Responsive image
博碩士論文 etd-0324122-221936 詳細資訊
Title page for etd-0324122-221936
論文名稱
Title
國軍人員對資訊安全政策遵守意圖之探討—以MDM軟體為例
A Study of Compliance Intention of R.O.C Military Personnel Information Security Policy ─ Take Mobile Device Management for Example
系所名稱
Department
畢業學年期
Year, semester
語文別
Language
學位類別
Degree
頁數
Number of pages
59
研究生
Author
指導教授
Advisor
召集委員
Convenor
口試委員
Advisory Committee
口試日期
Date of Exam
2022-03-25
繳交日期
Date of Submission
2022-04-24
關鍵字
Keywords
資訊安全政策、行動裝置管理(MDM)、計畫行為理論(TPB)、懲罰、遵守意圖
Information Security Policy, Mobile Device Management (MDM), Theory of Planned Behavior (TPB), Punishment, Compliance Intention
統計
Statistics
本論文已被瀏覽 650 次,被下載 246
The thesis/dissertation has been browsed 650 times, has been downloaded 246 times.
中文摘要
現今通訊產品及網路科技迅速發展,在生活上帶來許多便利,依據國家通訊傳播委員會統計資料顯示,截至2022年年2月,我國行動電話用戶數為2,952萬1千餘戶,另依據內政部戶政司統計資料顯示,截至2022年2月,我國人口數為2,331萬9千餘人,已充分顯示智慧型手機已成為每個人生活中不可或缺的一部分。
國軍為有效與外界資訊接軌,提升工作效率及維護軍事機密安全,慎防洩違密事件肇生,對人員通信資訊設備的管制更是一大考驗,國防部為避免這樣情形產生,委由國家中山科學研究院開發智慧型手機控管軟體(Mobile Device Management, MDM),並規定全體國軍人員凡持用智慧型手機者皆須安裝,且針對照相、GPS定位、藍芽及熱點等功能限制使用,律定開放使用場所,嚴格規範資訊安全政策,促使國軍人員在符合資安政策下使用智慧型手機,以達遵守政策之意圖。
  在國軍組織化系統下執行資訊安全政策,管制人員通信資訊設備之使用,政策面制約人員使用通信及資訊設備,仍執行面需探討人員遵守之意圖,防範洩密事件肇生,本文以計畫行為理論(Theory of Planned Behavior,TPB)探討國軍人員對行動裝置管理(MDM)使用遵守意圖;因此本篇將可研析結果如後:一、國軍人員對行動裝置管理(MDM)使用態度,與資安政策遵守之關係。二、國軍人員行為規範與遵守資安政策之影響。
Abstract
Nowadays, the rapid development of communication products and network technology has brought a lot of convenience in life. According to the statistics of the National Communications Commission, as of February 2022, the number of mobile phone users in my country is more than 29.521 million households. Statistics from the Dept. of Household Registration, M.O.I. show that as of February 2022, my country's population is more than 23.319 million people, which has fully demonstrated that smartphones have become an indispensable part of everyone's life.
In order to effectively connect with external information, improve work efficiency and maintain the security of military secrets, the National Army should be careful to prevent leaks and breaches of secrets, and the control of personnel communication and information equipment is a major test. The National Sun Yat-Sen Academy of Sciences developed the Smart Phone Control Software (Mobile Device Management, MDM), and stipulated that all military personnel who use smart phones must install it, and for functions such as photography, GPS positioning, Bluetooth and hotspots Restrict use, legalize the use of open spaces, strictly regulate information security policies, and urge military personnel to use smartphones in compliance with information security policies to achieve the intention of complying with the policy.
In the organized system of the National Army, the information security policy is implemented, the use of communication and information equipment is controlled by personnel, and the use of communication and information equipment is also restricted by personnel. Theory of Planned Behavior (TPB) explores the intention of military personnel to comply with the use of mobile device management (MDM); therefore, this article will analyze the results as follows: 1. National military personnel's attitude towards mobile device management (MDM) use , in relation to compliance with information security policies. 2. The influence of national military personnel's code of conduct and compliance with information security policies.
