資訊安全管理制度的建置，是一個牽涉安全、技術、法律、組織、管理等多層面複雜知識的過程。為了瞭解組織於其過程中可能遭遇的阻礙，並且從組織學習觀點找出可能影響導入過程的影響因子，本研究執行質性研究方法，深入探索四個公務單位的資訊安全管理制度導入過程。研究結果發現，組織氣氛、個人與團隊實務、個人與團隊發展、報酬等四因素，與資安管理制度知識的缺乏現象有關。此外，本研究亦發現，資安意識與資安管理制度的文件化、資安管理制度知識與重要性評價、報酬／認同與流程標準化程度四組變數之間，也可能存在相關。本研究從組織學習觀點提出具體建議，希冀輔助相關組織於導入時增強知識體質，提升導入成功的可能性。

Implementing an ISMS is a challenging task, as most workers cannot well deal with information security issues. To realize what obstacles organizations may encounter and to find out whether the organizational learning factors affect the implementation process, this investigation conducted qualitative methodology and interviewed four public organizations in Taiwan. The research findings offer a research model of reduced complexity, which can be validated and tested quantitatively. The results indicate that four factors may lead to insufficient ISMS-related knowledge. Besides, we also find potential relationships may exist between security awareness and ISMS documentation, between ISMS-related knowledge and valuation towards the importance of security management, and between rewards/recognition and standardization. A few conceptual explanations are offered to benefit those organizations which remain in the early phase of ISMS implementation.