隨著資訊科技的發展，資訊威脅似乎有愈來愈烈的趨勢。倘若缺乏安全的管理，將使得組織暴露在極大的威脅之下。本研究主要目的是檢視不同的產業及不同的資訊化程度的組織對資訊安全科技的採用的差異性。實證調查對象為台灣1000大企業，回收樣本109家企業。研究結果發現不同產業及資訊化程度之企業對資訊威脅認知有很大差異，金融業及高資訊化企業似乎有更高的資訊安全需求；令人驚訝的是，資訊安全防護與資訊威脅認知沒有正向相關，顯示資訊安全防護程度並沒有隨著企業主管威脅認知增加而增加防護，可能產生防護不足的現象；不論產業及資訊化程度的高低，多數企業對網路、人為、規範三個威脅認知較高，同時防護有不足現象。最後，本研究也針對不同產業及資訊化程度的產業，討論可行的資訊安全策略。特別是，組織應該依照自身的屬性了解自己的主要資訊威脅，執行相對應的防護措施，以達到資訊安全的有效性。

Information systems (IS) threats to business exacerbate with the development of information technology. A lack of robust security means that organizations expose themselves to considerable threats. This work examines the relationship between organizational characteristics and the adoption of security technology. Also it explores past and current concerns regarding IS threats among firms in different industries and computerization levels and the countermeasures adopted by firms in response to these threats. The empirical data were provided by 109 Taiwan’s enterprises from four industries and three levels of computerization. Both the relevant IS threats and the scope of countermeasures adopted were found to differ with industry and level. However, the scopes of countermeasures adopted appear not to be commensurate with the seriousness of the perceived threats. Among these IS threats, network was rated as the most severe threat as well as having the lowest level of protective adequacy, followed by personnel and administrative issues, across the four industries. Various threat mitigation strategies are discussed in this study. Specifically, firms should be aware of IS threats to their business and should install appropriate security countermeasures.

AEA (2006), “AeA's High-Tech Industry Definition”, http://aeanet.org/Publications/IDMK _definition.asp. [Cited 20th July, 2006]
Agarwal, R. and Prasa, J. (1997), “The role of innovation characteristics and perceived voluntariness in the acceptance of information technologies”, Decision Science, Vol. 28, No. 3, pp. 557–582.
Agarwal, R. and Prasa, J. (1998a), “The antecedents and consequents of user perceptions in information technology adoption”, Decision Support Systems, Vol. 22, No. 1, pp. 15–29.
Agarwal, R. and Prasa, J. (1998b), “A conceptual and operational definition of personal innovativeness in the domain of information technology”, Information Systems Research, Vol. 9, No. 2, pp. 204–215.
Agarwal, R. and Karahanna, E. (2000), “Time Files When You’re Having Fun: Cognitive Absorption and Beliefs about Information Technology Usage”, MIS Quarterly, Vol. 24, No. 4, pp. 665–694.
Ahuja, M. K. and Thatcher, J. B. (2005), “Moving Beyond Intentions and Toward the Theory of Trying: Effects of Work Environment and Gender on Post-Adoption Information Technology use”, MIS Quarterly, Vol. 29 No. 3, pp. 427–459.
Aivazian, C. (1998), “Information Security during Organizational Transitions”, Information strategy: the executive's journal, Vol. 14 No. 3, pp. 21–27.
Ajzen, I. (1985) “From Intentions to Actions: A Theory of Planned Behavior”, in Action Control: From Cognition to Behavior, Kuhl, J. and Beckmann J. (Eds.), Springerr Verlag, NY, pp. 11–39.
Ajzen, I. (1991), “The Theory of Planned Behavior”, Organizational Behavior and Human Decision Processes, Vol.50, pp. 179–211.
Bagozzi, R.P., Baumgartner, J. and Yi, Y. (1990), “An Investigation into the Role of Intentions as Mediators of the Attitude-Behavior Relationship”, Journal of Economic Psychology, Vol. 10, No. 1, pp. 35–62.
