資料載入中.....
|
請使用永久網址來引用或連結此文件:
https://nccur.lib.nccu.edu.tw/handle/140.119/159458
|
| 題名: | 高等教育機構資訊安全管理關鍵指標系統權重之探究
A Weighing Analysis of The Key Success Indicators in The Implementation of Information Security Management in Higher Education Institutions |
| 作者: | 朱玲瑛
Chu, Lin-Yin |
| 貢獻者: | 莊俊儒
朱玲瑛
Chu, Lin-Yin |
| 關鍵詞: | 高等教育機構
資訊安全管理
層級分析法
Higher Education Institutions
Information Security Management
Analytic Hierarchy Process (AHP) |
| 日期: | 2025 |
| 上傳時間: | 2025-09-01 17:09:39 (UTC+8) |
| 摘要: | 在AI帶來全球數位科技迅速進程與COVID-19疫情推動數位轉型的雙重影響下,高等教育機構面臨教育服務創新與資訊安全風險並存的重大挑戰。如何在推動數位創新與維護資訊安全之間取得平衡,已成為當前高等教育機構不可忽視的重要議題。
本研究旨在發掘高等教育機構導入資訊安全管理系統 (ISMS) 的主要挑戰,並辨識影響其成功導入的關鍵因素指標,以提升校園資訊安全水準。研究中運用文獻探討篩選出「政府」、「治理」、「管理」、以及「組織」等四大構面共16項次指標,並透過層級分析法 (AHP) 進行一致性檢驗與權重計算。結果顯示各構面相對權重依序為管理、治理、政府、組織;而「資安技術」、「風險管理」與「安全政策」則為最重要的三大因素。研究建議高等教育機構優先投入資源於上述高權重指標,建立上下一致的治理與組織文化推動機制,配合定期風險評估與技術升級,以達資訊安全有效管理與持續改善的目的。此一實證架構可做為高等教育機構評估與優化資訊安全管理之參考,並協助其建立更有效資訊安全管理策略,提升資安風險控管能力,強化資訊保護機制。
Amid the rapid global advancement driven by artificial intelligence and the accelerated digital transformation prompted by the COVID-19 pandemic, higher education institutions are increasingly challenged to balance educational service innovation with growing information security risks. Striking an effective balance between digital innovation and information security has become a pressing issue for institutions of higher learning.
This study explores the key challenges faced by higher education institutions in implementing Information Security Management Systems (ISMS) and identifies the critical success factors that influence effective adoption, with the aim of enhancing campus information security. Drawing from a comprehensive literature review, the study categorizes 16 sub-criteria into four major dimensions: Government, Governance, Management, and Organization. The Analytic Hierarchy Process (AHP) is employed to assess consistency and determine the relative weight of each criterion.
The findings indicate that the Management dimension holds the highest relative importance, followed by Governance, Government, and Organization. Among all factors, Information Security Technology, Risk Management, and Security Policy are identified as the top three priorities. Based on these results, the study recommends that higher education institutions concentrate resources on these high-weighted indicators, establish unified governance and organizational culture mechanisms, and conduct regular risk assessments and technical upgrades. These measures are essential to achieving effective and sustainable information security management.
