企業資訊安全控管決策之研究--從組織決策理論觀點探討_

:::

詳目顯示

第 1 筆 / 總合 1 筆

/1頁

論文基本資料
摘要
外文摘要
參考文獻

題名：	企業資訊安全控管決策之研究--從組織決策理論觀點探討
作者：	李東峰
作者(外文)：	Tung-Feng Lee
校院名稱：	國立中央大學
系所名稱：	資訊管理研究所
指導教授：	林子銘
學位類別：	博士
出版日期：	2003
主題關鍵詞：	行為決策；資訊安全；安全控管；組織決策；風險管理決策；Security Control；Risk Management Decision-making；Information Security；Behavioral Decision Making；Organizational Decision-making
原始連結：	連回原系統網址
相關次數：	被引用次數:期刊(1) 博士論文(0) 專書(0) 專書論文(0) 排除自我引用:1 共同引用:0 點閱:44

論文提要
隨著資訊科技應用的日益普及，資訊安全控管，已成為企業維持營運的必要手段。過去的文獻，大多假設企業資訊安全控管決策是理性的風險管理決策，忽略了不確定性決策情境下，決策者認知因素和組織因素的可能影響。
為了釐清決策者認知因素及組織因素對企業資訊安全控管程度的可能影響，本研究以我國大型企業為對象，進行二階段的實徵研究。第一階段研究的目的，是為了深入瞭解企業資訊安全控管決策的複雜過程。經由對於二家金融業及三家高科技造業，共十位資訊主管的訪談結果發現：(1)企業的資訊安全控管決策過程，與理性決策模式建議的結構化風險分析、量化風險估計過程，有很大的差異；(2)由於不確定性因素的影響，企業資訊安全控管決策的基礎，並非理性的風險估計，而是決策者的主觀風險認知。因此，會因個人認知因素的影響，而出現損失逃避的決策偏誤現象；(3)企業資訊科技重要程度及關鍵決策者的互動關係，是影響企業資訊安全控管決策的主要組織因素。
依據第一階段研究的發現及文獻探討的結果，本研究進行第二階段研究的設計。以230家大型企業資訊主管為對象，所得到的116份問卷之統計分析發現：(1)資訊主管認知的資訊安全風險會對企業資訊安全控管程度，產生正向顯著影響，但是資訊主管認知的資訊安全風險與企業資訊科技重要程度，卻未發現顯著關係。因此，理性決策模式僅得到部份的支持。(2)資訊科技重要程度及高階主管資安控管決策涉入程度，均會對企業的資訊安全控管程度，產生顯著的正向影響，支持組織決策模式的假說。
本研究的學術貢獻為：(1)重新檢視企業的資訊安全控管決策行為，並由行為決策模式及組織決策模式的觀點，對傳統的理性決策模式提出質疑。(2)以組織決策模式為基礎，探討企業資訊科技重要程度與高階主管資安控管決策涉入程度，對企業資訊安全控管決策的影響效果。研究結果指出，企業的資訊主管除了必需具備資訊安全風險的覺察能力之外，更需善用決策影響力，積極爭取高階主管對資安控管決策的涉入。另一方面，決策者也需注意決策捷徑行為，所可能造成的決策偏誤。
本研究對於資源及方法限制的討論，認為高階主管資訊安全風險認知的形成因素及使用者部門參與，對企業資訊安全控管決策的可能影響，是未來研究的可能方向。