Bagozzi R.P., Davis, F.D. and Warshaw, P.R. (1992), “Development and a Test of a Theory of Technological Learning and Usage”, Human Relations, Vol. 45, No. 7, pp. 659–686.
Bagozzi R.P. and Warshaw, P.R. (1990), “Trying to Consume: Pursuit of goals in Consumer Behavior”, Journal of Consumer Research, Vol. 17, No. 2, pp. 127–141.
Baker, N.R. and Freeland, J.R. (1972), “Structuring Information Flows to Enhance Innovation”, Management Science, Vol. 19, pp. 105–116.
Baskerville, R. and Pries-Heje, J. (2003), “Diversity in Modeling Diffusion of Information Technology”, Journal of Technology transfer, Vol. 28, pp. 251–264.
Bergeron, F., Raymond, L., Rivard, S. and Gara, M. (1995), “Determinants of EIS Use: Testing a behavioral model”, Decision Support Systems, Vol. 14, No. 2, pp. 131–146.
Bharadwaj, A.S. (2000), “A Resource-Based Perspective on Information Technology Capability and Firm Performance: An Empirical Investigation”, MIS Quarterly, Vol. 24, No. 1, March, pp. 169–196.
Bhttacherjee, A. (1992), “An empirical analysis of the antecedents of electronic commerce service continuance”, Decision Support Systems, Vol. 32, No. 2, pp. 201–214.
Birch, D.G.W. and McEvoy, N.A. (1992), “Risk analysis for Information Systems”, Journal of Information Technology, Vol. 7, pp. 44–53.
Blumstein, A., Cohen, J. and Nagin, D. (1978), “Introduction” in Deterrence and Incapacitation: Estimating the Effects of Criminal Sanction on Crime Rates, Washington, DC: National Academy of Sciences.
Boockholdt, J.L. (1989), “Implementing Security and Integrity in Micro-Mainframe Networks”, MIS Quarterly, Vol. 13, No. 2, June, pp.135–144.
Brancheau, J.C., Janz, B.D. and Wetherbe, J.C. (1996), “Key issues in information systems management: 1994–95 SIM Delphi results”, MIS Quarterly, Vol. 20, No. 2, pp. 225–242.
Brancheau, J. C., and Wetherbe, J. C. (1990), “The Adoption of Spreadsheet Software Testing innovation diffusion theory in the Context of End-User Computing”, Information Systems Research, Vol. 1, No. 1, pp. 41–64.
BSI, (2000), BS7799-1 Information Security Management─Part 1: Code of Practice for Information Security Management, British Standards Institution, London.
BSI, (2002), BS7799-2 Information Security Management─Part 2: Information Security Management Systems Specification with guidance for use, British Standards Institution, London.
Chang, A.J.T. and Yeh, Q.J. (2006a), “Coping With Systems Threats: A Study of the Adequacy of Security in Taiwan”, The 3rd IEEE International Conference on Management of Innovation and Technology (ICMIT 2006), June, Singapore.
Chang, A.J.T. and Yeh, Q.J. (2006b), “On Security Preparations against Possible IS Threats across Industries”, Information Management & Computer Security, Vol. 14, No. 4, pp. 343–360.
Chau, P.Y.K., and Hu, P.J.H. (2001), “Information Technology Acceptance by Individual Professionals: A Model Comparison Approach”, Decision Sciences, Vol. 32 No. 4, pp. 699–719.
Chau, P.Y.K., and Hu, P.J.H. (2002a), “Examining a Model of Information Technology Acceptance by Individual Professionals: An Exploratory Study”, Journal of Management Information Systems, Vol. 18 No. 4, pp. 191–229.
Chau, P.Y.K., and Hu, P.J.H. (2002b), “Investigating healthcare professionals’ decisions to accept telemedicine technology: an empirical test of competing theories”, Information & Management, Vol. 39 No. 4, pp. 297–311.
Chau, P.Y.K. and Tam, K.Y. (2000), “Organizational adoption of open systems: a ‘technology-push, need-pull’ perspective”, Information & Management, Vol. 37 No. 5, pp. 229–239.
Chen, L., Gillenson, M.L. and Sherrell, D.L. (2002), “Enticing online consumers: an extended technology acceptance perspective”, Information & Management, Vol. 39, No. 8, pp. 705–719.