This empirical framework provides a valuable reference for evaluating and optimizing information security strategies in higher education, thereby strengthening risk control capabilities and enhancing overall information protection. |
| 參考文獻: | 壹、中文文獻
大前研一 (1987)。策略家的智慧(黃宏義譯)。長河出版社。 (原著出版於1985年)
司徒達賢 (1994)。策略矩陣分析法基礎。管理評論,13(2),1-22。
吳佩旻 (2023年2月21日)。全球正在興起的3大高教變革:未來大學的新關鍵。天下學習。https://www.cheers.com.tw/talent/article.action?id=5101631
李美娜 (2009)。資訊安全管理系統導入 A 大學之成效探究〔未出版之碩士論文〕。世新大學資訊管理學研究所 (含碩專班)。
吳思華 (1984)。產業特質與企業經營策略關係之研究〔未出版之碩士論文〕。國立政治大學企業管理研究所。https://doi:10.6656/MR.1994.13.2.CHI.1
吳家豪(2023年5月15日)。台灣受網路攻擊次數居各國之首,各組織每週遭受3250次攻擊。關鍵評論。https://www.cna.com.tw/news/ait/202305150078.aspx
吳清山 (2020)。新冠肺炎疫情時代教育治理之探究。Journal of Educational Administration,27,1-28。
李著華 (2022年5月17日)。拉上鐵門-157年美國學院永久關門了。芝加哥時報。https://chicagochinesetimes.com/2022/05/17/
林志勇 (2008)。以 ISO27001 為基礎校園資訊安全管理之研究〔未出版之碩士論文〕。大葉大學資訊管理學系碩士在職專班。
許又云 (2008)。高中職學校資訊安全管理現況探討-以北區高中職為例〔未出版之碩士論文〕。國立中央大學資訊管理學系碩士在職專班。
教育部 (2016)。教育程度標準分類第5次修正版。https://depart.moe.edu.tw/ed4500/cp.aspx?n=A2790260857AA541
教育部 (2018)。大學法。https://edu.law.moe.gov.tw/LawContent.aspx?id=FL008606&kw=%E5%A4%A7%E5%AD%B8%E6%B3%95
教育部 (2018)。專科學校法。https://edu.law.moe.gov.tw/LawContent.aspx?id=FL008696
温文忠 (2008)。建構資訊安全管理機制作業流程之研究──以某大學系所為例〔未出版之碩士論文〕。開南大學資訊管理學系碩士班。
潘天佑 (2012)。資訊安全概論與實務 (第三版)。碁峰資訊股份有限公司。
練兆欽 (2010)。軍事機關導入 ISO 27001 資訊安全管理成功因素之研究〔未出版之碩士論文〕。國防大學管理學院資訊管理學系碩士班在職組。
數位發展部 (2017)。資通安全管理法。https://law.moj.gov.tw/LawClass/LawAll.aspx?pcode=A0030297
鄧振源 (2005)。 計畫評估: 方法與應用(二版)。國立臺灣海洋大學運籌規劃與管理研究中心。
鄧振源、曾國雄 (1989)。層級分析法 (AHP) 的內涵特性與應用 (上)。中國統計學報,27 (7),13767-13786。
鄧振源、曾國雄 (1989)。層級分析法 (AHP) 的內涵特性與應用 (下)。中國統計學報,27 (7),13767-13870。
貳、英文文獻
Abu-Salma, R., Krol, K., Parkin, S., Koh, V., Kwan, K., Mahboob, J., ... & Sasse, M. A. (2017, April). The security blanket of the chat world: An analytic evaluation and a user study of telegram. In Proceedings of the EuroUSEC '17. Internet Society. https://doi.org/10.14722/eurousec.2017.23006
Adamos, K., Di Franco, F., & Grammatopoulos, A. (2023). An analysis of European union cybersecurity higher education programs through the crowd-sourced database CyberHEAD. IEEE Security & Privacy, 21(5), 85-94. https://doi.org/10.1109/MSEC.2023.3299348
AlDaajeh, S., Saleous, H., Alrabaee, S., Barka, E., Breitinger, F., & Choo, K. K. R. (2022). The role of national cybersecurity strategies on the improvement of cybersecurity education. Computers & Security, 119, 102754. https://doi.org/10.1016/j.cose.2022.102754
AL-Dosari, K., & Fetais, N. (2023). Risk-management framework and information-security systems for small and medium enterprises (SMES): A meta-analysis approach. Electronics, 12(17), 3629. https://doi.org/10.3390/electronics12173629
Alexei, L. A., & Alexei, A. (2021). Cyber security threat analysis in higher education institutions as a result of distance learning. International Journal of Scientific and Technology Research, 10(3), 128-133.
