論文使用權限 Thesis access permission：校內校外完全公開 unrestricted
校內 Campus：開放下載的時間 available 2022-07-17
校外 Off-campus：開放下載的時間 available 2022-07-17
The Key Factors of Influencing the Workgroup Information Security Effectiveness
Number of pages
Date of Exam
Date of Submission
Workgroup Information Security Effectiveness, Social Cognitive Theory, Knowledge-based theory of the firm, Information Security Climate, Information Security Service Governance
本論文已被瀏覽 362 次，被下載 89 次
The thesis/dissertation has been browsed 362 times, has been downloaded 89 times.
Information security is a highly important issue for enterprises and organizations nowadays, but the number of information security incidents is still increasing, and the accompanying risks are getting higher and higher, most organizations also invest a lot of resources in protecting organizational information assets, but information security is not only a technical problem in terms of software and hardware, according to many literature, a large proportion of information security threats are caused by human factors and insufficient awareness of information security management issues.
Organizations evaluate the effectiveness of their investment in information security through information security effectiveness. However, in today's organizational environment, more and more organizations are adopting team-based flat organizational structures, and literature is beginning to examine workgroup information security effectiveness(WISE). This study develops a research model using the theoretical aspects of group potency and knowledge sharing, information security climate, and Information security service governance to explore the factors that affect team information security effectiveness from the perspective of team operations.
An online questionnaire was used to conduct this study. 461 valid samples were collected from working employees aged 18 and above in all industries. The results of the study showed that group potency and knowledge sharing theoretical factors have a positive influence on WISE, information security climate also has a positive influence on WISE, process-based governance and structural governance in information security service governance have a negative influence on information asymmetry, and information asymmetry has a positive influence on WISE.
This study provides a team perspective on information security, which helps organizations understand the factors that affect information security at the management level, and provides the implementation strategies and suggested directions for organization managers on information security issues.
Keywords: Workgroup information security effectiveness, social cognitive theory, knowledge-based theory of the firm, information security climate, information security service governance.
目次 Table of Contents
第一章 緒論 1
第一節 研究背景 1
第二節 研究動機 2
第三節 研究目的與問題 3
第二章 文獻回顧 4
第一節 團隊資訊安全有效性(Workgroup Information Security Effectiveness, WISE) 4
第二節 團隊效力與知識基礎理論面 5
第三節 團隊氣氛面(Information Security Climate) 6
第四節 資訊安全服務治理面 7
第三章 研究方法 10
第一節 研究模型 10
第二節 研究假說 11
一、 團隊效力與知識基礎理論面 11
二、 團隊氣氛面 13
三、 資訊安全服務治理面 13
第三節 操作型定義 18
第四節 研究設計 19
第四章 資料分析與討論 27
第一節 敘述性統計(Descriptive Statistics) 27
第二節 衡量模型(Measurement Model) 32
一、共同方法偏誤(Common Methods Bias) 32
三、收斂效度(Convergent Validity) 34
四、區別效度分析(Discriminant Validity) 35
第三節 假說檢定(Hypothesis Testing) 39
第四章 討論(Discussions) 42
第五章 結論 46
第一節 結論 46
第二節 學術貢獻與實務貢獻 46
第三節 研究限制與未來研究方向 47
第六章 參考文獻 49
Akgün, A. E., Keskin, H., Byrne, J., and Imamoglu, S. Z. 2007. "Antecedents and Consequences of Team Potency in Software Development Projects," Information & Management (44:7), pp. 646-656.
Alsharo, M., Gregg, D., and Ramirez, R. 2017. "Virtual Team Effectiveness: The Role of Knowledge Sharing and Trust," Information & Management (54:4), pp. 479-490.
Boss, S. R., Galletta, D. F., Lowry, P. B., Moody, G. D., and Polak, P. 2015. "What Do Systems Users Have to Fear? Using Fear Appeals to Engender Threats and Fear That Motivate Protective Security Behaviors," MIS quarterly (39:4), pp. 837-864.
