組織制定資訊安全政策對資訊安全影響之研究
32
0
0
全文
(2) 66 j(~H~. Abstract In the e-era of internet computing and electric commerce, "Information Security" has become an important goal of an organization. The organization achieves its target of promoting information security through the establishment, implementation and maintenance procedure of an information security policy. The establishment of information security policy is therefore the infrastructure of information security of an organization. This Study is based on the ~Security Policy Theory" to propose the "Information Security Policy Model" and develop the research structure of the Study. Its research is further developed. by three constructs - "characteristics of organization", "information security policy" and "improvement of information security". Hypothesis theory is used to examine the possible effects among its constructs. The Study also examines its path functions to derive the causality of each construct. It would not only be the first one to examine the theory of information security management by empirical research but also a useful reference to the information security management policy of an organization. Keyword: information security, information security policy, information security policy theory, information security policy model, path analysis.. 11"*!~. ~I1tAjf:~~UJ8'g~\~O ~~~. *-f-ffi'~~WmJ~~~' t::fi~fJ3Jl ~.ft~~~~.&.T~~®e ft~. ,. m* r1lm3G! J ~4ij-@l~®. §~, Jj~~m~~figif~~. ~*~*®~~,mjf:~m~~ffim~~¥. , ~llA&1fd:~*~Jjjf:~~*-fffi{} , m. ,. jf:~~*m@L®~~(#~'~88. .m3G!~~~m~tto~W~~®ff~. ,~~tt.®~'~~~®~m&~'. if: ; *1E${~M~ , ~ 89 if: ; Hinde,2002 ; Kiihnhauser, 1999). :tE1'~®m~'~~®~""f. rflm~amJ~m~~Jtm~. '~1lm~~*®~,~®~~. m:~JJJUm&f~~:1Jjf, -@liUl;Gx~Jtm. i&m.. ~~, ZJj\-ar.~~~~Jiix~Jtm3i. ~~~,,~,tt~~.OO*~~~. ~g~'ti.m~®.~1'~:-@lx~. m.®. (Information. Jtm~~8'giUi' ~~m~mnm¥}jG. W- {'FmiUl~m~~. ~, ~tB~~JjtlI¥JJtm3G!ttOO~£. ®f~~:1J~~~ff~' iB~f(W\3i. ®~'.*-f~.'mJ~.m~~~'. tt~&pg$~fJjrJ®~t$J*-fffl~~'. r ~m3i~i6tm. Security Policy) ,. J. 0. .......
(3) Mftiij5E~m3i:~i&mJ1Jtim~.z~. 67. .~f8!~~l¥J• •Rm~,~~. ~~1iI ' 1i~~Rm~m5E ' !fi.!.~. ~.~jim*~~~~~Wjim~~. j{m~flUz.ra~ , f:H[ffi~M~ , j{:ffi{~. t!&,. -~ffi.f§~ ffijjim~~~. ,. ~~*~.~j{m~~*1'~~fi3&o~. ~lft=~~~~~,tf2~~~\r~. ~~~~'Mz.~~Wff'~tf2~~. 1ft ' Jim~~z.fM5E ' f;j*~jim* ~~*z.mI!f ' ~~q:.~~-11 (l*~ , ~ 88 if. ; Lindup, 1995). WJ~1im~~~q:., ~l¥J-JJi~~. *if~~j{m*~~~3t~~~M~. ~tt~I~o1im~~~~rn~~. ~(~ffi-'~88. ;*1E1JjWM~'. 89 if. ; Osborne, 1998 ; 3ta;~!fi.!~{3tJi , ~ 89 if. ; Dellecave, 1996) " m.mI~.Hii*~tbb1! (ICSA) tE 1999 if.0:t!J!¥Jif~¥IH5·mte ' 1mi@1 80%!¥J. ~. ;s;;..§1:T*, ;tt:~l¥J~m~~:ff~mi!¥J~ '!iWpg~j>lftJJOO~~'. ffiffi1J1:ff ~§~*l¥J r ~?1J~ra~ J (~~ , ~ 89 if.) Blacharski tf2f~te : *~It~*mA~'&m 0. 0. ~ ;e;:jf.J:f r *~~~~~ J (Security Policy. Theory). tf te. Security Policy Model) , Mz.~~*if~z.if. , 1980. if.~t!lR:ff. R'. ... :',. -.. W r ~m~z.tf~ J 1J!lP.LIlfRIDE ' PJ 7~ r ~ttJ f;j r~m~~J !¥J:VIJ ' r ~m~~J f;j rjim~z.m~ J ~~. ....-f:. II! ' PJ&Z.ra~Z.1ZSI51~:lllH*. 0. *3ttt;ttijim*~~~~1fjlt1J!lPJ ~~ m-$:fr~M1im~~~if... 0. § ~W:9Jfi~ , ~ffijffiiB~z.~J5E ... ;1tti~:fr1;ft~t~Mt~JJ!re, j!~ilJ~. ~ .. ~WME~ m-=$:fr~mJ:tz.~. ~:fr~~~Mt~~ffiOO~l¥Jjim*~~~. .w~~~Jom~$:fr~~if~1i. PJTflz.1im~~' J,A3&1im~tx1iJ!.. r! ' 1:Yj8 : rQ~~~~ . ~~ . ifJ-UJt. l¥Ji5 f3i.m€~ilJ ~ 'mi~jim~~~i!. ~ m1i$:fr~~tffWif~*E*. ~~ (*1E1JjWrm!'l~. ~W~~.. 0. -0;. --"t... ~!iI~1iW~1&~Jfm~~~'::JL. , ~ 89 if. ; Lindup, 1995 :. Ward & Smith, 2002) tEl*~m ~if~q:. , ztFmte : ~jfma~1'. _.. ' !1 r ~~J .. rllm~~J. ~?¥!.. !t.m3i3tl¥Jm~ 'ffi:ff~m:-~~~~1f=: ~&fr:«m~~. PJf'f:m*~z.~~~~ , 3iffiJ m Ji: ~ ~ Jfi f~ J:t (Information I. jill'. l. Jl11mpg. 0. 0. 0. 0. ft1&. ). ..
(4) 68. .~ftiJf~. it .. 3U1m~. ~iiflfl"BmrJJE~~3(~i&Jft~ftl. 44.8%. , *mrJJE~ 55.2% ' 1f*mrJ~~~i&Jft *~Z~W, :t£!MJtm~i&Jft. ®s~Jl1ftl!"cp '*$:fr~1f:p)pgmrJJE. ~~®~fT.M .. ~l.I . :frfff ' ~*P'J. ' .~~~~~¥Um:i!-° Jj~. fj;~~~11' ~Jt<:.m r~~~J. ~i&JftI¥J~Jaj;{$'ZP:i'!?J~81WF.I~lE~*. ( Security Policy Theory) , P) {'F~*ifJi:z. ' m:~~m 2 ~ ~lE~$~~~ ,. l.I~~. ¥. 0. ~~JE11' ·tll~m{tffl~~*~~. 0. .lEifJi:Jtm~~~~ ' . m~~~'ffiill~$:fr~m~®ifJi:'. , 1Ii~F~®ti$ (Hone & Eloff, 2002b). 0. aKftt*Jji&J&$r~&~ml1E~?JT~. i&JftI¥J~!Dl:;trIR, fiJ~P)~W.~i&Jft. , tE~® 761WfAruiicp , .m3(~i&Jft~Fm-jG~~{tl 59% ' ~.. Z~JE ...~pg~"~~~'fiJ~m~. %~~~33%'~fiJ~~*?JTfl~~CP~. ®flm~~.mifJi:CP' ~~lHmifm. if®-~ , Ef3~~~f;j~1*,*~~~ , ;!t.cP. ~~1t ' ~fi!U~. il&J<lHJ¥-gf*,.~mflm~~j:: , ~ra'1E. -E!~~Jtm~~o**.1im~. 0. ®1im~~. ~JI (~91 ~) ~1tifJi:mlH :. ~i'!?J1~J~flf§~~5Ul' 111iW-4tUJJt~~. fl 80.4%®fifT~~~lEJtm3(~i&Jft. tf~:fff-a.r;tgii~·fi 'i!&~1aa*~. ,.~Jj~Jtm~i&Jft®~~. ~n~~mmm®~(fT~rr• •T. ~ ; ~~1*-P) BS 7799-1 (1999) m~. .l.I~CPtCJ\ ; ~ 91 ~). 0. ~~®.m3(~lIm ' JtcP r ~i5t. ~-Jj~~t~lH : 85%®~gjj~ , §m. JftJ 41.2%%~~Jt<: ' 29.4%$:fr~Jt<: ' 14.7 %~~cp , 11.8%ffiJIDUrrcp , 2.9%~. ftQ;1M®1}i§ijB~Att.m3(~i5<:Jft®mil. *~. ' .~ill~1r::::f1(®~ffi ' ~.m. t~lH~fl 27%®~WJ~BmrJJE3tftf:{t®~. ~~,JtCP~it!fifTtE~~~m. m~~' *W1t~Jmm~¥U 59"10 ill. ~*fiJfifT' .m~~~11tE*. tE Ernst & Young ~~ , Jt~WJ~Wlm ftQ;1MB~m~~ (Hinde, 2002). lilfi~~-.ii ' ~illfll1§?;V®~rJj. 0. tt~m.(~89~)®ifJi:cpmlH:. , ffif;j~~-JjEf3 KPMG Ffi~®[1ij~ , W. 0. 0. ~~~~~I¥J~~~~l.Im:1i. ~.