目次 Table of Contents
論文審定書……………………..………………….……,,,………ⅰ
誌謝…………………………….…………………………,………ⅱ
中文摘要.………………………………………...………..……..ⅲ
英文摘要……………………….….……………………………..ⅳ
目錄………………….………………………………………….…ⅴ
圖次.……………………………………………………….…….viii
表次……...………………………………………………..………ix
第 一 章 緒論…………….……………….……………… ……...1
第一節 研究背景與動機..……………………………………….1
第二節 研究問題與目的.…........….…………………………….3
第三節 研究流程.………….........……………………………….4
第 二 章 理論及文獻探討……………..………………………...5
第一節 國軍資訊安全政策………………….............................5
第二節 計畫行為理論………………...………...........................9
第三節 威嚇理論………………….....………...........................12
第四節 自我效能…………………….………...........................13
第五節 控制理論…………………….………...........................13
第 三 章 研究模型假說…………………..……………………15
第一節 研究模型…………………………...………….…........15
第二節 研究假說…..…………………..…......………………..16
一、態度與遵守意圖………………...……….…………….....16
二、個人規範與遵守意圖…………………....…………….....16
三、行為控制知覺與遵守意圖……………………………....16
四、正式懲罰與態度………………………………………….17
五、非正式懲罰與態度……………………………………….17
六、描述規範與個人規範…………………………………….17
七、禁止規範與個人規範…………………………………….17
八、主觀規範與個人規範…………………………………….18
第 四 章 研究方法……………………………………..……….19
  第一節 操作型定義.…………………………..……...…...19
第二節 研究設計………………………………………………..19
一、研究對象…………………………………………………..19
二、問卷設計…………………………………………………..19
三、資料蒐集…………………………………………………..23
第 五 章 統計分析結果..………………………………..……..24
第一節 樣本資料分析……………………………………….24
第二節 衡量模型……………………………………………..25
一、信度分析(Reliability)………….…………….................25
二、收斂效度(Convergent Validity)…...…………………...26
三、區別效度(Discriminant Validity)……………………....28
四、共線性(Multicollinearity)診斷…………………………30
五、共同方法偏誤(Common Method Bias)……………….30
第三節 結構模型及假說驗證……….………………….......34
第 六 章 討論與結論……………………………………..……37
第一節 研究結果與討論……………………………………37
  一、態度與遵守意圖………….……………………..........37
  二、個人規範與遵守意圖……………..……………........37
  三、行為控制知覺與遵守意圖………..……………........37
  四、正式懲罰與態度……......………..……………...........38
  五、非正式懲罰與態度…......………..……………...........38
  六、描述規範與個人規範......………..……………...........38
  七、禁止規範與個人規範......………..……………...........38
  八、主觀規範與個人規範......………..……………...........39
九、自我效能與行為控制知覺......…....……………...........39
十、可控制性與行為控制知覺......…....……………...........39
第二節 理論與實務意涵……………….…….......................39
  一、理論面………………......………..……………............39
  二、實務面………………......………..…….......................40
第三節 研究限制與未來方向………….…………………...40
附錄一 參考文獻…………………………...........................…42
中文部分………………………………................……….....42
英文部分……………………………….………………….....43
附錄二 研究問卷…………….....................…………………..37
正式問卷…………………….....………………………….....37


圖次
圖 1-1 國軍智慧型手機MDM管控系統…………………………..………….2
圖 1-2 研究流程……………………………………..………..……………..………3
圖 2-1 計畫行為理論……………………………………………..……………..…10
圖 3-1 研究模型……………...….…………………………………………………..15
圖 5-1 結構模型以SEM分析驗證結果………………….……………………...….36



表次
表2-1 資訊安全政策相關研究……………………………...…………......5
表2-2 國軍使用智慧型手機之各類違規態樣人數統計………………….......9
表4-1 個變數操作型定義…………………………………...…………......19
表4-2 態度問項……………………………………………………….......20
表4-3 個人規範問項…………………………………………………….20
表4-4 行為控制知覺規範問……………………………………………….20
表4-5 正式處罰問項………………………………………………………21
表4-6 非正式處罰問項….….…………..………………………………….21
表4-7 描述規範問項………………………………………………………22
表4-8 禁止規範問項………………………………………………………22
表4-9 主觀規範問項………………………………………………………22
表4-10 自我效能問項………………………………………………………22
表4-11 可控制性問項………………………………………………………23
表4-12 遵守意圖問項………………………………………………..……..23
表5-1 有效樣本資料統計……………………………...…………………24
表5-2 各構面AVE值、合成信度、平均值、標準差………………………26
表5-3 PLS 驗證性因素分析與交叉負荷矩陣………………………………27
表5-4 平均變異萃取量平方根值與各構念間的相關係數表.…..……………29