Boss, S. R., Kirsch, L. J., Angermeier, I., Shingler, R. A., and Boss, R. W. 2009. "If Someone Is Watching, I'll Do What I'm Asked: Mandatoriness, Control, and Information Security," European Journal of Information Systems (18:2), pp. 151-164.
Bulgurcu, B., Cavusoglu, H., and Benbasat, I. 2010. "Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness," MIS quarterly), pp. 523-548.
Campbell, J., and Beaty, E. 1971. "Organizational Climate: Its Measurement and Relationship to Work Group Performance," annual meeting of the American Psychological Association, Washington DC.
Carroll, J. M., Rosson, M. B., and Zhou, J. 2005. "Collective Efficacy as a Measure of Community," Proceedings of the SIGCHI conference on human factors in computing systems, pp. 1-10.
Chan, M., Woon, I., and Kankanhalli, A. 2005. "Perceptions of Information Security in the Workplace: Linking Information Security Climate to Compliant Behavior," Journal of information privacy and security (1:3), pp. 18-41.
Chatterjee, S., and Price, B. 1991. "Regression Diagnostics," New York).
Chin, W. W. 1998a. "Commentary: Issues and Opinion on Structural Equation Modeling." JSTOR, pp. vii-xvi.
Chin, W. W. 1998b. "The Partial Least Squares Approach to Structural Equation Modeling," Modern methods for business research (295:2), pp. 295-336.
D'arcy, J., and Herath, T. 2011. "A Review and Analysis of Deterrence Theory in the Is Security Literature: Making Sense of the Disparate Findings," European journal of information systems (20:6), pp. 643-658.
Da Veiga, A., and Eloff, J. H. 2010. "A Framework and Assessment Instrument for Information Security Culture," Computers & Security (29:2), pp. 196-207.
Dang-Pham, D., Pittayachawan, S., and Bruno, V. 2017. "Why Employees Share Information Security Advice? Exploring the Contributing Factors and Structural Patterns of Security Advice Sharing in the Workplace," Computers in Human Behavior (67), pp. 196-206.
DeVellis, R. F., and Thorpe, C. T. 2021. Scale Development: Theory and Applications. Sage publications.
Dijkstra, T. K., and Henseler, J. 2015. "Consistent Partial Least Squares Path Modeling," MIS quarterly (39:2), pp. 297-316.
Eisenhardt, K. M. 1989. "Agency Theory: An Assessment and Review," Academy of management review (14:1), pp. 57-74.
Faraj, S., and Sproull, L. 2000. "Coordinating Expertise in Software Development Teams," Management science (46:12), pp. 1554-1568.
Fornell, C., and Larcker, D. F. 1981. "Evaluating Structural Equation Models with Unobservable Variables and Measurement Error," Journal of marketing research (18:1), pp. 39-50.
Fulk, J., Steinfield, C. W., Schmitz, J., and Power, J. G. 1987. "A Social Information Processing Model of Media Use in Organizations," Communication research (14:5), pp. 529-552.
Gentile, M., Collette, R., and August, T. D. 2016. The Ciso Handbook: A Practical Guide to Securing Your Company. CRC Press.
Gibson, C. B., and Earley, P. C. 2007. "Collective Cognition in Action: Accumulation, Interaction, Examination, and Accommodation in the Development and Operation of Group Efficacy Beliefs in the Workplace," Academy of management review (32:2), pp. 438-458.
Glick, W. H. 1985. "Conceptualizing and Measuring Organizational and Psychological Climate: Pitfalls in Multilevel Research," Academy of management review (10:3), pp. 601-616.
Goo, J., and Huang, C. D. 2008. "Facilitating Relational Governance through Service Level Agreements in It Outsourcing: An Application of the Commitment–Trust Theory," Decision Support Systems (46:1), pp. 216-232.