(5) ~~~.~~~~~~z~. 69. m~~!¥J~~" §!¥JW~E" ~z~J. Ji Ii. ~".~~~"~W~~~liOO$~'~. Information Assets ) mJ!!__~!¥Jm,auz.. JJti:tmP)Jt~. ~A~~(.~~'~911f.)0~. 0. ~ftf!¥J::gm1iJ~E~. -"Jim~~.~. 11. Starling. (1988). mm : r i&Wi. § !¥J!¥J-~,t1~i1l!; , ffijffrlfJ ,aU~~31nt;Gi&Wi § 1!!¥J-fi!¥lf~!¥Jh. ~ §.~. ~ (A Policy is a general statement of. aims or goals. It's not quite the same thing as a plan, which is best thought of as specialized means for achieving the goals of policy). tB: r~. 0. J ~i!tJl~ii-~m ,;tt~~. (PolicY)J. (Information Technology and. : Mt£ .. mfB . m. ~"~~lIi~~". mfPlS9. riim~i!&mJ ~1tJ!!. UJB?~~ (~901f.) ~~~:. 1. 1 .. ~m~zifm~~~l!.m~!¥J~. 11. 0. ( Intension). 0. 3 .. MTm.*EHj~Hmr~¥JtffJim3(-~. !¥J.ll (Authorities). . m~ . m~"M~~.z.(~i!tR. 5 .. ~1Lil.Jim~~~l!.~~J. ' ~ 90 1f. ). (Baseline). Mechanism). iti*;ttJimJiIi!¥JIl~tt(. Confidentiality) .. jG~tt (Integrity) ... 1iJffltt. S9~. (Availability) , ~~JN. .~'~.~mJiliz~~,~~m. .ttii§.' f?T~J~Z~l!.m~W~J JJtm$S (Ji;ij(~ , ~ 89 1f.) ~g 0. fllLl*~' rjf'aR~~J. f*mfBm. .~nt;Gaff~.!¥JJimf~WJim. ~. "I. 0. (. ·0. ~il (Business) ". 7"EH~~JI!¥JJim~~~l!.m~m. .nt;G" 8 .. ~Jlm~~'U~rj '@ &ff!~~~\~tt. 0. km~ rJim~~J'. f*. ~1Lfr~!¥J.m§~~~~~~S9. ' -~~.tzOr. ":J ~.,. 6 .. W*-EIJ~!¥J~mm~1St tt~ § ~f§. ~~Z...t. "",,. .. 0. ifm~~~~.~:~~7. ..... ~. 0. 4"~~$jJJmJim~.*. W~f7ilt3. -.. i~. 2 .. mfPlJJJim~~fM*S91f::IIf§gJ3. , 9F::fffifBJJj{,aU~MHfP ' x~~I«l!.~m~r~~m!¥Jhjt . JJj{}W. ffifB0~f.b.$r~. .,'. 4. ' 9F1'F~*.
(6) 10 .~ftif~. ~ZJEI.l. m~~if3fEJ~.f:f ' ~jfm. 0. I .. ~m.~JEtzD{EJ3t~t¥J~m.m. , P)'&~I¥J~ , P)'~~ll 2"~~~I¥J§~,m~r.m. 3 .. p)'1lm~~~~I¥Jj(m1fJ!J!~. j(If{jl!fflJJjum. 0. 4 .. f*'~:fi.m~tt~, p).itIJfim ~~I¥JJ1K~n. 3&tEl¥Jr!l$fJ$fJJJt '. P).~~1E~ §. ~o. ~J ~IIfQ. 4 .. j(m~~~~'lli~'~~. , .~~~"EtJf~i3I.m~.ifi ~1¥J~~~tt~l¥Ji3 rli 0. 5 .. ~fim3t~r!lmrJfI*1JOP)'1EA1t. 0. =.... m~~;L.§t¥J!6!~~. fim~~jfll¥J±J!§~JE .iIlijfmjflfl¥J~m~;L.{lffj~Jt. ff:°ffij~l¥Jjfm~il&jfl~J!.WJ. ~~~fi~.J!J!8m~~'~~ f*:1lmj(If~YlJ!J!.ml¥J3t~""f'PJT "EtJP)'fJ~~1tJtff:l¥JfT~ (Hone &. W3tftf:1t ' P).~~~$~~$ ~j!fj*fE~.m3t~l¥Jml!lW¥Jt. fT,. ~~3tf~JE.~' p)'{'F~jlm3t. ~miMl¥JZP:f1o. 6 .. ~f*:~WI¥J~m~"EtJP)'ffI&;fI~. ,. ~iimii~ 1SJj~~~"EtJI¥J~m jfmjf~. , P).til~I¥J:tc~tt. 0. 7 .. fjffI&~W~t¥J~~,~lSJjft~. 0. jfm~~I¥J§I¥J~J;}]~~. (Ward & Smith, 2002; *fJJ~~' ~ 90 ¥. 3 .. ti1njfm~~ffI&' mIJ~ii ." *~$fJI¥J~ , {fE~?cUl-. .§~o. Eloff,2002b). ~1¥J~9&~o. ; *1E~~tl!~~ , ~ 89 ¥) :. ~~If~~i.Jl'~~1iJ!."*x. &~f&j('RRjflf. 0. =: . '-~~il&JflZIM5E. I .. fj*-Wilfim.~~l¥JfI*' m~. .m~il&jfll¥J~JG,~fj!.JEm. t~~1J~~m~ , .TIfL~~JJl~JtJ. .iim~I¥J~JG\1Ifi!' p)'f.f~m.. 1fJ!J!~fjiim3t~I¥J~~!6!~m. 1¥J~.§~om.tt.I¥J~~'~ii. , ,t,~~iI1E~Jtff:~I.l$]. 0. 2"JE.m.~~H$M~A.fj.. m3t~I¥J~JG\1Ifr!:~ ~~~. , 5l0.$. .fllI¥JJim~~JG\1Ifr!:"EtJ~~~1SJj.
