Modern factor analysis: University of Chicago Press.
Hasan, B. (2003). The influence of specific computer experiences on computer self-efficacy beliefs. Computers in Human Behavior, 19(4), 443-450.
He, W., Yuan, X., & Tian, X. (2014). The Self-Efficacy Variable in Behavioral Information Security Research. Paper presented at the Enterprise Systems Conference (ES), 2014.
Herath, T., & Rao, H. R. (2009). Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness. Decision Support Systems, 47(2), 154-165.
Hu, W. W. (2010). Self-efficacy and Individual Knowledge Sharing. International Conference on Information Management.
Humaidi, N., & Balakrishnan, V. (2015). Leadership Styles and Information Security Compliance Behavior: The mediator effect of information security awareness. International Journal of Information and Education Technology, Articles in Advance, 5(4), 311-318.
Ifinedo, P. (2014). Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition. Information & Management, 51(1), 69-79.
Igbaria, M., & Iivari, J. (1995). The effects of self-efficacy on computer usage. Omega, 23(6), 587-605.
Jordan, K., Sorby, S., Amato-Henderson, S., & Donahue, T. H. (2011). Engineering self-efficacy of women engineering students at urban vs. Rural universities. Paper presented at the Frontiers in Education Conference (FIE), 2011.
Kim, S. H., Yang, K. H., & Park, S. (2014). An Integrative Behavioral Model of Information Security Policy Compliance. The Scientific World Journal, 2014.
Lent, R. W., Brown, S. D., & Larkin, K. C. (1986). Self-efficacy in the prediction of academic performance and perceived career options. Journal of Counseling Psychology, 33(3), 265.
Mager, R. F. (1992). No self-efficacy, no performance. Training.
Mayhew, M. G., Ashkanasy, N. M., Bramble, T., & Gardner, J. (2007). A study of the antecedents and consequences of psychological ownership in organizational settings. The Journal of social psychology, 147(5), 477-500.
Moos, D. C., & Azevedo, R. (2009). Learning with computer-based learning environments: A literature review of computer self-efficacy. Review of Educational Research, 79(2), 576-600.
Ng, B.-Y., & Xu, Y. (2007). Studying users' computer security behavior using the Health Belief Model. PACIS 2007 Proceedings, 45.
Nuttin, J. M. (1987). Affective consequences of mere ownership: The name letter effect in twelve European languages. European Journal of Social Psychology, 17(4), 381-402.
O’Reilly, C. (2002). The wrong kind of ownership. Across the board, 39(5), 19-20.
Olivier, T. A., & Shapiro, F. (1993). Self-Efficacy and Computers. Journal of Computer-Based Instruction, 20(3), 81-85.
Pahnila, S., Siponen, M., & Mahmood, A. (2007). Employees' behavior towards IS security policy compliance. Paper presented at the System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International Conference on.
Pierce, J. L., Kostova, T., & Dirks, K. T. (2001). Toward a theory of psychological ownership in organizations. Academy of Management Review, 26(2), 298-310.
Pierce, J. L., Kostova, T., & Dirks, K. T. (2003). The state of psychological ownership: Integrating and extending a century of research. Review of general psychology, 7(1), 84.
Pierce, J. L., Rubenfeld, S. A., & Morgan, S. (1991). Employee ownership: A conceptual model of process and effects. Academy of Management Review, 16(1), 121-144.
Ponton, M. K., Edmister, J. H., Ukeiley, L. S., & Seiner, J. M. (2001). Understanding the Role of Self‐Efficacy in Engineering Education. Journal of Engineering Education, 90(2), 247-251.
Redmond, B. (2010). Self-efficacy theory: Do I think that I can succeed in my work? Work attitudes and motivation. The Pennsylvania State University, World Campus.
Rhee, H.-S., Kim, C., & Ryu, Y. U. (2009). Self-efficacy in information security: Its influence on end users' information security practice behavior. Computers & Security, 28(8), 816-826.
Rokeach, M. (1973). The nature of human values (Vol. 438): Free press New York.
Roth, W. G. (1985). Treatment Implications Derived from Self-Efficacy Research with Children.
