企业信息安全策略遵从性的影响因素研究

Research on Influencing Factors of Enterprise Information Security Strategy Compliance

随着社会经济与信息技术的发展,企业进行信息交流与沟通的途径逐渐多样化。但与此同时,企业的信息安全也面临着多重威胁。近些年来频繁发生在企业中的信息安全案例比比皆是,因此信息安全是企业当下必须重视的一个问题。而企业成员作为企业的主要组成部分,其是否遵从企业的信息安全策略对企业来说十分重要。本研究依据隐私计算理论构建研究模型,深入探究了信息安全策略遵从性的影响因素,并进行了相关的实证分析。本研究主要采用文献研究法、问卷调查法、统计分析法三种方法。根据相关文献研究,确定研究变量与研究模型,最终回收到有效问卷440份。本研究根据SPSS对回收的数据进行统计分析发现:遵从的感知成本、遵从的感知收益、不遵从的感知成本和隐私关注对企业成员的态度造成了显著影响,企业成员的态度对策略遵从性有显著影响。其中企业成员的态度作为中介变量,对遵从的感知收益起到部分中介作用,对遵从的感知成本、不遵从的感知成本和隐私关注起到完全中介作用。通过对研究结果的探讨,本文总结了研究结论并对企业的信息安全管理人员提出了合理建议。With the development of social economy and information technology, the ways for enterprises to communicate and exchange information are gradually diversifying. But at the same time, the enterprise’s information security is also facing multiple threats. In recent years, information security cases frequently occur in enterprises everywhere, so information security is an issue that enterprises must pay attention to at present. As the main part of the enterprise, it is very important for the enterprise whether its members comply with the enterprise’s information security strategy. This study constructs a research model based on privacy computing theory, deeply explores the influencing factors of information security strategy compliance, and makes relevant empirical analysis. This study mainly adopts three methods: literature research, questionnaire survey and statistical analysis. According to the relevant literature research, the research variables and research models were determined, and 440 valid questionnaires were finally recovered. Based on the statistical analysis of the recovered data by SPSS, this study found that the perceived cost of compliance, the perceived benefit of compliance, the perceived cost of non-compliance and privacy concerns have a significant impact on the attitude of enterprise members, and the attitude of enterprise members has a significant impact on strategy compliance. Among them, the attitude of enterprise members, as an intermediary variable, plays a partial intermediary role in the perceived benefits of compliance, and a complete intermediary role in the perceived costs of compliance, non-compliance and privacy concerns. Through the discussion of the research results, this study summarizes the research conclusions and puts forward reasonable suggestions to the enterprise’s information security managers.