(7) ma~~.m~~ti.~~~.z~~. ~~~*litW:RirUtt~#m. 71. ' II&}f-ffl!S. mini ' ~~~¥Umlil. ' tzo~-?ff7K (. r~Rm~~~/L\1IfiI~A~.fA~. . Hone & Eloff, 2002a)' ~j;J{'Fm~. 1¥itWnJ~H~~. , Jf1E~ffij ~ , Jt:R. trl~:Rm~~~o. m3t3;-:~~/L\{Jffil~~~flJ~~*i. it. 0. Ef3tn~/L\1IfiI~1'/QJ. liim~II&]l1tJl~~m~W?Vftm. ' Jt:Rm3t. (Kaqay, 1996 ; Lindup, 1995 : Word &. ~II&]lH!f*~Jt~/L\'flfiI~]l~1i. Smith~. jf'$11Itn11m:Rm:R~~fJffil'iY!. 1 .. W~~Ml (Project Initiation) :. ~m~II&]l~~~.~rr(~~~. , ~ 891f:). 2002) :. ••. t. .liim3t~w?JJ~fi5 (Preliminary. , B~~¥tl3t. ~II&]l~m~'ft~~e$Z~Jftn. _.'...... ' (fEiY!. R:. Jfliim3t~f!~Jtff{~JJr(. ~:. Evaluation) , ~H~~J1f±1f. 0. ~~rdjJfliim3t~. !1m. Management Sensitization). ."1. 0. .-". :Rm~II&]l~lli-®~~~m5W. JIj":t "".~. t'Or. ~. IBS 7799. •. (Code of practice for Information Security • Management). I. 31Ulliliim~~9rH!1:Q.-a-~pq~. ~~Pl1fi.iJ¥A:ffi1(m't&:~. 0. 0. I I. ... • jW\'t&:il&UJil!E8ii1m~.Aj<t5E •.Mi.01. ISOIIEC 17799 BSI IT Baseline protection manual. IGerman Bandesamt fUr Sicherheit in der IInformationstechnik (BSI) ftjfl~. ';;. Jfliim~II&]l~mini. ~~e$. I. ..... fjJmIU~Jf:Rm~~~miiB. I. (fjwm~. I .liim~~J!!~WJ~MW~ • tzOfi:iJ1{[iFRm~II&]l 0. 0. I. 0. ·liim~~~~pg~§ ,tzO:~:Jt ff'II&]l~~~.:Jt,pg~. .. II&]l~W~. ·liim~~9rJ!!1:Q.r&~pq$o. .liim~~~~~. 0. I.
(8) 72 . JrotnfiJf3\'!. fJtf.f~~~~W~ftUg*. COBIT. • a:f~m~*1t~W~ftU~tt( the Infonnation •. ~~~~J!pg$~mrJ~~. System Audit and Control Association & .1r*B~it3t{!f:~@:\7W*l~ Foundation) (ISACAF) JlffaJi:. GASSP ( Generally. • Accepted. System. Security. National. 0 ••. ~. 0. fJ!l::Bjlm3i:~if)(~a:{~~g*&if)(~~ Jj(. ~. 0. Principles) ffi~~tII*if~ ( the Untied • ~m~~~JEft . *lai~ States of America's Council) ffil::BnBi. 0. 0. Research. jf~~a-gJff~.~ , ~~~Il. ·~wm~a-g~. GMITS. 11:a-gf~~. ( ISOIlEC PDTR13335-1 ). 0. . ~W@:~,~~~. 0. ·wm~~a-g~o. ISFs Standard of Good Practice *E3~{tWm. 3i: ~. • JUl::B.m~~pg~. ~!.l (the globally representation • jlm~~a-g~~. ~*It. 2 .. . 0. • ~!!J3-arji~fj!ffl~f.fm. Infonnation Security Forum, ISF). 0. 0. :*~~~E3 Hone & Eloff, 2002a.. :R m 3i: ~ if)( ~ Z it Ji:. (Security. Approval) : ~~:Rm~w*~. ,. ( CEO). Policy Development): ~ft1lm~. rl:t,a-g~~ ME8~~j!{A. fI*:frfff (Needs Analysis) , 1Ji1m:. ~jlm~if)(~~3i~. ~~'~E8pg$~~WMiI':Mt. JEa-g&¥,7fj~IE~a-g.m3i:~if)(. E8 jf m 3i: ~ ± 1f. m,:MtIE~it{fjo. (Infonnation. Security Officer, ISO) W?J7~ 3 .. ~ ~. W~ JE. 0. (Consultation and. . j:f(m~. 4 .. 3i:~~~Wif)(~f{W (Security Awareness and Policy Education) : ~.
(9) m.~~~~amti.~~~z~. ~~JtfK&.nmjjID13C~i5dlz~. ~i1&~I¥J~~ (Infonnation Security. WWwU. ' PJ$\T~~~. Policy. 0. 5 .. ~1f~ (Disseminate Policies) : Jj*.§.~pg~~1iID1~i1&~. ~. , PJil\T..t""fW¥.im~ " &mJt~. Jj~jtID1~®~. 1m ... ". Disciplinary. 91 ~ ; ,. ~. 91. ***_ '. ~ 91. 1f ; ISOIIEC. 1f ; ~~~. 17799~. 2000 ;. Osborne, 1998 ; Hone & Eloff, 2002a&b. lilt·. l. fi=~~wnmpj~. i1&~n~'fr~OOm.9~m'~;:E ~.~jjID13C~i1&~':R~~~~Jtf !fjtID13C~®5i:~®i*~®.{f(. iiID13C~i1&~I¥J.nmpg~'1*'m .~~ftft1iID13C~!¥Jm~~J~\. ~~OOl¥JjtID13C~.~!f~jtm3C~. ~l¥Jpg~fu~~~!¥Jm;:E'1:aIDipg~~. I¥J~' JjWA:m~i5dlI¥J~~w..ff~ 7i-~~'PJT~I¥J~jU~~:gm~jtm~ i1&md6\~)1UA®m~pg~, :5IE::::lE:>'oI-l-:f..'<:.-JJ I. ISOIIEC 17799, 2000 ) ". , ;ttpj~. ~~~:jtID1~~Wff~"~~. W..ff (Roles and Responsibilities) " jj ID1 7t ~ W~ ifirJ ( Infonnation Classification and Control) ".1i~~ (Infonnation Risk Assessment) ". ". .ID1~~W~H. ff~~J (Access. Control) . . . .&ii~3C~ (Physical and Environment Security) " (pg.~ m~~"jjID13C~$~Z~~~~~. r¥ ... and. ; Ward & Smith, 2002 ; Flynn, 2001 ). 1f~~.HlifirJ;:E-OOf!F:11i1®3C~. ~. Violations. Action) " ~;:E®.rr (!.%~~ ,. , {'Pm. ~jtID13C~!¥J~~il~'!f7i-:R. ~~~Il~{'P~~ (Business. Continuity Management) " ~&jjID13C. Il1o... 73. ,~~mm.~;:Ejtm3C~i1&mZ~~(. Hone & Eloff, 2002a). -.. i!. j:. •.. <til'. ~.. c~. 1. ..... .~ 0.
(10) ......,. 74. JnRHH. ~=. lif~rdjJim~~~!nf"~~~r:J3m~~. J!*!fiWj'~. BS7799. BSI. v v v v. v v. Ji~lfiBlII~fM* Jim3O!§~ )lm3O!lE~. ~~Jff~m~~. COBrr GASSP. v. GMITS. .. v. . v. ISF's Standard of Good Pmctice. v. ',.. v. .V. Jim3O!~~lE :«m3O!~L¥J§L¥J Jim3O!J.ij{~U. -il~~$"~~ -~~3O!g~Wfi1f -m$M~~~$l. -7J<If*~~~.. v v v v v. v. I. v v. v. v v v v v v. -~~~Wl4fft. -Jlf.~ -A.~ -~7i-~ -~$t&l«~. -)lm7tM -ff~ftirl. ~~J!Jtff ii&:1im3O!~~~. v v. G!ctf~M JlII. .,.... I'll. ~~~ ~~~. v v v v v. v v. v v. v v v. v. v v. v v. v. -lRJ!Jji. -{'F;g -~lEB~ -~1EB~ ~Jjf. ~t~ ~~ ~1E ~~ ~*It. v v v. :Hone & Eloff, 2002a. v v v v v. v v v.
(11) ~~~m~~~~m~z~. 1i'jfm~~~~:WMEfi. ;. ~. ~~ilm3t:?Ei5tWi'J1!5J::W3~. ff1l11L& ~.~fPfiS ' m~~l!I!i5tWi. ~fg~i5tJ&}l. ' $~ , ~Uirul:i~. ~~~a~~~R~Rm~i5tWi ~cp. , PJil1*jfm~z.~'F~:W. 891f:.). 75. 0. jfm3t:?Ei5t~l¥.JfPfiS~11efPfiSl¥.J mJ¥~ff. ' ~PJ~5J::W3'11:1¥.J ' -{gEJfjg. ~~F5J::W3I¥.J~. 0. 5J::W3'11:1¥.J~~11C. jfm3t:?Ei5t~CPPJT5J::~~~W35J::W3 ~. ; ~F5J::W3JI1:I¥.J~*If.fIU~ : ~. .m~:?Ei5tWi~~~'~ilm3t:?E~. a~m*~jfm3t:?E$~~'llim~. ~~~ffW~~o~~tijfm~N. ~ilm3t:?E~~~~~~'~~~. , .A.ji , jfm~MCz~1J[JPJ~~. ~~~~~~~'jfm&Ui~}lm. ~~'~il1*ilm~:?Ei5tWi~m5J::z. 3t:?E~~~~m~~a~~~~'jf. 1tlMJtff (ffi5t~ , ~ 88. m~~ifiU~f$*a!1:~fflf~. ). o.. (.J&* '. t _.. Sl. ;:. ••. .",f. jfm3t:?Ei5t~~-{i~l!I!Mli'. ~ 91 1f:. ; Osborne, 1998). 0. ~~. ,-I'. ' .1ifg¥U~fiS ' ~-~~.1' lIT~~~.I{'F ' 1lDIII-PJT~ (.*~. ttE~J5J::. .... J.. Planning. Maintenance. Implementation. 111-. .m~~Mli (~*1Jj : ~~ , ~ 891f:.).
