犯罪心理與員工電腦濫用行為之研究

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：36

、訪客IP：18.222.182.191

姓名

張維仁(Wei-Jen Chang) 查詢紙本館藏

畢業系所

資訊管理學系在職專班

論文名稱

犯罪心理與員工電腦濫用行為之研究
(Research on Computer Abuse from Employee and Criminology)

相關論文

★ 企業再造或企業組織精簡--以一家無線電視公司為例	★ 銀行業的資訊系統危機管理
★ 平衡計分卡、企業智能在企業績效管理之角色	★ 資訊系統再造管理議題之研究-以臺灣證券集中保管公司存託系統為例
★ 客服中心資訊系統之管理	★ 以科技接受模式探討採用網路ATM因素之研究
★ 美容瘦身業導入門市銷售系統之關鍵成功因素探討	★ 台商在中國大陸與越南投資遭遇問題之比較研究
★ 飛機維護管理分散式資料庫整合平台之研究-以A航空公司為例	★ 經營環境劇烈變化下企業服務系統迅速開發專案管理之個案研究－以A公司為例
★ 資訊相關從業人員之宗教信仰強度對生命意義、感激與寬恕之影響	★ 部落格經營研究—社交智能對部落格社會互動與內容之影響
★ 資管教育讓資管學生了解企業管理問題嗎?	★ 社群網站自我揭露的社會抑制之研究-人情智能與成人依附之考量
★ 人情智能對感知的情緒貼圖使用恰當性之影響	★ 行動通訊軟體使用者的人情智能對社群互動，社群認同及社群信任之影響

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

相較於防範來自於組織外部的資訊安全威脅來說，要確保來自於組織內部的資訊安全威脅通常更加困難，除了內部人員通常較外部人員具有權限可使用資訊外，內部人員對於企業環境、組織架構及系統都比外部人員了解。通常為了資訊流通的考量，並無法完全限制資訊資產之使用，尤此看來企業內部的資訊安全似乎格外重要。
本論文主要是在探討影響企業內部電腦濫用的因素，有別於傳統只注意資訊政策、資訊系統及資訊安全教育等因素，本論文更著重人的心理及社會層面，利用犯罪心理學相關理論，結合計劃行為理論來探討影響內部人員電腦濫用意圖的因素，並利用一個整體的研究架構來針對企業內部人員做實徵研究，試圖了解犯罪心理學因子與意圖的相關性為何、對於降低電腦濫用是否有效及各種心理學的影響力為何等等。
透過統計迴歸分析後發現，各心理學理論確實對於電腦濫用的意圖有著顯著的影響，當員工與組織的關係越密切、同事及上司對員工的影響越趨向正面且組織的資訊安全體制越健全，則組織內的電腦濫用意圖越低，其中尤以一般威嚇理論對於電腦濫用意圖的影響最為明顯，足見傳統的一般威嚇理論有其實用價值。各心理學理論影響力如下：一般威嚇理論>社會學習理論>社會鍵理論。本研究結果可供致力於降低企業內部電腦濫用行為的管理者作為參考。

摘要(英)

Compared with outsider threat, it is more difficult to prevent insider threat on information security. Insiders usually have more privilege to access secret data and they are familiar with organization’s environment, structure and information system as well. For the sake of utilization of information, we cannot totally restrict the usage of information property. It can be seen that the information security for insiders is extremely important.
The purpose of this study is to investigate what factors cause computer abuses from insiders. To be different from traditional studies which focus on security policy, system and education, this study put more attentions on psychology and socialization factors. By using criminology theories and “The Theory of Planned Behaviour” , a integrative model is been built for empirical study of insider threat. Try to understand the relationship between criminology factors and intention of computer abuses. To realize the effectiveness and the difference of using these factors to reduce computer abuses.
After regression analysis, we found that each criminology theories have noticeable impacts on intention of computer abuses. When employee has close and positive relationships with organization, seniors, co-works and company’s security policy, system and education are more solid, the employee’s intention of computer abuses can be reduced especially for general deterrence theory. The traditional general deterrence theory really has its own value. The influence degree of each criminology can be showed as follows: general deterrence theory > social learn theory > social bond theory. The study result can be seen as reference for managers who endeavor to reduce insider computer abuses.