Goo, J., Yim, M.-S., and Kim, D. J. 2014. "A Path to Successful Management of Employee Security Compliance: An Empirical Study of Information Security Climate," IEEE Transactions on Professional Communication (57:4), pp. 286-308.
Grant, R. M. 1996. "Toward a Knowledge‐Based Theory of the Firm," Strategic management journal (17:S2), pp. 109-122.
Guzzo, R. A., Yost, P. R., Campbell, R. J., and Shea, G. P. 1993. "Potency in Groups: Articulating a Construct," British journal of social psychology (32:1), pp. 87-106.
Hair, J. F., Ringle, C. M., and Sarstedt, M. 2011. "Pls-Sem: Indeed a Silver Bullet," Journal of Marketing theory and Practice (19:2), pp. 139-152.
Hair, J. F., Sarstedt, M., Ringle, C. M., and Mena, J. A. 2012. "An Assessment of the Use of Partial Least Squares Structural Equation Modeling in Marketing Research," Journal of the academy of marketing science (40:3), pp. 414-433.
Hammer, M., and Stanton, S. 1999. "How Process Enterprises Really Work," Harvard business review (77), pp. 108-120.
Hansen, M. T. 1999. "The Search-Transfer Problem: The Role of Weak Ties in Sharing Knowledge across Organization Subunits," Administrative science quarterly (44:1), pp. 82-111.
Hecht, T. D., Allen, N. J., Klammer, J. D., and Kelly, E. C. 2002. "Group Beliefs, Ability, and Performance: The Potency of Group Potency," Group dynamics: Theory, research, and practice (6:2), p. 143.
Hsu, J. S.-C., Shih, S.-P., Hung, Y. W., and Lowry, P. B. 2015. "The Role of Extra-Role Behaviors and Social Controls in Information Security Policy Effectiveness," Information systems research (26:2), pp. 282-300.
James, L. A., and James, L. R. 1989. "Integrating Work Environment Perceptions: Explorations into the Measurement of Meaning," Journal of applied psychology (74:5), p. 739.
Jensen, M. C., and Meckling, W. H. 1976. "Theory of the Firm: Managerial Behavior, Agency Costs and Ownership Structure," Journal of financial economics (3:4), pp. 305-360.
Johnston, A., Di Gangi, P., Howard, J., and Worrell, J. L. 2019. "It Takes a Village: Understanding the Collective Security Efficacy of Employee Groups," Journal of the Association for Information Systems (20:3), p. 3.
Kairab, S. 2004. A Practical Guide to Security Assessments. CRC Press.
Kanawattanachai, P., and Yoo, Y. 2007. "The Impact of Knowledge Coordination on Virtual Team Performance over Time," MIS quarterly), pp. 783-808.
Kilduff, M., and Tsai, W. 2003. Social Networks and Organizations. Sage.
Kim, G., Love, P., and Spafford, G. 2008. "Visible Ops Security: Achieving Common Security and It Operations Objectives in Four Practical Steps," EDPAC: The EDP Audit, Control, and Security Newsletter (38:2), pp. 1-7.
Kirsch, L. J., Ko, D.-G., and Haney, M. H. 2010. "Investigating the Antecedents of Team-Based Clan Control: Adding Social Capital as a Predictor," Organization Science (21:2), pp. 469-489.
Kozslowski, S., and Bell, B. 2013. "Work Groups and Teams in Organizations. Review Update," Handbook of psychology (12), pp. 412-469.
Lee, C., Farh, J. L., and Chen, Z. J. 2011. "Promoting Group Potency in Project Teams: The Importance of Group Identification," Journal of Organizational Behavior (32:8), pp. 1147-1162.
Levinthal, D. 1988. "A Survey of Agency Models of Organizations," Journal of Economic Behavior & Organization (9:2), pp. 153-185.
Liberatore, M. J., and Luo, W. 2009. "Coordination in Consultant-Assisted Is Projects: An Agency Theory Perspective," IEEE Transactions on Engineering Management (57:2), pp. 255-269.