(12) 76 ..~ftif~. ~'if~~~~. mmmjim~itw*,~m.~~~. ~~,~~](t'M~.~'~~~. - .. ~~~ PfiJl1fm. tiJfnm~*1J[J.L;J,.f~t-f~.IE. r ~itD&](ttJI~ j. (. •. '. PJ~~*J3.. ... l¥.Jft~~~*,w~~~m~. , ~~~fIJ=Pfi~ o,;l=tJl. Security Policy Theory) 1*m~~. I¥.JWtJI~. .m~itD&](t. m~itL¥.JruEJ{UTBnX;"F7Ul¥.JragIf(IBH*. Policy). z~j~. (Information Security,. . Jf~J!.~I¥.J~ ,. PJ.m~it~~~/L\. , TBnX;1fm~. it WtJI MII (Information Security Management Cycle) , *~EEelim~a ](t1¥.J~.~rr'*.m.m~itz§. •. (Kabay, 1996 ; jti'(~ , ~ 89 ~ ;. Gupta. ~. , 200 1 ; Flynn, 2001). ~PfiM~L¥.J~'@m. 0. f (1fm~~). jim~~=f (jim~~ifjrJ~. 'Jfm~D&mJf11fg'1im~D&m .~). 1im~l&Dj~=f (~~*). ~. : jim~~p. Ji. 3i:. ~. ~. •* 111=. jim~'. ~. .m. r ~~~ j. m 3i:. M [I. k. ~. 7T'AliI (1aSf.*7Jj : *~). ~.
(13) ~~~m~~ti~m~~z~~. 77. lZ§ift'*liff~~jfW\3(~~JIf!. jfW\~~JJE:ff-frs~ =f( ~J~). Z r 3(~j1~Jf~JIf!~ J (Security Policy Theory) , f!HB r jfW\~jS(jfimtc J. jfW\3(~Zm~=f (jfW\3(~iL3{:lfi-. mrJJE: . • tim " *it~). (Information Security Policy Model). *~:tEff!~:m.®3(~rm*. , ift-mJt£*mr&:f.t : ~~J~ .. jfW\~jS(jfizmrJJE: " .timJ.!*it~ . • w\~Zm~o~~~~:m.~. ~.~jfw\~iL3{:lfiz~JE:'jfw\ ~iL3{:lfiZ~JE: w\3(~Zm~. ...timJ.!*it~~.jf. , ?fJ\ll!pm.®jfw\3(~. ~~~.w\3(~rm*'~~~~.. ~*~ffijfw\3(~iL3{~.jfw\~. jfw\3(~~:lfi,jfw\3(~iL3{:lfi~.jf. zti~. m~Zm~. ~ttJ' ~: ~[i:... *~m. 0. tlOIil::::FJT~. 0. 0. *.§..jfw\3(~Wl*~m:tE. r. m"m.mmjfw\~~®~~"~~. *if~f!}ft(.jfW\r3(~jS(jfiJIf!. .. )11. -. g ... ':. •.. .",.. ~ J (Security Policy Theory). 3( ~ iL3{ :lfi m Jt J. J.!jfW\ r. jfW\$r~J.!Jff~. ' tiD. Constructs);. JiW\3(~~:lfi. ifjrJ. *I ~. •. tt. ( riiW\~iL3{mzmrJJE: ". .~J.!*it~J§~:iiw\~iL3{:lfi~. IIfIZBFJT~o~i?jg.III~f.t:. m. JE. I. \;) W\ Ii I. I. 3(1 ~ '';1:,:1 Z ~d ti,t 51 ;~. 1iffi. ME it. III..:::.. jfIDUfl.mmEd~. m1lHi1~~!#i!.~1\@.~. (Security Policy. Model) , ~~*liff~zliff~!#i!.. .. .W\~i&mmJt (~*~. I;; ;j,. :rt". :*~). ". >1. ~I. C.. ,1. •... ~.
(14) 78 jW\H~. ~mfrJj. , .ID1~i!&~ZJ)Jt~~{ft ,. 3. 1i.~mjfID1~R;tcI¥J~~: f*f~. ~ID1~~~z~~'~ID1~i!&~. ~rmMl@~jfm~R;tcpj[(i1lrl'!~. .~~§'&.ID1~~@ft~~. 1l5[:fi~~:a:~mltJ'W~fflG:a:. ~ZN~~h~~li~.~'Wr~. ~§fj~~rl'!~l¥JruR. ID1~~Z~~J~~-OO.~o~.. 4. . 2. . ~11!_ID1$r~WJl-~: "'{*f~~:a ~11!_ID1$r~&;tt$r~tEli.1¥J. ~I¥J~.~~:. 1. . 0. IifiilltEff: f*mm.~1¥J § I¥J WtEffo *.ruImm : f*miI.!ii~.ftI¥J~JJ , NP.ftIAI!lt¥.J~9F. JI-~o. 5. . _ID1*13.fiiIlmm:. {*f~jfm$r~EiJG. jfID1A.ftI¥J~JJ. ' NP*13.~fU~A_. ~tfJ®A:t.J.~. 0. 0. HOI. MU JRR~am $tl5E~rd]. Mmet am~~. 5E&. mum~ ~MfR9ft!~. am~p;j3. :RllR~~. tfH'+. ~$r'. wu. am.bEl .~/II!H ~!fi!_. ~MW1J~. Uf!mU~*1f ~II . IIlIlB. JfW1~~Wf~. (Jifl*it : *Wf~).
(15) ~~JtiR~~~!1JtiR~Zif3i::. 6. {tm.Hi~*1t~. : 1*f~~.± ~{tmWf!l~~®.Hi~*1t~. .0. 1PJB9~$:W{'F$. 79. , (/FRP1'IPJB9~~. tt'fl~.m~~~m~~~ooz¥. m.f!jrJ5E.~~i5(~~~rJj. B$B , l-~;C&~mitU~B9f§lHI~m~~pff 1'1PJ 0~ ~ z ' EB~*EI..~* §' l' IPJ ' A~mm®*/J\ ~ *~~m~. z~~o. ~~*1t®~~ ~ ~Th!.m$r~wJW*&. 7. .~~~mf!jrJ5E.lf{frs'. : 1*f~. ,. .~mtimflt®*/J\ ~. i5(mzwfig5E1ft : ~f~iltif!jrJ5E J:fm~~i5(m ' pffMf!jJt:.~Wi ®~g , &fit~z~t!1 0. ~~*1t~.~1'IPJ'~*~.*EI.ti~. 9. i5(mZpg~:1*m.m~~i5(m. 89if:;**.~T~' ~ 90 if:;Fisch. 8. . m1~J;~·®±~pg~. 10. . i5(mJf1)fglJi§:. 0. m§~®Jji§,tf!it~~~~~ T~mo. 11. i5(m~ft:WME~z m;r;W15$. ~ ME~. :. "~. , ffl*~~Zm;r;:W{tmZ. 15$0 12. • ~3i:~Zm*:. 5E~~~~~m®~m(~~~,~. & White, 1999 ; Ryan & Bordoloi, 1997. 1*mJ:f~~i5(. 1*m.~~~~zffiU5E. ±~{tm.. ; Loch ~ , 1992 ;. *1E1JjWrm~. ,. if:) 0~!ft ' ftJ:fm~~~B"J ~~ , *iJf~±~*EI.*i~I[i~*~ ~ 89. .mti.m~~~m~5EIf{fOOZ~B$B. (Hitchings, 1995) 0 OOl~~~r~. ••. ,.~. ••~~. a.~l~*r.'''4f~. 0. f*mflm• •. ~~~®.WJ,tf!it~mlG.~~. '~B9~1~. ,. ~$t&~.®~:P ~~$t&m)t:®~1~~ 0 =,.~~. EB.~LB9.~:W3tIt~M1~%l. '1'IPJB9~'~~IPJ®.~~~. 31< ' fl~ffiU5EJ:f~3i:~~imm-~~. 002 •••• *A'*.~~ ••~ ~al.°. R03 • •3(18 • • ~Nt.~At.t.*A *.~j~.-m.~~a.. 0. H04 • • 1t.l. .-m.~ 'tlLJt a*~ *.~l ~ .-m.~~li... ' ,. 0. R05 .-m.•••~*A' *.~l~. -m.~~al.°. l. -. R... ~. •. rill. t. t. •.. tI.