以文找文

With the trend of ever increasing utilization of information technology (IT) on business operations, the impacts of information security risk were raised as one of the critical issues for information managers of modern enterprises.
This empirical study was implemented on a two-stage design. For deep understanding of the process of enterprise information security control decisions, a qualitative interview of two financial service companies and three high-technology manufacturing corporations with ten senior information managers was taken. The findings are following: (1) The decision making processes do not as comprehensive, structured and quantitative as the suggestion of completely rational risk management decision making model, (2) The decision makers were depend on subjective perceptions on the process o f risk assessment of the enterprise information security for reach an effective decision under highly uncertainly environment, so some of decision biases were found, (3)Both the importance of IT applications and the organizational political influences among key decision makers are critical factors on the degree of enterprise information security control.
According to the results of first stage study and literature review, the second stage study was designed. One hundred and sixteen questionnaires were returned form a self administrative survey of two hundred and thirty information managers of large companies in Taiwan. The findings of statistical analysis are following: (1)There are positive significant relationship between the degree of information security control and information managers’ perceived risk of information security, but the expected influence between the importance of IT applications and perceived risk of information security was tend to not support by empirical data, (2)The empirical data tend to support of the positive significant relationships among the importance of IT applications, the CEO involvement degree of the information security control decisions, on the degree of enterprise information security control.
The theoretical contributions of this study are: (1)The investigation of enterprise information security control decision-making process form the perspectives of behavioral decision-making and organizational decision-making models, in contrasted with the traditional main stream perspective of rational decision model. (2)Theoretical arguments and empirical investigations from the perspective of organizational decision model for the influence of organizational factors such as the importance of IT applications and the CEO involvement degree on the decisions of enterprise information security control. One of the managerial implications of this study was pointed out the influence of organizational interaction between information managers and CEO on enterprise information security control decisions under the situation of highly uncertainty of risk assessment. And the caution of fire-back of decision biases for the dependency of subjective perception and decision short-cuts for effective information security control decision was the other managerial implications of the study. The limitations of results generalization and the further directions of research were also discussed in this paper.

以文找文

參考文獻
1.洪新原、董秋瑾，”高階主管對於資訊部門績效評估指標之選擇：國內銀行業之研究，”第八屆資訊管理研究暨實務研討會論文集，2002年11月，643─650. new window