Chiasson, M.W. and Davidson, E. (2005), “Taking Industry Seriously in Information Systems Research”, MIS Quarterly, Vol. 29, No. 4, pp. 591–605.
Chidamber S.R. and Kon, H.B. (1994), “A Research Retrospective of Innovation Inception and Success: The Technology-Push Demand-Pull Question”, International Journal of Technology Management, Vol. 9, No. 1, pp. 94–112.
CNS17800 (2003), The information security management systems─specification with guidance for use, Bureau of Standards, Metrology, and Inspection, M.O.E.A., Taiwan.
CNSS, National Information Assurance (IA) Glossary (CNSS Instruction No.4009), Committee on National Security Systems, Revised in June 2006, http://www.cnss.gov/instructions.html. [Cited July 5, 2006].
Converse, J. M. and Presser, S. (1986), Survey Questions: Handcrafting the Standardized Questionnaire. California: Beverly Hills, Sage.
Cragg, P.B. and King, M. (1993), “Small firm computing: motivators inhibitors”, MIS Quarterly, Vol. 17, No. 1, pp. 47–59.
Cyert, R.M. and March, J.G. (1993), A Behavioral Theory of the Firm, Englewood Cliffs, NJ: Prentice-Hall.
Daft, R.L. and Weick, K.E. (1984) “Toward a model of organizations as interpretation systems”, Academy of Management Review, Vol. 9, pp. 284–295.
Davis, F.D. (1989), “Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology”, MIS Quarterly, Vol. 13, September, pp. 319–340.
Davis, F.D. (1993), “User Acceptance of Information Technology: System Characteristics, User Perceptions and Behavioral Impacts”, International Journal of Man Machine Studies, Vol. 38, No. 3, March, pp. 475–487.
Davis, F.D., Bagozzi, R.P. and Warshaw, P.R. (1989), “User Acceptance of Computer Technology: A Comparison of two Theoretical Mosels”, Management Science, Vol. 35, August, pp. 982–1003.
Davis, G.B. and Olson, M.H. (1985), Management Information Systems Conceptual Foundations, Structure, and Development, 2nd ed., New York, NY: McGraw-Hill.
Dishaw, M.T. and Strong, D.M. (1999) “Extending the technology acceptance model with task-technology fit constructs”, Information & Management, Vol. 36, pp. 9–21.
Earl, M.J. (1989), Management Strategies for Information Technology, Prentice Hall, Hemel Hempstead, 1989.
Ein-Dor, P. and Segev, E. (1978), “Organizational context and the success of management information systems”, Management Science, Vol. 24, No. 10, June, pp. 1067–1077.
Eloff, J.H.P. (1988), “Computer security policy: Important issues”, Computer & Security, Vol. 7, No. 6, pp. 559–562.
Eloff, M.M. and von Solms, S.H. (2000), “Information Security Management: A Hierarchical Framework for Various Approaches”, Computer & Security, Vol. 19, pp. 243–256.
Ernst & Young (1996), “The Ernst & Young International Information Security Survey 1995”, Information Management & Computer Security, Vol. 4, No. 4, 1996, pp. 26–33.
Ernst & Young (2004), Global Information Security Survey 2004, Ernst & Young.
Ernst & Young (2005), Global Information Security Survey 2005: Report on the Widening Gap, Ernst & Young.
Fichman, R.G. (2004), “Going Beyond the Dominant Paradigm for Information Technology Innovation Research: Emerging Concepts and Methods”, Journal of the AIS, Vol. 5, No. 8, pp. 314–355.
Fishbein, M. and Ajzen, I. (1975), Belief, Attitude, and Behavior: an Introduction to Theory and Research, Addison-Wesley, Reading, MA.
Fitzgerald, K.J. (1995), “Information security baselines”, information management & Computer Security, Vol. 3, No. 2, pp.8–12.
Forcht, K.A. (1994), Computer security management. Danvers, MA: Boyd and Fraser.
