题名

企業之資訊安全策略與其產業別及資訊化程度關係探討

并列篇名

Information Security Strategy to Businesses in Different Sectors and Computerization Levels

DOI

10.6382/JIM.200604.0113

作者

葉桂珍(Quey-Jen Yeh);張榮庭(Arthur Jung-Ting Chang)

关键词

資訊安全 ; 資訊風險 ; 資訊安全策略 ; 資訊化程度 ; Information Security ; Information Risk ; Information Security Strategy ; Level of computerization

期刊名称

資訊管理學報

卷期/出版年月

13卷2期(2006 / 04 / 01)

页次

113 - 143

内容语文

繁體中文
中文摘要

資訊系統的複雜化雖然為企業帶來可觀的效益,同時也帶來風險。有鑑於此,許多學者紛紛提出維護企業資訊安全的方法及相對因應策略(如Rainer et al. 1991;Straub & Welke 1998;von Solms et al. 1994;Ølnes 1994)。這些理論與方法雖然提供企業不少資訊安全解決之道,但多數未考慮企業自身屬性,如產業別或資訊化程度等,在擬定資訊安全策略上之重要性。然而,針對企業屬性適當地制定經營策略,是企業經營上不可避免的要點。本研究目的即在探討不同產業型態及資訊化程度之企業對資訊風險的看法,包括資訊風險對目前及未來產業之可能威脅,以及這些產業所採取之相對防護策略與措施等,以瞭解台灣不同產業間在擬定資訊安全策略上之適當性。
英文摘要