(16) -----. 80. :RiRHiM:. H06 ~m t.~!tt~., Jt~.tR.~ ~~ ••l~*rll'''~fj.. ~M~.~o.m~~I¥J~~ig. rlim~~J~.m~. ffl:~§~,.m~~.~'~~. l¥Ji'i~m.JJjUm ,ift~jfm~l¥J£. ~~~~ftW~m,~~w~~. m~~,~~~~~~r.m~~. ~~I¥J~ft'~~~~I¥J~ftW~~. ~mJI¥J~ft*~~~~ti.m. '~~W~ft'3ilm~IIJ,¥JtfJ1i1*. ~1¥J~~,ift~~n~.m~. 'ii~lfS~1im~~~I¥Jm.~~~. I¥J~~. , ~,£EPJ~.m~. 0. (Baseline Level) , ~~iI.. ..m~~mmn~l¥J~. 'iftit~Jm. (Kabay, 1996;. 17799, 2000 ; Hone & Eloff, 2002a &b ; Ward & Smith, 2002; $lE. .ti.m~I¥J~~§.o~~'m. ISOIIEC. ••m~~m~~~oo~~~,~ m~~I¥JJjJt1rg~m ' igffl : Jim. ~W~~~'~891f:,)o~~.*1VF. ~~~I¥J~~'.m~~§~wm. ~~~.m~~mZ~~'~~.. ~l¥Jn~,~~.ti.m~~.ffl¥J. ¥u~~m~Zm:n. m~'~~~~~m~~I¥J~~'&. ~3.tR.~~~.~~S'JtW.~. 0. E1r~*.~Jim~~m~I¥J1i*~'. ~~ttM-"~fj.o. ~~~~.~~.m~(~m. .m~~~ml¥J.~tJi§,~m. ,~ 881f:,; Hone & Eloff, 2002a ; Flynn, 2001) ~~ *lVFru:.~Jim~. ~T~m'~$~~~m~~~ma. ~~~~~ooz~~'.m~~. , :tE ISOIIEC 17799 Z cP , ~.l¥Jm$B , igffl : ~ZfPlJ~ ,. ' lJSJm~.$tl~Jim. ~~m.W"'Aft~'1im1i. 0. ,. m~~rg~m. ~IL'I¥J$~. ~Zm:n°. ~~~,.ft&~m~~'*~~. ~lM.WtR.~~~.~~*M'.. W.~~'.~W~R~~,~m. .tR.~~~llM-"'~fj.o. W~~~~'ff~m~'~~M~~. • • • • a~~~.~~~~~. ~~,~~~.~~~~,¥JtfJW~. ,Jt.1R.~~~llM-"~fj.o. ~,&.~~~~~,ti1im~~. H~. ..m~~ml¥J][{i\~lt¥Jtrr. ~~.~ret~ii~ (ISOIIEC. 17799,.
(17) m.~~~m~~ti~m~~~~. 81. ~"~1J1!. 2000; ~~*, ~ 91 if.; Ward & Srni~. 2002; Hone & Eloff, 2002b ;~£}iHI ' ~. 91. if. ) 0fZ9Ilt ' *iF~±51}lm3G!a. ~!¥.JJf1ifgJi §. , ~~~.¥um.~m. , r~'~~=t. ;;$:iF~~fb'~~jt$:' r~~~Z~. 3G!~:n0. rr ' ~~~jiim3(~f§1BJ3t1lt9} , :ill[. H24 'f tft1i-1:-Jlt".. ~~ fa ' ft 'f 1R.. 1i~.f§tt~m5t.' ~J~~ffiJnX. 1i-1:-~~.Jt-t-~~.. ~JJm:JGnX~~. 0. t£~m3(~~r3(~a~l!I!~ J. (Security Policy Theory) ,. 0. jiim3G!. ~~mjiim3(~~~z~~'.~~. , ~:fr5JU~ID!1fIUl*~J!. .~!f.A±~ljl,:ill[~~lE~~'. (. .~*.m,~Iltjiim3G!amZ~ ll~~~.~~~-l!I!~~m~~~. ~zffjU~. ~~ (Evaluation) ~fi3iS. ~ @~1f;lt:NJt. ' Jj~m3(. (ilj](1R ' ~ 89. 0. fZ9~. •. (=)m-$:fr:1lm3G!~~jto. PJJ[~1im3G!~zJ1m:g. ,a. ~J!n#i:,&j;tm3(~.~. 41. ~o. n#i: ' ~~~.¥um.~m3(~~~ :n0. (=)m~$:fr:~~~~jto~J[. H25 'ftft~1:-Jlt.JtjLlt .. 1t~~Jf-. - .. ~~. 1:-~~M-0. ~. ~ tl. r~&A~z~o. , ;;$:1iff~±51. 1t1ii£: ' fJSJIf~.jtI." .tft~. ~tE1'flBJ~o. ;;$:1iff~r~'~~jtJj~mcp~~~. 1lm~l!I!A~~,cp~~~1lm~m. ~~~~z~~,&a~1lm±~m ~.nX~~ , ro~mfl$:fr' ~ 2002. if. 6 F.J rdJPJ E-mail ~llir~'~ 645 f7}. ..... . ..". , }itJf~m3G!~$. mpj~,.1ifgJi§,~[iz. '1lm3(~~m~ll~.~z~F¥J!. ). 0PJJ[~~1lm3(~. ~ 91. Hone & Eloff, 2002a ; ~~*. if. ; Gupta, 2001). '. if.;. .~. ) m--iiB:fr : jlm3G!~am~ jl~WfiJjt. ,tE~~cpmmiU (Planning) ~. . *ml!l!:frm- $:fr :. l. ,.
(18) 82. Jlmnif~. fJ1t~r~'~ 165 f)} , ID~~r~~~ 8 f)} '~r~'~m 157 f)}'~~$ 24.34. If,. ~891f.). 0. (~)IZSI~7t~:~m~~~'m~. %0. 7m r~1iJ" rJim~i5l:. =,~f!.. mJ N r j(m3&z~¥f-. fum SPSS MC~If!.'-Xft5iff~:1Ji MCffr7tfff. l¥Jfljf* IDLPJ. 0. j.o. Zrs~. • r ~rtu~ J *~. Mf;J r *~'fi J ~~ r Jiffi1(. o. (-)~7t~:~~*~,~~. i11WCffr. ~~ififj~ .. W1ifENmlJ :. *. ~rj(m~z~¥f-JI¥J~*. 0. :. (fflJ:5<:Jf ' ~ 891f. ; ~ , ~. (=) mgr~. *~J. Cronbach' s. a *~:!traJ-.iiiFfiflr~~JiZP3. 721f. ; ~rlr '. ~ 721f.). 0. $-3&1i ' pJ.$J~r~'~Ffiflr~'Ji ffi " JaSt?tffi\~1iJf~*. ~~.iiil¥J-3&ttOO!t° (=)~7t~:*~~Z~~~.l¥J (3g~IDJf*m~'f*1£~~rmmrr. ~It J. N r {t(~:;I: J rs~z~*rm. ~'$HD1£~:. -.... *~~~. ~~*~ 157 f)} , 7tffftl[J~. ( -). %) ~~ , ;it~tllJ~m;G.. (t(1!!t) l¥J~~=i§IWI; 2. ~.~=i§1WI. 0. l¥J. ~.tlt~m r i!Bt. 7tfff J PJ.WJ~~~~rJJzlZSI*1DJ f* ' IDL~EE r ~'fi J m$J r ~m3&~J~fRfrs~J' :& EEr.m~~JmiUrj(m 3&~ J (Hair ~ ,. 1995 ; fflJ:5<:. 0. ~= ~ffMCffr. ,rJim~~J (m$JI!~). . f;J r Jim~.~ J ( (t(1!it). : PJ.i5l:J&ffi5l:~rm. 67 ( 42.7% ) :&~rJJl£~ 41 ( 26.1. 1 ,r~tt. J (m~rr~lt) f;J rJim3&~ J (. t1i~'fi.. :. *~. ff~l1U ~ rs~. 1. s?ttt. ~. 41. 26.1. i&t&ff~fIj. 67. 42.7. 0ff$~M.. 19. 12.1. 1£. ~t5t:&~~• •. ;it. f&. 23. 14.6. 7. 4.5. JtfSt*it : *1iJf~. I I. II.
