相較於防範來自於組織外部的資訊安全威脅來說，要確保來自於組織內部的資訊安全威脅通常更加困難，除了內部人員通常較外部人員具有權限可使用資訊外，內部人員對於企業環境、組織架構及系統都比外部人員了解。通常為了資訊流通的考量，並無法完全限制資訊資產之使用，尤此看來企業內部的資訊安全似乎格外重要。
本論文主要是在探討影響企業內部電腦濫用的因素，有別於傳統只注意資訊政策、資訊系統及資訊安全教育等因素，本論文更著重人的心理及社會層面，利用犯罪心理學相關理論，結合計劃行為理論來探討影響內部人員電腦濫用意圖的因素，並利用一個整體的研究架構來針對企業內部人員做實徵研究，試圖了解犯罪心理學因子與意圖的相關性為何、對於降低電腦濫用是否有效及各種心理學的影響力為何等等。
透過統計迴歸分析後發現，各心理學理論確實對於電腦濫用的意圖有著顯著的影響，當員工與組織的關係越密切、同事及上司對員工的影響越趨向正面且組織的資訊安全體制越健全，則組織內的電腦濫用意圖越低，其中尤以一般威嚇理論對於電腦濫用意圖的影響最為明顯，足見傳統的一般威嚇理論有其實用價值。各心理學理論影響力如下：一般威嚇理論>社會學習理論>社會鍵理論。本研究結果可供致力於降低企業內部電腦濫用行為的管理者作為參考。

Compared with outsider threat, it is more difficult to prevent insider threat on information security. Insiders usually have more privilege to access secret data and they are familiar with organization’s environment, structure and information system as well. For the sake of utilization of information, we cannot totally restrict the usage of information property. It can be seen that the information security for insiders is extremely important.
The purpose of this study is to investigate what factors cause computer abuses from insiders. To be different from traditional studies which focus on security policy, system and education, this study put more attentions on psychology and socialization factors. By using criminology theories and “The Theory of Planned Behaviour” , a integrative model is been built for empirical study of insider threat. Try to understand the relationship between criminology factors and intention of computer abuses. To realize the effectiveness and the difference of using these factors to reduce computer abuses.
After regression analysis, we found that each criminology theories have noticeable impacts on intention of computer abuses. When employee has close and positive relationships with organization, seniors, co-works and company’s security policy, system and education are more solid, the employee’s intention of computer abuses can be reduced especially for general deterrence theory. The traditional general deterrence theory really has its own value. The influence degree of each criminology can be showed as follows: general deterrence theory > social learn theory > social bond theory. The study result can be seen as reference for managers who endeavor to reduce insider computer abuses.

〔1〕 莊耿宗，「台中市汽車竊盜偵防策略之研究」，私立東海大學，碩士論文，民國91年。
〔2〕 陳景圓，「家庭、學校及同儕因素與國中聽覺障礙學生偏差行為之關聯性研究」，國立成功大學，碩士論文，民國94年六月。
〔3〕 蔡群儀，「政策知覺對廠商接受輔導政策的意圖、行為與績效之影響---以中小企業為例」，國立成功大學，碩士論文，民國93年一月。
〔4〕 Ajzen, I. & Fishbein, M., “Attitude-Behavior Relations: A Theoretical Analysis and Review of Empirical Research”, Psychological Bulletin, 84, pp.888-918, 1977.
〔5〕 Ajzen, I. & Fishbein, M., Understanding Attitudes and Predicting Social Behavior., NJ: Prentice-Hall., Englewood Cliffs, 1980.
〔6〕 Ajzen, I., A. R. Pratkanis, S. J. Breckler & A. G. Greenwald (Eds.), Attitude Structure and Behavior, Attitude Structure and Function, Lawrence Erlbaum Associates, pp. 241-274, Hillsdale, NJ, 1989.
〔7〕 Ajzen, I., J. Kuhl & J. Beckman(Eds.), From Intentions to Actions: A Theory of Planned Behavior., Action Control: From Cognition to Behavior., Springer, Heidelberg, 1985.
〔8〕 Akers, RL., Deviant behavior: a social learning perspective., Belmont, CA, 1977.
〔9〕 Beccaria, C., On crime and punishments., IN: Bobbs Merril, Indianapolis, 1963.
〔10〕 Blumstein, A., Cohen, J. & Nagin, D.(Eds.), Deterrence and incapacitation: estimating the effects of criminal sanctions on crime rates., National Academy of Sciences, Washington, DC, 1978.
