查詢結果分析
來源資料
頁籤選單縮合
題 名 | 企業資訊安全投資之決策變數探討=Study of Decision Variables for Enterprises Information Security Investment |
---|---|
作 者 | 詹前隆; 曾淑芬; 呂志鴻; | 書刊名 | 品質學報 |
卷 期 | 20:4 2013.08[民102.08] |
頁 次 | 頁379-401 |
分類號 | 312.76 |
關鍵詞 | 資訊安全; 投資決策; 資安風險指標; 風險認知; Information security; Investment decision; Information security risk index; Risk perception; |
語 文 | 中文(Chinese) |
中文摘要 | 層出不窮的資安事件造成企業的龐大損失並嚴重傷害公司聲譽。本研究旨在探討影響企業資訊安全投資之決策變數。資訊安全投資項目,包括資安人力、軟體、硬體、管理、委外與服務等。針對臺灣企業內資訊相關的從業人員,以專家訪談與問卷設計收集資料。從外在環境與內部組織等不同構面出發,以統計複迴歸分析企業資訊安全投資的影響因素與影響程度。研究結果發現外部環境因素對資訊安全投資影響不顯著。而影響資訊安全投資之變數依序為「高階主管對資安控管的態度」、「資訊安全風險認知」、「企業規模」與「組織資訊科技的應用程度」。企業宜提昇高階主管對資安控管之態度與風險認知以強化資訊安全之投資。面對管控資安風險與成本效益的兩難,建議導入決策分析架構以提升決策品質。 |
英文摘要 | The increased in information security issues have caused great amount losses to enterprises and have damaged the reputation of those enterprises. In coping with a variety of information security issues, enterprises are always in a dilemma when they need to make investment decisions for information security infrastructure. Managers need to achieve both goals of risk control and cost effectiveness. The aim of this research is to examine the variables influencing enterprises' information security investment decisions. We collected data from decision makers involved in information technology investment through interviews and questionnaires. Factors affecting enterprises information security investment were classified into internal and external factors such as information security manpower, software, hardware, management, outsourcing, and services. Using regression analysis, variables influencing information security investments were found. External environmental factors have no significant effect on enterprises information security investment. Variables that can predict "information security investment" by the order of beta coefficients are: "the senior executives' attitude toward control of information security," "information security risk index," "the scale of enterprise," and "the degree of enterprises' technology application." Consequently, enterprises need to empower the top management to control information security and risk perception to improve the quality of information security decision making. Decision analysis framework is recommended to tradeoff the information security risk control and cost effectiveness of information security investment. |
本系統中英文摘要資訊取自各篇刊載內容。