Aliyu, A., Maglaras, L., He, Y., Yevseyeva, I., Boiten, E., Cook, A., & Janicke, H. (2020). A holistic cybersecurity maturity assessment framework for higher education institutions in the United Kingdom. Applied Sciences, 10(10), 3660. https://doi.org/10.3390/app10103660
Almomani, I., Ahmed, M., & Maglaras, L. (2021). Cybersecurity maturity assessment framework for higher education institutions in Saudi Arabia. PeerJ Computer Science, 7, e703. https://doi.org/10.7717/peerj-cs.703
Alqahtani, M. A. (2022). Cybersecurity awareness based on software and e‐mail security with statistical analysis. Computational Intelligence and Neuroscience, 2022(1), 6775980. https://doi.org/10.1155/2022/6775980
Alsharida, R. A., Al-rimy, B. A. S., Al-Emran, M., & Zainal, A. (2023). A systematic review of multi perspectives on human cybersecurity behavior. Technology in Society, 73, 102258. https://doi.org/10.1016/j.techsoc.2023.102258
Althonayan, A., & Andronache, A. (2018, September). Shifting from information security towards a cybersecurity paradigm. In Proceedings of the 2018 10th International Conference on Information Management and Engineering (pp. 68-79). ACM. https://doi.org/10.1145/3285957.3285971
Alwahaibi, A., Bin, W., Hassa, W., Basri, W., Wan Ismail, W. B., & Almamari, M. (2022). A systematic literature review on it security standards for higher education institution. Journal of Tianjin University Science and Technology 55(7), 194-213. https://doi.org/10.17605/OSF.IO/F935H
Alzahrani, L. (2021). Statistical analysis of cybersecurity awareness issues in higher education institutes. International Journal of Advanced Computer Science and Applications, 12(11), 630-637. https://doi.org/10.14569/IJACSA.2021.0121172
Amine, A. M., Chakir, E. M., Issam, T., & Khamlichi, Y. I. (2023). A review of cybersecurity management standards applied in higher education institutions. International Journal of Safety & Security Engineering, 13(6), 1109-1116. https://doi.org/10.18280/ijsse.130614
Azmoodeh, A., Dehghantanha, A., Conti, M., & Choo, K. K. R. (2018). Detecting crypto-ransomware in IoT networks based on energy consumption footprint. Journal of Ambient Intelligence and Humanized Computing, 9(4), 1141-1152. https://doi.org/10.1007/s12652-017-0558-5
Bansal, B., Jenipher, V. N., Jain, R., Dilip, R., Kumbhkar, M., Pramanik, S., ... & Gupta, A. (2022). Big data architecture for network security. In Cyber Security and Network Security (pp. 233-267). Wiley Data and Cybersecurity. https://doi.org/10.1002/9781119812555.ch11
Barik, K., Misra, S., Konar, K., Fernandez-Sanz, L., & Koyuncu, M. (2022). Cybersecurity deep: Approaches, attacks dataset, and comparative study. Applied Artificial Intelligence: AAI, 36(1). https://doi.org/10.1080/08839514.2022.2055399
Barnard, C. I. (2003). Organization and management: Selected papers (1st ed.). Routledge.
Bilge, L., & Dumitraş, T. (2012, October). Before we knew it: An empirical study of zero-day attacks in the real world. In Proceedings of the 2012 ACM conference on Computer and communications security (pp. 833-844). ACM
Bishop, P., Bloomfield, R., Clement, T., Guerra, S., & Jones, C. (2003, September). Integrity static analysis of COTS/SOUP. In International Conference on Computer Safety, Reliability, and Security (pp. 63-76). Springer Berlin Heidelberg.