〔11〕 Briney, A., 2001 Information security industry survey, accessed on December 20, 2006.[cited from http://www.infosecuritymag.com]
〔12〕 Burgess, Robert & Ronald L. Akers., “A Differential Association-Reinforcement Theory of Criminal Behavior.”, Social Problems, 14, pp. 363-383, 1966.
〔13〕 Porter, D., “Insider Fraud: Spotting The Wolf In Sheep''s Clothing.”, Computer Fraud & Security, Vol. 2003, Issue 4, p12, 4p, Apr. 2003.
〔14〕 Davis, F. D., Bagozzi, R. P. & Warshaw, P. R., “User Acceptance of Computer Technology: A Comparison of Two Theoretical Models”, Management Science, 35(8), pp. 982-1003, 1989.
〔15〕 Einwechter, N., Preventing and detecting insider attacks using IDS., accessed on December 20, 2006. [cited from http://online.securityfocus.com/infocus/1558].
〔16〕 Greenwald, Judy, “Cost/benefit analysis, access crucial to data security.”, Business Insurance, , Vol. 39, Issue 21, p18-18, 1/2p, May 2005.
〔17〕 Hirschi, T., “Causes of delinquency.”, University of California Press, Berkeley, CA, 1969.
〔18〕 Hoffer, J. A. & D. W. Straub Jr., “The 9 To 5 Underground: Are You Policing Computer Crimes?”, Sloan Management Review, 30(4), pp. 35-43, 1989.
〔19〕 Lee, Jintae & Lee, Younghwa “A holistic model of computer abuse within organization”, Information Management & Computer Security, 10﹙2﹚, pp. 57-63, 2002.
〔20〕 Stanton, J. M., Stam, K. R., Mastrangelo, P. & Jolton, J., “Analysis of end user security behaviors.”, Computers & Security, 24, pp. 124-133, 2005.
〔21〕 King,R., “Computer Abuse and Computer Crime as Organizational Activities.” Computer Law Journal, 2(2), pp. 186-196, 1980.
〔22〕 Gordon, L. A., Loeb, M. P., Lucyshyn, W. & Richardson, R., 2006 CSI/FBI Computer Crime and Security Survey, accessed on December 20, 2006. [cited from http://i.cmpnet.com/gocsi/db_area/pdfs/fbi/FBI2006.pdf].
〔23〕 Loch, K. D., Carr, H. H., & Warkentin M. E., “Threats to Information Systems: Today''s Reality, Yesterday''s Understanding”, MIS Quarterly, pp. 173-186, June 1992.
〔24〕 Theoharidou, M., Kokolakis, S., Karyda, M. & Kiountouzis, E., “The insider threat to information systems and the effectiveness of ISO17799”, Computers & Security, 24, pp. 472-484, 2005.
〔25〕 Mathieson, K., “Predicting User Intentions: Comparing the Technology Acceptance Model with The Theory of Planned Behavior”, Information System Research, 2(3), pp. 173-191, 1991.
〔26〕 PriceWaterhouseCoopers Internet portal, Information Security Breaches Survey 2004－technical report, accessed on December 20, 2006. [cited from http://www.pwc.com/images/gx/eng/about/svcs/grms/2004Technical_Report.pdf].
〔27〕 Lee, S. M., Lee, S. G. & Yoo, S., “An integrative model of computer abuse based on social control and general deterrence theories.”, Information & Management, 41, pp. 707–718, 2004.
〔28〕 Schultz, EE., “A framework for understanding and predicting insider attacks.”, Computers and Security, 21(6), pp. 526-31, 2002.
〔29〕 Schultz, E.E. & Shumway, R., Incident response: A strategic guide for system and network security breaches., New Riders, p.189, Indianapolis, 2001.
〔30〕 Straub, DW & Welke, RJ., “Coping with systems risk: security planning models for management decision making.”, MIS Quarterly, 22(4), pp. 441-65, 1998.
〔31〕 Straub, DW., “Effective IS security: an empirical study.”, Information System Research, 1(3), pp. 255-76, 1990.
〔32〕 Sutherland, E., “Criminology.”, J.B. Lippincott, Philadelphia, 1924.
〔33〕 VOGON, Computer Forensic Services and Systems, Computer Fraud and Computer Abuse, accessed on December 20, 2006. [cited from http://www.vogon-computer-evidence.com/investigation_services-02.htm#abuse]