(19) ~~~m~~.m~z~. ( =). jiIAIfl : P)jiIAIfl 200-499 A®~. ( 1m) ~1§1f:Rm$r~. 45 (28.7%) .&. 1000. r~®~. AP).r.®*~ 38 (24.2% ) ~~. , ;tt~tlD~IZ9?Ji~ ~Im. ffl/b. ~7\. jtIA~rr. ::xl!. I S7ttt. 1 5 15 4. 0.6 3.2 9.6 2.5 7.0 13.4. .7 38 157 ~*1fj. .8 24.2 100. ~. : ~1fjlfm$. 134 (85.4% ) , *~~m. $r~®~. 0. 83. 23 (14.6%) , tlD~7\. 0. ~:aiJ:Rm$r~Mt6-t ~. s7ttt. L. ~. 85.4. 134. 1§. 14.6. 23. Ao-gt pil. 157 ~*1fj. : *1iff~. 100.0. ( ) m.JJ!mjlfm~1SfC®ffi1rs' : P) lQ..191F® 72 (45.9%) .&. 20 1F P).r.® 49 (31.2% ) ~~ , ;1t~. ~. J!!m~fi,'/1F ~. ~~. 5 9 22 72 49 157. <=2 3-5 6-9 10-19 >=20 Agf PE. ~*1fj. .......... jf=iiR$r~M~=t. ~mjlf~~~OO1SfCrr. : *1iff~. s7ttt 3.2 5.7 14.0 45.9 31.2 100.0 _. ?X1fl. s7ttt. 100 27 6 9 142 15 157. 63.7 17.2 3.8 5.7 90.4 9.6 100.0. jf*4*It:*1iff~. ~. i. 4. I. I. ... ..•. ~. : *1iff~. tlD~~o. -.. I I.
(20) 84 jflRft~. (li) j(iR$r~®JI*& : jlm$r~~. %),. 27 (17.2%) ,. 5£0. ~m. ~-f:;PJf;f.o. :if1f 32 (20.4 %). J\. 10-1~. .b.~ I=lg. t{E~ , ;lt~. 17.8%) ,. S?ttt. 14 23 29 32 35 13 11 157. 8.9 14.6 18.5 20.4 22.3 8.3 7.0 100.0. *~mil±~ i. ~{$*&~ If~. I. .. Multi-user PC-LAN Single-user PC. I. 0. _. : P)'~~ffl:ifZ1§1ACJjil (multi-user PC-LAN) lit:*m~i1. 36 28 11. 22.9 17.8 7.0 I. .. .b.~ I=l!:!_ _. 72. 45.9. 10 157. 6.4 100.0. 1. :. ~*I(:*m:~ I. ~. (-f:;)±~~fimij7fj~z1Uf~ki1E. :if1f 72 (45.9%) ,. 5£O~-ffl~. 28 (. ±~filJ1WAZmJif ~~~i~ ~~. S?ttt ~. ~. Wit£~~. 0. ~tL. 0. :Rfl*~ : *if~. ~.. ~. ~ 129 (82.2%)' =am. A. ~~AJliMfrr. A. 1"""2 3.....,5 6"""9 10-19 20-49 50-99 > 100. .. (+)~=a1fj\jfj(iR3t3=:®A~:. (*)~~~A.:A.tt2~9A. tlO~J\Pfi;f.. 103 (65.6%) , =am 54 (. 34.4%)' 5£0~ f. :if1f 35 (22.3%) , lit. 0. (tL) ~=a1fj\JtjliR3t3=:®$r~ :. -*&JJfft:if1f 100 (63.7% ) , m ~~UL:if1f. tm~ffl~. ~~~~~rr. m~fR7fj. ::x~. s?tl:b. Eij!iiI. 156. 99.4 I. !. *mll. 1. .6. .b.~ I=lg. 157. 100.0. ±:fIff 36 (22.9% ) t{E~ , ;lt~ tlO~o. Rfl*I(:*m:~. ( J\) ~1~~UI~~il~~7fj : aij!iiI:if 156 (99.4%)' *~ 1 (0.6. ~ r. ~jt"~$r~*1frr. ~ ~. =a .6;%. ~. s?tl:b. 103 54. 65.6 34.4. 1.A.':1.. 1 fV'\. f\. ... -. .,.
(21) mM~~.~~~~.~~z~~. ~7m~-.iiiffi~rp5mz -3&11:. ~= :m:~AJtfim~!¥JA~Mf~. c;;..... , ::2fi:1ifFJi:P.1 Cronbach's a ~Ifl* lJJI:P'J~5z-3&11: ' Cronbach's a ~ ~~lmtzD~+=ffi~ , EB~~IlJ~ , Cronbach's affi[~ 0.8 gz 0.9 P.1J:. ' li !¥J~fj£. ~Ifl----'-_------'. :!e:. 129. S. 28. 17.8. A~t. 157. 100.0. !=Iil. JaSf.*~. I. 85. 82.2. ~~~&~~*o~~.OOZm.~~ it~!¥Jttf9rrfi~1J~F1¥.;W. : *1iff3i:. ' ~~P'J$-3&. 11:~§'M::fjtj, ~~~!¥Jm~ ,g~~¥rr ~!¥J~ (Bryman. Gay, 1992). & Cramer , 1997 ;. 0. ,~. n... -._.. ".;:. ... -'w~fJT. .-I j. ,,~. c.. ,.. ~= &1!l~fJT~. ~. I. mlfl. If(. Cronbach's a ffi[. .... ~,. ~JjJJj~~Ul. 5. 0.8252. ~P'J~. 7. 0.8722. ~~§. 13. 0.9446. ~it\rWMmlz~W1i#i:. 13. 0.9139. :rtm~!¥Jm7t. 6. 0.9317. JaSf.*~. : *1iff3i:. =,,~~. ~.m..:m:sjfilJ~~m3i:~l&Jfi~Wi. (~)~~m~~!¥J~. ~ , *~ftJE,~*~~~. ::2fi:1ifF~~IiflJ..!fif11:Jf~m3i:~. f6fi!¥J~Z~~~AOO '. HOI. ~1f''''~lJ.a~m~~tl ~~rd1. ' WH05 j(~~/J\ 'tr. , Jt~ H02. " H03 " H04 " H06 ~Im~~f~~ ,tzo~+lmffi~o. (=).m~~Jf~m3i:~m~!¥J. ~.
(22) 86 JGRR~. *if~~Im~jf~~I5dftJ.t. ~~~~'m4jfm~~. jf~~3~j!~~~.Z~lm~~1i. ~§'.~~1l~~Z~~. , H25. ffim ' ~'*' H22 .m~~Z~~. 1l~~~mT;W~ilzfj.. ill' it~~.~~zll~' H23. ~Wn~'it~.m~~Zm. jfm~~pg~.' itNl~1l. ~~lZY~ , *~1t~*~~~~. ~lZY. ~~~Z~~*~J!~. ,. ~.{3. f1lm1tJE,~*. HOI ~Jfit~~f{m~~ffirJ)Effifrdl. 0.163*. 3if~~~. H02 ~mmit~~jfm~~J)E!Wfrdl H03 @.JJ!Ugjf~~~~Bf~it~.~1lm~~iI&m: ffirJ)Effifrdl H04 ~iil.m$r~J!Rff&it~.iJjliRm~~~ffirJ~ !Wfrdl HOS Jl~m.m/J\*fr~~1lm~~*tl)E!Wf. 0.146. *~~. 0.106. *~~. 0.122. *31~~. 0.181*. ~f~~~. 0.105. *3i~. 0.006. *~~. 0.506***. ~f~~~. m3.~~~Zpg~it~~Jlm~ZfJ£~. 0.273***. 3i~~. m4.m~~.~~§it~m.Jlm~zfJ£~. 0.443***. 3i~~~. mSJlm~~m:~ftW~~Z~Wn~it~m. ~~~Zm~ _ _ _ _ _.. 0.482***. ~~~~. if. ~. ~. ~. rm H06~ffl~~~~~.it~.~.m~~I5dft~~ !Wfra~. mlti~~~~iI&m:~~ffif~it~.m..m~~Z fJ£~. H22. .m~I5dftzJ;J.mg)EilLit~.~.m~zll ~. * : P<O.OS * * * :P<O.OOI. -.-... _.. ... ... _.. .... -_. _.. ... ~*~:*if~. -. _._ .. __._.. _.. _.. ---.
