Responsive image
博碩士論文 etd-0717117-212100 詳細資訊
Title page for etd-0717117-212100
論文名稱
Title
探討醫療院所導入資訊安全管理系統對資訊安全成熟度影響之研究
The effect of Information Security Management System in Hospitals on the Maturity of Information Security
系所名稱
Department
畢業學年期
Year, semester
語文別
Language
學位類別
Degree
頁數
Number of pages
82
研究生
Author
指導教授
Advisor
召集委員
Convenor
口試委員
Advisory Committee
口試日期
Date of Exam
2017-07-27
繳交日期
Date of Submission
2017-08-17
關鍵字
Keywords
資訊安全管理措施接受度、衝突、資訊安全政策、資訊安全成熟度、資訊安全管理系統、協調機制
Conflict, Information Security Policy, Information Security Maturity, Information Security Management System, Coordination Mechanism, Information Security Management Acceptance
統計
Statistics
本論文已被瀏覽 5964 次,被下載 1780
The thesis/dissertation has been browsed 5964 times, has been downloaded 1780 times.
中文摘要
隨著資訊科技的發展和進步,資訊安全議題已成為醫療院所重視的最重要課題。就以醫院為例,不論是服務的中斷或組織資料外洩時,其對於民眾的生命健康或醫院形象,甚至於營運都可能會造成重大的影響。近年來,全球資訊安全事件不斷發生,為保護組織內部資訊相關資產並保持組織正常運作,導入資訊安全管理系統(Information Security Management System,簡稱ISMS)是一套可有效進行控制與管理之方法。國際間建構資訊安全管理系統通常採用ISO27001資訊安全管理規範為標準,以此標準來管理組織內部資訊的運用、資訊硬體的安全以及資訊使用者的控管,以達成資訊資產的「機密性」、「完整性」及「可用性」。
以往資訊安全管理的研究,大多針對資訊安全的管理及評估,缺乏一個有效的提昇組織整體資訊安全成熟度的方法,亦無探討影響資訊安全成熟度因素,組織成員是否會因為資訊安全管理措施接受度的不同,產生的衝突,而影響組織資訊安全政策的執行和維護;資訊安全政策,是否會影響組織所採取之協調機制和資訊安全成熟度;組織成員衝突是否會影響組織所採取之協調機制,進而影響組織之資訊安全成熟度,皆不得而知。
本研究採用LISREL和SPSS統計軟體為統計的分析工具,針對資料進行路徑分析,發現資訊安全管理措施接受度的不同與組織成員衝突皆會影響組織之資訊安全政策;而組織成員衝突與資訊安全政策,亦會影響組織所採取之協調機制;又組織之資訊安全成熟度,會受到組織所採取之協調機制與資訊安全政策之影響。資訊安全管理措施接受度,在統計上雖無顯著影響組織成員衝突,但經由訪談結果,即發現資訊安全管理措施接受度,亦會影響組織發生衝突,但應以使用者觀點檢視資訊安全管理措施接受度。本研究根據研究結果,以不同管理角度,提供資訊安全管理相關的重點,可協助組織於資訊安全成熟度之提昇,亦能成為往後研究之參考。
Abstract
In recent years, with the advancement and development of information technology, the issue of information security has become the most important of hospitals. Taking the hospital for example, whether the service is interrupted or data is leaked, it will damage people’s lives or health, or the image of the hospital. In recent years, security incidents continue to occur, for the protection of information assets within maintain the computer operation, information security management system (ISMS) is a set of effective control and management methods. Commonly it used ISO standard call “ISO 27001”, for the organization to use of information, hardware, users and assets to achieve “confidentiality”、 “Integrity” and “availability” .
Most of previous studies of information security management focused on information security management and evaluation, but there were no methods for making information security maturity advanced and no analyses of factors that influenced on information security maturity. We had little information from previous studies if there would be conflict because of members of the organizations had different information security management acceptance, and then, this conflict would influence on executing and preserving the information security policy. Meanwhile, we also have little information if information security policy would influence on coordination mechanism and information security maturity, and the conflicts among organization members would influence on the coordination mechanism, and then influenced on information security maturity. We focused on information security and used technology acceptance model to deduce the acceptance of information security and we used the perspective of coordination mechanism to see how coordination influenced on information security maturity.
