近年來，隨著資訊安全的重要性日益提升，企業為了加強員工之資安意識，不僅會制訂資安相關政策，還紛紛開展資訊安全意識訓練計畫。然而，許多員工會利用中立化技巧來合理化自身之資安違規行為，使企業增加了許多資安風險。
　　因此，本研究設計出具有針對特定中立化技巧特性之反中立化溝通，旨在降低員工使用特定中立化技巧時的資訊安全政策違規意圖。本研究依照反中立化相關研究及中立化技巧分類模型選擇中立化技巧，分別為否認造成傷害及必要性辯護中立化技巧，並針對此二種技巧設計具針對性之反中立化溝通。本研究採用實驗法，受測者所閱讀之情境中包含不同中立化技巧及反中立化溝通的組合。
　　研究結果顯示，必要性辯護中立化技巧會提高受測者之違規意圖，且若必要性辯護中立化技巧搭配針對必要性辯護中立化技巧之反中立化溝通，則能有效降低受測者之違規意圖。

Lately, as the importance of information security continues to rise, companies have not only made information security policies but also used information security awareness training programs in order to enhance employees' awareness of information security. However, many employees use neutralization techniques to rationalize their noncompliant behavior, thereby increasing the information security risks for companies.
Therefore, we have designed targeted antineutralization communication, aiming to reduce employees' intention to violate information security policies when using specific neutralization techniques. We selected neutralization techniques based on relevant antineutralization research and a model of neutralization techniques; the chosen techniques are denial of injury and defense of necessity, for which targeted antineutralization communication has been designed. In this study, experimental method was used in which participants read situations that included different combinations of neutralization techniques and antineutralization communication.
The results showed that the defense of necessity increased the participants’ intention to violate information security policies, and if the defense of necessity was combined with the antineutralization communication against the defense of necessity technique, it could effectively reduce the participants’ intention to violate information security policies.

論文審定書 i
摘要 ii
Abstract iii
第一章　緒論 1
第一節　研究背景與動機 1
第二節　研究目的與研究問題 5
第三節　研究流程 6
第二章　文獻探討 7
第一節　資訊安全政策違規行為及常見理論 7
第二節　中立化理論及中立化技巧整合模型 16
第三節　反中立化溝通 24
第三章　研究架構與研究方法 26
第一節　研究假設發展及研究架構圖 26
第二節　操作型定義 31
第三節　研究設計 32
第四章　資料分析 39
第一節　樣本背景資料 39
第二節　信度分析 41
第三節　研究假設驗證 42
第五章　結論與建議 51
第一節　研究結果討論 51
第二節　理論與實務意涵 53
第三節　研究限制及未來研究方向 55
參考文獻 56
附錄：實驗問卷 61

Ajzen, I. (1985). From Intentions to Actions: A Theory of Planned Behavior. In J. Kuhl & J. Beckmann (Eds.), Action Control: From Cognition to Behavior (pp. 11-39). Springer Berlin Heidelberg.
Anderson, C. L., & Agarwal, R. (2010). Practicing Safe Computing: a Multimethod Empirical Examination of Home Computer User Security Behavioral Intentions. MIS Quarterly, 34(3), 613-643.
Barlow, J. B., Warkentin, M., Ormond, D., & Dennis, A. R. (2013). Don't Make Excuses! Discouraging Neutralization to Reduce IT Policy Violation. Computers & Security, 39, 145-159.
Barlow, J. B., Warkentin, M., Ormond, D., & Dennis, A. R. (2018). Don't Even Think about It! The Effects of Antineutralization, Informational, and Normative Communication on Information Security Compliance. Journal of the Association for Information Systems, 19(8), 689-715.
Baskerville, R., & Siponen, M. (2002). An Information Security Meta‐Policy for Emergent Organizations. Logistics Information Management, 15(5/6), 337-346.
Becker, M. H. (1974). The Health Belief Model and Sick Role Behavior. Health Education Monographs, 2(4), 409-419.
