| Summary: | 碩士 === 國立中正大學 === 資訊管理所 === 96 === Organizations nowadays rely highly on the information technology to achieve its daily operation demand. Due to the continual occurrence of many information security incidents, the protection of information systems is a major problem faced by organizations. For an organization’s information security, it is not only a technical issue but also a management issue. The application of an IS security policy is one of the major mechanisms employed by IS security management.
The purpose of this study is to explore the effect of implementing an information security policy on information security culture and information security effectiveness in an organization. Meanwhile, the study also consider a top manager’s influence role in promoting the activities about information security policy. According to the large business ranking of top 1000 by China Credit Information Service, Ltd. We conducted a questionnaire survey of the MIS department manager of 500 manufacturing companies, 500 service companies, and 132 finance companies in Taiwan. Totally 1132 copies of the questionnaire were released, 175 valid copies were returned. Structural Equations Modeling (SEM) was applied to analyze the data and the main findings of the study are as follows.
1. The implementation of an information security policy has positive impacts on
information security culture.
2. Information security culture has positive impacts on perceived information security
effectiveness.
3. Top management support has positive impacts on the implementation of an
information security policy
4. The maintenance of an information security policy has positive impacts on making
the documents of information security policy.
|
|---|
