在台灣雖然有許多心理量表可以供組織來衡量員工的心智狀況，但其無法針對是否有內部破壞者進行判斷。本研究目的為發展出一份適用於主管的組織安全檢核表。由本研究所建構的特殊徵兆起因與組織安全的模式及分析文獻中曾經發生過的內部破壞者事件，可發現內部破壞者在進行對整個組織有巨大影響的破壞之前，會有些特殊徵兆出現，這些特殊徵兆其背後有著不盡相同的原因。若是能發現這些徵兆，並且在內部破壞者進行更進一步破壞行動前進行處理，將可避免重大危安產生。
本研究先於某公司進行心理量測來了解該公司員工心理狀況與一般人的異同處，並利用結構式訪談了解目前組織使用何種策略來增加員工動機、向心力及排解員工壓力。而後建構出特殊徵兆起因與組織安全的模式，根據此模式發展出檢核表，分為「預防危害產生的策略」以及「內部破壞者可能徵兆」兩部分。藉由專家結構式訪談來修正檢核表中的策略及徵兆，使得檢核表具專家效度。最後利用問卷來評估檢核表的信度。
本研究發展出的檢核表邀請專家來進行評估，使此份檢核表具有內容效度。而檢核表在檢核特殊徵兆部分，其整體信度係數為0.91(Cronbach alpha) ，此檢核表信度達到可接受標準。此檢核表可用來協助組織單位，讓公司主管對於特殊徵兆與組織安全的關係有進一步的了解，利用此份檢核表找出組織內可能內部破壞者，以及了解使用何種策略來確保組織安全。本研究主要係發展一份檢核表來預防組織內部威脅事件進行探討，後續驗證則為未來研究目標。

There are some psychology measures for the organization to evaluate the mental status of the employees in Taiwan, but those measures cannot detect the insiders. The purpose of this study is to develop a checklist for the supervisors or unit heads that can apply to ensure the organization safety. Based on the model for causes of specific precursor and organization safety that structured by this study and analysis of the insider threat events by literature review, before the insiders try to execute the major malicious activity, there are some precursors. And those precursors are caused by different factors. If those precursors can be detected and be handled before the insider takes further acts, hazard will not happen.
At first, this study implements Chinese Basic Personality Inventory (CBPI) to figure out the similarities and differences of mental condition between the employees in certain company and the others, and takes place the structured interview to understand if the employee in certain company have stress what the strategies the supervisors will take. Then, the model for causes of specific precursor and organization safety is structured and the checklist is developed based on this model. The checklist is divided into two parts. One part is the strategies those are took to prevent risk happen, and the other part is the precursors those insider threats appear. Then, the structured interview with experts is taken place to modify those strategies and precursors in the checklist and to possess expert validity. Finally, the questionnaire is implemented to evaluate the reliability of the checklist.
The experts are recruited to evaluate this checklist to possess content validity. According to the high Cronbach’s alpha of the questionnaire (0.961), the reliability is acceptable. This checklist can be applied to the organization departments to help the supervisors to have a concept of the relationship between the precursors and the organization safety. It is helpful for the supervisors to check if there are potential insiders in their organization. Some strategies can be taken to ensure the safety of the organization. This study focuses on how to develop a checklist for insider threat prevention and applying this checklist is necessary for the further study.

Andersen, D. F., Cappelli, D., Gonzalez, J. J., Mojtahedzadeh, M., Moore, A. P., Rich, E., Sarriegui, J. M., Shimeall, T. J., Stanton, J. M., Weaver, E., and Zagonel, A. (2004). Preliminary system dynamics maps of the insider cyber-threat problem. In Proceedings of the 22nd International Conference of the System Dynamics Society.
Band, S. R., Cappelli, D. M., Fisher, L. F., Moore, A. P., Shaw, E. D., and Trzeciak, R. F. (2006). Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis. Carnegie Mellon University Software Engineering Institute.
Bosma, H., Peter, R., Siegrist, J., Marmot, M. (1998). Two alternative job stress models and the risk of coronary heart disease. Am J Public Health 88:68–74
Carnegie Mellon University's Computer Emergency Response Team (CERT) http://www.cert.org/
Casey, E. (2004). Digital Evidence and Computer Crime, p159-164 Second Edition, ACADEMIC PRESS
Chang, C.P. and Chang, F.J (2010), Relationships among traditional Chinese personality traits, work stress, and emotional intelligence in workers in the semiconductor industry in Taiwan. Qual Qunat 44: 733-748
Cheng, Y., Guo, Y.L., and Yeh, W.Y. (2001), A national survey of psychosocial job stresses and their implications for health among working people in Taiwan. International Archives of Occupational and Environment Health 74: 495-504
Cohen, S., & Bailey, D. E. (1997). What makes teams work: Group effectiveness research from the shop floor to the executive suite. Journal of Management, 23, 239-290.