Rousseau, D. M., & Shperling, Z. (2003). Pieces of the action: Ownership and the changing employment relationship. Academy of Management Review, 28(4), 553-570.
Rudmin, F. W., Belk, R. W., & Furby, L. (1987). Social science bibliography on property, ownership and possession: 1580 citations from psychology, anthropology, sociology, and related disciplines: Vance Bibliographies.
Rudmin, F. W., & Berry, J. W. (1987). Semantics of ownership: A free-recall study of property. The Psychological Record.
Saks, A. M. (1994). Moderating effects of self‐efficacy for the relationship between training method and anxiety and stress reactions of newcomers. Journal of Organizational Behavior, 15(7), 639-654.
Sartre, J.-P. (1953). Being and nothingness: an essay on phenomenological entology: New York: Washington Square Press.
Schultz, E. E. (2002). A framework for understanding and predicting insider attacks. Computers & Security, 21(6), 526-531.
Siponen, M. T. (2000). A conceptual foundation for organizational information security awareness. Information Management & Computer Security, 8(1), 31-41.
Su, W.-J. G. (2014). The impacts of safety climate and computer self-efficacy on near-miss incident reporting intentions. Paper presented at the Management of Engineering & Technology (PICMET), 2014 Portland International Conference on.
Thatcher, J. B., & Perrewe, P. L. (2002). An empirical examination of individual traits as antecedents to computer anxiety and computer self-efficacy. MIS Quarterly, 381-396.
Thomson, K.-L., & Von Solms, R. (2005). Information security obedience: a definition. Computers & Security, 24(1), 69-75.
Van Dyne, L., & Pierce, J. L. (2004). Psychological ownership and feelings of possession: Three field studies predicting employee attitudes and organizational citizenship behavior. Journal of Organizational Behavior, 25(4), 439-459.
Vance, A., Siponen, M., & Pahnila, S. (2012). Motivating IS security compliance: Insights from habit and protection motivation theory. Information & Management, 49(3), 190-198.
Wagner, S. H., Parker, C. P., & Christiansen, N. D. (2003). Employees that think and act like owners: Effects of ownership beliefs and behaviors on organizational effectiveness. Personnel Psychology, 56(4), 847-871.
Weiss, H. M., & Cropanzano, R. (1996). Affective events theory: A theoretical discussion of the structure, causes and consequences of affective experiences at work.
Williams, L. J., & Anderson, S. E. (1991). Job satisfaction and organizational commitment as predictors of organizational citizenship and in-role behaviors. Journal of management, 17(3), 601-617.
Williams, T., & Williams, K. (2010). Self-efficacy and performance in mathematics: Reciprocal determinism in 33 nations. Journal of Educational Psychology, 102(2), 453.
Woon, I., Tan, G.-W., & Low, R. (2005). A protection motivation theory approach to home wireless security. ICIS 2005 Proceedings, 31.
Zrinyi, M., Juhasz, M., Balla, J., Katona, E., Ben, T., Kakuk, G., & Pall, D. (2003). Dietary self-efficacy: determinant of compliance behaviours and biochemical outcomes in haemodialysis patients. Nephrology Dialysis Transplantation, 18(9), 1869-1873.


中文文獻：
李軍梅. (2008). 企業員工心理所有權與員工關聯績效關係的實證研究. 商场现代化(9), 314-314.
張春興. (1991). 現代心理學: 現代人研究自身問題的科學: 臺灣東華.
陳玉玲. (1995). 目標設定, 目標投入與自我效能對國小學生數學作業表現的影響. 國立高雄師範大學教育研究所碩士論文 (未出版).
賽門鐵克. (2013). 人為疏失與系統錯誤為企業資料外洩的主因. from http://www.symantec.com/zh/tw/about/news/release/article.jsp?prid=20130617_01
蘋果日報. (2011). 房仲洩個資 5千求職者受害. from http://www.appledaily.com.tw/appledaily/article/headline/20110817/33602650/
Digitimes. (2011). 做好電子文件控管 防止資料外洩. from http://www.digitimes.com.tw/tw/b2b/Seminar/shwnws_new.asp?CnlID=18&cat=99&product_id=051A01117&id=0000260994_F2NLTCJR85H1W25UQKXYF