We used LISREL and SPSS to do path analysis, and found that both of information security management acceptance differences and conflicts among members would influence on the information security policy made by organization, meanwhile, they also influenced on the organization coordination systems. Information security maturity would be influenced by the organization coordination system and information security policy. Information security management acceptance did not show a significant correlation with conflicts among the members. But according to the results of interviews, we found that information security management acceptance also influenced on organization conflicts in user’s view. Furthermore, we provided some information security management related points in helping organization information security maturity advanced and also provided some references for further studies.
目次 Table of Contents
論文審定書 i
論文提要 ii
誌謝 iii
中文摘要 iv
英文摘要 vi
目錄 viii
圖目錄 xi
表目錄 xii
第一章 緒論 1
1.1研究背景與動機 1
1.2研究目的 2
1.3研究流程 3
第二章 文獻探討 4
2.1 資訊安全 4
2.2 ISO標準組織 5
2.3 資訊安全管理系統(ISMS) 5
2.3.1 ISO 27001資訊安全管理系統發展演進 6
2.3.2 ISO 27001主要架構 8
2.4資訊安全管理措施接受度 9
2.5衝突理論 10
2.6安全政策理論 12
2.7協調理論 14
2.8資訊安全成熟度 15
第三章 研究設計與方法 17
3.1 研究假說與架構 17
3.2 研究構面定義與衡量項目 18
3.2.1 資訊安全管理措施接受度構面 18
3.2.2 資訊安全措施衝突構面 19
3.2.3 資訊安全措施政策構面 20
3.2.4 政策衝突協調構面 21
3.2.5 資訊安全成熟度構面 22
3.3 問卷設計與資料蒐集方法 23
3.3.1 問卷設計 23
3.3.2 問卷回收 23
3.3.3 資訊安全成熟度評估模式 24
3.4 資料分析方法 25
3.5 訪談 26
3.5.1訪談流程 26
3.5.2訪談資料分析 26
第四章 實證分析與討論 27
4.1敘述性統計分析 27
4.1.1樣本結構分析 27
4.1.2各構面之敘述性統計 28
4.2資訊安全成熟度評估模式分析 32
4.3各構面之信度、效度分析 33
4.3.1信度分析 33
4.3.2效度分析 35
4.4 LISREL模式分析 38
4.4.1 LISREL模式整體配適度 38
4.4.2 LISREL模式分析結果 41
4.5研究假說影響效果分析與驗證結果 46
4.6訪談 47
4.6.1訪談對象 47
4.6.2訪談意見彙整 47
4.6.3 訪談結果分析 50
第五章 結論與建議 51
5.1研究結論 51
5.2研究貢獻與管理意涵 54
5.2.1 研究貢獻 54
5.2.2 管理意涵 56
5.3研究限制 56
5.4未來研究建議 57
參考文獻 58
研究問卷 65
參考文獻 References
A. H. Van de Ven, A. Delbecq, R. Koenig. (1976). “Determinants of coordination modes within organizations,” American Sociological Review, vol.41, no.4, pp. 322-328.
A. C. Amason and D. M. Schweiger. (1994). “Resolving the paradox of conflict, strategic decision making and organizational performance.” International Journal of Conflict Management, vol.5, pp.239-253.
B. H. Raven, A. W. Kruglanski. (1970). Conflict and Power, Academic Press Inc., New York., pp.69-109.
Bagozzi, R.P. & Youjae Yi. (1988). On the Evaluation of Structural Equation Models,
Journal of the Academy of Marketing Science , vol.16, no.1, pp.74-94.
Bartlett, C.A., Ghoshal, S. (1989). Managing Across Borders. The Transnational Solution, Boston, Mass:Harvard Business School Press.
BS 7799-1. (1997). “Information Security Management-Part1: Code of Practic e for Information Security Management, BS7799-1:1999,” BSI(British Standards Institution).
D. Cray. (1984). “Control and coordination in multinational corporations,” Journal of International Business Studies, vol.15, no.3, pp. 85-98.
Devellis, R. F. (1991). Scale development: Theory and application. Newbury Park, CA:Sage
Dellecave, T. Jr. (1996). Insecurity: Is Technology Putting Your Company’s Primary
Asset-It’s Information-At Risk?, Sales & Marketing Management,39-50.