Central Statistics Office (CSO) (2010). 2010 E-Crime Watch Survey- Survey Results. CSO magazine, U.S. Secret Service, Software Engineering Institute CERT Program at Carnegie Mellon University, and Deloitte. Retrieved May 25, 2010, from http://www.cert.org/archive/pdf/ecrimesummary10.pdf
Geritzer, F.L., Moore, A.P., Cappelli, D.M., Andrews, D.H., Carroll, L.A., and Hull, T.D. (2008). Combating the Insider Cyber Threat. IEEE Security and Privacy, 6(1), 61-64
Herzberg, F., Maunser, B. and Snyderman, B. (1959). The Motivation to Work, John Wiley and Sons Inc., New York
Hirsch, D. (1987). The Truck Bomb and Insider Treats to Nuclear Facilities. in Paul Leventhal and Yonah Alexander, eds., Preventing Nuclear Terrorism: Report and Papers of the International Task Force On Prevention of Nuclear Terrorism (Lanham, MD: Rowan & Littlefield)
Hogg, M. (1992). The social psychology of group cohesiveness: From attraction to socialidentity. New York: John Wiley
Honnellio, A.L. and Rydell, S. (2007). Sabotage vulnerability of nuclear power plants. Int. J. Nuclear Governance, Economy and Ecology, Vol. 1, No. 3, pp.312–321.
Krantz, G., Berntsson, L., and Lundberg, U. (2005). Total workload, work stress and perceived symptoms in Swedish male and female white-collar employees. European Journal of Public Health, Vol. 15, No. 2, 209–214
Lee, H.Y., Yeh, W.Y., Chen, C.W., and Wang, J.D. (2005). Prevalence and Psychosocial Risk Factors of Upper Extremity Musculosketletal Pain in Industries of Taiwan: A Nationwide Study. Journal of occupational Health, 47: 311-318
Melara, C., Sarriegui, J.M., Gonzalez, J.J., Sawicka, A. and Cooke, D.L. (2003). A System Dynamics Model of an Insider Attack on an Information System. In Proceedings of the 21st International Conference of the System Dynamics Society.
Maslow, A.H. (1954). Motivation and Personality. Harper & Row Publishers, New York, NY
Moore, A. P., Cappelli, D. M., and Trzeciak, R. F. (2008). The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures. Insider Attack and Cyber Security, vol. 39, 17-52
Nunnally, J. C. & Berstein, I.H. (1994). Psychometric theory (3rd ed.), New York: McGraw-Hill.
Parsons, E. & Broadbridge, A. (2006). Job motivation and satisfaction: Unpacking the key factors for charity shop managers. Journal of Retailing and Consumer Services 13: 121-131
Probst, C.W., Hansen, R.R., and Nielson, F. (2007). Where can an Insider Attack ?, in Formal Aspects in Security and Trust. Springer Berlin / Heidelberg. p. 127-142.
Randazzo, M. R., Keeney, M. M., Kowalski, E. F., Cappelli, D. M., and Moore, A. P. (2004). Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector. U.S. Secret Service and CERT Coordination Center /Software Engineering Institute: 25
Sakai, Y., Akiyama, T., Miyake, Y., Kawamura, Y., Tsuda, H., Kurabbayashi, L., Tominaga, M., Noda, T., Akiskal, K., Akiskal, H. (2005). Temperament and job stress in Japanese company employees. Journal of Affective Disorders 85: 101-112
Stanton, J. M., Stam, K. R., Mastrangelo, P., and Jolton, J. (2005). Analysis of end user security behaviors. Computers & Security, 24, 124-133
Stranks, J. (2005). Stress at Work: Management and Prevention. 1st, p21, ELSEVIER
Terwee, C. B., Bot, S. D.M., Boer, M. R., Windt, D. A.W.M., knol, D. L., Dekker, J., Bouter, L. M., Vet, H. C.W. (2007) Quality criteria were proposed for measurement properties of health status questionnaires. Journal of Clinical Epidemiology, 60: 34-42.
Theoharidou, M., Kokolakis, S., Karyda, M., and Kiountouzis, E. (2005). The Insider Threat to Information Systems and the Effectiveness of ISO17799. Computers and Security, 24(6), 472-484.
Tietjen, M.A. and Myers, R.M. (1998). Motivation and job satisfaction. Management Decision 36/4, 226-231
Tuglular, T. (2000). A Preliminary Structural Approach to Insider Computer Misuse Incidents. EICAR 2000 Best Paper Proceedings (pp. 105-125). Aalborg, Denmark: EICAR.
Wu, W. T., Lin, H. T., Wang, J. D., & Kuo, C. C. (1999). Chinese basic personality inventory. Taipei, Psychological Publishing Co.