Frank, J., Shamir, B. and Briggs, W. (1991), “Security-related behavior of PC users in organizations”, Information & Management, Vol. 21, pp. 127–135.
Freund, R.J., Littell, R.C. and Spector, P.C. (1986), SAS system for linear models, Cary: SAS Institute Inc.
Fulford, H. and Doherty, N. F. (2003), “The application of information security policies in large UK-based organizations: an exploratory investigation”, Information Management & Computer Security, Vol. 11, No. 3, pp.106–114.
Galliers, R.D. and Baker, B.S.H. (Eds.). (2003), Strategic information management: Challenges and strategies in managing information systems, Oxford, England: Butterworth Heinemann.
Galliers, R. D. and Sutherland, A.R. (1991), “Information systems management and strategy formulation: the ‘stages of growth’ model revisited”, Journal of Information Systems Vol. 1 No. 2, pp.89–114.
Gerber, M. and von Solms, R. (2005), “Management of risk in the information age”, Computers & Security, Vol. 24, pp.16–30.
Gibson, D. and Nolan, R.L. (1974), “Managing the four stages of EDP growth”, Harvard Business Review, Vol. 52, No. 1, pp.76–88.
Goodhue, D.L. and Straub, D.W. (1991), “Security concerns of system users: A study of perceptions of the adequacy of security”, Information & Management, Vol. 20, pp.13–22.
Goodhue, D.L. and Thompson, R.L. (1995), “Task-Technology Fit and Individual Performance”, MIS Quarterly, Vol. 19, No. 2, pp.213–236.
Gordon, L.A., Loeb, M.P. and Sohail, T. (2003), “A framework for using insurance for cyber risk management”, Communications of the ACM, March, pp.81–85.
Gordon, L.A., Loeb, M.P., Lucyshyn, W. and Richardson, R. (2004), “The ninth annual 2004 CSI/FBI Computer crime and security survey”, Computer Security Institute. http://www.gocsi.com/. [Cited 20th Oct. 2004]
Gordon, L.A., Loeb, M.P., Lucyshyn, W. and Richardson, R. (2005), “The tenth annual 2005 CSI/FBI Computer crime and security survey”, Computer Security Institute. http://www.gocsi.com/. [Cited 20th Sept. 2005]
Grant, R. M. (1991), “The Resource-based Theory of Competitive Advantage”, California Management Review, Vol. 33, No. 3, pp. 114–135.
Gupta, A. and Hammond, R. (2005), “Information systems security issues and decisions for small business”, Information Management & Computer Security, Vol. 13, No. 4, pp.297–310.
Hair, J. F., Anderson, R. E., Tatham, R. L., and Black, W. C. (1998), Multivariate data analysis with readings, Englewood Cliffs, NJ: Prentice-Hall.
Hartwick, J. and Barki, H. (1994), “Explaining the Role of User Participation in Information System Use”, Management Science Vol. 40 No. 4, April, pp.440–465.
Haugh, H. M. Robson, P. J. A. (2005), “Are Scottish firms meeting the ICT challenge? Results from a National Survey of Enterprise”, Entrepreneurship and Regional Development. London: May 2005. Vol. 17 No. 3, pp.205–222.
Hinde, S. (2003), “The law, cybercrime, risk assessment and cyber protection”, Computers and Security, Vol. 22, No.2, pp. 90-95.
Hoffer, J.A. and Alexander M.B. (1992), “The Diffusion of Database Machines”, Data Base, Vol. 23, No.2, pp. 13-20.
Hoffer, J.A. and Straub, D.W. (1994), “The 9 to 5 underground: Are you policing computer crimes?” In Gray, P., King, W.R., Mclean, E.R., and Waston, H. (Eds.), Management of information systems, Fort Worth, TX: Harcourt Brace.
Iacovou, C. L., Benbasat, I. and Dexter, A. S. (1995), “Electronic data interchange and small organizations: Adoption and impact of technology”, MIS Quarterly, Vol. 19, No. 4, pp.465–485.
Icove, D., Seger, K. and Vonstorch, W. (1999), Computer Crime – A Crimefighter’s Handbook, O’Reilly & Associates, Inc.
