An Exploratory Study on the Influence of Role Conflict on Information Security Awareness under the Organization Realignment－An Example of A Unit in Taiwan Government

• Main Authors: Yuan-Hsing Kung, 龔元興
• Other Authors: Gen-Yih Liao
• Format: Others
• Language: zh-TW
• Published: 2007
• Online Access: http://ndltd.ncl.edu.tw/handle/50516745215355503467

碩士 === 長庚大學 === 資訊管理研究所 === 95 === In order to promote competitiveness, most businesses undertook organization reformation or staff reduction. Not only did this phenomenon take place in private sectors, but also in the public sectors to pursuit the world trend. Organization downsizing in the international trend has led governments to realign, restructure and redefine the organization, which was expected to enhance efficiency. There is one unit under the Taiwan Department of Defense (DoD) that follows the order of DoD to restructure organization. The unit integrates the information management section and information audit section to form a new “Information Security section” which is in charge of the system maintenance and information auditing duties. The rapid development of computer and internet has changed the human societies. IT went from being a “nice to have” to a “must have”. The side effects of IT sneak into every organization in the human societies as well. The worst one is the threat against information security; however, the user behavior is one of the most important factors. After reviewing the past articles and papers, we found most focus on attack prevention, data encryption, and electronic business security mechanism, but few have targeted on discussions in terms of roles conflict and its influences on the information unit and the information security awareness of those roles. Therefore, this thesis adopts Qualitative Data Analysis to deeply understand the influences of role conflict on information security awareness in the public sector. After the exploration, the key findings are as follow: 1. Information security role is easy to be replaced by information management role. The information management personnel is much more demanded by information security staff than information management personnel relies on the information security staff. 2. After the units merge, the information mangement role is powerful and not under appropriate control and there is no proper separation of duties between information management role and information security role. We argue that this may lead to the information security events. 3. Role conflict factors of Intersender conflict-work coordination difficulty positively leads to the information security awareness factors of lack of correct security knowledge and lack of comprehension of information security responsibilities. Correct behavior conduction is tied to Intrasender conflict factors and interpersonal relationship, worker resources and skill decreasing. 4. Role conflict factor of Intrasender conflict is positively tied to the information security awareness factors of denying information security policy and correct behavior conduction. 5. Role conflict factor of Intersender conflict- work coordination difficulty is negatively tied to the information security awareness factors of correct behavior conduction and negative attitude. Work load increasing is negatively tied to denying information security policy. 6. Role conflict factors of Intrasender conflict-cognitive dissonance and Person-role conflict- worker resources decreasing are negatively tied to the information security awareness factors of obtaining correct information knowledge, comprehension of information security method, and negative attitude. The suggestions in this article to the studied unit are: 1. When performing the organization realignment, it is suggested that government take account of the information policy, and should emphasize the effects of role conflict may impact on the relevant personnel. The interpersonal relationship and the information security awareness between the roles will impact the organization as well. The government department must be devoted to systematic improvement and take advantage of conflict management techniques to prevent the negative influences on information security awareness caused by the role conflict. 2. Role conflict may elevate the information security awareness, but one, on the contrary, may escape from the policies and cover mistakes made by others. It is suggested that the studied unit should draw up a rigid inter-auditing mechanism. The administration authority should be distributed to avoid non-security events.