2.鄧家駒，風險管理，華泰文化：台北，1998.
3.黃明達，孔令娟，"國內電腦稽核環境現況研究，"第十屆國際資訊管理學術研討會文集，中央警察大學，1999，1135─1142..
4.Adam, F., and Haslam, J.A., "The Irish Experience with Disaster Recovery Planning: High Level of Awareness May Not Sufficient," in G. Dhillon Eds. Information Security Management: Global Challenges in the New Millennium, Hershey PA: Idea Group Publishing, 2001, 85─100.
5.Allison, G., and Zelikow, P., Essence of Decision: Explaining the Cuban Missile Crisis, 2nd Eds., Longman: NY, 1999.
6.Applegate, L.M., and Elam, J.J., “New Information Systems Leaders: A Changing Role in a Changing World,” MIS Quarterly; December 1992, 16:4, 469─456.
7.Bacharach, S.B., and Lawler, E.J., “Political Alignments in Organizations Contextualization, Mobilizations and Coordination,” in Kramer, R.M. and Neale, M.A., Eds. Power and Influence in Organizations, Thousand Oaks: Sage, 1998, 67─87
8.Barnard, C.I., Functions of the Executive, Cambridge: Harvard University Press, 1938.
9.Barnard, L., and von Solms, R., “A Formalized Approach to the Effective Selection and Evaluation of Information Security Controls,” Computer and Security, 2000, 19:2, 185─194.
10.Barua, A., Konana, P., Whinston, A.B., and Yin, F., “Driving E-Business Excellence,” Sloan Management Review, Fall 2001, 36─44.
11.Beach, L.R., and Mitchell, .R., “Image Theory, The Unifying Perspective,” in L. R. Beach Eds. Decision Making in The Workplace: A Unified Perspective, NJ: Lawrence Erlbaum Associations, 1996, 1─20.
12.Belcher, T., and Yoran, E., “Attack Trends for Q1 and Q2 2002,” Riptech Internet Security Threat Report, July 2002, 2nd, Accessed from http://www.riptech.com.
13.Blomkvist, A., “Psychological Aspects of Values and Risks,” in Sjoberg, L. Eds. Risk and Society, Allen and Unwin: London, 1987, 6, 89─112.
14.Bourgeois, L.J., III, and Eisenhardt, K.M., “Strategic Decision Processes in High Velocity Environments: Four Cases in Microcomputer Industry,” Management Science, July 1988, 34:7, 816─835.
15.BSI, BS 7799-1: 1999, Information Security Management Part 1: Code of Practice for Information Security Management, British Security Institute: UK, 1999a.
16.BSI, BS 7799-2: 1999, Information Security Management Part 2: Specification for Information Security Management Systems, British Security Institute: UK, 1999b.
17.Byrne, B.M., Structural Equation Modeling with EQS and EQS/Windows, Sage: CA, 1994.
18.Carter, D.L., Katz A.J., "Computer Crime and Security: The Perceptions and Experiences of Corporate Security Directors," Security Journal, 1996, 7, 101─108.
19.Cash, J.I., McFarlan, F.W., McKenney, J.L., and Applegate, L.M., Corporate Information Systems Management: Text and Cases, Irwin: MA., 1992.
20.Chou, H.W., and Jou, S.B., "MIS Key Issues in Taiwan''''s Enterprises," International Journal of Information Management, 1999, 19, 369─387.
21.Chow, C.W., Kato, Y. and Merchant, K.A., “The Use of Organizational Controls and Their Effects on Data Manipulation and Management Myopia: A Japan vs U.S. Comparison,” Accounting, Organizations and Society, 1996, 21:2/3, 175─192.
22.Ciechanowicz, Z., "Risk Analysis: Requirements, Conflicts and Problems," Computer and Security, 1997, 16:3, 223─232.
23.Clarke, R.A., "Information Technology and Dataveillance," Communication of the ACM, May 1988, 31:5, 498─512.
24.Cohen, M.D., March, J.G., and Olsen, J.P., “A Garbage Can Model of Organizational Choice,” Administrative Science Quarterly, 1972, 17, 1─25.
25.Cross, R., and Baird, L., "Technology Is Not Enough: Improving Performance by Building Organizational Memory," Sloan Management Review, Spring 2000, 69─78.
26.Cyert, R.M., and March, J.G., A Behavioral Theory of the Firm, Englewood Cliffs, NJ: Prentice-Hall, 1963.
27.Cyert, R.M., Simon, H.A., and Trow, D.B., “Observation of a Business Decision,” The Journal of Business, 1956, 29, 237─248.
28.Daft, R.L., Organization Theory and Design, 6th Ed., South-Western College Publishing: Cincinnati, 1998.
29.Davenport, T.H., De Long, D.W., and Beers, M.C., "Successful Knowledge Management Projects," Sloan Management Review, Winter 1998, 43─57.
30.Davern, M.J., and Kauffman, R.J., “Discovering Potential and Realized Value from IT,” Journal of Management Information Systems, Spring 2000, 16:4, 121─143.
31.Davis, G..B., and Olson M.H., Management Information Systems: Conceptual Foundations, Structure and Development, 3rd Ed., McGraw-Hill, 1985.
