题名

探討稽核員、受稽企業特質與受稽者的態度對於企業之資訊安全管理系統效能的影響

并列篇名

The relationship between information security auditor, audited enterprises, auditees and information security management system performance

作者

何昕宸(Sin-Chen Ho);朱宇倩(Yu-Qian Zhu)

关键词

資訊安全稽核 ; 資訊安全管理系統效能 ; Information security audit ; information security management system performance

期刊名称

電腦稽核

卷期/出版年月

34期(2016 / 08 / 20)

页次

43 - 52

内容语文

繁體中文
中文摘要

企業因應資訊科技而衍伸的資訊安全挑戰,需透過稽核活動以確保資訊安全。資訊安全稽核已成為企業中不可或缺的活動。本研究旨在結合資安人才的知識及能力領域與電腦稽核導入成效這兩個領域的研究,探討資訊安全管理稽核員的能力、稽核的客觀性、受稽企業對於資訊安全的重視度及受稽者的態度如何影響企業之資訊安全管理系統效能,以做為企業資訊安全規劃之參考。本研究建議企業應選用能力高的資訊安全稽核員,提高資訊安全稽核之客觀性,並使企業內部受稽者瞭解資訊安全之於企業本身的價值,用以提升企業之資訊安全管理系統效能。
英文摘要

Facing increasing information security challenges, enterprises ensure the safety and security of information assets through audit activities, which have become an integral part of today's enterprise operations. This study aims to integrate the research in IT security professional qualifications and information security management system performance. We investigate the relationship between several factors, namely, the competence and objectivity of the information security auditor, the attitude of the audited enterprises about information security and the attitude of auditees, and their influences on audited enterprise's information security management system performance.
主题分类 基礎與應用科學 > 資訊科學
参考文献
  1. 蔡美秀、陳美嬪(2014)。內部稽核人員的工作改變及所需能力。電腦稽核,30,122-127。
    連結:
  2. 蔡美秀、陳美嬪(2014)。內部稽核人員的工作改變及所需能力。電腦稽核,30,122-127。
    連結:
  3. Cronbach, L. J.(1951).Coefficient alpha and the internal structure of tests.psychometrika,16(3),297-334.
  4. Getie Mihret, D.,Wondim Yismaw, A.(2007).Internal audit effectiveness: an Ethiopian public sector case study.Managerial Auditing Journal,22(5),470-484.
  5. Ghosh, A.,Moon, D.(2005).Auditor tenure and perceptions of audit quality.The Accounting Review,80(2),585-612.
  6. Jackson, M. D.,Kusel, J.,Pumphrey, L. D.(1987).Moving up in Banking-Characteristics of Effective internal Auditors.The Internal Auditor,42(2),31-34.
  7. Johnson, V. E.,Khurana, I. K.,Reynolds, J. K.(2002).Audit Firm Tenure and the Quality of Financial Reports.Contemporary accounting research,19(4),637-660.
  8. Julien, F. W.,Lampe, J. C.(1993).Performance measures in internal auditing.INTERNAL AUDITINGBOSTON-WARREN GORHAM AND LAMONT INCORPORATED-,9,66-66.
  9. Kaplan, R. S.,Norton, D. P.(1996).The balanced scorecard: translating strategy into action.Harvard Business Press.
  10. Kuhl, J.(Ed.),Beckman, J.(Ed.)(1985).Action control: From cognition to behavior.Berlin:Springer-Verlag.
  11. Morin, D.(2001).Influence of value for money audit on public administrations: looking beyond appearances.Financial Accountability & Management,17(2),99-117.
  12. Nelson, M.,Tan, H. T.(2005).Judgment and decision making research in auditing: A task, person, and interpersonal interaction perspective.Auditing: A Journal of Practice & Theory,24(s-1),41-71.
  13. Nunnally, J. C.,Bernstein, I. H.(1978).Psychometric theory.
  14. Podsakoff, P. M.,Organ, D. W.(1986).Self-reports in organizational research: Problems and prospects.Journal of management,12(4),531-544.
  15. Posavac, E. J.,Carey, R. G.(2011).Program evaluation: Methods and case studies.Prentice-Hall, Inc.
  16. Rasmussen, C. W.,Irvine, C. E.,Dinolt, G. W.,Levin, T. E.,Burke, K. L.(2003).A program for education in certification and accreditation.Springer US.
  17. Schroeder, M. S.,Solomon, I.,Vickrey, D.(1986).AUDIT QUALITY-THE PERCEPTIONS OF AUDITC OMMITTEE CHAIRPERSONS AND AUDIT PARTNERS.AUDITING-A JOURNAL OF PRACTICE & THEORY,5(2),86-94.
  18. Sobel, M. E.(1982).Asymptotic confidence intervals for indirect effects in structural equation models.Sociological methodology,13,290-312.
  19. Vroom, C.,Von Solms, R.(2004).Towards information security behavioural compliance.Computers & Security,23(3),191-198.
  20. 方仁威(2005)。博士論文(博士論文)。國立交通大學資訊管理研究所。
  21. 方鴻春(2004)。碩士論文(碩士論文)。台北市,國立臺灣大學工業管理系。
  22. 林宜隆、花俊傑(2010)。資安攻防人才核心知識領域之探討。電腦稽核,22,79-87。
  23. 南常義(2006)。資通安全之發展與資訊安全監控中心建置概況。證券暨期貨月刊,24(6)
  24. 柯雅娟(2007)。碩士論文(碩士論文)。國立臺灣科技大學資訊管理學系研究所。
  25. 張火燦(2000)。策略性人力資源管理。楊智文化事業股份有限公司。
  26. 陳振楠、林永修、王瑞祥(2013)。資訊安全與法律特訓教材。碁峰資訊出版社。
  27. 黃劭彥、林琦珍、邱安安(2011)。電腦稽核導入之成效。電腦稽核,23,16-25。
  28. 溫紹群、陳鴻棋(2016)。電腦稽核人員的資訊專業能力與視野提升。電腦稽核,33,155-157。
print cancel