Bongiovanni, I. (2019). The least secure places in the universe? A systematic literature review on information security management in higher education. Computers & Security, 86, 350–357. https://doi.org/10.1016/j.cose.2019.07.003
Boynton, A. C., & Zmud, R. W. (1984). An assessment of critical success factors. Sloan Management Review, 25(4), 17-27.
Cappelli, D. M., Moore, A. P., & Trzeciak, R. F. (2012). The CERT guide to insider threats: how to prevent, detect, and respond to information technology crimes (Theft, Sabotage, Fraud). Addison-Wesley.
Chang, S.-I., Chang, L.-M., & Liao, J.-C. (2020). Risk factors of enterprise internal control under the internet of things governance: A qualitative research approach. Information & Management, 57(6), 103335. https://doi.org/10.1016/j.im.2020.103335
Chauvot, J. B., Gurkan, D., & Horn, C. (2023). Exploring network security educator knowledge. Journal of Cybersecurity Education, Research and Practice, 2023(2), 6. https://doi.org/10.32727/8.2023.20
Cheng, E. C., & Wang, T. (2022). Institutional strategies for cybersecurity in higher education institutions. Information, 13(4), 192. https://doi.org/10.3390/info13040192
Chhetri, I. T. (2022). Cybersecurity and governance, risk and compliance (grc). Australian Journal of Wireless Technologies, Mobility and Security, 1. Retrieved from https://ausjournal.com/index.php/j/article/view/36
Coenraad, M., Pellicone, A., Ketelhut, D. J., Cukier, M., Plane, J., & Weintrop, D. (2020). Experiencing cybersecurity one game at a time: A systematic review of cybersecurity digital games. Simulation & Gaming, 51(5), 586–611. https://doi.org/10.1177/1046878120933312
Commons, J. R. (1934). Institutional economics: Its place in political economy. Macmillan.
Crumpler, W., & Lewis, J. A. (2022). Cybersecurity workforce gap. Center for Strategic and International Studies (CSIS).
Daghouri, A., & Mansouri, K. (2024, April). A hierarchical model of information system security metrics in the education sector: An AHP-Based Approach. In International Conference on Smart Medical, IoT & Artificial Intelligence (pp. 252-260). Springer Nature Switzerland.
Daniel, D. W. (1961). Management information crisis. Havard Business Review, 39, 111-121.
Dantu, R., Kolan, P., & Cangussu, J. (2009). Network risk management using attacker profiling. Security and Communication Networks, 2(1), 83-96. https://doi.org/10.1002/sec.58
Diesch, R., Pfaff, M., & Krcmar, H. (2020). A comprehensive model of information security factors for decision-makers. Computers & Security, 92, 101747. https://doi.org/10.1016/j.cose.2020.101747
Don Appuhamilage, S. P., & Rathnayake, R. M. D. U. (2023). Gap analysis of information security management systems in Sri Lankan higher education institutes. Masteral Thesis. Retrieved from https://urn.kb.se/resolve?urn=urn:nbn:se:ltu:diva-98412
Ekoteson, R. (2024). Effective strategies university information technology leaders use to prevent or mitigate cyberattacks’ costs (Doctoral dissertation, Walden University).
Fouad, N. S. (2021). Securing higher education against cyberthreats: from an institutional risk to a national policy challenge. Journal of Cyber Policy, 6(2), 137–154. https://doi.org/10.1080/23738871.2021.1973526
Gillies, A. (2011). Improving the quality of information security management systems with ISO27000. The TQM Journal, 23(4), 367-376. https://doi.org/10.1108/17542731111139455
Greitzer, F. L., & Hohimer, R. E. (2011). Modeling human behavior to anticipate insider attacks. Journal of Strategic Security, 4(2), 25-48. https://doi.org/10.5038/1944-0472.4.2.2
Hadnagy, C. (2018). Social engineering: The science of human hacking. Wiley.
