資訊安全是現今企業、組織都高度重視的議題，但是資安事件仍然不斷的增加，且伴隨的風險越來越高，大部分的組織也都投入大量資源在保護組織資訊資產，但是資訊安全問題不只是軟、硬體方面的技術問題，根據許多文獻指出資訊安全威脅很大的比例是人為因素與資訊安全意識不足所造成的管理方面問題。
組織透過資訊安全有效性評估在資安上的投資是否符合效益，但在現今的組織環境下越來越多的組織採用團隊為單位的扁平化組織結構，開始有文獻研究以團隊為單位的團隊資訊安全有效性。本研究以團隊效力與知識基礎理論面、團隊氣氛面、資訊安全服務治理面向發展研究模型，以團隊運作的角度來探討那些因素會對團隊資訊安全有效性產生影響。
本研究採用線上問卷進行調查，研究對象為18歲以上不限產業之在職員工，共回收461份有效樣本。研究結果顯示團隊效力與知識基礎理論面的因素皆對團隊資訊安全有效性有正向影響關係，團隊氣氛也對團隊資訊安全有效性有正向影響關係，在資訊安全服務治理面基於流程的治理與結構治理對資訊不對稱有負向的影響關係，且資訊不對稱對團隊資訊安全有效性有正向影響關係。
本研究提供以團隊面的角度探討資訊安全，有助於組織了解在管理面上影響資安的因素，提供組織管理者在資安問題上的執行策略與建議方向。

Information security is a highly important issue for enterprises and organizations nowadays, but the number of information security incidents is still increasing, and the accompanying risks are getting higher and higher, most organizations also invest a lot of resources in protecting organizational information assets, but information security is not only a technical problem in terms of software and hardware, according to many literature, a large proportion of information security threats are caused by human factors and insufficient awareness of information security management issues.
Organizations evaluate the effectiveness of their investment in information security through information security effectiveness. However, in today's organizational environment, more and more organizations are adopting team-based flat organizational structures, and literature is beginning to examine workgroup information security effectiveness(WISE). This study develops a research model using the theoretical aspects of group potency and knowledge sharing, information security climate, and Information security service governance to explore the factors that affect team information security effectiveness from the perspective of team operations.
An online questionnaire was used to conduct this study. 461 valid samples were collected from working employees aged 18 and above in all industries. The results of the study showed that group potency and knowledge sharing theoretical factors have a positive influence on WISE, information security climate also has a positive influence on WISE, process-based governance and structural governance in information security service governance have a negative influence on information asymmetry, and information asymmetry has a positive influence on WISE.
This study provides a team perspective on information security, which helps organizations understand the factors that affect information security at the management level, and provides the implementation strategies and suggested directions for organization managers on information security issues.
Keywords: Workgroup information security effectiveness, social cognitive theory, knowledge-based theory of the firm, information security climate, information security service governance.

目錄
論文審定書 i
摘要 ii
Abstract iii
目錄 v
圖次 vii
表次 viii
第一章　緒論 1
第一節　研究背景 1
第二節　研究動機 2
第三節　研究目的與問題 3
第二章　文獻回顧 4
第一節　團隊資訊安全有效性(Workgroup Information Security Effectiveness, WISE) 4
第二節　團隊效力與知識基礎理論面 5
第三節　團隊氣氛面(Information Security Climate) 6
第四節　資訊安全服務治理面 7
第三章　研究方法 10
第一節　研究模型 10
第二節　研究假說 11
一、 團隊效力與知識基礎理論面 11
二、 團隊氣氛面 13
三、 資訊安全服務治理面 13
第三節　操作型定義 18
第四節　研究設計 19
第四章 資料分析與討論 27
第一節 敘述性統計(Descriptive Statistics) 27
第二節 衡量模型(Measurement Model) 32
一、共同方法偏誤(Common Methods Bias) 32
二、信度(Reliability) 33
三、收斂效度(Convergent Validity) 34
四、區別效度分析(Discriminant Validity) 35
五、共線性(Multicollinearity) 39
第三節 假說檢定(Hypothesis Testing) 39
第四章 討論(Discussions) 42
一、團隊效力與知識基礎理論面對於團隊資訊安全有效性之影響 43
二、團隊氣氛面對於團隊資訊安全有效性之影響 43
三、資訊安全服務治理面對於團隊資訊安全有效性之影響 44
第五章 結論 46
第一節 結論 46
第二節 學術貢獻與實務貢獻 46
第三節 研究限制與未來研究方向 47
第六章 參考文獻 49
附件 54

Akgün, A. E., Keskin, H., Byrne, J., and Imamoglu, S. Z. 2007. "Antecedents and Consequences of Team Potency in Software Development Projects," Information & Management (44:7), pp. 646-656.
