電腦運用的普及與網際網路的蓬勃發展，改變了人類生活模式。然而隨著資訊便利而來的則是令人擔憂的資訊安全問題，資訊對組織而言就是一種資產，和其它重要的營運資產一樣有價值，因此，如何衡量組織的資訊安全並且確保資訊的能正確的被使用，是一個重要的研究議題。
　　尤其是社交工程，是資訊安全把關的重要關鍵，在相關研究中指出其社交工程是利用操縱人性來驅使人去達到執行動作或是取得敏感資訊的手法(wiki)，然而如何透過社交工程演練來提升組織成員們對資訊安全的警覺性和對資訊專案的認同感，是之前相關研究中尚未被提到的。透過台灣政府機關的個案，本研究認為要有效提升成員對於資訊專案的認同感，應該要將常規的形式面和執行面的雙重性觀點，嵌入社交工程演練的設計和訓練課程中。
　　根據所蒐集的相關資料，本研究提出三個活動的模型來探討社交工程演練如何透過常規以及三個活動：紀律、意義建構及認同來形塑組織成員對於資訊專案的認同感。研究結果所帶來的研究貢獻能幫助促進政府發展、專案認同感以及資訊安全方面的管理問題，也為此議題帶來一個新的未來研究方向。

The popularity of computer usage and the Internet changes the modern human life. Meanwhile, the information security issue has also become a problem to worry about in pursuing the digital age. Apparently, information is an invaluable asset to all organizations. Therefore, how to measure the organizations’ information security and to ensure the information usage is now a critical research issue.
In particular, the research of social engineering which refers to the art of manipulating people into performing actions or divulging confidential information (Wiki) is now a critical importance. However, how to enhance the members’ information awareness and information security project identity through social engineering penetration test has been ignored by the previous studies. By using a case study of Taiwanese governmental agency, this dissertation argues that, to enhance the information security project identity, the practices and the design of social engineering penetration test should be embedded in organizational routines, and both ostensive and performative forms of routines should be taken into account. Based on the collected data, this dissertation proposes a three-steps model to explore how social engineering penetration test embedded organizational routines changes organizational members’ security identity in terms of disciplines, sense-making and norm. The findings contribute to the literature on government development, project identity, and the social perspective of information security management. The implications and future research directions are also discussed.

中文部分
1.行政院研考會（2008），政府資訊作業委外安全參考指引
2.行政院研考會（2008），政府資訊作業委外安全參考指引實務導入報告
3.行政院國家資通安全會報（2009），行政院國家資通安全會報設置要點
4.行政院國家資通安全會報（2009），國家資通訊安全發展方案（98-101年）
5.經濟部標準檢驗局（2006），CNS 17799資訊技術-資訊安全管理系統規範
6.經濟部標準檢驗局（2006），CNS27001資訊技術-資訊安全管理系統規範
7.台灣管理學刊，2010年2月，第10 卷第1 期,職場靈性影響工作家庭平衡之研究：整合模式的驗證
8.科學發展，2011年5月，461期
9.Chris Barker 著、許夢芸譯(2007)，“文化研究智典”,台北：韋伯文化
10.Anthony Giddens 著,趙旭東、方文譯(2007),“現代性與自我認同：晚期現代的我社會”,台北：左岸文化
11.George Herbert Mead 著,胡榮等譯(1995)“心靈、自我與社會”,台北：桂冠
12.潘淑滿（2003）。＂質性研究理論與應用＂。台北：心理。
13.潘明宏、陳志瑋譯（2003）。＂最新社會科學研究方法＂。台北：韋伯文化。
14.陳月娥（2000）。＂社會研究法＂。台北：千華。
15.徐宗國譯（1997）。＂質性研究概論＂。台北：巨流。
16.胡幼慧、姚美華(1996). 一些質性方法上的思考：信度與效度？如何抽樣？如何收集資料、登錄與分析？載於胡幼慧編：質性研究：理論、方法及本土女性研究實例. P141-158. 台北：巨流。
17.游千慧(2009) , 以制度理論探討郵件社交工程演練之行為模式。

 
英文部分
1.Allen, V. L., Wilder, D. A., & Atkinson, M. L. 1983. Multiple group membership and social identity. In T. R. Sarbin & K. E. Scheibe (Eds.), Studies in social identity: 92-115. New York: Praeger.
2.Andrew D. Brown & Michael A. Lewis 2011,” Identities, Discipline and Routines” ,Organization Studies, 32: 871
3. Aquino, K., & Reed, A. 2002. The self-importance of moral identity. Journal of Personality and Social Psychology, 83: 1423–1436.