De Dreu, K. W. Carsten& Annelies E.M. Van Vianen. (2001). “Managing relationship conflict and the effectiveness of organizational teams.” Journal of Organizational Behavior, vol.22, pp.309-328.
DeChurch, A. Leslie, & Michelle A. Marks. (2001). “Maximizing the benefits of task conflict: The role of conflict management.” International Journal of Conflict Management. vol.12, no.1, pp.4-22.
F. D. Davis. (1989). “Perceived usefulness, perceived ease of use, and user acceptance of information technology,” MIS Quarterly, vol.13, no.3, pp. 319-340.
F. D. Davis, R. P. Bagozzi, and P. R. Warshaw. (1989). “User Acceptance of Computer Technology:A Comparison of Two Theoretical Model,” Management Science, vol.35, no.8, pp.982-1003.
H. Guestzkow, and J. Gyr. (1954). ”An analysis of conflict in decision-making group.” Human Relations, vol.7, pp.367-381.
Hair, J. F., Anderson, R. E., Tatham, R. L. & Black. W. C. (2009). Multivariate Data Analysis, New Jersey: Prentice-Hall.
ISO, “Information Technology – Code of practice for information security management, ISO/IEC 17799:2000,” ISO.
ISF. (2002). “Effective security awareness – workshop report”, Information Security Forum.
ISF. (2003). “The standard of good practice for information security Version 4.0”, Information Security Forum.
J. Child. (1972). “Organization structure and strategies of control: Areplication of the Aston study,” Administrative Science Quarterly, vol.17, no.1, pp. 163-177.
J. R. Koehler. (1978). Public communication. New York: Macmillan Publishing Inc., pp.94-101.
J.I. Martinez, J. C. Jarillo. (1991).“Coordination demands of international strategies,” Journal of International Business Studies, vol.9, no.4, pp. 429-444.
K. W. Thomas, Conflict and management. In Dunnette, M. D.(ed). (1976). “Handbook of Industrial and Organizational Psychology.” Chicago: Rand McNally.
Koehler, J.R. (1978). Public communication. New York: Macmillan Publishing Inc.,
pp.94-101.
K.W. Thomas. (1992). Conflict and negotiation process in organizations, Handbook of Industrial and Organizational Psychology, Palo Alto, CA: Consulting Psychologist Press, pp.651-717.
K. A. Jehn. (1995). “A multimethod examination of the benefits and detriments of intragroup conflict.” Administrative Science Quarterly, vol.40, pp.256-283.
Karen A. Jehn, Clint. Chadwick,& Sherry M. B. Thatcher. (1997). “To agree or not to agree: The effects of value congruence, individual demographic dissimilarity, and conflict on workgroup outcomes.” International Journal of Conflict Management, vol.8, pp.287-306.
K. A. Jehn, G. B. Northcraft, and M. A. Neale. (1999). “Why difference make a difference: A field study of diversity, conflict, and performance in workgroups.” Administrative Science Quarterly. vol.44, pp.741-763.
L. R. Pondy. (1967). “Organizational Conflict: Concepts And Models,” Administrative Science Quarterly, vol.12, no.2, pp. 296-320.
Malone, T. W., & Crowston, K. (1990). What is coordination theory and how can it help design cooperative work systems?. (D. Tatar)Proceedings of the Third Conference on Computer-supported Cooperative Work (CSCW). Los Angeles, CA: ACM Press. doi:10.1145/99332.99367.
Marsh, H. W., J. R. Balla & R.P. McDonald. (1998). Goodness of Fit Indexes in Confirmatory Factor Analysis: The Effect of Sample Size, Psychological Bulletin, vol.103, no.3, pp.391-410.
P. R.Lawrence and J. W. Lorsch. (1969). “Organization and environment: Managing differentiation and integration,” Journal of Management, 22 , pp. 113-137.
Priem, Richard.and P. Kenneth. (1991). ”Process and outcome expectations for the dialectical inquiry, devil’s advocacy, and consensus techniques of strategic decision making.” Group and Organization studies, vol.16, pp.206-225.
P. Williams, Andersen. (2001). “Information security governance,” Information security technical report, vol.6, no.3, pp. 60-70.