32.Dean, J.W. Jr., and Sharfman, M. P., “The Relationship between Procedural Rationality and Political Behavior in Strategic Decision Making,” Decision Science, 1993, 24:6, 1069─1083.
33.Dewett, T. and Jones, G.R., “The Role of Information Technology in the Organization: A Review, Model, and Assessment,” Journal of Management, 2001, 27, 313─436.
34.Dhillon, G., and Backhouse, J., "Information System Security Management in the New Millennium," Communication of the ACM, July 2000, 43:7, 125─128.
35.Drucker, P., “Controls, Control and Management,” in C. P. Bonini, R. K. Jaedicke and H. M. Wagner Eds., Management Controls: New Directions in Basic Research, McGraw-Hill: NY, 1964, 286─96.
36.Drucker, P.F., Technology, Management and Society, New York, NJ: Harper and Row, 1979.
37.Duncan, R.B., “Characteristics of Organizational Environments and Perceived Environmental Uncertainty,” Administrative Science Quarterly, 1972, 17, 313─327.
38.Dutton, J.E., “Understanding Strategic Agenda Building and Its Implications for Managing Change,” Scandinavian Journal of Management Studies, August 1986, 3─21.
39.Elbing, A., Behavioral Decisions in Organizations, 2nd ed. Glenview III: Scott, Foresman, 1978.
40.Erbschloe, M., Information Warfare: How to Survive Cyber Attacks, NY: McGraw-Hill, 2001.
41.Finne, T., “Information Security Implemented in the Theory on Stock Market Efficiency, Markowitz’s Portfolio Theory and Porter’s Value Chain,” Cmputer and Security, 1997, 16, 469─479.
42.Finne, T., “The Information Security Chain in a Company,” Computer and Security, 1996, 15, 297─316.
43.Fry, B.G.P. and Main, W.F., “A Conceptual Methodology for Evaluating Security Requirements for Data Assets,” Computer and Security, 1983, 2, 237─241.
44.Gerbing, D.W., and Anderson, J.C., “An Updated Paradigm for Scale Development Incorporating Unidimensionality and its Assessment,” Journal of Marketing Research, 1988, 25, 186─192.
45.Goldman, J.E., Applied Data Communications: A Business Oriented Approach, 2nd Eds., NY: John Wiley and Sons, USA. 1998
46.Griffin, R.W., Management, 3rd, Boston: Houghton Mifflin, 1990.
47.Grover, V., Lederer, A.L., and Sabherwal, R., “Recognizing the Politics of MIS,” Information and Management, 1988, 14, 145─156.
48.Harrington, S., “The Effect of Codes of Ethics and Personal Denial of Responsibility on Computer Abuse Judgments and Intension,” MIS Quarterly, September 1996, 257─278.
49.Hartman, B., Flinn, D.J., and Beznosov, K., Enterprise Security with EJB and COBRA, John Wiley and Sons: USA, 2001.
50.Hartog, C., and Herbert, M., "1985 Opinion Survey of MIS Managers: Key Issues," MIS Quarterly, December 1986, 351─361.
51.Hickson, D.J., Bulter, R.J. Cray, D., Mallory, G.R., and Wilson, D.C., “Decision and Organization — Process of Strategic Decision Making and Their Explanation,” Public Administration, 1989, 67, 373─390.
52.Hickson, D.J., Hinings, C.R., Lee, C.A., Schneck, R.E., and Pennings, J.M., “A Strategic Contingencies Theory of Intraorganizational Power,” Administrative Science Quarterly, 1971, 16, 216─229.
53.Hoffer, J.A., and Straub, D.W. Jr., "The 9 to 5 Underground: Are You Policing Computer Crimes?" Sloan Management Review, Summer 1989, 35─43.
54.Hoffman, R.C., “Political Versus Rational Sources of Decision Power among Country Clusters,” Journal of International Business Studies, Fall 1987, 1─14.
55.Höne, K. and Eloff, J.H.P., “Information Security Policy — What Do International Information Security Standards Say?” Computers and Security, 2002, 21:3, 402─409.
56.Howard, J.D. An Analysis of Security Incidents on the Internet 1989 — 1995, Ph. D. Dissertation of the Department of Engineering and Public Policy, Carnegie Mellon University, 1996.
57.Howard, J.D., and Longstaff, T.A., A Common Language for Computer Security Incidents, Sandia Report, October 1998, Accessed from www.cert.org, 1st, Sept. 2000.
58.Huber, G.P., Managerial Decision Making, Glenview, III: Scott, Foresman, 1980.
59.Hull, R.P. and Serio, L.E. Jr., “What Managers Should Know about Computer Security,” Business, October, December 1987, 37, 3─8.
60.Hutchinson, W., and Warren, M., “Attitudes of Australian Information System Managers Against Online Attackers,” Information Management and Computer Security, 2001, 9:3, 106─111.