(23) ..a....... m.~~~~~~~~~~~z~~. *~H21 fi~~f~3tff' tlO~2B. Restricted Model) , *7tffT r ~~tt. PJT~o. J'. 1ZB ... ~li 1Ii$J~1t. r.IDV3t~iI&JfiJ. (. ' **S5¥Hm Illli&~liPJT~ , 7tJjU~BJ3tlDl' :. If!. 1Ii$fI2§~1*'l¥JilBt*E*: mr~mfB~{lf:. R2. {t(1!.. F. _.. b. t. I I. .~~~itU~ffi!frs~. 0.026. .~~~J~~rs~. -. ~fflffl.IDl~*1EI¥J~§t:.. .~~~ti~~rs~. -. ·~tI.m$r~W}{I~. ~m~~u~~rs~. -. l~w.§Jalm.m. .~~~U~~rdj. 0.033. 5.204*. I~m~~~.. .~~~J~ffi!frdj. -. -. l~m~~J~~OO. ~m~Z1!fr. -. -. I. j(~~z1!fr. 0.256. 11i&~I*J%f. j(W1~~. [~f1Jtfi.. I. W r~~31:~z.. f!~ J ~f1f~zrs~8'9I111*'. ~~7tffT:. *~~j.I2§~7tffTl¥J~~Jm~. I. 87. 4.189*. -0.163. I. -2.047* i .. I. I'*~mm. I I. -. -. -. -. 0.181. 2.281 *. II~.~§. I. I. I. -. -. I. 53.454***. 0.506. 7.311***. !. 0.075. 12.494***. -0.273. 3.535***. i. .~~~. 0.196. 37.871***. 0.443. 6.154*** I. ~m~zHm-. 0.233. 46.425***. 0.482. 6.814*** .. !. I. I. I1& U{ltlLW*fEiilzmrJ'W. 1if!. * :P<O.05 * * * :P<O.OOI. Jm.*If:: *~. ; •. •. ,. ~. • .;. -. I. ~J;}]ff'"JEf:iL. ~. .",. -. I. I. ,;,.
(24) 88. _mftiBt. ~ .iR~H. llC+)O·OO6. ftjIj~rJI. f'. m.mm. 1. T. amz~. jE{¥: M~Jln'lIR ~MBI.i!. .iR~Z. amzpqw. ffJl. UJW\$M ~JI.. amWDftilJil3 ~m ~!n_.. zM~15~. fJ1!fflU~rt:. ~". * :P<u.. * * * :P<O.OOI. !lIn. jf~~~~~~. (-)~. (jf;{6f.*?1J : *if~). w~.~m~Ji~~~~~~~OO. :frifJT*S*r~ttIfJJJrJi~. 1¥.J~~o~~~X2*~*,~~. ~~~~~OOJfl~*~~o~. ~7.1<1f! (P<O.05) , .jf\i&J&ff~1HJ. ~z. B$rJ~Ji~~iI&J1i. ,rWittIfJ z~1m ' fl~fJ. ~rm. . ~rr!Ijf:~ . ~$~~.... ~&&if~~.~~f&'!!E.l¥.JiU.. '. Ii$rJ~[F,jrdJ~. ~z@~ft~,~~m0~$~~~. , ¥}~~~&&iF~~. '. ftfl£~m. ' !n r jf~~iI&J1i$UJE~rr!I J zrdJ;g. ~OOjf:~'.jf\~-*s*!nil&~~~. ~*ml1*. jf~~~ , 0;flrR~~~1fl!i!m$S. ' ~~p~m.'~Ifz~1m '. ,. .......
(25)
(26) ......,. 90. .mft~. ~~,~mA~~~'~$~~~~ #~~~W,ti~~m~~mZ~ JE~1[fI~. , }lU~!t1te!f!ijjliJE~. , ~~m*.fi. r $fJJEj(m~~J ' &:.~WJ~ rjlfm ~~n J ' ~iffl;E=ftEP)"}"ll!PJi1[1I] :wm~1fjlT{t),1[::f~. j(m~i&mzJ1mg. I¥JJlm~7mo. ~~~tirJlm~Z~nJI¥J~*. ~*~. (1\) {tffl.H~Vr~~. ... ~~. . 1f:&i!P!. m~~~m,~).~,~~n~. ,. l1P-a:r~*Jlli{t1[. r jlfm~. ' r{tffl1lU&i~~. J. ~~J ' tf1.~JJE rjlfm~. tir~m~~~~JE~OOJ~~*. i&m J IE:g:!f! ' iffl*fig1[~I¥JM~.. ~. ~,~~~:W~~*~~tt~m.. :fr~*W*. 0. ~~z, r{tffl1lUi~~J. #ElD~1tt~m1l!m*~.. ' ~*&:'\Afig{ff*jtm ~ , #l1Djtm~~ r1tffl:1¥J. (Mainframe Computer) , ~{m~. ~~J~r~~l:I¥J1[~J:wr~. ~r~m~~~~~JE~OOJzOO~. ~*rm~ H~':±ff!. 0. 11 Hil (Mini Computer) .. Multi-user CP-LAN ~~f&1IJil~*1t;~.Z~~ 'iffl~.m. rj(m~~m$fJJE~ ra~. J I¥J~. 0. P)4'-Bjfmf-f.tt~;t;l. ,. jlfm~fflll. JEffifra~I¥J~J. 0. (J\) ~z:9JfigJE{ft. :fr~*w*'Jlm~~ri&mz~. figJE{ftJ tim.. rJlm~z~nJ. ~~m~*1t;~~1[Jlm~~I¥J~. 1[~*~~o~~z'Rm~ri&. m,~m~rj(m~~~~JE~OO. mZ~JE{ftJ~mMrj;tm~z. J z!f!~' .~~. ~nJzOO1[~*II]~o~m~~i&. r~1llJi1~*1t;. ~JE~OOJtim.rj(m~Z~n. : mfSj;tm~fSlII . U JE§ewm~ . mfS~~.z~~~ ff . ~~*~~m.I¥J~"~~~ f.fi&ml¥JfftijjU~:rofig1l ' ti~ r Ja:. J~~*~o~~Z,m.rjfm. m~~nJ~~WJo. ~Jmft1J~fHjo. ( 1:;) $fJJEJlm~~ffifra~ :fr~*W*,~rj(m~~~m. ~~~~JE~OOJ~~rjfm~. ~Z~nJZoo~~*g~o~*. m~g~fIi. (:h)~z~~ :fr~*W*,.m~r~mz.rg.