表5-5 HTMT(Heterotrait-Monotrait Ratio)…...…………………………29
表5-6 SPSS共線性(Multicollinearity)診斷...……..………………………30
表5-7 共同方法偏誤Harman單因子檢定…….…………………………31
表5-8 共同方法偏誤-潛在方法因素檢定…………………………………33
表5-9 各項假說驗證結果…………………………..………………….…36
參考文獻 References
中文部分
1.國防部作戰及計畫參謀次長室(2016),要塞堡壘地帶法。
2.國防部參謀本部通信電子資訊參謀次長室(2021),國軍營內民用通信資訊器材管理要點。
3.國防部參謀本部通信電子資訊參謀次長室(2020),國軍資通安全獎懲規定。
4.政治作戰局保防安全處(2018),從《手機不設防》淺談國軍資安保密的必要性,青年日報社,2018-08-20。
5.林東清、孫培真及徐景智(2000),影響資訊系統使用者抗拒行為之原因:以計劃行為理論為基礎之整合研究,資訊管理研究,第二卷,第二期,p.4-6。
6.蘇建源、陳昭銘及阮金聲(2010),護理人員遵守資訊安全規範意向之研究,電腦稽核期刊,第22期,p.51-62。
7.葉盈君(2012),淺談計畫行為理論,國家教育研究院電子報,第51期。
8.徐淑如、戴基峯及康晉維(2021),資訊安全政策的組織正義知覺對員工職場行為意圖之影響:組織信任的中介效果,Journal of e-Business,第二十三卷,第二期,p.179-226。
9.楊敏杰(2006),線上遊戲之消費者行為研究-態度、主觀規範、知覺行為控制、行為意圖與沉迷行為之應用,國立中興大學行銷學系碩士論文。
10.陳佩君(2006),態度、主觀規範與知覺行為控制對英語教學雜誌購買意圖之影響,國立中興大學應用經濟研究所碩士學位論文。
11.鄭佳容(2012),控制機制對員工資訊安全行為意圖影響之研究,淡江大學資訊管理學系碩士班碩士論文。
12.詹湞雅(2012),自我效能、主觀規範和專案控制力對風險管理工具使用意圖之影響,元智大學資訊管理學系碩士論文。
13.彭正輝(2015),從威嚇與調節焦點看員工資安政策順從,淡江大學資訊管理學系碩士班碩士論文。
14.李昀徽(2015),組織變革知覺、工作滿意度與變革抗拒心態之關係研究,國立中山大學資訊管理學系碩士論文。
15.李沛穎(2015),以風險管控觀點探討國軍資訊安全政策-以南部憲兵單位為例,義守大學資訊管理學系碩士論文。
16.劉如霞(2016)計畫行為理論應用於耳鼻喉科門診病人嚼食檳榔行為意圖之研究,中國醫藥大學護理學系碩士班碩士論文。
17.沈翊芯(2018),從道德疏離的角度探討員工資訊安全政策違反意圖,國立中山大學資訊管理學系碩士論文。
18.林子煦(2020),從道德認同的角度探討國軍人員遵守資訊安全政策之意圖-以海軍某單位為例,淡江大學資訊管理學系碩士論文。
19.王連鴻(2020),營區智慧型手機管制規定與使用行為研究,義守大學資訊管理學系碩士論文。
20.鄭鑫(2021),從中和技術角度探討員工資訊安全政策遵守意圖,國立中山大學資訊管理學系碩士論文。

英文部分
Akers, R. L. (1990). Rational choice, deterrence, and social learning theory in criminology: The path not taken. J. Crim. L. and Criminology, 81(3), 653-676.
Ajzen, I. (1985). From intention to actions: A theory of planned behavior. In J. Kuhl and J. Beckman (Eds.), Action control: From cognition to behavior, 11-39. Berlin; New York: Springer-Verlag.
Ajzen, I. (1989). Attitude structure and behavior. In A. R. Pratkanis, S. J. Breckler, and A. G. Greenwald (Eds.), Attitude structure and function, 241-274. Hillsdale, N.J.: L. Erlbaum Associates.
Ajzen, I. (1991). "The Theory of Planned Behavior," Organizational Behavior and Human Decision Processes, 50, 179-211.
Bandura, A. (1977). "Self-efficacy: Toward a Unifying Theory of Behavioral Change," Psychological Review, 84(2), 191-215.
Blumstein. (1978). Introduction. In deterrence and incapacitation: Estimating the effects of criminal sanctions on crime rates. Washington DC: National Academy of Sciences.
Boss, S. R., Kirsch, L. J., Angermeier, I., Shingler, R. A., and Boss, R. W. (2009). If someone is watching, I'll do what I'm asked: mandatories, control, and information security. European Journal of Information Systems, 18(2), 151-164.
Cardinal, L.B. (2001). "Technological Innovation in the Pharmaceutical Industry: The Use of Organizational Control in Managing Research and Development," Organization Science 12 (1), 19-36.
Chin, W. W. (1998). The partial least squares approach to structural equation modeling. Modern methods for business research, 295(2), 295-336.
Chin, W. W. (1998). Commentary: Issues and opinion on structural equation modeling. MIS quarterly, 22(1), 7-16.
Choudhury, V., and Sabherwal, R. (2003). "Portfolios of Control in Outsourced Software Development Projects," Information Systems Research 14(3), 291-314.
Crampton, S., and Wagner, J. (1994). Percept–percept inflation in microorganizational research: An investigation of prevalence and effect. Journal of Applied Psychology, 79, 67-76.