關鍵字(中)

★ 犯罪心理學
★ 電腦濫用
★ 資訊安全
★ 內部威脅
★ 計劃行為理論

關鍵字(英)

★ Information Security
★ Computer Abuse
★ The Theory of Planned Behaviour
★ Insider Threat
★ Criminology

論文目次

摘要 i
Abstract ii
誌謝辭 iii
目錄 iv
圖目錄 v
表目錄 vi
第一章、緒論 1
1-1 研究背景與動機 1
1-2 研究目的 5
1-3 論文架構 6
第二章、文獻探討 7
2-1 內部人員及電腦濫用的定義 7
2-2 傳統犯罪心理學理論 10
2-3 資訊安全中相關於人的行為的研究 15
2-4 文獻評析 22
第三章、研究方法 23
3-1 研究架構 23
3-2 研究設計 26
3-3 研究變項 26
3-4 研究假說 34
3-5 資料分析方法 36
第四章、資料分析 37
4-1 問卷回收及樣本結構 37
4-2 信度分析 44
4-3 相關性分析 45
4-4 因素分析 49
4-5 複迴歸分析 52
4-6 分析結果彙整 54
第五章、結論與建議 55
5-1 研究結論 55
5-2 管理意涵 56
5-3 研究限制 57
5-4 未來研究方向 57
參考文獻 59
錄附一 62

