相較於防範來自於組織外部的資訊安全威脅來說,要確保來自於組織內部的資訊安全威脅通常更加困難,除了內部人員通常較外部人員具有權限可使用資訊外,內部人員對於企業環境、組織架構及系統都比外部人員了解。通常為了資訊流通的考量,並無法完全限制資訊資產之使用,尤此看來企業內部的資訊安全似乎格外重要。 本論文主要是在探討影響企業內部電腦濫用的因素,有別於傳統只注意資訊政策、資訊系統及資訊安全教育等因素,本論文更著重人的心理及社會層面,利用犯罪心理學相關理論,結合計劃行為理論來探討影響內部人員電腦濫用意圖的因素,並利用一個整體的研究架構來針對企業內部人員做實徵研究,試圖了解犯罪心理學因子與意圖的相關性為何、對於降低電腦濫用是否有效及各種心理學的影響力為何等等。 透過統計迴歸分析後發現,各心理學理論確實對於電腦濫用的意圖有著顯著的影響,當員工與組織的關係越密切、同事及上司對員工的影響越趨向正面且組織的資訊安全體制越健全,則組織內的電腦濫用意圖越低,其中尤以一般威嚇理論對於電腦濫用意圖的影響最為明顯,足見傳統的一般威嚇理論有其實用價值。各心理學理論影響力如下:一般威嚇理論>社會學習理論>社會鍵理論。本研究結果可供致力於降低企業內部電腦濫用行為的管理者作為參考。 Compared with outsider threat, it is more difficult to prevent insider threat on information security. Insiders usually have more privilege to access secret data and they are familiar with organization’s environment, structure and information system as well. For the sake of utilization of information, we cannot totally restrict the usage of information property. It can be seen that the information security for insiders is extremely important. The purpose of this study is to investigate what factors cause computer abuses from insiders. To be different from traditional studies which focus on security policy, system and education, this study put more attentions on psychology and socialization factors. By using criminology theories and “The Theory of Planned Behaviour” , a integrative model is been built for empirical study of insider threat. Try to understand the relationship between criminology factors and intention of computer abuses. To realize the effectiveness and the difference of using these factors to reduce computer abuses. After regression analysis, we found that each criminology theories have noticeable impacts on intention of computer abuses. When employee has close and positive relationships with organization, seniors, co-works and company’s security policy, system and education are more solid, the employee’s intention of computer abuses can be reduced especially for general deterrence theory. The traditional general deterrence theory really has its own value. The influence degree of each criminology can be showed as follows: general deterrence theory > social learn theory > social bond theory. The study result can be seen as reference for managers who endeavor to reduce insider computer abuses.
