隨著網際網路的興起，資訊科技也隨之迅速發展與普及，現代社會大量應用網際網路與資訊科技來使生活更便利有效率。我國政府順應時勢推動電子化政府，至今已十逾年，順利完成政府網路基礎建設與政府網路應用推廣等。而在諸多便利的背後，資訊安全便成為資訊化社會不容忽視的重要議題。過去的資訊安全相關研究，多以技術面防護之研究為主，然而，日新月異的資訊安全問題已非單單利用技術就能化解，在面臨技術沒有具體解決方案的資安問題時，便突顯了在「非技術性」的資安研究議題是重要且貧乏的。有鑑於資安行為構面的研究缺乏，本研究希望利用制度理論之觀點從管理及行為面的觀點來探討組織與個人在資安管理中的行為表現，進而了解整體資安環境對於形塑組織與個人資安行為的影響因素。
　　透過質性研究之個案研究的方式，以我國政府機關在執行「郵件社交工程演練」的過程以及過中程所發生的現象為觀察重點，並利用制度理論的觀點，瞭解普遍存在於公務機關乃至民間企業中「上有策政，下有對策」的現象發生的背後原因，並分析在此一演練過程中包含整體資安環境因素、組織內部的因素乃至個人本身的因素都影響著郵件社交工程演練的執行成效，其中政府機關所處的資安環境是影響組織及個人的資安行為的最大來源，而個人資安認知及行為的體現則會受到組織的介入影響，造成最後呈現出的演練數據失真。分析在此一過程中整體環境、組織及個人的因素與現象的連結，並從中推導出政府機關在郵件社交工程演練過程中的行為模式，期望透過此一行為模式的分析，使組織未來在資安管理上能做有意義改善之參考。

The information technology (IT) is developing rapidly and utilized widely to make our life more convenient and efficient because of the raise of Internet. Over the last two decades, the government was devoted to develop the infrastructures, promote several internet applications as an e-government service. The security issue, therefore, is important and should not be ignored. The former studies, which focuses on protecting by means of technologies, are not afford to figure out the security problems in the changing world. Accordingly, the studies on the issues in a non-technical aspect are not only important but also meager. This study provides the evidence that how environment affects organization and individual in the view of management and behavior aspects of the Institutional Theory.

Drawing on several cases of “E-mail Social Engineering Drill” from Taiwan’s government institutions, this thesis aims to explore effects of institutional factors in the whole process of drill through the perspectives of institutional theory to build up the research framework of the organization as the basis of the case study. Based on evidence from cases, the “environment” factor has the largest influences of “organization” and “individual” behavior. The individual cognitive and behavior, moreover, are affected by the interfering of the organization and finally leads unreal data. This study proposes a model that analyses the relationships between the environment, the organization and the individual behavior. With this model, furthermore, organizations can improve their security management.

中文部分
1.行政院研考會（2008），政府資訊作業委外安全參考指引
2.行政院研考會（2008），政府資訊作業委外安全參考指引實務導入報告
3.行政院國家資通安全會報（2009），行政院國家資通安全會報設置要點
4.行政院國家資通安全會報（2009），國家資通訊安全發展方案（98-101年）
5.經濟部標準檢驗局（2006），CNS 17799資訊技術-資訊安全管理系統規範
6.經濟部標準檢驗局（2006），CNS27001資訊技術-資訊安全管理系統規範
7.李勻等（2008），網路滲透測試，松崗
8.林水波（1999），組織理論（初版），智勝文化， p.186
9.賴家陽（2002），慈濟志業中心制度化分析，國立台灣大學政治學系研究所碩士論文
10.徐淑珍（2002），礦務局組織變遷之研究-制度理論觀點，國立政治大學行政公共學系碩士論文

