|
|
E-Commerce Letters 2024
企业信息安全策略遵从性的影响因素研究
|
Abstract:
随着社会经济与信息技术的发展,企业进行信息交流与沟通的途径逐渐多样化。但与此同时,企业的信息安全也面临着多重威胁。近些年来频繁发生在企业中的信息安全案例比比皆是,因此信息安全是企业当下必须重视的一个问题。而企业成员作为企业的主要组成部分,其是否遵从企业的信息安全策略对企业来说十分重要。本研究依据隐私计算理论构建研究模型,深入探究了信息安全策略遵从性的影响因素,并进行了相关的实证分析。本研究主要采用文献研究法、问卷调查法、统计分析法三种方法。根据相关文献研究,确定研究变量与研究模型,最终回收到有效问卷440份。本研究根据SPSS对回收的数据进行统计分析发现:遵从的感知成本、遵从的感知收益、不遵从的感知成本和隐私关注对企业成员的态度造成了显著影响,企业成员的态度对策略遵从性有显著影响。其中企业成员的态度作为中介变量,对遵从的感知收益起到部分中介作用,对遵从的感知成本、不遵从的感知成本和隐私关注起到完全中介作用。通过对研究结果的探讨,本文总结了研究结论并对企业的信息安全管理人员提出了合理建议。
With the development of social economy and information technology, the ways for enterprises to communicate and exchange information are gradually diversifying. But at the same time, the enterprise’s information security is also facing multiple threats. In recent years, information security cases frequently occur in enterprises everywhere, so information security is an issue that enterprises must pay attention to at present. As the main part of the enterprise, it is very important for the enterprise whether its members comply with the enterprise’s information security strategy. This study constructs a research model based on privacy computing theory, deeply explores the influencing factors of information security strategy compliance, and makes relevant empirical analysis. This study mainly adopts three methods: literature research, questionnaire survey and statistical analysis. According to the relevant literature research, the research variables and research models were determined, and 440 valid questionnaires were finally recovered. Based on the statistical analysis of the recovered data by SPSS, this study found that the perceived cost of compliance, the perceived benefit of compliance, the perceived cost of non-compliance and privacy concerns have a significant impact on the attitude of enterprise members, and the attitude of enterprise members has a significant impact on strategy compliance. Among them, the attitude of enterprise members, as an intermediary variable, plays a partial intermediary role in the perceived benefits of compliance, and a complete intermediary role in the perceived costs of compliance, non-compliance and privacy concerns. Through the discussion of the research results, this study summarizes the research conclusions and puts forward reasonable suggestions to the enterprise’s information security managers.
| [1] | 陈琳. 影响员工遵从信息安全政策的要素研究[D]: [硕士学位论文]. 辽宁: 大连理工大学, 2011: 11-38. |
| [2] | 欧露, 何翼, 秦林瑜, 等. 基于隐私计算理论的短视频平台隐私悖论路径研究[J]. 智能社会研究, 2023(6): 45-62. |
| [3] | 石硕. 隐私计算、自我决定与社会交换理论视角下社交媒体用户隐私披露意愿研究[J]. 新媒体研究, 2023(19): 29-36. |
| [4] | 时颖惠, 薛翔. 政策工具视角下我国信息安全政策研究——基于81份政策文本的量化分析[J]. 现代情报, 2022, 42(1): 130-138. |
| [5] | 张艳红. 社交网站用户自我信息表露行影响因素研究[D]: [硕士学位论文]. 北京: 北京邮电大学, 2013: 30-35. |
| [6] | 徐贤贤. 基于用户感知的A银行手机银行业务服务质量提升研究[D]: [硕士学位论文]. 杭州: 浙江工商大学, 2021: 51-69. |
| [7] | 强月新, 肖迪. 社交网络中的隐私悖论: 隐私关注、自我表露意愿对社交推文发送的影响研究[J]. 国际新闻界. 2019, 41(12): 6-26. |
| [8] | 赵越, 马玉伟, 韩磊. 集团企业一体化信息系统安全管理策略研究[J]. 军民两用技术与产品, 2024(4): 66-69. |
| [9] | 汪丽. “一带一路”国家网络安全政策法律动态及趋势[J]. 信息安全与通信保密, 2019(7): 17-21. |
| [10] | 闫履鑫. 企业威慑与员工信息安全政策遵从意愿——辱虐管理的调节效应[D]: [硕士学位论文]. 大连: 东北财经大学, 2019. |
| [11] | 黄玥, 周丽霞, 蒲攀. 基于AHP方法的我国信息安全政策方案优化决策研究[J]. 现代情报, 2015, 35(3): 77-81. |
| [12] | Höne, K. and Eloff, J.H.P. (2002) Information Security Policy—What Do International Information Security Standards Say? Computers & Security, 21, 402-409. https://doi.org/10.1016/s0167-4048(02)00504-7 |
| [13] | Sohrabi Safa, N., Von Solms, R. and Furnell, S. (2016) Information Security Policy Compliance Model in Organizations. Computers & Security, 56, 70-82. https://doi.org/10.1016/j.cose.2015.10.006 |
| [14] | Kenneth, J.K. and Thomas, E.M. (2015) Information Security Policy: An Organizational-Level Process Model. Computers & Security, 7, 793-508. |
| [15] | Johnston, A.C., Warkentin, M., McBride, M. and Carter, L. (2016) Dispositional and Situational Factors: Influences on Information Security Policy Violations. European Journal of Information Systems, 25, 231-251. https://doi.org/10.1057/ejis.2015.15 |
| [16] | Kadam, A.W. (2007) Information Security Policy Development and Implementation. Information Systems Security, 16, 246-256. https://doi.org/10.1080/10658980701744861 |
| [17] | Williams, P. (2001) Information Security Governance. Information Security Technical Report, 6, 60-70. https://doi.org/10.1016/s1363-4127(01)00309-0 |
| [18] | Cram, W.A., Proudfoot, J.G. and D’Arcy, J. (2017) Organizational Information Security Policies: A Review and Research Framework. European Journal of Information Systems, 26, 605-641. https://doi.org/10.1057/s41303-017-0059-9 |
| [19] | Mikko, S. and Pahnila, S. (2002) Compliance with Information Security Policies: An Empirical Investigation. Computers, 2, 64-71. |
| [20] | Da Veiga, A. and Eloff, J.H.P. (2010) A Framework and Assessment Instrument for Information Security Culture. Computers & Security, 29, 196-207. https://doi.org/10.1016/j.cose.2009.09.002 |