R. M. Steers. (1991). Organizational behavior 4th ed., New York : Haper Collins Publisher.
S. P. Robbins. (1992). Organizational behavior :concept , controversies, and application, New Jersey:Prentice Hall International Ltd.
S. P. Robbins. (1998). Organizational behavior (8th ed.). Englewood Cliffs, N. J.: Prentice-Hall.
Wall, A. Jr. James & Callister. (1995). “Conflict and its management.” Journal of Management, vol.21, pp.515-558.
張勝貴,2015,國際標準整合管理模式之研究-以ISMS、PIMS暨QMS為例,
國防大學管理學院資訊管理學系碩士班碩士論文。
黃郁育,2014,資訊安全管理系統版本差異之導入流程整合,國立中山大學資訊管理學系碩士論文。
李昀徽,2016,組織變革知覺、工作滿意度與變革抗拒心態之關係研究,國立中山大學資訊管理學系碩士論文。
張正宏,2012,探討銀行業ISO/IEC 27001:2005資訊安全管理現況-以T銀行為例,國立中央大學資訊管理學系碩士論文。
李坤達,2012,證劵業資訊人員資訊安全認知對資安治理影響之研究,淡江大學資訊管理學系碩士在職專班碩士論文。
蔡慈芸,2013,以創新擴散理論探討醫療院所導入ISMS之研究,國立成功大學經營管理碩士學位學程碩士論文。
劉維宗,2007,資訊安全成熟度之校園實證研究-科技接受模式與組織協調觀點,國立台北商業技術學院商學研究所碩士論文。
杜偉欽,2006,結合HIPAA與ISO27001為基礎探討醫療院所資訊管理之研究,國立成功大學工程科學研究所碩士論文。
王天健,2010,植基於ISO27001:2005之跨產業資訊安全管理系統比較—以高科技產業與傳統產業為例,國立中正大學資訊管理研究所碩士論文。
洪國興、季延平、趙榮耀,「組織制定資訊安全政策對資訊安全影響之研究」,資訊管理研究,第三卷,2003,頁65-96。
魏文欽、黃素芬,「台灣不動產服務業顧客滿意度因果關係實證研究」,International Journal of LISREL,Vol. 1,No. 1,March,2008,pp.1~22。
唐震、劉維宗,「以科技接受模式探討資訊安全管理-以大專電算中心為例」,Web Journal of Chinese Management Review,Vol. 13,No. 4,November 2010。
黃冠文、莊文勝、張弘毅,「支援階層式資料保護之資訊安全風險管理系統」,Cryptology and Information Security Conference 2011。
林玉山(2010),導入ISO 27001 ISMS資訊安全管理系統:以醫療院所核心資料庫安全性的策略和方法為例,電腦稽核,第22期,頁90-102。
林勤經、樊國楨、黃景彰(2002),資訊安全管理系統建置工作之研究,資訊管理研究,第四卷,第二期,頁43-65。
曹中天 (2003),管理資訊系統,鼎茂圖書。
邱皓政(2005),量化研究法(二):「統計原理與分析技術」,雙葉書廊。
吳萬益(2008),企業研究方法,華泰文化。
吳明隆、涂金堂(2006),SPSS與統計應用分析,五南圖書。
邱皓政(2003),結構方程模式,LISREL的理論技術與應用,雙葉書廊。
陳順宇(2007),結構方程模式,心理出版社。
楊世瑩(2014),SPSS 22 統計分析嚴選教材,碁峯。
吳明隆(2007),SPSS 問卷分析與應用統計,易學。
古永嘉、楊雪蘭(2014),企業研究方法,華泰文化。
林信惠、黃明祥、王文良(2010),軟體專案管理,智勝。
林欽榮(1988),「管理心理學」,五南。
謝安田(1992),「企業管理」,五南。
吳萬益、林清河(2000),「企業研究方法」,華泰出版社。
電子全文 Fulltext
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。
論文使用權限 Thesis access permission:校內校外完全公開 unrestricted
開放時間 Available:
校內 Campus: 已公開 available
校外 Off-campus: 已公開 available


紙本論文 Printed copies
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。
開放時間 available 已公開 available

QR Code