參考文獻

〔1〕莊耿宗，「台中市汽車竊盜偵防策略之研究」，私立東海大學，碩士論文，民國91年。
〔2〕陳景圓，「家庭、學校及同儕因素與國中聽覺障礙學生偏差行為之關聯性研究」，國立成功大學，碩士論文，民國94年六月。
〔3〕蔡群儀，「政策知覺對廠商接受輔導政策的意圖、行為與績效之影響---以中小企業為例」，國立成功大學，碩士論文，民國93年一月。
〔4〕 Ajzen, I. & Fishbein, M., “Attitude-Behavior Relations: A Theoretical Analysis and Review of Empirical Research”, Psychological Bulletin, 84, pp.888-918, 1977.
〔5〕 Ajzen, I. & Fishbein, M., Understanding Attitudes and Predicting Social Behavior., NJ: Prentice-Hall., Englewood Cliffs, 1980.
〔6〕 Ajzen, I., A. R. Pratkanis, S. J. Breckler & A. G. Greenwald (Eds.), Attitude Structure and Behavior, Attitude Structure and Function, Lawrence Erlbaum Associates, pp. 241-274, Hillsdale, NJ, 1989.
〔7〕 Ajzen, I., J. Kuhl & J. Beckman(Eds.), From Intentions to Actions: A Theory of Planned Behavior., Action Control: From Cognition to Behavior., Springer, Heidelberg, 1985.
〔8〕 Akers, RL., Deviant behavior: a social learning perspective., Belmont, CA, 1977.
〔9〕 Beccaria, C., On crime and punishments., IN: Bobbs Merril, Indianapolis, 1963.
〔10〕 Blumstein, A., Cohen, J. & Nagin, D.(Eds.), Deterrence and incapacitation: estimating the effects of criminal sanctions on crime rates., National Academy of Sciences, Washington, DC, 1978.
〔11〕 Briney, A., 2001 Information security industry survey, accessed on December 20, 2006.[cited from http://www.infosecuritymag.com]
〔12〕 Burgess, Robert & Ronald L. Akers., “A Differential Association-Reinforcement Theory of Criminal Behavior.”, Social Problems, 14, pp. 363-383, 1966.
〔13〕 Porter, D., “Insider Fraud: Spotting The Wolf In Sheep's Clothing.”, Computer Fraud & Security, Vol. 2003, Issue 4, p12, 4p, Apr. 2003.
〔14〕 Davis, F. D., Bagozzi, R. P. & Warshaw, P. R., “User Acceptance of Computer Technology: A Comparison of Two Theoretical Models”, Management Science, 35(8), pp. 982-1003, 1989.
〔15〕 Einwechter, N., Preventing and detecting insider attacks using IDS., accessed on December 20, 2006. [cited from http://online.securityfocus.com/infocus/1558].
〔16〕 Greenwald, Judy, “Cost/benefit analysis, access crucial to data security.”, Business Insurance, , Vol. 39, Issue 21, p18-18, 1/2p, May 2005.
〔17〕 Hirschi, T., “Causes of delinquency.”, University of California Press, Berkeley, CA, 1969.
〔18〕 Hoffer, J. A. & D. W. Straub Jr., “The 9 To 5 Underground: Are You Policing Computer Crimes?”, Sloan Management Review, 30(4), pp. 35-43, 1989.
〔19〕 Lee, Jintae & Lee, Younghwa “A holistic model of computer abuse within organization”, Information Management & Computer Security, 10﹙2﹚, pp. 57-63, 2002.
〔20〕 Stanton, J. M., Stam, K. R., Mastrangelo, P. & Jolton, J., “Analysis of end user security behaviors.”, Computers & Security, 24, pp. 124-133, 2005.
〔21〕 King,R., “Computer Abuse and Computer Crime as Organizational Activities.” Computer Law Journal, 2(2), pp. 186-196, 1980.
〔22〕 Gordon, L. A., Loeb, M. P., Lucyshyn, W. & Richardson, R., 2006 CSI/FBI Computer Crime and Security Survey, accessed on December 20, 2006. [cited from http://i.cmpnet.com/gocsi/db_area/pdfs/fbi/FBI2006.pdf].
〔23〕 Loch, K. D., Carr, H. H., & Warkentin M. E., “Threats to Information Systems: Today's Reality, Yesterday's Understanding”, MIS Quarterly, pp. 173-186, June 1992.
〔24〕 Theoharidou, M., Kokolakis, S., Karyda, M. & Kiountouzis, E., “The insider threat to information systems and the effectiveness of ISO17799”, Computers & Security, 24, pp. 472-484, 2005.
〔25〕 Mathieson, K., “Predicting User Intentions: Comparing the Technology Acceptance Model with The Theory of Planned Behavior”, Information System Research, 2(3), pp. 173-191, 1991.
〔26〕 PriceWaterhouseCoopers Internet portal, Information Security Breaches Survey 2004－technical report, accessed on December 20, 2006. [cited from http://www.pwc.com/images/gx/eng/about/svcs/grms/2004Technical_Report.pdf].
〔27〕 Lee, S. M., Lee, S. G. & Yoo, S., “An integrative model of computer abuse based on social control and general deterrence theories.”, Information & Management, 41, pp. 707–718, 2004.
〔28〕 Schultz, EE., “A framework for understanding and predicting insider attacks.”, Computers and Security, 21(6), pp. 526-31, 2002.
〔29〕 Schultz, E.E. & Shumway, R., Incident response: A strategic guide for system and network security breaches., New Riders, p.189, Indianapolis, 2001.
〔30〕 Straub, DW & Welke, RJ., “Coping with systems risk: security planning models for management decision making.”, MIS Quarterly, 22(4), pp. 441-65, 1998.
〔31〕 Straub, DW., “Effective IS security: an empirical study.”, Information System Research, 1(3), pp. 255-76, 1990.
〔32〕 Sutherland, E., “Criminology.”, J.B. Lippincott, Philadelphia, 1924.
〔33〕 VOGON, Computer Forensic Services and Systems, Computer Fraud and Computer Abuse, accessed on December 20, 2006. [cited from http://www.vogon-computer-evidence.com/investigation_services-02.htm#abuse]

指導教授

林子銘(Tzu-Ming Lin)

審核日期

2007-7-8

推文