Boss, S. R., Kirsch, L. J., Angermeier, I., Shingler, R. A., & Boss, R. W. (2009). If Someone Is Watching, I'll Do What I'm Asked: Mandatoriness, Control, and Information Security. European Journal of Information Systems, 18(2), 151-164.
Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information Security Policy Compliance: an Empirical Study of Rationality-Based Beliefs and Information Security Awareness. MIS Quarterly, 34(3), 523-548.
Byers, B., Crider, B. W., & Biggers, G. K. (1999). Bias Crime Motivation: A Study of Hate Crime and Offender Neutralization Techniques Used against the Amish. Journal of Contemporary Criminal Justice, 15(1), 78-96.
Cheng, L., Li, W., Zhai, Q., & Smyth, R. (2014). Understanding Personal Use of the Internet at Work: an Integrated Model of Neutralization Techniques and General Deterrence Theory. Computers in Human Behavior, 38, 220-228.
Cohen, A. K. (1955). Delinquent Boys: the Culture of the Gang. Free Press.
Coleman, J. W. (2005). The Criminal Elite: Understanding WhitE-collar Crime. Macmillan.
Cromwell, P., & Thurman, Q. (2003). The Devil Made Me Do It: Use of Neutralizations by Shoplifters. Deviant Behavior, 24(6), 535-550.
Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R. (2013). Future Directions for Behavioral Information Security Research. Computers & Security, 32, 90-101.
Curasi, C. F. (2013). The Relative Influences of Neutralizing Behavior and Subcultural Values on Academic Dishonesty. Journal of Education for Business, 88(3), 167-175.
D'Arcy, J., & Herath, T. (2011). A Review and Analysis of Deterrence Theory in the Is Security Literature: Making Sense of the Disparate Findings. European Journal of Information Systems, 20(6), 643-658.
D'Arcy, J., & Hovav, A. (2007). Deterring Internal Information Systems Misuse. Communications of the ACM, 50(10), 113–117.
D'Arcy, J., Hovav, A., & Galletta, D. (2009). User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach. Information Systems Research, 20(1), 79-98.
Dhillon, G. (1999). Managing and Controlling Computer Misuse. Information Management & Computer Security, 7(4), 171-175.
Dunford, F. W., & Kunz, P. R. (1973). The Neutralization of Religious Dissonance. Review of Religious Research, 15(1), 2-9.
Durkin, K. F., & Bryant, C. D. (1999). Propagandizing Pederasty: a Thematic Analysis of the On-Line Exculpatory Accounts of Unrepentant Pedophiles. Deviant Behavior, 20(2), 103-127.
Evans, R. D., & Forsyth, C. J. (1998). Dogmen: The Rationalization of Deviance. Society & Animals, 6, 203-218.
Festinger, L. (1957). A Theory of Cognitive Dissonance. Stanford University Press.
Fishbein, M., & Ajzen, I. (1977). Belief, Attitude, Intention, and Behavior: An Introduction to Theory and Research. Philosophy and Rhetoric, 10(2), 130-132.
Fritsche, I. (2002). Account Strategies for the Violation of Social Norms: Integration and Extension of Sociological and Social Psychological Typologies. Journal for the Theory of Social Behaviour, 32(4), 371-394.
Furnell, S., & Clarke, N. (2012). Power to the People? the Evolving Recognition of Human Aspects of Security. Computers & Security, 31(8), 983-988.
Garrett, D. E., Bradford, J. L., Meyers, R. A., & Becker, J. (1989). Issues Management and Organizational Accounts: An Analysis of Corporate Responses to Accusations of Unethical Business Practices. Journal of Business Ethics, 8(7), 507-520.
Geva, A. (2006). A Typology of Moral Problems in Business: A Framework for Ethical Management. Journal of Business Ethics, 69(2), 133-147.
Gibbs, J. P. (1968). Crime, Punishment, and Deterrence. The Southwestern Social Science Quarterly, 48(4), 515-530.