61.Jarvenpaa, S.L. and Ives, B., “Executive Involvement and Participation in the Management of Information Technology,” MIS Quarterly, 1991, 205─227.
62.Kahneman, D., and Tversky, A., “Intuitive Prediction: Biases and Corrective Procedures,” Management Science, 1979a, 12, 313─327.
63.Kahneman, D., and Tversky, A., “Prospect Theory: An Analysis of Decision under Risks,” Econometrica, 1979b, 47:2, 263─291.
64.Kahneman, D., and Tversky, A., “Subjective Probability: A Judgement of Representative,” Cognitive Psychology, 1972, 3, 430─454.
65.Keen, P., Balance, C., Chan, S. and Schrump, S., Electronic Commerce Relationships: Trust by Design, NJ: Prentice Hall, 2000.
66.Keen, P.G.W., “Information Systems and Organizational Change,” Communication of the ACM, January 1981, 24:1, 24─33.
67.Kim, Y. and Kim, Y., “Critical IS Issues in the Network Era,” Information Resources Management Journal, Oct-Dec 1999, 14─23.
68.Knights, D. and Murray, F., “Politics and Pain in Managing Information Technology: A Case Study for Insurance,” Organization Studies, 1992, 13:2, 211─228.
69.Krabuanrat, K., and Phepls, R., “Heuristics and Rationality in Strategic Decision Making: An Exploratory Study,” Journal of Business Research, 1998, 41, 83─93.
70.Kuo, F.Y., “Managerial Intuition and the Development of Executive Support Systems,” Decision Support Systems, 24, 1998, 89─103.
71.Langely, A., “Patterns in the Use of Formal Analysis in Strategic Decisions,” Organization Studies, 1990, 11:1, 17─45.
72.Larsen, A.K., “Global Security Survey: Virus Attacks,” July 12, 1999, Informationweek, Accessed from http://www.informationweek.com/743/security.htm.
73.Laudon, K.C., and Laudon, J.P., Management Information Systems: New Approaches to Organization and Technology, Prentice Hall, USA: New Jersey, 1998.
74.Lawrence, P.R. and Lorsch, J.W., Organization and Environment, Boston: Harvard University, Graduate School of Business Administration, 1967.
75.Lederer, A.L., and Mendelow, A.L., “Information Systems Planning: Top Management Takes Control,” Business Horizons, May-June 1988, 31:3, 73─78.
76.Lederer, A.L., and Mendelow, A.L., “Issues in Information Systems Planning,” Information and Management, May 1986, 10:5, 245─254.
77.Lederer, A.L., Mirani, R., Neo, B.S., Pollard, C., Prasas, J. and Ramamurthy, K., “Information System Cost Estimating: A Management Perspective,” MIS Quarterly, June, 1990, 14: 2, 159─176.
78.Lewis, B.R., Synder, C.A., and Raiiner, R.K., “An Empirical Assessment of the Information Resource Management Construct,” Journal of Management Information Systems, Summer 1995, 12:1, 199─223.
79.Lindblom, C.E., “The Science of “Muddling Through”,” Public Administrative Review, 1959, XIX, 79─88.
80.Loch, K.D., Carr H.H., and Warkentin M. E., "Threats to Information Systems: Today''''s Reality, Yesterday''''s Understanding," MIS Quarterly, June 1992, 173─186.
81.March, J.G. and Simon, H.A., Organizations, New York: John Wiley and Sons, 1958.
82.Martin, B.L., Batchelder, G., Newcomb, J., Rockart, J.E., Yetter, W.P., and Grossman, J.H., “The End of Delegation? Information Technology and The CEO,” Harvard Business Review, Sept.-Oct. 1995, 161─172.
83.Mason, R. O., “Four Ethical of the Information Age,” MIS Quarterly, 1986, 10:1, 5─12.
84.Mata, F.J., Fuerst, W.L., and Barney, J.B., “Information Technology and Sustained Competitive Advantage: A Resource-Based Analysis,” MIS Quarterly, 1995, 19:4, 487─505.
85.McFarlan, F.W., McKenney, J.L., and Pyburn, P., “The Information Archipelago- Plotting a Course,” Harvard Business Review, Jan-Feb 1983, 145─156.
86.Meta Group, “2003 Worldwide IT Benchmark Report,” The Controller’s Report, March 5, 5.
87.Miller, D.W., and Starr, M.K., The Structure of Human Decisions, Englewood Cliffs, N.J.: Prenctice-Hall, 1976.
88.Miller, R.B., “Libraries and Computers: Disaster Prevention and Recovery,” Information Technology and Libraries, December 1998, 349─358.
89.Milliken, F.J., “Three Types of Perceived Uncertainty about Environment: State, Effect, and Response Uncertainty,” Academy of Management Review, 1987, 12, 133─143.
90.Mintzberg, H., Raisinghani, D., and Theoret, A., “The Structure of “Unstructured” Decision Process,” Administrative Science Quarterly, June 1976, 21, 246─275.
