摘要
为了明确治理机制如何规范和促进企业信息安全管理,探讨了治理机制(包括契约治理和关系治理),制度化(包括识别、履行和内化)和信息安全绩效之间的关系。以国内通过信息安全管理体系认证的企业为调研对象,采用Smart PLS2.0对148份有效问卷进行统计分析。结果表明:契约治理对制度化的履行有显著正向影响;关系治理对制度化的识别和内化有显著正向影响,这同时表明契约治理和关系治理的互补性;识别、履行和内化对信息安全绩效有显著正向影响。
To clarify how governance mechanism normalize and prompt information security management, the relationship between governance mechanism, institutionalization, and information security performance was explored. The data was collected from enterprises which have passed the certification of information security management system, and 148 samples were analyzed by Smart PLS 2.0. The results show that contractual governance has a positive effect on implementation ; relational governance has a positive effect on identification and internalization, thus, contractual and relational governance are complementary. In addition, identification, implementation, and internalization have a positive effect on information security performance.
作者
甄杰
谢宗晓
林润辉
ZHEN Jie;XIE Zong-xiao;LIN Run-hui(School of Business Planning, Chongqing Technology and Business University, Chongqing 400067, China;China Financial Certification Authority, Beijing 100054, China;Business School, Nankai University, Tianjin300071, China)
出处
《工业工程与管理》
CSSCI
北大核心
2018年第3期171-176,191,共7页
Industrial Engineering and Management
基金
国家自然科学基金重大资助项目(71132001)
国家自然科学基金面上资助项目(71672123)
重庆市基础科学与前沿技术研究资助项目(cstc2017cjyjAX0441)
重庆市社会科学规划资助项目(2017QNGL55)
重庆工商大学校内科研资助项目(1751030)
关键词
信息安全
治理机制
制度化
信息安全绩效
information security
governance mechanism
institutionalization
information security performance