Alsharo, M., Gregg, D., and Ramirez, R. 2017. "Virtual Team Effectiveness: The Role of Knowledge Sharing and Trust," Information & Management (54:4), pp. 479-490.
Boss, S. R., Galletta, D. F., Lowry, P. B., Moody, G. D., and Polak, P. 2015. "What Do Systems Users Have to Fear? Using Fear Appeals to Engender Threats and Fear That Motivate Protective Security Behaviors," MIS quarterly (39:4), pp. 837-864.
Boss, S. R., Kirsch, L. J., Angermeier, I., Shingler, R. A., and Boss, R. W. 2009. "If Someone Is Watching, I'll Do What I'm Asked: Mandatoriness, Control, and Information Security," European Journal of Information Systems (18:2), pp. 151-164.
Bulgurcu, B., Cavusoglu, H., and Benbasat, I. 2010. "Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness," MIS quarterly), pp. 523-548.
Campbell, J., and Beaty, E. 1971. "Organizational Climate: Its Measurement and Relationship to Work Group Performance," annual meeting of the American Psychological Association, Washington DC.
Carroll, J. M., Rosson, M. B., and Zhou, J. 2005. "Collective Efficacy as a Measure of Community," Proceedings of the SIGCHI conference on human factors in computing systems, pp. 1-10.
Chan, M., Woon, I., and Kankanhalli, A. 2005. "Perceptions of Information Security in the Workplace: Linking Information Security Climate to Compliant Behavior," Journal of information privacy and security (1:3), pp. 18-41.
Chatterjee, S., and Price, B. 1991. "Regression Diagnostics," New York).
Chin, W. W. 1998a. "Commentary: Issues and Opinion on Structural Equation Modeling." JSTOR, pp. vii-xvi.
Chin, W. W. 1998b. "The Partial Least Squares Approach to Structural Equation Modeling," Modern methods for business research (295:2), pp. 295-336.
D'arcy, J., and Herath, T. 2011. "A Review and Analysis of Deterrence Theory in the Is Security Literature: Making Sense of the Disparate Findings," European journal of information systems (20:6), pp. 643-658.
Da Veiga, A., and Eloff, J. H. 2010. "A Framework and Assessment Instrument for Information Security Culture," Computers & Security (29:2), pp. 196-207.
Dang-Pham, D., Pittayachawan, S., and Bruno, V. 2017. "Why Employees Share Information Security Advice? Exploring the Contributing Factors and Structural Patterns of Security Advice Sharing in the Workplace," Computers in Human Behavior (67), pp. 196-206.
DeVellis, R. F., and Thorpe, C. T. 2021. Scale Development: Theory and Applications. Sage publications.
Dijkstra, T. K., and Henseler, J. 2015. "Consistent Partial Least Squares Path Modeling," MIS quarterly (39:2), pp. 297-316.
Eisenhardt, K. M. 1989. "Agency Theory: An Assessment and Review," Academy of management review (14:1), pp. 57-74.
Faraj, S., and Sproull, L. 2000. "Coordinating Expertise in Software Development Teams," Management science (46:12), pp. 1554-1568.
Fornell, C., and Larcker, D. F. 1981. "Evaluating Structural Equation Models with Unobservable Variables and Measurement Error," Journal of marketing research (18:1), pp. 39-50.
Fulk, J., Steinfield, C. W., Schmitz, J., and Power, J. G. 1987. "A Social Information Processing Model of Media Use in Organizations," Communication research (14:5), pp. 529-552.
Gentile, M., Collette, R., and August, T. D. 2016. The Ciso Handbook: A Practical Guide to Securing Your Company. CRC Press.