Herath, T., & Rao, H. R. (2009). Encouraging Information Security Behaviors in Organizations: Role of Penalties, Pressures and Perceived Effectiveness. Decision Support Systems, 47(2), 154-165.
Hollinger, R. C. (1991). Neutralizing in the Workplace: an Empirical Analysis of Property Theft and Production Deviance. Deviant Behavior, 12(2), 169-202.
Irwin, K. (2001). Legitimating the First Tattoo: Moral Passage through Informal Interaction. Symbolic Interaction, 24(1), 49-73.
Jenkins, J., & Durcikova, A. (2013). What, I Shouldn't Have Done That? : The Influence of Training and Just-In-Time Reminders on Secure Behavior. ICIS 2013 Proceedings,
Johnston, A. C., & Warkentin, M. (2010). Information Security Policy Compliance: an Empirical Study of Rationality-Based Beliefs and Information Security Awareness. MIS Quarterly, 34(3), 549-566.
Kaptein, M., & van Helvoort, M. (2019). A Model of Neutralization Techniques. Deviant Behavior, 40(10), 1260-1285.
Klockars, C. B. (1974). The Professional Fence. Free Press New York.
Lanier, M. M., Henry, S., & Desire'JM, A. (2015). Essential Criminology. Routledge.
Liang, H., & Xue, Y. (2009). Avoidance of Information Technology Threats: a Theoretical Perspective. MIS Quarterly, 33(1), 71-90.
Liddick, D. (2013). Techniques of Neutralization and Animal Rights Activists. Deviant Behavior, 34(8), 618-634.
Maddux, J. E., & Rogers, R. W. (1983). Protection Motivation and Self-Efficacy: A Revised Theory of Fear Appeals and Attitude Change. Journal of Experimental Social Psychology, 19(5), 469-479.
Maruna, S., & Copes, H. (2005). What Have We Learned from Five Decades of Neutralization Research? Crime and Justice, 32, 221-320.
Merritt, A. C., Effron, D. A., & Monin, B. (2010). Moral Self-Licensing: When Being Good Frees Us to Be Bad. Social and Personality Psychology Compass, 4(5), 344-357.
Minor, W. W. (1981). Techniques of Neutralization: A Reconceptualization and Empirical Examination. Journal of Research in Crime and Delinquency, 18(2), 295-318.
Moody, G. D., Siponen, M., & Pahnila, S. (2018). Toward a Unified Model of Information Security Policy Compliance. MIS Quarterly, 42(1), 285–312.
Oppenheimer, D. M., Meyvis, T., & Davidenko, N. (2009). Instructional Manipulation Checks: Detecting Satisficing to Increase Statistical Power. Journal of Experimental Social Psychology, 45(4), 867-872.
Pahnila, S., Siponen, M., & Mahmood, A. (2007). Employees' Behavior towards IS Security Policy Compliance 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07),
Parker, D. B. (1976). Crime by Computer. Scribner New York.
Paternoster, R., & Simpson, S. (1996). Sanction Threats and Appeals to Morality: Testing a Rational Choice Model of Corporate Crime. Law & Society Review, 30(3), 549-583.
Pershing, J. L. (2003). To Snitch or Not to Snitch? Applying the Concept of Neutralization Techniques to the Enforcement of Occupational Misconduct. Sociological Perspectives, 46(2), 149-178.
Piquero, N., Tibbetts, S., & Blankenship, M. (2005). Examining the Role of Differential Association and Techniques of Neutralization in Explaining Corporate Crime. Deviant Behavior, 26(2), 159-188.
Posey, C., Roberts, T. L., & Lowry, P. B. (2015). The Impact of Organizational Commitment on Insiders’ Motivation to Protect Organizational Information Assets. Journal of Management Information Systems, 32(4), 179-214.
Puhakainen, P., & Siponen, M. (2010). Improving Employees' Compliance through Information Systems Security Training: an Action Research Study. MIS Quarterly, 34(4), 757-778.