(27)
(28) 92 jf2R~fim. ~~1im1i:~iI&m (Infonnation Security. m$r~mm~':fll:$5tlf!$IJJEJfm~iI&m. Policy) ~1firJJE " .MMIt!*l~!¥.Jfi!J:r; , PJJf. ' ffij~~ r Jim~~t:J!:n J ' -tWJ!t't .... m~~~IG\' **~Jim~~Mlft. 5!lHtJim~ riI&m~~~JEUlJ" r~. , ~Ef3Jim~iI&m!¥.J~!l1Af.f ,*wmJi. pg~ J" r~:MI!:rj§ J W-. m~~§~o~J~Jim~iI&mmA. ( Infonnation Security Policy Model) , ~+. . ~~~W-1J$J~.m~iI&mJr.imT I7t:'. ::tt~o. *~.n*~~"~W-~~'~ffij. ~~, jtq:r1\1il~1~~' ~n. ~ r~.J. riI&mJf!ITW-ME. W- r.~J ::k!J\. ~~An"~n&~OO~~*'ffi~~~. 1r~~ r:Jim~~JJE~rdj J.~lf!. ®~$IJ i9fJtlO;fi*!¥.J~ , *if~Thl*am.I1t. ~. q:r.~~~W~~~1r"q:r.~m~~. (HOI' H05): iIll.m~ r~J;b. ~~JEUlJ "riI&m~pg~ J". 0. riI&mW:MI!:rj{§ J. m~~~~~,~~g:Jim~~~. &r~~~~1J$J~*~.. ~!¥.J~ji , iffl*n~f.f~~~ , ~llt. ~ r~m~~t:J!:n J (H22 ' H23 ' H24. ' PJft~:9f.$~!¥.J~~' ~iffl~fdiIDfS. , H25) ; -ffi*-Ei. r ~m~iI&m:$IJJE~rdj. J ~ , :M!~*~*~ rJi~~t:J!:n J ' .7KJim~~ rm1l'.J' iffl rfl! **A J *if~PJJim r ~~mfB J ~1f1J! , fJ!l±l~iI&m~ , *~wam~ , riIll 11.J !Ii! r j(~mmJ jijy~7tJJu~m. ~n~¥IT-®~.. 0. iEtt1&~1Jim. ' *if~fti. : - . iE*I*!¥.J!&1f1Jim ' .:yPJf,Rm~~. 0. ,. =... ~}ff~~ , PJ~1t~!¥.J:9f.$. ~. , i1EiIDm:nif~!¥.JftEairn~n :(£jim r ~~lfB J !¥.J~~ , tI 0. ::k~~ '~~f.fm~~2Jf.fm. .r~~~~JJE~OOJ~oo~~~g. ti~m~~!¥.J~'~~~%.!¥.J. f*' ; Jim~ r~~~~UlJ" riI&m~. llm~~~~, • .:y~f.f.~. . pg~ J .. r ~1imJi§ J ~ r iI&mm:lLWME. if~,f§m1r~~~!¥.J~. ~~~~1J$ J ~7tJJUW.iIll r :Jim~. -= " jfm1i::i:(4t~ r Jj\~l1!IDfS J "r mffiIT. ~m:nJ~oo~~~g~o~llt,~. ~ll!alfB J" r ~~mfB J" r;fl~. ~~IRJ ' i&Jfff.f~rHJ "~.~~.. ~IDfSJwr~~~~mfBJ'PJ• •~. ' II.
(29) , II. ,. III. ...... <::>. ..... ...... N ...... M ...... •.
(30) 94 . Jimftim. f3. 1996, PP.39-50.. 0. '. IS. Ji~. r tr~lii:1'I5J~{fiNL~mlt. ft~~~~~~.~~~~~J. ,~ft~tt**~~~~~m~±~. 3t '. ~1iI 89 if.. Computers. White, GB., SeCW"e. and. Networks:. Analysis. Design, and Implementation, }:RC Press LLC, New York, USA, 1999.. 0. 16. fj;~ • r 1E:~B'3*M~~t!J!~:WA[t ~J' .~~~.. if.. 22. Fisch, E.A. &. m184ltij· ~1iI 90. 0. 23. Flynn, N.L, The e Policy Handbook:. Designing and Implementing Effective E-Mail, Internet, and Software Policies, American Management Association New. 17. ~i&' r~~:fJT J' fct.':&ffm~. ~~W(~W)-mIiIM~~·*.W. ffiU • ~!iI 72 if. ' PP.859-905. York, USA, 2001. 24. Gay, . Educational. L.R.,. Competencies. 0. for. Research. Analysis. and. , rmft1E:~~m~~m~~. Application, New York: Macmillan, 1992.. ~J'~.*~~~~~~m~±~. 25. Gupta, M., Chaturvedi, A.R., Mehta, S. &. 18. ~ra-. 3t '. ~1iI 88. if.. Valeri, L., The Experimental Analysis of 0. 19. Bryman, A. & Cramer, D., Quantitative. Data Analysis with SPSS for windows,. Information Security Management Issues For Online Financial Services, 200 I. 26. Hair, Jr. J. F., Anderson, R. E. Tatham, R.. London: Routledge, 1997.. SeCW"ity. L., & Black, W. C., Multivariate Date. Management-Partl: Code ofPractice for. AnalYSis with Reading, 4 thed, Prentice. Information SeCW"ity Management , BS. Hall, Englewood Cliffs, New Jersey,. 7799-1:1999 , BSI (British Standards. USA, 1995.. 20. BS. 7799-1,. Information. 27. Hinde" S.,. Institution) , 1997. 21. Dellecave, T.. Jr.,. "Insecurity:. Is. Technology Putting Your Company's. "Security Survey Spring. Corp", Computer & Security, Vo1.21, Issue: 4, 2002, PP.31O-321.. Primary Asset-It's Infonnation-At Risk?. 28. Hitchings, I,. ", Sales & Marketing Management, Apr.. Traditional. "Deficiencies. Approach. to. of the. Information.
(31) M*,l)EflliR~i&~ltjjliR~zif~. 95. Security and the Requirement for a New. Understanding", MIS Quarterly, June. Methodology", Computer & Security,. 1992, PP.173-186.. Vol. 14, No.5, 1995, PP.377-383.. 36. Osborne, K., "Auditing the IT Security. 29. Hone, K. & Eloff, J.H.P., "Information Security Policy-What do International Info~ation. Security Standards Say? ",. Function", Computer & Security, Vo1.17, No.1,1998,PP.34-41. 37. Ryan, S.D. & Bordoloi, B. "Evaluating. Computer & Security, Vol.21 , Issue: 5,. Security Threats in Mainframe. 2002A, PP.402-409.. Client/Server Environments", Information. 30. Hone, K. & Eloff, J.H.P., "What Makes an Effective Information Security Policy",. and. & Management, 1997,32, PP.137-146.. 38. Starling, G,. Strategies. for. Policy. Network Security, Vol. 2002 (6), June. Marking, Homewood. IL: The Dorsey. 2002B, PP.14-16.. Press, 1998.. 31. ISOIIEC . Information. 17799,. Technology-Code. of. Practice. for. Information Security Management, 2000. 32. Kabay, M.E., The NCSA. Guide to. Enterprise Security, McGraw-Hill, 1996. 33. Kiihnhauser, W.E., "Policy Groups ",. Computer & Security, Vol. 18, No.4, 1999,. 39. Ward, P.. &. Smith,. C.L.,. "The. Development of Access Control Policies. 2002, PP.356-371.. 40. • ~~ , How to develop Information Security Policy ~~, 2002.. ". ~~.. Computers & Security, Vol. 14, 1995,. ......... ~~Im+ 1f.~'~~xim*~. ~~~~mm±'~m*~.~~. PP.691-695. 35. Loch, K.D., Carr, H.H. & Warkentin,. ~~~~±m~~'~ff$¥~~.~. M.E., "Threats to Information Systems:. ~m~~m~~,~~~W.~~~. Today's. Am.~$f~$. Reality,. Yesterday's. ". ~. •. .. fI. Computers & Security. Vo1.21, No.4,. {'F~tmfr. Policies. .... ~.. for Information Technology Systems ",. 34. Lindup, K.R., "A New Model for Security. -. j!'. ",. PP.351 -363.. Information. t. , ~ffa~tmWi~ ".
(32)
(33)
相關文件
Menou, M.著(2002)。《在國家資訊通訊技術政策中的資訊素養:遺漏的層 面,資訊文化》 (Information Literacy in National Information and Communications Technology (ICT)
To ensure the Xianbei and Han people would live together peacefully, Emperor Xiaowen (reigned 471-499) not only moved the capital from Pingcheng to Luoyang, but also carried out
The above information is for discussion and reference only and should not be treated as investment
The roles of school management and technical support staff on implementing information and network security measures... Security
Fayun’s annotation is according to Kumarajiva’s original translation, not only sentences by the strict branch demonstrates it to the Lotus Sutra, also aware of
The revelations of this study would also provide the much needed and useful information that will help traditional higher education institutions to formulate
Besides, we also classify the existing RFID protection mechanisms to solve the different personal privacy threats in our security threat model.. The flowchart of security threat
Through the help of this study, the inconvenient of insufficient information of biological pilot plant can be improved, the manufacture security can be promoted, and the