Jarvenpaa, S.L. and Ives, B. (1990), “Information technology and corporate strategy: A view from the top”, Information Systems Research, Vol. 1 No. 4, pp.351–375.
Jeyaraj, A., Rottman, J.W. and Lacity, M.C. (2006), “A review of the predictors, linkages, and biases in IT innovation adoption research”, Journal of Information Technology, Vol. 21, pp. 1–23.
Jung, B., Han, I. and Lee, S. (2001), “Security threats to Internet: a Korean multi-industry investigation”, Information & Management, Vol. 38, pp.487–498.
Karahanna, E., Straub, D.W., and Chervany, N.L. (1999), “Information Technology Adoption Across Time: A Cross-Sectional Comparison of Pre-Adoption and Post-Adoption Beliefs”, MIS Quarterly, Vol. 23, No. 2, pp. 183–213.
Kankanhalli, A., Teo, H.-H., Tan, B. C.Y. and Wei, K.-K. (2003), “An integrative study of information systems security effectiveness”, International Journal of Information Management, Vol. 23, pp.139–154.
Kearns, G.S. and Lederer, A.L. (2004), “The impact of industry contextual factors on IT focus and the use of IT for competitive advantage”, Information & Management, Vol. 41 No. 7, pp.899–919.
Keller, S., Powell, A., Horstmann B., Predmore, C. and Crawford, M. (2005), “Information security threats and practices in small businesses”, Information Systems Management, Spring, pp.7–19.
King, W. R. (1994), Organizational characteristics and information systems planning: An empirical study. Information Systems Research, Vol. 5 No. 2, pp.75–109.
Kotulic, A.G. and Clark, J.G. (2004), “Why there aren’t more information security research studies”, Information & Management, Vol. 41 No. 5, pp.597–607.
Koufaris, M. (2002), “Applying the Technology Acceptance Model and Flow Theory to online consumer behavior”, Information System Research, Vol. 13 No. 2, pp.205–223.
Kwok, L.F. and Longley, D. (1999), “Information security management and modeling”, Information Management & Computer Security, Vol. 7, No. 1, pp.30–39.
Lee, Y. and Kozar, K.A. (2005), “Investigating Factors Affecting the Adoption of Anti-Spyware Systems”, Communications of the ACM, Vol. 48, No. 8, August, pp. 72–78.
Lee, S.M., Lee, S.G. and Yoo, S. (2004), “An integrative model of computer abuse based on social control and general deterrence theories”, Information & Management, Vol. 41, No. 6, pp.707–718.
Lee, T.F. and Lin, T.M. (2001), “Exploratory analysis on enterprise information security policy”, Proceedings of the seventh information management studies and practices, Taipei, Taiwan, December 2001.
Loch, K.D., Carr, H.H. and Warkentin, M.E. (1992), “Threats to information systems: Today’s reality, yesterday’s understanding”, MIS Quarterly, Vol. 16 No. 2, June, pp.173–186.
Loch, C. and Huberman, B. (1999), “A punctuated equilibrium model of technology diffusion”, Management Science, Vol. 45, No. 2 pp.160–177.
Lu, H.P., Hsu, C.L. and Hsu, H.Y. (2005), “An empirical study of the effect of perceived risk upon intention to use online applications”, Information Management & Computer Security, Vol. 13, No. 2, pp.106–120.
Lucas Jr., H.C. (1994), “Marketing and technology strategy in a “medium-tech” startup”, Information & Management, Vol. 27, No. 4, pp.247–257.
Luo, W. and Strong, D. (2000), “Perceived critical mass effect on groupware acceptance”, European Journal of Information Systems, Vol. 9, No. 2, pp.91–103.
Mathieson, K. (1991), “Predicting user intentions: comparing the technology acceptance model with the theory of planned behavior”, Information Systems Research, Vol. 2, No. 3, pp.638–646.
Mathieson, K., Peacock, E. and Chin, W.C. (2001), “Extending the technology acceptance model: the influence of perceived user resources”, The Database for Advances in Information Systems, Vol. 32, No. 3, pp.86–112.
