行動研究方法在ISO 27001主導稽核員學習課程中的應用──以社會認知理論為基礎

Application of Action Research Methodology in ISO 27001 Lead Auditor Training Program: A Social Cognitive Theory Perspective

ISO 27001主導稽核員在確保組織資訊安全管理系統（ISMS）合規性上扮演關鍵角色。為培養稽核員具備專業知識及操作技能，本研究設計了一套以行動研究法為基礎的5天培訓課程，並結合Bandura的社會認知理論（Social Cognitive Theory, SCT）與Compeau與Higgins的資訊系統自我效能模型，探討教學策略如何影響學員的學習成效。研究過程包含診斷需求、策略規劃、課程實施、效果評估與持續改進等循環。
本研究強調提升自我效能感、觀察學習與環境交互在技術培訓中的關鍵作用，並設計多元化的教學活動（如實務演練、案例討論及角色扮演）。研究結果顯示，透過漸進式的教學設計，學員自信心與實務能力均顯著提升；而合作學習及即時回饋亦有效促進學習成果。本研究提出的培訓策略不僅適用於ISO 27001課程，亦具備跨領域應用的潛力。

ISO 27001 lead auditors play a crucial role in ensuring the compliance of an organization’s Information Security Management System (ISMS). To equip auditors with both professional knowledge and practical skills, this study designed a 5 day training program based on action research methodology. It integrates Bandura’s Social Cognitive Theory (SCT) and Compeau and Higgins’Information Systems Self Efficacy Model to explore how instructional strategies influence trainees’learning outcomes. The research process follows a cyclical approach, including needs diagnosis, strategic planning, course implementation, performance evaluation, and continuous improvement.
This study emphasizes the importance of enhancing self-efficacy, observational learning, and environmental interaction in technical training and incorporates diverse teaching activities such as practical exercises, case discussions, and role playing simulations. The results show that a progressive instructional design significantly boosts trainees' confidence and practical competencies. Additionally, collaborative learning and real time feedback further enhance learning outcomes. The proposed training strategies are not only effective for ISO 27001 programs but also demonstrate potential for cross disciplinary applications.