Han, J., & Hovav, A. (2013). To bridge or to bond? Diverse social connections in an IS project team. International Journal of Project Management, 31(3), 378-390. https://doi.org/10.1016/j.ijproman.2012.09.001
Hofer, C., & Schendel, D. (1977). Strategy formulation: Analytical concepts. West Publishing.
Ifinedo, P. (2012). Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory. Computers & Security, 31(1), 83-95. https://doi.org/10.1016/j.cose.2011.10.007
ISO/IEC. (2022). Information security, cybersecurity and privacy protection — Information security management systems: Requirements (ISO/IEC 27001:2022). International Organization for Standardization.
Karpiuk, M. (2021). Organisation of the national system of cybersecurity: Selected issues. Studia Iuridica Lublinensia, 30(2), 233-244.
Kerner, S. M. (2022). 34 cybersecurity statistics to Lose sleep over in 2022. TechTarget. https://www.techtarget.com/whatis/34-Cybersecurity-Statistics-to-Lose-Sleep-Over-in-2020/
Khader, M., Karam, M., & Fares, H. (2021). Cybersecurity awareness framework for academia. Information, 12(10), 417. https://doi.org/10.3390/info12100417
Kharaz, A., Arshad, S., Mulliner, C., Robertson, W., & Kirda, E. (2016). A large-scale, automated approach to detecting ransomware. In 25th USENIX security symposium (USENIX Security 16) (pp. 757-772). UNVEIL.
Kondo, D., Andrzejak, A., & Anderson, D. P. (2008, September). On correlated availability in internet-distributed systems. In 2008 9th IEEE/ACM International Conference on Grid Computing (pp. 276-283). IEEE.
Kwon, J., & Johnson, M. E. (2013). Security practices and regulatory compliance in the healthcare industry. Journal of the American Medical Informatics Association, 20(1), 44-51. https://doi.org/10.1136/amiajnl-2012-000906
Leidecker, J. K., & Bruno, A. V. (1984). Identifying and using critical success factors. Long Range Planning, 17(1), 23-32.
https://doi.org/10.1016/0024-6301(84)90163-8
Leiner, B. M., Cerf, V. G., Clark, D. D., Kahn, R. E., Kleinrock, L., Lynch, D. C., ... & Wolff, S. (2009). A brief history of the Internet. ACM SIGCOMM Computer Communication Review, 39(5), 22-31. https://doi.org/10.1145/1629607.1629613
Li, Y., & Liu, Q. (2021). A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments. Energy Reports, 7, 8176-8186. https://doi.org/10.1016/j.egyr.2021.08.126
Martin, F., Bacak, J., Byker, E. J., Wang, W., Wagner, J., & Ahlgrim-Delzell, L. (2023). Examination of cybersecurity technologies, practices, challenges, and wish list in K-12 school districts. Journal of Cybersecurity Education, Research and Practice, 2023(1), 8. https://doi.org/10.32727/8.2023.9
Mlekus, L., Bentler, D., Paruzel, A., Kato-Beiderwieden, A. L., & Maier, G. W. (2020). How to raise technology acceptance: user experience characteristics as technology-inherent determinants. Organisation. Zeitschrift für Angewandte Organisationspsychologie (GIO), 51(3), 273-283.
Moustafa, A. A., Bello, A., & Maurushat, A. (2021). The role of user behaviour in improving cyber security management. Frontiers in Psychology, 12, 561011. https://doi.org/10.3389/fpsyg.2021.561011
Paul, B. (2023). Writer, X tech writer, privacy advocate and VPN expert updated. https://www.comparitech.com/blog/vpn-privacy/can-i-get-banned-twitter-x-using-vpn/
Pollalis, Y. A., & Frieze, I. H. (1993). A new look at CSF in IT. Information Strategy: The Executive’s Journal, 10(1), 24-34.