Marks, M. A., Mathieu, J. E., and Zaccaro, S. J. 2001. "A Temporally Based Framework and Taxonomy of Team Processes," Academy of management review (26:3), pp. 356-376.
McCormack, K. 2001. "Business Process Orientation: Do You Have It?," Quality Progress (34:1), pp. 51-60.
Nonaka, I. 1994. "A Dynamic Theory of Organizational Knowledge Creation," Organization science (5:1), pp. 14-37.
Novinson, M. 2020. "10 Emerging Cybersecurity Trends to Watch in 2021." from https://www.crn.com/news/security/10-emerging-cybersecurity-trends-to-watch-in-2021
Peterson, R. 2004. "Crafting Information Technology Governance," Information systems management (21:4), pp. 7-22.
Podsakoff, P. M., MacKenzie, S. B., Lee, J.-Y., and Podsakoff, N. P. 2003. "Common Method Biases in Behavioral Research: A Critical Review of the Literature and Recommended Remedies," Journal of applied psychology (88:5), p. 879.
Podsakoff, P. M., MacKenzie, S. B., and Podsakoff, N. P. 2012. "Sources of Method Bias in Social Science Research and Recommendations on How to Control It," Annual review of psychology (63), pp. 539-569.
Podsakoff, P. M., and Organ, D. W. 1986. "Self-Reports in Organizational Research: Problems and Prospects," Journal of management (12:4), pp. 531-544.
Podsakoff, P. M., Todor, W. D., Grover, R. A., and Huber, V. L. 1984. "Situational Moderators of Leader Reward and Punishment Behaviors: Fact or Fiction?," Organizational behavior and human performance (34:1), pp. 21-63.
Robbins, S. 2001. "Organizational Behaviour 9th Edition. San Diego State University Prentice Hall International," Inc I).
Ryu, S., Ho, S. H., and Han, I. 2003. "Knowledge Sharing Behavior of Physicians in Hospitals," Expert Systems with applications (25:1), pp. 113-122.
Siponen, M., Mahmood, M. A., and Pahnila, S. 2014. "Employees’ Adherence to Information Security Policies: An Exploratory Field Study," Information & management (51:2), pp. 217-224.
Sivathanu, B., and Pillai, R. 2018. "Smart Hr 4.0–How Industry 4.0 Is Disrupting Hr," Human Resource Management International Digest).
Snedaker, S. 2006. Syngress It Security Project Management Handbook. Elsevier.
Srivastava, A., Bartol, K. M., and Locke, E. A. 2006. "Empowering Leadership in Management Teams: Effects on Knowledge Sharing, Efficacy, and Performance," Academy of management journal (49:6), pp. 1239-1251.
Stajkovic, A. D., Lee, D., and Nyberg, A. J. 2009. "Collective Efficacy, Group Potency, and Group Performance: Meta-Analyses of Their Relationships, and Test of a Mediation Model," Journal of applied psychology (94:3), p. 814.
Stasser, G., and Titus, W. 1985. "Pooling of Unshared Information in Group Decision Making: Biased Information Sampling During Discussion," Journal of personality and social psychology (48:6), p. 1467.
Verizon. 2021. "2021 Dbir Master's Guide," Verizon.
Weill, P., and Ross, J. W. 2004. It Governance: How Top Performers Manage It Decision Rights for Superior Results. Harvard Business Press.
Wu, Y. A., and Saunders, C. S. 2016. "Governing the Fiduciary Relationship in Information Security Services," Decision Support Systems (92:C), pp. 57-67.
Yoo, C. W., Goo, J., and Rao, H. R. 2020. "Is Cybersecurity a Team Sport? A Multilevel Examination of Workgroup Information Security Effectiveness," MIS Quarterly (44:2).
論文使用權限 Thesis access permission：校內校外完全公開 unrestricted
校內 Campus：開放下載的時間 available 2022-07-17
校外 Off-campus：開放下載的時間 available 2022-07-17
紙本論文 Printed copies
開放時間 available 2022-07-17