4.Aryee, S., Tan, H. H., & Srinivas, E. S. 2005. Rhythms of life: Antecedents and outcomes of work-family balance in employed parents. Journal of Applied Psychology, 90(1): 132-146.
5.Aryee, S., & Luk, V. 1996. Work and nonwork influences on the career satisfaction of dual-career couples. Journal of Vocational Behavior, 49: 38-52.
6.Barbara ,Czamiawska (2000), “Narrating the Organization: Dramas of Institutional Identity.”, Administrative Science Quarterly ,3:183-185
7.Becker, M. C. 2004, "Organizational Routines: A Review of the Literature," Industrial and Corporate Change, 13: 643
8.Berman, E., West, J. P., & Richter, M. N. 2002. Workplace relations: Friendship patterns and consequences (according to managers). Public Administration Review, 62: 217–230.
9.Brewer, M. B. 1991. The social self: On being the same and different at the same time. Personality and Social Psychology Bulletin, 17: 475–482.
10.Brewer, M. B., & Gardner, W. 1996. Who is this “we”? Levels of collective identity and self-representations. Journal of Personality and Social Psychology, 71: 83–93.
11.Chatman, J. A., Bell, N. E., & Staw, B. M. 1986. The managed thought: The role of self-justification and impression management in organizational settings. In H. P. Sims, Jr. & D.A. Gioia (Eds.), The thinking organization: 191-214.
12.Christ, O., Van Dick, R., Wagner, U. and Stellmacher, J. 2003, “When Teachers Go The ExtraMile: Foci of Organizational Identification as Determinants of Different Forms ofOrganizational Citizenship Behaviour among Schoolteachers, British Journal ofEducational Psychology, 73( 3):329-341.
13.Cohen, M. D. (1991), "Individual Learning and Organisational Routine: Emerging Connections," Organization Science, 2, 135-149.
14.Cohen, M. D., and Bacdayan, P. 1994, "Organizational Routines Are Stored as Procedural Memory: Evidence from a Laboratory Study," Organization Science, 5: 554-568.
15.Cohen, M., et al. 1996, "Routines and Other Recurring Action Patterns of Organizations: Contemporary Research Issues," Industrial and Corporate Change, 5:653–698.
16.Cohendet, P., and Llerena, P. 2003, "Routines and Incentives: The Role of Communities in the Firm," Industrial and Corporate Change, 12: 271.
17.Conners, C. 1963. Birth order and needs for affiliation. Journal of Personality, 31: 408–416.
18.Cyert, R. M., and March, J. G. 1963, A Behavioral Theory of the Firm, Englewood Cliffs, NJ: Prentice-Hall.
19.Dervin, B. 1980. “Communication gaps and Inequities: Moving toward a reconceptualization,” In Dervin, B. & Voigt, M. (eds.) “, Progress in communication sciences,2:73-112
20.Dervin, B., & Dewdney, P. 1986. Neutral questioning: A new approach to the reference interview. RQ, 25(4):506-513
21.Dervin, B. 1992. From the mind’s eye of the “users”: The sense-making qualitative-quantitative methodology. In J. D. Glazier, & R. R. Powell (Eds.), Qualitative Research in Information Management , 61-84. Englewood, CO: Libraries Unlimtied.
22.Dickie, V. A. 2003. Establishing worker identity: A study of people in craft work. American Journal of Occupational Therapy, 57: 250–261.
23.Dutton, J. E., & Ragins, B. 2007. Exploring positive relationships at work: Building a theoretical and research foundation. Mahwah, NJ: Lawrence Erlbaum Associates.
24.Feldman, M. S. 2000, "Organizational Routines as a Source of Continuous Change," Organization Science, 11: 611-629.
25.Feldman, M. S., and Pentland, B. T. 2003, "Reconceptualizing Organizational Routines as a Source of Flexibility and Change," Administrative Science Quarterly, 48:94-118.
26.Foucault, M. 1979. The history of sexuality, Vol. 1. Harmondsworth: Penguin.
27.Foucault, M. 1986. The history of sexuality, Vol. 2: The uses of pleasure. Harmondsworth: Viking.
28.Gecas, V. 1982. The self-concept. Annual Review of Sociology, 8: 1–33.
29.Gergen, K. J. 1994. Realities and relationships: Soundings in social construction. Boston: Harvard University Press.
30.Giddens, A. 1984, The Constitution of Society: Outline of the Theory of Structure, Berkeley. CA: University of California Press.
31.Giddens, A.1991.Modernity and self-identity:self and society in the late modern age .Cambridge, U.K.：Polity Press in association with Basil Blackwell.
