現今組織已經全面資訊化，組織的日常運作也必須依賴資訊網絡，資訊網絡雖給組織帶來便捷與績效，但是隨著資訊網絡越來越發達的同時，組織面臨的資安威脅也日趨增加，儘管組織制定了一系列成文或未成文的資訊安全政策，但是組織員工卻未去遵守資安政策，組織因爲資安事件造成的損失層出不窮，本研究運用核心理論中和理論去探討組織員工資訊安全政策遵守意圖，了解何種因素會影響組織員工遵守資訊安全政策的意圖。
本研究使用線上問卷回收 262 份有效樣本，通過統計軟體驗證本研究有良好的信效度,研究結果顯示,安全相關的壓力會正向影響中和技術，中和技術會負向影響資安政策遵守意圖，正式和非正式制裁會正向影響資安政策遵守意圖，領導-成員交換對 中和技術的影響並不顯著。最後根據本研究結果提出理論面與實務面的意涵，提供未來研究的相關建議期待對未來在組織資安領域相關的研究有所幫助。

Nowadays, organizations are fully informatized, and their daily operations must also rely on information networks. Although information networks bring convenience and performance to organizations, as information networks become more developed, organizations face information security threats. Increasingly, although the organization has formulated a series of written or unwritten information security policies, the employees of the organization have not complied with the information security policy, and the organization has suffered endless losses due to information security incidents. This study uses the core theory of neutralization theory to explore the organization Employee information security policy compliance intention, understand what factors will affect the organization’s employees’ intention to comply with information security policy.
This study used online questionnaires to collect 262 valid samples, and verified that the study has good reliability and validity through statistical software. The research results show that safety-related pressures will positively affect neutralization technology, and neutralization technology will negatively affect information security policies. Compliance intentions, formal and informal sanctions will positively affect the information security policy compliance intentions, and the leadership-member exchange has no significant impact on Zhonghe technology. Finally, according to the results of this research, the theoretical and practical
implications are proposed, and relevant suggestions for future research are provided. It is expected to be helpful for future research in the field of organizational information security.

論文審定書 i
摘要 ii
Abstract iii
目錄 iv
圖次 vi
表次 vii
第一章 緒論 1
第一節 1
第二節 2
第三節 3
第二章 文獻探討 5
第一節 資訊安全政策(Information Security Policy) 5
第二節 中和理論(Neuralization Theory) 7
第三節 領導-成員交換(Leader-Member exchange) 8
第四節 安全相關的壓力(Security-Related Stress) 9
第三章 研究方法 10
第一節 研究模型 10
第二節 研究假說 11
一、安全相關的壓力與中和技術 11
二、領導-成員交換與中和技術 11
三、中和技術與資安政策遵守意圖 11
四、正式制裁與資安政策遵守意圖 11
五、非正式制裁與資安政策遵守意圖 12
第三節 操作型定義 12
第四節 研究設計 12
一、研究對象 12
二、問卷設計 13
三、資料蒐集 20
第四章 資料分析 21
第一節 樣本資料分析 21
第二節 衡量模型 22
一、信度分析(Reliability) 23
二、收斂效度(Convergent Validity) 24
三、區別效度(Discriminant Validity) 26
四、共線性(Multicollinearity)診斷 27
五、共同方法偏誤(Common Method Bias) 28
第三節 結構模型及假說驗證 32
第五章 結論與建議 34
第一節 研究結果與討論 34
一、安全相關的壓力與中和技術 34
二、領導-成員交換與中和技術 34
三、中和技術與資安政策遵守意圖 34
四、制裁與資安政策遵守意圖 35
五、控制變數 35
第二節 理論與實務意涵 36
一、理論面 36
二、實務面 36
第三節 研究限制與未來方向 37
參考文獻 38
附錄：研究問卷 46

Barnard,C＆von Solms,R.(1998). A Practical Approach to Information Security Awareness in the Organization,Acm digital library,19-38.
