在資訊與通訊科技的發展之下，科技日新月異，同時對於使用者在資訊安全及資料保護的威脅也逐漸升高。近年來，許多已被確認、已發表的議題正呼籲大眾，必須提高對於資訊安全及資料保護的意識及行動。然而，在這些議題之中，對於使用者是否徹底了解「使用者應擁有的隱私及權利」，仍相當模糊不清。因此，本研究針對態度三元：情緒上、認知上、行為上進行探討，目的在「了解使用者對於資訊安全及資料保護的態度」。

為了瞭解「使用者態度」及「潛在威脅」的關聯性，本研究基於社會認知理論，將透過三種研究方法進行分項驗證，包含：「問卷調查」以了解個別使用者的態度、「案例探討」以了解時下資安攻擊事件及資安教育的經典案例，以利提供更好的教育改善策略、「專家訪談」透過具教學經驗及致力於規劃資安教育的專家，以了解當今資訊及資安教育的現況及困境。最後，我們將提出具有潛力的改善策略，提升社會對於資訊安全及資料保護的認知。

本研究針對智慧型手機使用者進行問卷調查，並回收了 373 份有效問卷，從問卷結果中發現，智慧型手機使用者若有較高的認知表現及情緒表現，便會正向影響使用者的行為意圖。然而，影響到安全行為意圖的關鍵要素為「自我能力評估」，且會因為性別、就讀資訊相關科系、受過資訊安全教育訓練等因素，進而影響到「自我能力評估」及安全行為的表現。

本研究針對近期的資安攻擊事件進行調查及彙整，然而近期的攻擊事件的最大主因皆為人為失誤，說明了某部分的人士不具有高度的資安警覺。此外，這些人為失誤也具共同的原因及特點，包含：「權限設定錯誤」、「過於簡單的密碼及密碼複用」、「廣告釣魚」等典型且嚴重的特點。

本研究亦和教育專家進行研究、分析及討論當前的教育現況及困境，並歸納出以下幾點：一、學生缺少資訊相關的背景知識；二、成人可以學習並跟進最新的資安風險議題，但仍缺乏實地演練；三、缺少評量及測驗方法，無法測量學生對於資訊安全的學習程度；四、缺少教育領域相關的資安人才，以利於提升教學的品質。
最後，本研究根據上述研究資料彙整出資訊安全教育的改善策略，包含以下四點：一、須建立學生對於資安保護能力的自我知覺能力及自信心；二、需重新定義學校教育及成人教育的教育目的；三、設計智慧型手機使用者可用的「資安防禦矩陣」；四、需要政府投入支持，以培育資安相關的教育人才。

本研究的貢獻在基於社會認知理論上，從個人層面上深入的了解智慧型手機使用者對於資訊安全及資料保護的態度；並在環境層面上調查資安攻擊事件及了解當前資訊安全教育的現況；最後，將上述的研究成果回饋到資訊安全教育並提出改善建議，以利於推動資訊安全教育及提升資訊安全的良性循環。

The importance of Cybersecurity and Data Protection (CDP) is growing serious as the spreading of Information and Communication Technology (ICT) development. Those threats on privacy and right from internet to smartphone users are growing and having direct impact to users’ daily life, furthermore, many related and identified issues (i.e. unclear application permission and data privacy) have come to the surface, which call the public awareness and actions.
However, it's still unclear how users recognize and comprehend and then be capableto take the proper activities for this privacy and right. Thus, in order to better understand users' attitudes toward CDP, this study draws on Social Cognitive Theory to understand users' attitudes in terms of cognition, affect, and behavior interact with their perception of CDP environment. This study adopts three methods as divergent validations to cover three research objectives, which first conduct questionnaire survey to understand users’ attitude (RQ1), second, reviews cases for recent cyber-attack in Taiwan and worldwide, also well-designed cybersecurity course in order to provide an better improvement strategy for teaching in Taiwan, and three, conducts interviews with experts who are dedicated to teach students about cybersecurity and participate in information education syllabus planning, as to explore the relationship between users' attitudes and potential dangers (RQ2 and RQ3). Drawing on these findings, this study suggests some improving strategies for advancing the CDP (RQ4).
The questionnaire survey focused on smartphone users, we collected 373 valid questionnaire responses. The result of the survey showed that most of the smartphone user who have higher performance on cognitive and affective, would affect their security behaviors on smartphones. In addition, the most significant factor in affective that affect the performance of security behavior is “Self-assessment on Protecting Skill,” which showed that most of the respondents were clear about their protection skills, also bring out a message that part of the respondent need more learning and practicing to enhance their self-protection ability using smartphone. On the other hand, the most significant factor in cognitive that affect users’ behavior is “Protect Important Data,” which represents how users understand to secure their data when using smartphone, therefore, this knowledge could be the fundamental of cybersecurity protection for every smartphone users.
Furthermore, this research summarized cyber attacks and crimes happened recently, most of the cybersecurity incidents were mainly due to human error, which show that part of people may not pay attention and less awareness toward cybersecurity. Besides, among the incidents reviewed in this study, common reasons that cause human error were “Misconfiguration of Permission,” “Weak Password Combination and Password Reuse,” and “Advertisement Phishing.” Which are very typical and also critical for modern security issues that every smartphone users should know and keep aware of the risk and threats.