Madnick, E.S. (1978), “Management Policies and Procedures Needed for Effective Computer Security”, Sloan Management Review, Fall, pp.61–74.
McFarlan, F. and McKenney, J. (1983), Corporate Information Systems Management: The Issues Facing Senior Executives, New York, NY: Dow Jones Irwin.
Mintzberg, H. (1978), “Patterns in strategy formation”, Management Science, Vol. 24, No. 9, pp.934–948.
Mohr, J.J. (1996), “The Management and Control of Information in High-Technology firms”, The Journal of High Technology Management Research, Vol. 7, No. 2, pp.245–268.
Moon, J.W. and Kim, Y.G. (2001), “Extending the TAM for a World-Wide-Web context”, Information & Management, Vol. 38 No. 4, pp.217–230.
Moore, G.C. (1987), “End User Computing and Office Automation: A Diffusion of Innovations Perspective”, Infor, Vol. 25 No. 3, pp.214–235.
Moore, G.C. and Benbasat, I. (1991), “Development of an Instrument to Measure the Perceptions of Adopting an Information Technology Innovation”, Information Systems Research, Vol. 2 No. 3, pp.192–222.
Munro, H. and Noori, H. (1988), “Measuring commitment to new manufacturing technology: integrating technological push and marketing pull concepts”, IEEE Transactions on Engineering Management, Vol. 35, No. 2, pp.63–70.
Nambisan S., Agarwal, R. and Tanniru, M. (1999), “Organizational Mechanisms for Enhancing User Innovation in Information Technology”, MIS Quarterly, Vol. 23, No. 3, pp. 365–395.
Nance, W.D. and Straub, D.W. (1988), “An investigation into the use and usefulness of security software in detecting computer abuse”, Proceedings of the ninth annual international conference on information systems, Minneapolis, MN.
Nilikanta, S. and Scammell, R.W. (1990), “The effects of information sources and communication channels on the diffusion of innovation on a data base development environment”, Management Science, Vol. 36, No. 1, pp.24–40.
NIST (2002), Risk management guide for information technology systems (Special Publication 800-30), National Institute of Standards and Technology Computer Security Resource Center.
Nolan, R. (1979), “Managing the crises in data”, Harvard Business Review, Vol. 57, No. 2, pp.115–126.
Peltier, T.R. (2001), Information security risk analysis, Auerbach, New York.
Plouffe, C.R., Hulland, J. and Vandenbosch, M. (2001), “Richness versus parsimony in modeling technology adoption decisions: understanding merchant adoption of a smart card-based payment system”, Information Systems Research, Vol. 12, No. 2, pp.208–222.
Porter, M.E. and Millar, V.E. (1985), “How information gives you competitive advantage”, Harvard Business Review, Vol. 63, No. 4, pp. 160.
Posthumus, S. and von Solms, R. (2004), “A framework for the governance of information security”, Computer & Security, Vol. 23, pp.638–646.
Premkumar, G. and Roberts, M. (1999), “Adoption of new information technologies in rural small businesses”, Omega, Vol. 27, No. 4, pp.467–484.
Prescott M. M. and van Slyke C. (1997), “Understanding the Internet as an innovation”, Industrial Management & Data Systems, No. 3 pp.119–124.
Rainer, R.K. Jr., Snyderr, C.A. and Carr, H.H. (1991), “Risk analysis for information technology”, Journal of Management Information Systems, Vol. 8, No. 1, Summer, pp.192–197.
Rainsbeck, G. (1982) “Systems development: technology-push, user-pull, or producer- motivated? ” Interfaces, Vol. 12, pp. 108–112
Raymond, L. (1985), “Organizational Characteristics and MIS Success in the Context of Small Business”, MIS Quarterly, Vol. 9, No. 1, pp. 37–52.
Raymond, L. (1990), “Organizational context and information systems success: a contingency approach”, Journal of Management Information Systems, Vol. 6, No. 4, pp. 5–20.
Reinganum, J. (1989), “The timing of innovation: research, development and diffusion”, in Schmalensee, R. and Willig, R. (eds), Handbook of Industrial Organisation, (Amsterdam: North Holland).