Brower,H.,Schoorman,D.,Tan,H.(2000). A model of relational leadership: The integration of trust and leader–member exchange,The Leadership Quarterly,11(2),227-250.
Chen,Z.,Lam,W.,Zhong,J.(2007).Leader-Member Exchange and Member Performance: A New Look at Individual-Level Negative Feedback-Seeking Behavior and Team-Level Empowerment Climate,Journal of Applied Psychology.92(1),202-12.
Cheng,L.,Li,W.,Zhai,Q.,&Smyth,R.(2014).Understanding personal use of the Internet at work: An integrated model of neutralization techniques and general deterrence theory,Computers inHumanBehavior.38(4),220-228.
Chin,W.,Bennett,J.,Wright,R.(2012). Assessing Common Method Bias: Problems with the ULMC Technique,Management Information Systems,36(3),1003-1019.
Connolly,J.,Kavanagh,E.(2007). The Convergent Validity between Self and Observer Ratings of Personality: A Meta-Analytic Review,International Journal of Selection and Assessment,15(1),110-117. Corpuz, Maria and Barnes, Paul H. (2010) .Integrating information security policy management with corporate risk management for strategic alignment.
D‘Arcy,J.,Herath,T.,Shoss,M.(2014). Understanding Employee Responses to Stressful Information Security Requirements: A Coping Perspective,Journal of Management Information Systems,31(2),285-318.
Demerouti, E., Bakker, A. B., Vardakou, I., & Kantas, A. (2003). The convergent validity of two burnout instruments: A multitrait-multimethod analysis. European Journal of Psychological Assessment.
Doherty,N.& Fulford,H.(2006). Aligning the information security policy with the strategic information systems plan,Computers & Security,25(1),55-63.
Doherty,N.,Anastasakis,L.,& Fulford,H.(2009). The information security policy unpacked: A critical study of the content of university policies.International ,Journal of Information Management,29(6),449-457.
Duckworth,A.,Kern,M.(2011). A meta-analysis of the convergent validity of self-control measures,Journal of Research in Personality,45(3),259-268.
Elaine ,M.,Engle &Robert G, L.(1997). Implicit Theories, Self-Schemas, and LeaderMember Exchange, The Academy of Management Journal.40(4),988-1010.
Erdogan, B., & Enders, J. (2007). Support from the top: Supervisors' perceived organizational support as a moderator of leader-member exchange to satisfaction and performance relationships. Journal of Applied Psychology, 92(2), 321-330.
F.Hair,J.,M.Ringle,C.,Sarstedt,M.(2011). PLS-SEM: Indeed a Silver Bullet, Journal of Marketing Theory and Practice,19(2),139-152.
Farrell,A.(2009). Insufficient discriminant validity: A comment on Bove, Pervan, Beatty, and Shiu (2009),Journla of Business Research,63(3),324-327.
Flowerday,S.,Tuylikeze,T.(2016). information security policy development and implementation: The what, how and who.Computers & Security,61,169-183.
Fornell,C.,Larcker,D.(1981). Evaluating Structural Equation Models with Unobservable Variables and Measurement Erro, Journal of Marketing Researchr,18(1),39-50.
Gerstner, C. R., & Day, D. V. (1997). Meta-Analytic review of leader–member exchange theory: Correlates and construct issues. Journal of Applied Psychology, 82(6), 827-844.
Gilboa, S., Shirom, A., Fried, Y., & Cooper, C. (2008). A meta-analysis of work demand stressors and job performance: Examining main and moderating effects. Personnel Psychology, 61(2), 227–271.
Goel,S.,Shobha,I.,Smith,C.(2010). Metrics for characterizing the form of security policies,The Journal of Strategic Information Systems,19(4),281-295.
Hair, J., Anderson, R., Tatham, R. and Black, W. (1998) Multivariate data analysis. 5th Edition, Prentice Hall, New Jersey.