Das, T. K., and Teng, B. S. (1998). "Between Trust and Control: Developing Confidence in Partner Cooperation in Alliances," Academy of Management Review 23(3), 491-512.
Hair, J. F., Ringle, C. M., and Sarstedt, M. (2011). PLS-SEM: Indeed a Silver Bullet, Journal of Marketing Theory and Practice, 19(2), 139-152.
Fishbein, M., and Ajzen, I. (1975). Belief, Attitude, Intentions and Behavior: An Introduction to Theory and Research, Addison-Wesley, Boston, MA.
Fornell, C., and Larcker, D. F. (1981). Evaluating structural equation models withunobservable variables and measurement error. Journal of marketing research, 39-50.
Gibbs, J. P. (1975). Crime, punishment, and deterrence: Elsevier New York.
Hair, J., Anderson, R., Tatham, R., and Black, W. (1998). Multivariate data analysis. 5th Edition, Prentice Hall, New Jersey.
Hayes, R. H., and Abernathy, W. J. (1980). Managing our way to economic decline. Harvard Business Review, 58, 67-77.
Henderson, J.C., and Lee, S. (1992). "Managing I/S Design Teams: A Control Theories Perspective," Management Science 38(6), 757-777.
Herath T., and rao, H.R.(2009). Protection motivation and deterrence: a framework for security policy compliance in organisations. European Journal of Information Systeams, 18(2), 106-125.
Hong, K.S., Chi, Y.P., Chao, L.R., and Tang, J.H. (2006). "An Empirical Study of Information Security Policy on Information Security Elevation in Taiwan," Information Management and Computer Security 14(2), 104-115.
Hu, L., and Bentler, P. M. (1999). Cutoff criteria for fit indexes in covariance structure analysis: Conventional criteria versus new alternatives. Structural Equation Modeling, 6(1), 1-55.
Jaworski, B. J. (1988). Toward a theory of marketing control: Environmental context, control types, and consequences. The Journal of Marketing, 52(3), 23-39.
Johnston, AC., Warkentin, M., and Siponen, M. (2015). "An Enhanced Fear Appeal Rhetorical Framework: Leveraging Threats to the Human Asset Through Sanctioning Rhetoric," MIS Quarterly 39(1), 113-134.
Kirsch, L.J. (1996). "The Management of Complex Tasks in Organizations: Controlling the Systems Development Process," Organization Science 7(1), 1-21.
Liang-Cheng Wei. (2014). Employee Intention to Whistle-Blow Information Security Policy Violation,Department of Information Management College of Management National Taiwan University Master Thesis.
Nidumolu, S.R., and Subramani, M.R. (2003). "The Matrix of Control: CombiningProcess and Structure Approaches to Managing Software Development,"Journal of Management Information Systems 20(3), 159-196.
Ouchi, W.G., and Maguire, M.A. (1975). "Organizational Control: Two Functions,"
Administrative Science Quarterly 20(4), 559-569.
Ouchi, W.G. (1977). "The Relationship between Organizational Structure and Organizational Control," Administrative Science Quarterly 22(1), 95-113.
Ouchi, W. G. (1979). A conceptual framework for the design of organizational control mechanisms. Management Science, 25(9), 833-848. doi: 10.2307/2630236.
Paternoster, R. (2010). How much do we really know about criminal deterrence? The Journal of Criminal Law and Criminology, 100(3), 765-824.
Podsakoff, P. M., and Organ, D. W. (1986). Self-reports in organizational research: Problems and prospects. Journal of management, 12(4), 531-544.
Richards, P., and Tittle, C. R. (1981). Gender and perceived chances of arrest. Social Forces, 59(4), 1182-1199.
Streiner, D., and Norman, G. (1995). Health Measurement Scales: A Practical Guide to Their Development and Use (2nd ed.). Oxford: Oxford University Press.
Tenenhaus, M. (2008). Component-based structural equation modelling. Total quality management, 19(7-8), 871-886.
Urbach, N., and Ahlemann, F. (2010). Structural equation modeling in information systems research using partial least squares. Journal of Information Technology Theory and Application, 11(2), 5-40.
Wang, J., and Wang, X. (2012). Structural equation modeling: Applications using Mplus: John Wiley and Sons.
Williams, K. R., and Hawkins, R. (1986). Perceptual research on general deterrence: A critical review. Law and Society Review, 20(4), 545-572.
Yazdanmehr, A., and Wang, J. (2016). "Employees' information security policy compliance: A norm activation perspective," Decision Support Systems(92), 36-46.
電子全文 Fulltext
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。
論文使用權限 Thesis access permission:校內校外完全公開 unrestricted
開放時間 Available:
校內 Campus: 已公開 available
校外 Off-campus: 已公開 available


紙本論文 Printed copies
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。
開放時間 available 已公開 available

QR Code