Gibson, C. B., and Earley, P. C. 2007. "Collective Cognition in Action: Accumulation, Interaction, Examination, and Accommodation in the Development and Operation of Group Efficacy Beliefs in the Workplace," Academy of management review (32:2), pp. 438-458.
Glick, W. H. 1985. "Conceptualizing and Measuring Organizational and Psychological Climate: Pitfalls in Multilevel Research," Academy of management review (10:3), pp. 601-616.
Goo, J., and Huang, C. D. 2008. "Facilitating Relational Governance through Service Level Agreements in It Outsourcing: An Application of the Commitment–Trust Theory," Decision Support Systems (46:1), pp. 216-232.
Goo, J., Yim, M.-S., and Kim, D. J. 2014. "A Path to Successful Management of Employee Security Compliance: An Empirical Study of Information Security Climate," IEEE Transactions on Professional Communication (57:4), pp. 286-308.
Grant, R. M. 1996. "Toward a Knowledge‐Based Theory of the Firm," Strategic management journal (17:S2), pp. 109-122.
Guzzo, R. A., Yost, P. R., Campbell, R. J., and Shea, G. P. 1993. "Potency in Groups: Articulating a Construct," British journal of social psychology (32:1), pp. 87-106.
Hair, J. F., Ringle, C. M., and Sarstedt, M. 2011. "Pls-Sem: Indeed a Silver Bullet," Journal of Marketing theory and Practice (19:2), pp. 139-152.
Hair, J. F., Sarstedt, M., Ringle, C. M., and Mena, J. A. 2012. "An Assessment of the Use of Partial Least Squares Structural Equation Modeling in Marketing Research," Journal of the academy of marketing science (40:3), pp. 414-433.
Hammer, M., and Stanton, S. 1999. "How Process Enterprises Really Work," Harvard business review (77), pp. 108-120.
Hansen, M. T. 1999. "The Search-Transfer Problem: The Role of Weak Ties in Sharing Knowledge across Organization Subunits," Administrative science quarterly (44:1), pp. 82-111.
Hecht, T. D., Allen, N. J., Klammer, J. D., and Kelly, E. C. 2002. "Group Beliefs, Ability, and Performance: The Potency of Group Potency," Group dynamics: Theory, research, and practice (6:2), p. 143.
Hsu, J. S.-C., Shih, S.-P., Hung, Y. W., and Lowry, P. B. 2015. "The Role of Extra-Role Behaviors and Social Controls in Information Security Policy Effectiveness," Information systems research (26:2), pp. 282-300.
James, L. A., and James, L. R. 1989. "Integrating Work Environment Perceptions: Explorations into the Measurement of Meaning," Journal of applied psychology (74:5), p. 739.
Jensen, M. C., and Meckling, W. H. 1976. "Theory of the Firm: Managerial Behavior, Agency Costs and Ownership Structure," Journal of financial economics (3:4), pp. 305-360.
Johnston, A., Di Gangi, P., Howard, J., and Worrell, J. L. 2019. "It Takes a Village: Understanding the Collective Security Efficacy of Employee Groups," Journal of the Association for Information Systems (20:3), p. 3.
Kairab, S. 2004. A Practical Guide to Security Assessments. CRC Press.
Kanawattanachai, P., and Yoo, Y. 2007. "The Impact of Knowledge Coordination on Virtual Team Performance over Time," MIS quarterly), pp. 783-808.
Kilduff, M., and Tsai, W. 2003. Social Networks and Organizations. Sage.
Kim, G., Love, P., and Spafford, G. 2008. "Visible Ops Security: Achieving Common Security and It Operations Objectives in Four Practical Steps," EDPAC: The EDP Audit, Control, and Security Newsletter (38:2), pp. 1-7.
Kirsch, L. J., Ko, D.-G., and Haney, M. H. 2010. "Investigating the Antecedents of Team-Based Clan Control: Adding Social Capital as a Predictor," Organization Science (21:2), pp. 469-489.
Kozslowski, S., and Bell, B. 2013. "Work Groups and Teams in Organizations. Review Update," Handbook of psychology (12), pp. 412-469.