英文部分
1.Abercrombie, N., Hill, S. & Turner, B. S. (1986), The Penguin Dictionary of Sociology (3rd ed.), Penguin Books.
2.DiMaggio, Paul J. & Walter W. Powell (1983), The Iron Cage Revisited: Institutional Isomorphism and Collective Rationality in Organizational Fields, American Sociological Review. 48, pp.147-160.
3.DiMaggio, Paul J. (1991), Constructing an Organization Field as a Professional Project：U.S. Art Museums, 1920-1940, Chicago：The University of Chicago Press, pp.267-292.
4.Deephouse, D. L. (1996), Does Isomorphism Legitimate? , Academy of Management Journal, Vol. 39, No. 4, pp.1024-1039.
5.Granovetter, M. (1985), Economic Action and Social Structure: the Problem of Embeddedness, American Journal of Sociology, 91, pp.481-510.
6.International Organization for Standardization (2005), Information Technology Security Techniques Information Security Management Systems Requirement, (ISO/IEC 27001: 2005), ISO: In-formation technology
7.Jepperson, R. C. (1991), Institutions, Institutional Effects and New Institutionalism in Organizational Analysis, Chicago: The University of Chicago Press, pp.108-142.
8.Jones, L.R. & Thompson, F. (1999), Public Management: Institutional Renewal for the Twenty-First Century, Stamford, CT: JAI Press.
9.Lin, N. (2001), Social Capital: a Theory of Social Structure and Action, New York: Cambridge University Press.
10.Meyer J. W. & Rowan, B. (1977), Institutionalized Organizations: Formal Structure as Myth and Ceremony, American Journal of Sociology, 83 (2), pp.340-363.
11.Meyer, J. W. (1983), Conclusion: Institutionalization and the Rationality of Formal Organizational Structure, in J. W. Meyer & R. W. Scott (eds.), Organizational Environments: Ritual and Rationality. Beverly Hills, CA: Sage. pp.261-282
12.North, D.C. (1990), Institutions, Institutional Change, and Economic Performance, Cambridge University Press.
13.Oliver, C. (1991), Strategic Responses to Institutional Process, Academy of Management Review, Vol. 16, pp.145-179.
14.Scott, W. R. (1987), The Adolescence of Institutional Theory, Administrative Science Quarterly, Vol. 32, pp.493-511.
15.Scott, W. R. (1992), Organizations: Rational, Natural, and Open Systems, 4th, London: Prentice-Hall.
16.Scott, W, R. (1995), Institutions and Organizations, Thousand Oaks, CA：Sage.
17.Selznick, P. (1996), Institutionalism “Old” and “New”, Administrative Science Quarterly, Vol. 41, pp. 270-277.
18.Selznick, P. (1949), TVA and the Grass Roots, Berkeley: University of California press.
19.Stinchcombe, A. L. (1965), Social Structure and Organizations, In March, J. G. (ed.), Handbook of Organizations, Chicago: Rand McNally.
20.Tolbert, P. S. and L. G. Zucker (1996), The Institutionalization of Institutional Theory, S. Clegg, C. Hardy, and W. R. Nord eds. Handbook of Organizational Studies. London: Sage, pp.175-190.
21.Tolbert, P.S. (1998), Institutional Sources of Organizational Culture in Major Law Firms, in Zucker, Lynne G.(eds.). Institutional Patterns and Organizations-Culture and Environment, pp.101-114
22.Yin. R. (1994), Case Study Research: Design and Methods (2nd ed.), Sage publication.
23.Zucker, L. G. (1987), Institutional Theories of Organization, Annual Review of Sociology, Vol.13, pp.443-64.

網站部份
1.行政院國家資通安全會報技術服務中心： http://www.icst.org.tw/index.aspx
2.行政院科技顧問組：http://www.stag.gov.tw/index.php。
3.英國大專與國立圖書館協會SCONUL：http://www.sconul.ac.uk/
4.資安人科技網「公務員避開郵件社交工程演練 引來新的危險」：
http://www.informationsecurity.com.tw/article/article_detail.aspx?aid=4987
5.趨勢科技-雲端運算安全趨勢部落格：http://domynews.blog.ithome.com.tw/
6.CT imes全球中文文化性電子產業社群平台：http://www.ctimes.com.tw/
7.i-security：http://www.i-security.tw/