Reuters (2005), “Bad keystroke leads to $251M stock buy”, http://www.enforcenet.org/ news/?p=330. [Cited 16th July, 2005]
Richardson, R. (2003), “2003 CSI/FBI Computer crime and security survey”, Computer Security Institute. http://www.gocsi.com/. [Cited 20th Sept. 2003]
Riemenschneider, C. K., Harrison, D. A. and Mykytn Jr., P. P. (2003), “Understanding IT adoption decisions in small business: Integrating current theories”, Information & Management, Vol. 40 No. 4, pp. 269–285.
Rogers, E.M. (1983), Diffusion of Innovations, 3rd ed., New York, NY: The Free Press.
Rogers, E.M. (2003), Diffusion of Innovations, 5th ed., New York, NY: The Free Press.
Ryan, S.D. and Bordoloi, B. (1997), “Evaluating security threats in mainframe and client/server environments”, Information & Management, Vol. 32, pp.137–146.
Santhanam, R. and Hartono, E. (2003), “Issues in Linking Information Technology Capability to Firm Performance”, MIS Quarterly, Vol. 27, No. 1, March, pp. 125–153.
Schon, D. (1967), Technology and Change, New York, NY: Delacorte.
Sharma, S. (1996), Applied Multivariate Techniques, New York, NY: Wiley.
Siegel, C.A., Sagalow, T.R. and Serritella, P. (2002), “Cyber-Risk Management: Technical and Insurance Controls for Enterprise-level Security”, Security management practices, Sept./Oct. pp.33–49.
Sitkin S.B. and Weingart, L.R. (1995), “Determinants of risky decision-making behavior: a test of the mediating role of risk perceptions and propensity”, Academy of Management Journal, Vol. 38, No. 6, pp.1573–1592.
Straub, D., Limayem, M. and Karahanna-Evaristo, E. (1995), “Measuring System Usage: Implications for IS Theory Testing”, Management Science, Vol. 41, No. 8, pp. 1328–1342.
Straub, D.W. (1986), “Computer abuse and computer security: Update on an empirical study”, Security, Audit, and Control Review, Vol. 4, No. 2, pp.21–31.
Straub, D.W. (1990), “Effective IS Security: An Empirical Study”, Information Systems Research, Vol. 1 No. 3, Sept., pp.255–276.
Straub, D.W. and Nance, W.D. (1990), “Discovering and disciplining computer abuse in organization: A field study”, MIS Quarterly, March, pp.45–55.
Straub, D.W. and Welke, R.J. (1998), “Coping with systems risk: security planning models for management decision making”, MIS Quarterly, Vol. 22, No. 4, December, pp.441–469.
Suh, B. and Han, I. (2003), “The IS risk analysis based on a business model”, Information & Management, Vol. 41, pp. 149–158.
Szajna, B. (1996), “Empirical Evaluation of the Revised Technology Acceptance Model”, Management Science, Vol. 42, No. 1, pp. 85–92.
Taylor, S. and Todd, P. (1995a), “Understanding Information Technology Usage: A Test of Competing Models”, Information Systems Research, Vol. 6, No. 2, pp. 144–176.
Taylor, S. and Todd, P. (1995b), “Assessing IT usage: The Role of Prior Experience”, MIS Quarterly, Vol. 19, No. 4, pp. 561–570.
Teng, J.T.C., Grover, V. and Guttler, W. (2002), “Information Technology Innovations: General Diffusion Patterns and Its Relationships to Innovation Characteristics”, IEEE Transactions on Engineering Management, Vol. 49, No. 1, pp. 13–27.
Teo, T.S.H., Lim, V.K.G. and Lai, R.Y.C. (1999), “Intrinsic and extrinsic motivation in internet usage”, OMEGA International Journal of Management Science, Vol. 27, No. 1, pp. 25–37.
Thompson, R.L., Higgins, C. and Howell, J.M. (1991), “Personal Computing: Toward a Conceptual Model of Utilization”, MIS Quarterly, Vol. 15, No. 1, pp. 125–143.