91.Mohr, J.J., “The Management and Controls of Information in High-Technology Firms,” The Journal of High Technology Management Research, 1996, 7:2, 245─268.
92.Nance, W.D. and Straub, D.W. Jr., "An Investigation into the Use and Usefulness of Security Software in Detecting Computer Abuse," Proceeding of the 9th Annual International Conference on Information Systems, Minneapolis, MN, 1988, 283─294.
93.Neilson, E.H., “Understanding and Management Conflict,” in J.W. Lorsch and P. R. Lawerence Eds., Managing Group and Intergroup Relations, Homewood, III.: Irwin and Dorsey, 1972, 329─343.
94.Neumann, P.G., Computer Related Risks, NY: ACM Press, 1995.
95.Nonaka, I., “The Knowledge-Creating Company,” Harvard Business Review, November-December 1991, 69:6, 96─104.
96.Nutt, P.C., “Types of Organizational Decision Process,” Administrative Science Quarterly, 1984, 29, 414─450.
97.Pennings, J.M. and Tripathi, R.C., “The Organization Environment Relationship: Dimensional versus Typological Viewpoints,” Organization and Environment, Beverly Hills, CA: Sage, 1978, 171─195
98.Pennings, J.M., “Strategically Interdependent Organization,” in Handbook of Organizational Design, New York Oxford University Press, 1981, 433─455.
99.Perrow, C., “Department Power and Perspective in Industrial Firms,” in M. N. Zald, Ed., Power in Organizations, Nashville, Tenn: Vanderbilt University Press, 1970, 59─89.
100.Pettigrew, A.M. “Information Control as a Power Resource,” Sociology, May 1972, 198─204.
101.Pfeffer, J., and Salancik, G.R., The External Control of Organizations: A Resource Dependency Perspective, Happer and Row, New York, 1978.
102.Pfeffer, J., Managing with Power: Politics and Influence in Organization, Boston: Harvard Business School Press, 1992.
103.Pfleeger, C. P., Security in Computing, 2nd Eds., Prentice Hall PTR: NJ, USA, 1996.
104.Pondy, L.R., “Organizational Conflict: Concepts and Models,” Administrative Science Quarterly, 1968, 12, 296─320.
105.Porter, M.E., and Millar, V.E., “How Information Gives You Competitive Advantage,” Harvard Business Review, July-August, 1985, 149─160.
106.Porter, M.E., Competitive Strategy, New York: Free Press, 1980.
107.Post, G., and Kagan, A., "Management Tradeoffs in Anti-Virus Strategies," Information and Management, 2000, 37, 13─24.
108.Power, R., 2002 CSI/FBI Computer Crime and Security Survey, Accessed form http://www.csi.org, 2002.
109.Premkumar, G., and King, W.R., “Organizational Characteristics and Information Systems Planning: An Empirical Study,” Information Systems Research, 1994, 5:2, 75─104.
110.Raghunathan, B. and Raghunathan, T.S., “Impact of Top Management Support on IS Planning,” Journal of Information Systems, 1988, 2:2, 15─23.
111.Rainer, R.K. JR., Snyder, C.A., and Carr, H.H., "Risk Analysis for Information Technology," Journal of Management Information Systems, Summer 1991, 8:1, 129─147.
112.Robey, D., and Markus, M.L., “Rituals in Information System Design,” MIS Quarterly, March 1984, 5─15.
113.Robson, W., "Responsible IS Management," in W. Robson, Strategic Management and Information Systems, 2nd Eds., Pitman Publishing: London, 1997, 492─565.
114.Ross, T., An Overview of CRAMM, Central Computer and Telecommunication Agency, January, 1991.
115.Russo, J.E., and Schoemaker, P.J.H., Decision Traps: The Ten Barriers to Brilliant Decision Making and How to Overcome Them, NY: Doubleday, 1987.
116.Ryan., S.D., and Bordoloi, B., "Evaluating Security Threats in Mainframe and Client/Server Environments," Information and Management, 1997, 32, 137─146
117.Sabherwal, R., and King, W.R., “An Empirical Taxonomy of the Decision Making Process Concerning Strategic Applications of Information Systems,” Journal of Management Information Systems, Spring 1995, 11:4, 177─214.
118.Sarasvathy, D.K., Simon, H.A., and Lave, L., “Perceiving and Managing Business Risk: Differences between Entrepreneurs and Bankers,” Journal of Economic Behavior and Organization, 1998, 33, 207─225.
119.Schmidt, S.M., and Cummings, L.L., “Organizational Environment, Differentiation and Perceived Environmental Uncertainty,” Decision Science, 1976, 7, 446─467.
120.Schmidt, S.M., and Kochan, T.A., “Conflict: Toward Conceptual Clarity,” Administrative Science Quarterly, 1972, 17, 359─370.
121.Schneier, B., Secrets and Lies: Digital Security in a Networked World, NY: John Wiley and Sons, 2000.