For contributing to prescriptive strategies for better CDP, , this research also interviewed experts to get closer the field and issues of cybersecurity education. The interviews with education experts indicate as following, 1) Students are lack of background knowledge toward technology in general; 2) Adult can follow up the latest issue and knowledge, but need more practicing for the actual situation; 3) Lack of the evaluation method to measure students’ understanding of cybersecurity; 4) Lack of cybersecurity talent in education field in order to provide a better lecturing in the courses.

With abovementioned convergent empirical study , this research suggest improvement strategy for cybersecurity education as follows. 1) Need to construct self-identity and confidence to their ability; 2) Redefine the teaching purpose of school education and adult education; 3) construct a Cyber Defense Guideline for Smartphone User; 4) Government Ministries Support for Educational Talent Training.

This research brought out the implications of findings that clarify how smartphone users’ attitude being affect towards cybersecurity as the individual level of SCT, also with the latest cyber-attack trend and discussing the phenomenon of the current education system from the ecosystem level of SCT, which helps the society knowing well about how to maintain their ability and knowledge when using smartphone. At the end, conclude the findings and reflect on improvement strategy for education back to the ecosystem level of SCT, in order to make the virtuous circle enhancing CDP.

Albrechtsen, E. (2007). A qualitative study of users' view on information security. Computers & security, 26(4), 276-289.
Anwar, M., He, W., Ash, I., Yuan, X., Li, L., & Xu, L. (2017). Gender difference and employees' cybersecurity behaviors. Computers in Human Behavior, 69, 437-443.
Bandura, A. (2001). Social cognitive theory: An agentic perspective. Annual review of psychology, 52(1), 1-26.
Bandura, A. National Inst of Mental Health. (1986). Social foundations of thought and action: A social cognitive theory.
Bandura, A., Freeman, W. H., & Lightsey, R. (1999). Self-efficacy: The exercise of control.
Bell III, Thomas J. "The social psychology of IT security auditing from the auditee's vantage point: Avoiding cognitive dissonance." ISACA Journal 3.1 (2010): 1-4.
Breckler, S. J. (1984). Empirical validation of affect, behavior, and cognition as distinct components of attitude. Journal of personality and social psychology, 47(6), 1191.
Chandarman, R., & Van Niekerk, B. (2017). Students' cybersecurity awareness at a private tertiary educational institution. The African Journal of Information and Communication, 20, 133-155.
Chen, Y. T., Shih, W. L., Lee, C. H., Wu, P. L., & Tsai, C. Y. (2021). Relationships among undergraduates' problematic information security behavior, compulsive internet use, and mindful awareness in Taiwan. Computers & Education, 164, 104131.
Das, A., Bonneau, J., Caesar, M., Borisov, N., & Wang, X. (2014, February). The tangled web of password reuse. In NDSS (Vol. 14, No. 2014, pp. 23-26).
Dhillon, G., & Backhouse, J. (2000). Technical opinion: Information system security management in the new millennium. Communications of the ACM, 43(7), 125-128.
European Commission (2013). Special Eurobarometer 404: Cyber Security. Directorate-General Home Affairs and DirectorateGeneral for Communication. Retrieved from http://ec.europa.eu/public_opinion/archives/ebs/ebs_404_en.pdf
FBI Internet Crime Complaint Center (IC3), United States (2022). Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users. (n.d.). Available at https://www.ic3.gov/Media/Y2022/PSA221221
Felt, A. P., Finifter, M., Chin, E., Hanna, S., & Wagner, D. (2011, October). A survey of mobile malware in the wild. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices (pp. 3-14).
Felt, A. P., Finifter, M., Chin, E., Hanna, S., & Wagner, D. (2011, October). A survey of mobile malware in the wild. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices (pp. 3-14).
Festinger, L. (1957). A theory of cognitive dissonance (Vol. 2). Stanford university press.
Fethi A. Inan, Akbar S. Namin, Rona L. Pogrund, & Keith S. Jones. (2016). Internet Use and Cybersecurity Concerns of Individuals with Visual Impairments. Journal of Educational Technology & Society, 19(1), 28–40. http://www.jstor.org/stable/jeductechsoci.19.1.28