Lee, C., Farh, J. L., and Chen, Z. J. 2011. "Promoting Group Potency in Project Teams: The Importance of Group Identification," Journal of Organizational Behavior (32:8), pp. 1147-1162.
Levinthal, D. 1988. "A Survey of Agency Models of Organizations," Journal of Economic Behavior & Organization (9:2), pp. 153-185.
Liberatore, M. J., and Luo, W. 2009. "Coordination in Consultant-Assisted Is Projects: An Agency Theory Perspective," IEEE Transactions on Engineering Management (57:2), pp. 255-269.
Marks, M. A., Mathieu, J. E., and Zaccaro, S. J. 2001. "A Temporally Based Framework and Taxonomy of Team Processes," Academy of management review (26:3), pp. 356-376.
McCormack, K. 2001. "Business Process Orientation: Do You Have It?," Quality Progress (34:1), pp. 51-60.
Nonaka, I. 1994. "A Dynamic Theory of Organizational Knowledge Creation," Organization science (5:1), pp. 14-37.
Novinson, M. 2020. "10 Emerging Cybersecurity Trends to Watch in 2021." from https://www.crn.com/news/security/10-emerging-cybersecurity-trends-to-watch-in-2021
Peterson, R. 2004. "Crafting Information Technology Governance," Information systems management (21:4), pp. 7-22.
Podsakoff, P. M., MacKenzie, S. B., Lee, J.-Y., and Podsakoff, N. P. 2003. "Common Method Biases in Behavioral Research: A Critical Review of the Literature and Recommended Remedies," Journal of applied psychology (88:5), p. 879.
Podsakoff, P. M., MacKenzie, S. B., and Podsakoff, N. P. 2012. "Sources of Method Bias in Social Science Research and Recommendations on How to Control It," Annual review of psychology (63), pp. 539-569.
Podsakoff, P. M., and Organ, D. W. 1986. "Self-Reports in Organizational Research: Problems and Prospects," Journal of management (12:4), pp. 531-544.
Podsakoff, P. M., Todor, W. D., Grover, R. A., and Huber, V. L. 1984. "Situational Moderators of Leader Reward and Punishment Behaviors: Fact or Fiction?," Organizational behavior and human performance (34:1), pp. 21-63.
Robbins, S. 2001. "Organizational Behaviour 9th Edition. San Diego State University Prentice Hall International," Inc I).
Ryu, S., Ho, S. H., and Han, I. 2003. "Knowledge Sharing Behavior of Physicians in Hospitals," Expert Systems with applications (25:1), pp. 113-122.
Siponen, M., Mahmood, M. A., and Pahnila, S. 2014. "Employees’ Adherence to Information Security Policies: An Exploratory Field Study," Information & management (51:2), pp. 217-224.
Sivathanu, B., and Pillai, R. 2018. "Smart Hr 4.0–How Industry 4.0 Is Disrupting Hr," Human Resource Management International Digest).
Snedaker, S. 2006. Syngress It Security Project Management Handbook. Elsevier.
Srivastava, A., Bartol, K. M., and Locke, E. A. 2006. "Empowering Leadership in Management Teams: Effects on Knowledge Sharing, Efficacy, and Performance," Academy of management journal (49:6), pp. 1239-1251.
Stajkovic, A. D., Lee, D., and Nyberg, A. J. 2009. "Collective Efficacy, Group Potency, and Group Performance: Meta-Analyses of Their Relationships, and Test of a Mediation Model," Journal of applied psychology (94:3), p. 814.
Stasser, G., and Titus, W. 1985. "Pooling of Unshared Information in Group Decision Making: Biased Information Sampling During Discussion," Journal of personality and social psychology (48:6), p. 1467.
Verizon. 2021. "2021 Dbir Master's Guide," Verizon.
Weill, P., and Ross, J. W. 2004. It Governance: How Top Performers Manage It Decision Rights for Superior Results. Harvard Business Press.
Wu, Y. A., and Saunders, C. S. 2016. "Governing the Fiduciary Relationship in Information Security Services," Decision Support Systems (92:C), pp. 57-67.
Yoo, C. W., Goo, J., and Rao, H. R. 2020. "Is Cybersecurity a Team Sport? A Multilevel Examination of Workgroup Information Security Effectiveness," MIS Quarterly (44:2).