Ransbotham, S., & Mitra, S. (2009). Choice and Chance: a Conceptual Model of Paths to Information Security Compromise. Information Systems Research, 20(1), 121-139.
Rogers, J. W., & Buffalo, M. D. (1974). Neutralization Techniques: Toward a Simplified Measurement Scale. The Pacific Sociological Review, 17(3), 313-331.
Silic, M., Barlow, J. B., & Back, A. (2017). A New Perspective on Neutralization and Deterrence: Predicting Shadow It Usage. Information & Management, 54(8), 1023-1037.
Siponen, M., Adam Mahmood, M., & Pahnila, S. (2014). Employees’ Adherence to Information Security Policies: an Exploratory Field Study. Information & Management, 51(2), 217-224.
Siponen, M., & Iivari, J. (2006). Six Design Theories for IS Security Policies and Guidelines. Journal of the Association for Information Systems, 7(7), 445-472.
Siponen, M., & Vance, A. (2010). Neutralization: New Insights into the Problem of Employee Information Systems Security Policy Violations. MIS Quarterly, 34(3), 487-502.
Siponen, M., Vance, A., & Willison, R. (2012). New Insights into the Problem of Software Piracy: the Effects of Neutralization, Shame, and Moral Beliefs. Information & Management, 49(7), 334-341.
Stephen L. Eliason, R. A. D. (1999). Techniques of Neutralization Used by Deer Poachers in the Western United States: A Research Note. Deviant Behavior, 20(3), 233-252.
Straub, D., Goodman, S., & Baskerville, R. (2008). Framing the Information Security Process in Modern Society. In Information Security: Policy, Processes, and Practices (pp. 5-12).
Straub, D., & Welke, R. (1998). Coping with Systems Risk: Security Planning Models for Management Decision Making. MIS Quarterly, 22(4), 441-469.
Strutton, D., Vitell, S. J., & Pelton, L. E. (1994). How Consumers May Justify Inappropriate Behavior in Market Settings: an Application on the Techniques of Neutralization. Journal of Business Research, 30(3), 253-260.
Sutherland, E. H. (1947). Principles of Criminology. J. B. Lippincott.
Sykes, G. M., & Matza, D. (1957). Techniques of Neutralization: A Theory of Delinquency. American Sociological Review, 22(6), 664-670.
Trevino, L. K. (1992). Experimental Approaches to Studying Ethical-Unethical Behavior in Organizations. Business Ethics Quarterly, 2(2), 121-136.
Triandis, H. C. (1977). Interpersonal Behavior. Brooks/Cole Pub. Co.
Vance, A., Siponen, M. T., & Straub, D. W. (2020). Effects of Sanctions, Moral Beliefs, and Neutralization on Information Security Policy Violations across Cultures. Information & Management, 57(4), 103212.
Warkentin, M., & Willison, R. (2009). Behavioral and Policy Issues in Information Systems Security: the Insider Threat. European Journal of Information Systems, 18(2), 101-105.
Warkentin, M., Willison, R., & Johnston, A. C. (2011). The Role of Perceptions of Organizational Injustice and Techniques of Neutralization in Forming Computer Abuse Intentions. AMCIS,
Weber, J. (1992). Scenarios in Business Ethics Research: Review, Critical Assessment, and Recommendations. Business Ethics Quarterly, 2(2), 137-160.
White, J., Bandura, A., & Bero, L. (2009). Moral Disengagement in the Corporate World. Accountability in research, 16(1), 41-74.
Willison, R., & Warkentin, M. (2013). Beyond Deterrence: An Expanded View of Employee Computer Abuse. MIS Quarterly, 37(1), 1-20.
Willison, R., Warkentin, M., & Johnston, A. C. (2018). Examining Employee Computer Abuse Intentions: Insights from Justice, Deterrence and Neutralization Perspectives. Information Systems Journal, 28(2), 266-293.
Witte, K. I. M. (1996). Predicting Risk Behaviors: Development and Validation of a Diagnostic Scale. Journal of Health Communication, 1(4), 317-342.