HAMLIN,J.(1988).The misplaced role of rational choice in neutralization theory.Anthropology, Sociology & Criminology,26(3),425-438.
Harris, L. C., & Dumas, A. (2009). Online consumer misbehaviour: An application of neutralization theory. Marketing Theory, 9(4), 379-402.
Hinduja, S., & Patchin, J. W. (2007). Offline consequences of online victimization: School violence and delinquency. Journal of School Violence, 6(3), 89–112.
Johnston,A.,Warkentin,M.,McBride,M & Carter,L.(2016). Dispositional and situational factors: influences on information security policy violations.European Journal of Information Systems,25(3).
Kacmar, K. M., Witt, L. A., Zivnuska, S., & Gully, S. M. (2003). The interactive effect of leader-member exchange and communication frequency on performance ratings. Journal of Applied Psychology, 88(4), 764-772.
Keller,U.,Hibst,R.(1989). Experimental Studies of the Application of the Er:YAG Laser on Dental Hard Substances: II. Light Microscopic and SEM Investigations,Comparative Study,9(4),345-51.
Liden,R.,Maslyn,J.(1998). Multidimensionality of leader-member exchange: An empirical assessment through scale development, Journal of Management,24(1),43-72.
Lunenburg, F. C. (2010). Leader-Member Exchange Theory: Another Perspective on the Leadership Process.International Journal of Management,Business and Administration, 13(1), 1-5.
M Osborn,K.(1969). The Reliability of Molecular Weight Determinations by Dodecyl Sulfate-Polyacrylamide Gel Electrophoresis,PubMed,244(16),4406-12.
Mackenzie,S.,Podsakoff,P.(2012). Common Method Bias in Marketing: Causes, Mechanisms, and Procedural Remedies,Journal of Retailing,88(4),542-555.
McEwen,B.(2002). Protective and Damaging Effects of Stress Mediators: The Good and Bad Sides of the Response to Stress, National Center for Biotechnology Information,51(6),24.
McGregor, S. L. T. (2008). Conceptualizing immoral and unethical consumption using neutralization theory. Family and Consumer Sciences Research Journal, 36(3), 261-276.
Morey,P.(2011).Information security policy compliance model in organizations.Computers & security,47(2),135-146.
Naredo,E.,Moragues,M.,Agustin,J.(2006). Interobserver Reliability in Musculoskeletal Ultrasonography: Results From a "Teach the Teachers" Rheumatologist Course,National Center for Biotechnology Information,65(1),14-9.
Palmer,M.,Robinson,C.,Patilla,J&Moser,E.(2001). Information Security Policy Framework: Best Practices for Security Policy in the E-commerce Age.Information Systems Security,10(2),1-15.
Pellegrini, E. K., Scandura, T. A., & Jayaraman, V. (2010). Cross-cultural generalizability of paternalistic leadership: An expansion of leader-member exchange theory. Group & Organization Management, 35(4), 391-420.
Podsakoff, P. M., MacKenzie, S. B., Lee, J.-Y., & Podsakoff, N. P. (2003). Common method biases in behavioral research: A critical review of the literature and recommended remedies. Journal of Applied Psychology, 88(5), 879-903.
Power, R. L. (2013). Leader-member exchange theory in higher and distance education. The International Review of Research in Open and Distributed Learning, 14(4).
Schriesheim,C.,Castro,S.,Cogliser,C.(1999). Leader-Member Exchange (LMX) Research:A Comprehensive Review of Theory,Measurement,And Data-Analytic Practices,The Leadership Quarterly,10(1),63-113.
Shing Hong,K.,Ping Chi,Y.,Chao,L.,Tang,J.(2006). An empirical study of information security policy on information security elevation in Taiwan. Information Management & Computer Security,14(2).
Siemsen, E., Roth, A., & Oliveira, P. (2010). Common method bias in regression models with linear, quadratic, and interaction effects. Organizational Research Methods, 13(3), 456-476.
