頁籤選單縮合
題 名 | 資訊安全認知評量表之研究=A Study of the Development of Information Security Awareness Scale |
---|---|
作 者 | 蕭瑞祥; 曹明玉; | 書刊名 | 資訊管理展望 |
卷 期 | 9:1 2007.06[民96.06] |
頁 次 | 頁71-89+91-93 |
分類號 | 312.76 |
關鍵詞 | 資訊安全; 資訊安全認知; 資訊安全認知評量表; Information security; Information security awareness; Information security awareness scale; |
語 文 | 中文(Chinese) |
中文摘要 | 現今企業組織越來越依賴資訊科技,引發對資訊安全議題的重視,目前資訊安全相關文獻缺乏從「人員」為出發點,探討組織內人員資訊安全認知的程度高低之評量與改善的研究。本研究目的以NIST SP800-16「ABC’s of Information Technology Security」的26項概念為基礎,衡量受訪者是否有資訊安全概念之基本意義與內涵的認知。經過一連串的評量表設計步驟後,實施量測以驗證此評量表之適用性。經驗證有以下幾項結果: (1)人員有無受過資訊安全相關訓練,其資訊安全認知水準會有一定程度的差距;(2)將認知程度區分成低、中、高三個等級,針對中低程度的認知概念進行加強;(3)分析評量表問項的難易度高低。本研究之評量表可作為提供資訊安全訓練導入參考的依據,並評量人員在受過資訊安全訓練後認知成效高低。 |
英文摘要 | Today enterprises and organizations in the world depend on Information Technology more and more, which arouses managers thinking highly of the issues on information security. References for information security nowadays are deficient of the notion taking “people” as a threshold into consideration, and few are researching the level of information security Awareness of the personnel in the enterprise the scale and improve it. Regarding twenty-six concepts of “ABC’s of Information Technology Security” of NIST Special Publication 800-16 as the basis of the development of information security awareness scale, it measures them whether people have the knowledge of basic significance of the concepts of information security, and meanwhile verifies the applicability of this scale. After a series of steps in designing the scale, we verify the scale’s availability from the testes’ reaction to understand his or her discrepancy on information security knowledge. After verify, this research reveals as follows. (1) Were the staff taking training on information security related, his or her information security knowledge level would have difference to some extent. (2) Mark off the level to three diverse ranks, low, middle, and high. The organization could be aimed at the middle-below grades to go forward another phase of advocacy and reinforcement. (3) Analyze the degree of difficulty of the scale.The scale is used to measure staffs in the department the level of information security awareness and supports the basis to do information security training in the future. And it is able to verify people the degree of effects after they have taken some training of information security. |
本系統中英文摘要資訊取自各篇刊載內容。