32.Hill, C. A. 1987. Affiliation motivation: People who need people . . . but in different ways. Journal of Personality and Social Psychology, 52:1008–1018.
33.Hodgson, G. M. 2008, "The Concept of a Routine," Handbook of Organizational Routine, 15-28
34.Hodgson, G. M., and Knudsen, T. 2004, "The Firm as an Interactor: Firms as Vehicles for Habits and Routines," Journal of Evolutionary Economics, 14:281-307.
35.Hogg, M. A., & Turner, J. C. 1985. Interpersonal attraction, social identification and psychological group formation. European Journal of Social Psychology, 15: 51-66.
36.Huber, G. P. 1991, "Organizational Learning: The Contributing Processes and the Literatures," Organization Science, 2:88-115.
37.Ibarra, H. 1999. Provisional selves: Experimenting with image and identity in professional adaptation. Administrative Science Quarterly, 44: 764–791.
38.Jane E. Dutton, Laura Morgan Roberts & Jeffrey Bednar 2010, “Pathways For Positive Identity Construction at Work: Four Types of Positive Identity and The Building of Social Resources”, Academy of Management Review, 35( 2):265–293.
39.Kirpal, S. 2004. Researching work identities in a European context. Career Development International, 9(3): 199-221.
40.Lobel, S. A., & Clair, L. St. 1992. Effects of family responsibilities, gender, and career identity salience on performance outcomes, Academy of Management Journal, 35(5): 1057-1069.
41.Mathieu, J. E.1990. A test of subordinates’ achievement and affiliation needs as moderators of leader pathgoal relationships. Basic and Applied Psychology, 11(2):179–189.
42.March, J. G., & Simon, H. A. 1958. Organizations. New York:Wiley.
43.Mead, G. H.1934. Mind, Self, and Society: from the Standpoint of A Social Behaviorist. Chicago : University of Chicago Press.
44.Michael, G. Pratt, Kevin W. Rockmann &Jeffrey B. Kaufmann 2006,
“Constructing Professional Identity : The Role of Work and Identity Learning Cycles in The Customization of Identity Among Medical Residents” , Academy of Management Journal, 49(2): 235–262.
45.Moorman, C., and Miner, A. S. 1997, "The Impact of Organizational Memory Onn the New Product Performance and Creativity " Journal of Marketing Research, 34:91-106.
46.Nelson, R. R., and Winter, S. G.1982, An Evolutionary Theory of Economic Change, Cambridge , MA: Harvard University Press.
47.Oakes, P. J., & Turner, J. C. 1986. Distinctiveness and the salience of social category memberships: Is there an automatic perceptual bias towards novelty? European Journal of Social Psychology, 16: 325-344.
48.Patchen, M. 1970, Participation, Achievement, and Involvement on The Job, Englewood Cliffs,NJ: Prentice Hall.
49.Personal identities. American Journal of Sociology, 92: 1336–1371.
50.Richard, Jenkins,1996,Social Identity, 19-20
51.Simon, B., & Pettigrew, T. F. 1990. Social identity and perceived grop homogeneity: Evidence for the in-group homogeneity effect. European Journal of Social Psychology, 20: 269–286.
52.Strauss, A. L. & Corbin, J. M.1990, Basics of qualitative research : grounded theory procedures and techniques, Newbury Park, Calif. : Sage Publications.
53.Stryker, S., & Burke, P. J. 2000. The past, present, and future of an identity theory. Social Psychology Quarterly, 63: 284–297.
54.Susan, L. Adams & Vittal, Anantatmula2010,”Social and Behavioral Influences on Team Process”, Project Management Journal, 41(4): 89–98
55.Sveningsson, S., & Alvesson, M. 2003. Managing managerial identities: Organizational fragmentation, discourse and identity struggle. Human Relations, 56: 1163–1193.
56.Tajfel, H. 1978. Differentiation between social groups: Studies in the social psychology of intergroup relations. New York: Academic Press.
57.Thomas, M., & Hynes, C. 2007. The darker side of groups. Journal of Nursing Management, 15:375–385.
58.Turner, J. C. 1984. Social identification and psychological group formation. In H. Tajfel (Eds.), The Social Dimension: European Developments in Social Psychology: 518-538. Cambridge: Cambridge University.
59.Van,Maanen, J. 1997. Identity work: Notes on the personal identity of police officers. Working paper, Massachusetts Institute of Technology, Cambridge.
60.Yin, R. K.1994, Case study research : design and methods (2nd ed.), Thosand　Oaks: Sage Publications.