As businesses become increasingly dependent on information systems for strategic operations, the issues of information security emerge. Many MIS researchers (e.g., Rainer et al. 1991; Straub & Welke 1998; Von Solms et al. 1994; and Ølnes 1994) have proposed theories and practices against information risks. While useful solutions were provided, seldom have considered associations of business information security strategy with the industrial sector and the computerization level. The purpose of this paper is to construct the feasible information security strategy that identify the protections required to avoid the information risks. Through comparing the perceived seriousness of the potential information risks with the degree of preparation against them, and with the perceived trend of information risk in the future, main information risks are inferred for businesses in different sectors and computerization levels. Organizations must become aware of these critical areas and ensure that the appropriate security measures are implemented to reduce the possibility of loss.
主题分类 基礎與應用科學 > 資訊科學
社會科學 > 管理學
参考文献
  1. Aivazian, C.(1998).Information Security during Organizational Transitions.Information strategy: the executive's journal,14(3),21-27.
  2. Birch, D. G.W.,McEvoy, N. A.(1992).Risk analysis for Information Systems.Journal of Information Technology,7,44-53.
  3. BSI(2002).BS7799-2:2002 British Standards for benchmarking Information Security Management Systems (ISMS).
  4. Earl, M. J.(1989).Management Strategies for Information Technology.Prentice Hall, Hemel Hempstead.
  5. Eloff, M.M.,von Solms, S.H.(2000).Information Security Management: A Hierachical Framework for Various Approaches.Computer & Security,19,243-256.
  6. Fitzgerald, K. J.(1995).Information security baselines.information management & Computer Security,3(2),8-12.
  7. Galliers, R. D.(1989).The developing information systems organization: an evaluation of the 'stages of growth' hypothesis.paper presented at the London Business School.
  8. Galliers, R. D.,Sutherland, A.R.(1991).Information systems management and strategy formulation: the 'stages of growth' model revisited.Journal of Information Systems,1,89-114.
  9. Gibson, D.,Nolan, R.L.(1974).Managing the four stages of EDP growth.Harvard Business Review,52(1)
  10. Goodhue, D.L.,Straub, D.W.(1991).Security concerns of system users: A study of perceptions of the adequacy of security.Information & Management,20(1),13-22.
  11. Hoffer, J.A.,Straub, D.W.,P. Gray (Eds.),W.R. King (Eds.),E.R. Mclean (Eds.),H. Waston (Eds.)(1994).Management of information systems.Fort Worth, TX:Harcourt Brace.
  12. Icove, D.,Seger, K.,Vonstorch, W.(1999).Computer Crime, O'REILLY.
  13. Jarvenpaa, S.L.,Ives, B.(1990).Information technology and corporate strategy: A view from the top.Information Systems Research,1(4),351-375.
  14. Jung, B.,Han, I.,Lee, S.(2001).Securtity threats to Internet: a Korean multi-industry investigation.Information & Management,38(8),487-498.
  15. Kankanhalli, A.,Teo, H.-H.,Tan, B. C.Y.,Wei, K.-K.(2003).An integrative study of information systems security effectiveness.International Journal of Information Management,23,139-154.
  16. King, W. R.(1994).Organizational characteristics and information systems planning: An empirical study.Information Systems Research,5(2),75-109.
  17. Kotulic, A.G.,Clark, J.G.(2004).Why there aren't more information security research studies.Information & Management,41(5),597-607.
  18. Kwok, L.-F.,Longley, D.(1999).Information security management and modeling.Information Management & Computer Security,7(1),30-39.
  19. Lichtenstein, S.(1996).Factors in the selection of a risk assessment method.Information Management & Computer Security,4(4),20-25.
  20. Loch, K.D.,Carr, H.H.,Warkentin, M.E.(1992).Threats to information systems: Today's reality, yesterday's understanding.MIS Quarterly,June,173-186.
  21. McFarlan, F.,McKenney, J.(1983).Corporate Information Systems Management: The Issues Facing Senior Executives.New York:Dow Jones Irwin.
  22. Nolan, R.(1979).Managing the crises in data processing.Harvard Business Review,57(2)
  23. Ølnes, J.(1994).Development of security policies.Computers & Security,13,628-636.
  24. Peltier, T.R.(2001).Information security risk analysis.New York:Auerbach.
  25. Pipkin, D.L.(2000).Information security protecting the global enterprise.New Jersey:Hewlett-Packard.
  26. Rainer R.K.,Snyderr, C.A.,Carr, H.H.(1991).Risk analysis for information technology.Journal of Management Information Systems,Summer,192-197.
  27. Computer Security Institute 2003
  28. Ryan, S. D.,Bordoloi, B.(1997).Evaluating security threats in mainframe and client/server environments.Information & Management,32(3),137-146.
  29. Sharma, S.(1996).Applied Multivariate Techniques.New York:Wiley.
  30. Siegel, C.A.,Sagalow, T.R.,Serritella, P.(2002).Cyber-Risk Management: Technical and Insurance Controls for Enterprise-level Security.Security management practices,Sept./Oct.,33-49.
  31. Siponen, M.T.(2002).Towards maturity of information security maturity criteria: six lessons learned from software maturity criteria.Information Management & Computer Security,10(5),210-224.
  32. Smits, M.T.,van der Poel, V.G.,Ribbers, P.M.A.(1997).Assessment of information strategies in insurance companies in the Netherlands.Journal of Strategic Information Systems,6(2),129-148.
  33. Straub, D.W.(1986).Computer abuse and computer security: Update on an empirical study.Security, Audit, and Control Review,4(2),21-31.
  34. Straub, D.W.,Welke, R.J.(1998).Coping with systems risk: security planning models for management decision making.MIS Quarterly,December,441-469.
  35. Vermeulen, C.,von Solms, R.(2002).The information security management toolbox-taking the pain out of security management.Information management & computer security,10(3),119-125.
  36. Von Solms, R.(1996).Information Security Management: The Second Generation.Computers & Security,15(4),281-288.
  37. Von Solms, R.(1999).Information Security Management: why standards are important.Information Management & Computer Security,7(1),50-57.
  38. Von Solms, R.,H., Haar, van de,von Solms S.H.,Caelli, W.J.(1994).A framework for information security evaluation.Information & Management,26,143-153.
  39. 林東峰、林子銘(2001)。企業資訊安全政策之探索性分析。第七屆資訊管理研究暨實務研討會論文集
被引用次数
  1. 劉用貴、陳志誠(2016)。建構雲端環境資料安全存取模型暨績效評估。資訊管理學報,23(1),1-32。
  2. 趙慕芬,游佳萍,林美齡(2023)。台灣公部門與私部門建置資訊安全策略進行變革之重要驅動力。資訊管理學報,30(3),287-314。
print cancel