122.Segars, A.H., Grover, V. and Teng, J.T.C., “Strategic Information Systems Planning: Planning System Dimensions, Internal Coalignment, and Implications for Planning Effectiveness,” Decision Science, Spring 1998, 29:2, 303─345.
123.Simon, H.A., “Making Management Decisions: The Role of Intuition and Emotion,” Academy of Management Executive, February 1987, 57─64.
124.Simon, H.A., Administrative Behavior, Free Press: New York, 1947.
125.Sitkin, S.B., and Pablo, A.S.L., “Reconceptualizing the Determinants of Risk Behavior,” Academy of Management Review, 1992, 17:1, 9─36.
126.Slovic, P., Fischhoff, B. and Lichtenstein, S., “Facts and Fears: Understanding Perceived Risk,” in R. Schwing and W.A. Albers J. Eds. Societal Risk Assessment: How Safe is Safe Enough? New York: Plenum Press, 1980.
127.Stephens, C.S., Ledbetter, W.N., Mitra, A., and Ford, F.N., “Executive or Functional Manager? The Nature of the CIO’s Job,” MIS Quarterly, December 1992, 449─467.
128.Stevenson, W.B., Pearce, J.L., and Porter, L.W., “The Concept of ‘Coalition’ in Organization Theory and Research,” Academy of Management Review, 1985, 10, 256─268.
129.Straub, D.W. Jr., “Effective IS Security: An Empirical Study,” Information Systems Research, 1990, 1:3, 255─276.
130.Straub, D.W. Jr., and Welke, R.J. "Coping with Systems Risk: Security for Management Decision Making," MIS Quarterly, December 1998, 441─469.
131.Synott, W.R. and Gruber, W.H., Information Resource Management, John Wiley and Sons, New York: NY, 1981.
132.Tallon, P.P., Kraemer, K.L., and Grbaxani, V., “Executives’ Perceptions of the Business Value on Information Technology: A Process-Oriented Approach,” Journal of Management Information Systems, Spring 2000, 16: 4, 145─173.
133.Teo, T.S.H., and Ang, J.S.K., “Critical Success Factors in the Alignment of IS Plans with Business Plans,” International Journal of Information Management, 1999, 19, 173─185.
134.Thomas, K.W., “Organizational Conflict,” in Kerr, S. Eds. Organizational Behavior, John Wiley and Sons: New York, 1979, 115─181.
135.Tversky, A., “Choice by Elimination,” Journal of Mathematical Psychology, 1972a, 9:4, 341─367.
136.Tversky, A., “Elimination by Aspects: A Theory of Choice,” Psychological Review, 1972b, 79, 281─299.
137.Tversky, A., and Kahneman, D., “Availability: A Heuristic for Judging Frequency and Probability,” Cognitive Psychology, 1973, 5, 107─232.
138.Tversky, A., and Kahneman, D., “Judgment Under Uncertainty: Heuristics and Bias,” Science, 1974, 185, 1124─1131.
139.Tversky, A., and Kahneman, D., “The Framing of Decisions and the Psychology of Choice,” Science, 1981, 211, 453—458.
140.Vital, M.R., “The Growing Risks of Information Systems Success,” MIS Quarterly, December 1986, 10:4, 327─334.
141.Von Solms R., Van Haar H., Von Solms S.H., and Caelli W.J., "A Framework for Information Security Evaluation," Information and Management, 1994, 26,143─153.
142.Walker, S.T., "Network Security Overview," Proceeding of the IEEE Symposium on Security and Privacy, 1985, 62─76.
143.Wang, E.T.G.,” Linking Organizational Context with Structure: A Preliminary Investigation of the Information Processing View,” Omega The International Journal of Management Science, 2001, 29, 429─443.
144.Watson, R.T., “Influences on the IS Manager’s Perceptions of Key Issues: Information Scanning and the Relationship With the CEO,” MIS Quarterly, June 1990, 217─231.
145.Wilson, D.C., “Electricity and Resistance: A Case Study of Innovation and Politics,” Organization Studies, 1982, 3, 119─140.
146.Wright, G., Behavioral Decision Theory: An Introduction, CA: Sage, 1984.
147.Wright, P.C., “Computer Security in Large Corporations: Attitudes and Practices of CEOs,” Management Decision, 1993, 31:7, 56─60.
148.Yang, H.L., "Key Information Management Issues in Taiwan and the US," Information and Management, 1996, 30, 251─267.
149.Yin, R.K., Case Study Research: Design and Methods, CA: Sage, 1994.
150.Zviran. M., “Relationship between Organizational and Information Systems Objectives: Some Empirical Evidence,” Journal of Management Information Systems, Summer 1990, 7:1, 65─84.

推文
推薦
引用網址
引用嵌入語法
轉寄

top

:::

相關期刊
相關論文
相關專書
相關著作
熱門點閱

1.	企業資訊安全投資之決策變數探討
2.	高階主管對於資訊部門績效評估指標之選擇--國內銀行業之研究
3.	資訊主管對企業資訊安全之風險控管決策

無相關博士論文

無相關書籍

無相關著作

無相關點閱

QR Code

臺灣人文及社會科學引文索引資料庫系統

詳目顯示

臺灣人文及社會科學引文索引資料庫