Powell, C. (2003). The Delphi technique: Myths and realities. Journal of Advanced Nursing, 41(4), 376-382. https://doi.org/10.1046/j.1365-2648.2003.02537.x
Ranjbar, M., & Effati, S. (2023). Group decision making in the analytic hierarchy process by hesitant fuzzy numbers. Scientific Reports, 13(1), 21864. https://doi.org/10.1038/s41598-023-49076-3
Rockart, J. F. (1979). Chief executives define their own data needs. Harvard Business Review, 57(2), 81-93.
Saaty, T. L. (2008). Decision making with the analytic hierarchy process. International Journal of Services Sciences, 1(1), 83-98.
Shahzad, M., Shafiq, M. Z., & Liu, A. X. (2012, June). A large scale exploratory analysis of software vulnerability life cycles. In 2012 34th International Conference on Software Engineering (ICSE) (pp. 771-781). IEEE.
Shlomo, A., Kalech, M., & Moskovitch, R. (2021). Temporal pattern-based malicious activity detection in SCADA systems. Computers & Security, 102, 102153. https://doi.org/10.1016/j.cose.2020.102153
Stallings, W. (2017). Security for the Internet of Things. In Computer and Information Security Handbook (pp. 339-348). Morgan Kaufmann.
Tao, X., Kong, K., Zhao, F., Cheng, S., & Wang, S. (2020). An efficient method for network security situation assessment. International Journal of Distributed Sensor Networks, 16(11). https://doi.org/1550147720971517
Tavana, M., Soltanifar, M., & Santos-Arteaga, F. J. (2023). Analytical hierarchy process: Revolution and evolution. Annals of Operations Research, 326(2), 879-907. https://doi.org/10.1007/s10479-021-04432-2
Tayaksi, C., Ada, E., Kazancoglu, Y., & Sagnak, M. (2022). The financial impacts of information systems security breaches on publicly traded companies: Reactions of different sectors. Journal of Enterprise Information Management, 35(2), 650-668. https://doi.org/10.1108/JEIM-11-2020-0450
Tolah, A., Furnell, S. M., & Papadaki, M. (2021). An empirical analysis of the information security culture key factors framework. Computers & Security, 108, 102354. https://doi.org/10.1016/j.cose.2021.102354
Tsaregorodtsev, A. V., Lvovich, I. Y., Shikhaliev, M. S., Zelenina, A. N., & Choporov, O. N. (2019). Information security management for cloud infrastructure. International Journal on Information Technologies & Security, 11(3).
Wang, N., Ren, Z., Zhang, Z., & Fu, J. (2022). Evaluation and prediction of higher education system based on AHP-TOPSIS and LSTM neural network. Applied Sciences, 12(10), 4987. https://doi.org/10.3390/app12104987
Whitson, G. (2003). Computer security: Theory, process and management. Journal of Computing Sciences in Colleges, 18(6), 57-66.
Wijayanto, H., & Prabowo, I. A. (2020). Cybersecurity vulnerability behavior scale in college during the covid-19 pandemic. Jurnal Sisfokom (Sistem Informasi dan Komputer), 9(3), 395-399. https://doi.org/10.32736/sisfokom.v9i3.1021
Zyoud, S. H., & Fuchs-Hanusch, D. (2017). A bibliometric based survey on AHP and TOPSIS techniques. Expert Systems with Applications, 78, 158-181. https://doi.org/10.1016/j.eswa.2017.02.016 |
| 描述: | 碩士
國立政治大學
學校行政碩士在職專班
111911009 |
| 資料來源: | http://thesis.lib.nccu.edu.tw/record/#G0111911009 |
| 資料類型: | thesis |
| 顯示於類別: | [學校行政碩士在職專班] 學位論文
|
文件中的檔案:
| 檔案 |
大小 | 格式 | 瀏覽次數 |
|---|
| 100901.pdf | 2037Kb | Adobe PDF | 0 | 檢視/開啟 |
|
在政大典藏中所有的資料項目都受到原著作權保護.
|