Georgescu, T. M. (2021). A Study on how the Pandemic Changed the Cybersecurity Landscape. Informatica Economica, 25(1).
Gillham, B. (2008). Developing a questionnaire. A&C Black.
Harvard College: CS50
https://cs50.harvard.edu/college/2021/fall/
iThome (2021) .2021政府機關資安現況揭露，近年三級事件通報人為疏失是主因. (n.d.). 取自https://www.ithome.com.tw/news/148431
Jc, N., & Ih, B. (1994). Psychometric theory. New York.
Kim, E. B. (2014). Recommendations for information security awareness training for college students. Information Management & Computer Security.
Krosnick, J. A. (2018). Questionnaire design. In The Palgrave handbook of survey research (pp. 439-455). Palgrave Macmillan, Cham.
McCrohan, K. F., Engel, K., & Harvey, J. W. (2010). Influence of awareness and training on cyber security. Journal of internet Commerce, 9(1), 23-41.
Muslukhov, I., Boshmaf, Y., Kuo, C., Lester, J., & Beznosov, K. (2012, April). Understanding users' requirements for data protection in smartphones. In 2012 IEEE 28th International Conference on Data Engineering Workshops (pp. 228-235). IEEE.
National Development Council, Taiwan R.O.C. (2019) Report of Digital Opportunity to People Who Own Mobile Phone
https://ws.ndc.gov.tw/Download.ashx?u=LzAwMS9hZG1pbmlzdHJhdG9yLzEwL2NrZmlsZS9hZjg2Nzg1Ny01YWE0LTRjZTYtODQ3OS00NzVhMWY5NTkyOGMucGRm&n=6ZmE5Lu2OS0xMDjlubTmiYvmqZ%2Fml4%2FmlbjkvY3mqZ%2FmnIPoqr%2Fmn6XloLHlkYot5YWs5ZGK54mILnBkZg%3D%3D&icon=.pdf
National Institute of Standards and Technology (2018) Cybersecurity Framework Version 1.1. Available at https://www.nist.gov/cyberframework/framework-documents
Pranggono, B., & Arabo, A. (2021). COVID‐19 pandemic cybersecurity issues. Internet Technology Letters, 4(2), e247.
Rahman, N., Sairi, I., Zizi, N. A. M., & Khalid, F. (2020). The importance of cybersecurity education in school. International Journal of Information and Education Technology, 10(5), 378-382.
Riek, M., Böhme, R., & Moore, T. (2014, June). Understanding the influence of cybercrime risk on the e-service adoption of European Internet users. In 13th Workshop on the Economics of Information Security (pp. 1-35).
Salamzada, K., Shukur, Z., & Bakar, M. A. (2015). A framework for cybersecurity strategy for developing countries: Case study of Afghanistan. Asia-Pacific Journal of Information Technology and Multimedia, 4(1), 1-10.
Sanz, B., Santos, I., Laorden, C., Ugarte-Pedrero, X., Bringas, P. G., & Álvarez, G. (2013). Puma: Permission usage to detect malware in android. In International Joint Conference CISIS’12-ICEUTE 12-SOCO 12 Special Sessions (pp. 289-298). Springer, Berlin, Heidelberg.
Sasse, M. A., & Flechais, I. (2005). Usable security: Why do we need it? How do we get it?. O'Reilly.
Schunk, D. H. (2012). Social cognitive theory.
Schunk, D. H., & DiBenedetto, M. K. (2020). Motivation and social cognitive theory. Contemporary Educational Psychology, 60, 101832.
Schunk, D. H., & Usher, E. L. (2012). Social cognitive theory and motivation. The Oxford handbook of human motivation, 13-27.
Sounil Yu (2022). Cyber Defense Martix: The Essential Guide to Navigating the Cybersecurity Landscape. Available at https://cyberdefensematrix.com/
Timan, T., & Mann, Z. (2021). Data Protection in the Era of Artificial Intelligence: Trends, Existing Solutions and Recommendations for Privacy-Preserving Technologies. In The Elements of Big Data Value (pp. 153-175). Springer, Cham.
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security. computers & security, 38, 97-102.
Wang, Y., Streff, K., & Raman, S. (2012). Smartphone security challenges. Computer, 45(12), 52-58.
Wu, Y. C., Sun, R., & Wu, Y. J. (2020). Smart city development in Taiwan: From the perspective of the information security policy. Sustainability, 12(7), 2916.
Zuboff, S. (2014). A digital declaration: Big data as surveillance capitalism. FAZ .NET.
Zuboff, S. (2018). The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power. Profile Books.
吳建忠（2011）。資訊倫理與資訊安全認知之關聯性研究-以嘉義市政府警察局為例。國立中正大學會計與資訊科技研究所碩士論文，嘉義縣。 取自https://hdl.handle.net/11296/m74p5h
吳倩萍（2006）。政府機關個人資訊安全認知與行為之探討。國立臺北大學公共行政暨政策學系碩士在職專班碩士論文，新北市。 取自https://hdl.handle.net/11296/3722jh
蘇敏凱（2022）。影響企業資訊安全之關鍵因子探討研究。國防大學資訊管理學系碩士論文，桃園縣。 取自https://hdl.handle.net/11296/4t8a62