Thomson, M. E. and von Solms, R. (1998), “Information Security awareness: educating your users effectively”, Information Management & Computer Security, Vol. 6, No. 4, pp. 167–173.
Thong, J.Y.L. and Yap, C.S. (1995), “CEO Characteristics, Organizational Characteristics, and Information Technology Adoption in Small Businesses”, OMEGA, Vol. 23, No. 4, pp. 249–442.
Thong, J.Y.L., Yap, C.S., and Raman, K.S. (1996), “Top management support, external expertise and information systems implementation in small businesses”, Information Systems Research, Vol. 7, No. 2, pp. 248–267.
Tornatzky, L.G. and Klein, K.J. (1982), “Innovation characteristics and innovation adoption-implementation: a meta analysis of findings”, IEEE Transactions on Engineering Management, Vol. 29 No. 11 pp. 28–45.
Utterback, J.M. (1971), “The Process of Technological Innovation within the Firm”, Academy of Management Journal, Vol. 14, pp. 75–88.
Utterback, J.M. (1974), “Innovation in Industry and the Diffusion of Technology”, Management Science, Vol. 183, No. 4125 pp. 620–626.
Venkatesh, V. and Davis, F.D. (2000), “A Theoretical Extension of the Technology Acceptance Model: Four Longitudinal Field Studies”, Management Science, Vol. 46, pp. 186–204.
Venkatesh, V., Morris, M.G., Davis, G.B. and Davis, F.D. (2003), “User Acceptance of Information Technology: Toward a Unified View”, MIS Quarterly, Vol. 27, No. 3, pp. 425–478.
Von Solms R., van de Haar, H., von Solms, S.H. and Caelli, W.J. (1994), “A framework for information security evaluation”, Information & Management, Vol. 26, pp. 143-153.
Von Solms, R. (1999), “Information Security Management: why standards are important”, Information Management & Computer Security, Vol. 7, No.1, pp. 50–57.
Von Solms, B. (2005), “Information Security governance: COBIT or ISO17799 or both?” Computer & Security, Vol. 24, pp. 99–104.
Von Solms, B. and von Solms, R. (2004), “The 10 deadly sins of information security management”, Computer & Security, Vol. 23, pp. 371–376.
Von Solms, R. (1996), “Information Security Management: The Second Generation”, Computers & Security, Vol. 15, No. 4, pp. 281–288.
Vroom, C. and von Solms, R. (2004), “Towards information security behavioral compliance”, Computers & Security, Vol. 23, pp.191–198.
Weber, R. (1987), EDP Auditing: Conceptual foundations and practice, New York, NY: McGraw-Hill.
White, G. B., Fisch, E. A. and Pooch, U.W. (1996), Computer system and network security, Boca Raton, FL: CRC Press.
Whitman, M.E. and Mattord, H.J. (2003), Principles of information security, Canada, Thomson.
Whitman, M.E. (2003), “Enemy at the Gates: Threats to Information Security”, Communication of the ACM, August, Vol. 46, No.8, pp.91–95.
Whitman, M.E. (2004), “In defense of the realm: understanding the threats to information security”, International Journal of Information Management, Vol. 24, pp.43–57.
Wood, C.C. (1987), “Information systems security: Management success factors”, Computers & Security, Vol. 6, No. 4, pp.314–320.
Yeh, Q.J. and Chang, A.J.T. (2006a), “Information Security Strategy to Businesses in Different Sectors and Computerization Levels”, Journal of Information Management, Vol. 13, No. 2, pp. 113–143 [In Chinese].
Yeh, Q.J. and Chang, A.J.T. (2006b), “Proliferation of Computers among Taiwanese SMEs”, International Journal of Entrepreneurship and Innovation Management, Accepted, Forthcoming.
Zviran, M and Haga, W. (1999), “Password security: An empirical study”, Journal of Management Information Systems, Vol. 15, No. 4, pp. 161–185.
Zmud, R.W. (1984), “An examination of push-pull theory applied to process innovation in knowledge work”, Management Science, Vol. 30, No. 6, pp. 727–738.
Ølnes, J. (1994), “Development of security policies”, Computers & Security, Vol. 13, pp. 628–636.