Siguaw,J.(2006). Formative versus Reflective Indicators in Organizational Measure Development: A Comparison and Empirical Illustration,British Journal of Management,17(4),263-282.
Simpson,J.,Gangestad,S.(1991). Individual Differences in Sociosexuality: Evidence for Convergent and Discriminant Validity,National Center for Biotechnology Information,60(6),870-83.
Solms,R.(1998).Information security management: why standards are important.Information Management & Computer Security,7(1).267-339.
Sparrowe,R.,Liden,R.(1997). Process and Structure in Leader-Member Exchange, The Academy of Management Review,22(2),522-552.
Streiner, D., & Norman, G. (1995). Health Measurement Scales: A Practical Guide to Their Development and Use (2nd ed.). Oxford: Oxford University Press.
Sykes,G., & Matza,D.(1957). Techniques of Neutralization: A Theory of Delinquency. American Sociological Review,22(6),664-670.
Teodor,S.,Jonas,H.,Kristoffer,L., & Johan,B.(2014). Variables influencing information security policy compliance: A systematic review of quantitative studies.Information Management & Computer Security,22(1),42-75.
The,P.,Ahmed,P.,D’Arcy,J.(2015).What Drives Information Security Policy Violations among Banking Employees? Insights from Neutralization and Social Exchange Theory,Journal of Global Information ,23(1),21.
Truckenbrodt,Y.(2000).The Relationship Between Leader-Member Exchange and Organizational Citizenship Behavior, Acquisition Review Quarterly,7(3).
Van Breukelen, W. and Schyns, B. and Le Blanc, P. (2006) 'Leader-Member Exchange theory and research : accomplishments and future challenges.', Leadership.,2 (3). pp. 295-316.
Vance,A.,Siponen,M.,Straub,D.(2020).Effects of Sanctions, Moral Beliefs, and Neutralization on Information Security Policy Violations Across Cultures, Information & Management,57(4),103-212.
Vidyarthi,P.,Erdogan,B.,Anand,S.,Liden,R.(2014). One Member, Two Leaders: Extending Leader-Member Exchange Theory to a Dual Leadership Context,Journal of Applied Psychology,99(3),468-483.
Volmer,J.,Spurk,D.,Niessen.(2011). Leader-member exchange (LMX), job autonomy, and creative work involvement,The Leadership Quarterly.23(3),456-465.
WA,C.,BanajiMR,P.(2001). Implicit attitude measures: consistency, stability, and convergent validity,Europe PMC,12(2),163-170.
Wa-Fu,K.,Chan,W.,Wong,P.(2010). nternet Addiction: Prevalence, Discriminant Validity and Correlates Among Adolescents in Hong Kong, National Center for Biotechnology Information,196(6),486-92.
Wayne,S.,Shore,L&Liden,R.(1997) .Perceived Organizational Support and Leader-Member Exchange: A Social Exchange Perspective, The Academy of Management Journal,40(1),82-111.
Weir,J.(2005). Quantifying Test-Retest Reliability Using the Intraclass Correlation Coefficient and the SEM,National Center for Biotechnology Information,19(1),231-40.
Whitman,M.(2004). In defense of the realm: understanding the threats to information security.International Journal of Information Management,24(1),43-57.
Yazdanmehr,A.,Wang,J.(2016).Employees' information security policy compliance: A norm activation perspective.Decision Support Systems,92(3),36-46.
Young,R.,Biggs,J.,Ziegler,V&Meyer,D.(1978). A Rating Scale for Mania: Reliability, Validity and Sensitivity, The British Journal of Psychiatry,133(5),429-435.
Zhang,S.,Leidner,D.(2018).From improper to acceptable:How perpetrator nuetraliz workplace bullying behaviors in the cyber world, Information & Management,55(7),850-865.
Zito,N., & McQuillan,P.(2010).“It’s Not My Fault”: Using Neutralization Theory to Understand Cheating by Middle School Students,Current Issues in Education,13(3).