DOI QR코드

DOI QR Code

An Empirical Study about Internet and Social Network Security Behavior of End User

최종사용자의 인터넷과 소셜 네트워크 보안 행동에 대한 실증 연구

  • Received : 2012.03.20
  • Accepted : 2012.06.27
  • Published : 2012.12.31

Abstract

The purpose of this study was to find about personal information security of internet and social networks by focusing on end users. User competence and subjective criterion, which are the antecedents, are affecting security behaviors For these security behaviors, the study examined the relationship between security behavior intention on internet use and security behavior intention about social network that is actively achieved in many fields. Behaviors of internet and social network were classified into an action of executing security and an action of using a security technology. In addition, this study investigated a theory about motivational factors of personal intention on a certain behavior based on theory of reasoned action in order to achieve the purpose of this study. A survey was conducted on 224 general individual users through online and offline, and the collected data was analyzed with SPSS 12.0 and SmartPLS 2.0 to verify demographic characteristics of respondents, exploratory factor analysis, and suitability of a study model. Interesting results were shown that security behavior intention of social network is not significant in all security behavior execution, which is security performance behavior, and security technology use. Internet security behavior is significant to security technology use but it does not have an effect on behavior execution.

References

  1. 교육과학기술부, 교육과학기술부 및 각급기관 웹사이트 개인정보 노출방지 가이드라인(개정판), 2008.
  2. 김동원, "개인정보수집에서 프라이버시와 경쟁 가치들의 경합과 균형," 정보화정책, 제 10권, 제4호, 2003, pp.73-91.
  3. 김용재, "정보보안을 위한 내부통제 진단 모델연구," 금오공과대학교 석사학위논문, 2009.
  4. 김종기, "패스워드의 정보시스템 보안효과에 영향을 미치는 요인에 관한 연구," 경영정보학연구, 제18권, 제4호, 2008, pp.1-26.
  5. 김진완, 홍태호, "지식검색 서비스에서 집단지성 품질이 지속사용 의도에 미치는 영향: 기대일치이론과 신뢰를 중심으로," 정보시스템연구, 제20권, 제4호, 2011, pp.1-22.
  6. 김효준, 곽기영, "조직 내 중심성이 IT활용능력에 미치는 영향: 소셜 네트워크 관점," 정보시스템연구," 제20권, 제1호, 2011, pp.147-169.
  7. 남기효, 박상중, 강형석, 남기환, 김성인, "개인정보보호기술의 최신 동향과 향후 전망," 한국정보보호학회, 제18권, 제6호, 2008, pp.11-19.
  8. 박기정, "학생들의 세금회피에 대한 태도, 주관적규범, 의도에 관한 연구," 교육이론과 실천, 경남대학교 교육문제연구소, 1998, pp.249-263.
  9. 박혜정, "수입 캐주얼의류 구매에 대한 태도, 주관적 규범 의도에 관한 연구," Journal of the Korean Society of Clothing and Textiles, 제 26권 , 제 12호 , 2002, pp.1791-1803.
  10. 손동원, 사회 네트워크 분석, 경문사, 2002.
  11. 이정호, 전자금융 침해사고 예방 및 대응 방안, 정보보호학회지, 제18권, 제5호, 2008, pp.1-20.
  12. 이종구, 조형제, 정준영외, 정보사회의 이해, 서울 미래 M&B, 2005.
  13. 이준택, 정보보호학 개론, 생능출판사, 2007.
  14. 차인환, "정보보안에서의 인원보안 관리지표 개발을 위한 실증적 연구," 광운대학교 박사학위논문," 2009,
  15. 이향우, "개인정보 보호와 공유자원 관리," 사이버커뮤니케이션학보, 통권 제17호, 2006, pp.163-192.
  16. 행정안전부 "온라인 소셜네트워크 환경에서의 보안위협과 시사점," 기술보고서, 2008.
  17. 홍광표, "ERP 사용자의 조직시민행동과 확장이 용의도 간의 관계에 영향을 미치는 요인에 관한 연구," 정보시스템연구, 제20권, 제1호, 2011, pp.75-105.
  18. Adam, M., "Moving Toward Black Hat Research in Information Systems Security: An Editorial Introduction to The Special Issue," MIS Quarterly, Vol.34, No.3, 2010, pp.431-433. https://doi.org/10.2307/25750685
  19. Ajzen, I., and Fishbein, M., Belief, Attitude, Intention, and Behavior: An Introduction to Theory an Research, Reading, MA: Addison-Wesley, 1975.
  20. Ajzen, I., and Fishbein M., "Attitude-Behavior Relation: A Theoretical Analysis and Review of Empirical Research," Psychological Bulletin, Vol.84, No.5, 1997, pp.888-918.
  21. Ajzen, I., and Fishbein, M., Understanding Attitudes and Pprediction Social Behavior, Englewood Cliffs, NJ: Prentice Hall, 1980.
  22. Albrechtsen, E., "A Qualitative Study of Users' View on Information Security," Computers & Security, Vol.26, No.4, 2007, pp.276-289. https://doi.org/10.1016/j.cose.2006.11.004
  23. Angel I., "Computer Security in these Uncertain Times: The Nneed for a New Approach," In: Proceedings of the 10th International Conferences on Computer Security, Audit and Control (CompSec), London, 1993.
  24. Armitage, C. J., and Conner, M., "Efficacy of the Theory of Planned Behavior: A Meta-Analytic Review," British Journal of Social Psychology, Vol.40, No.4, 2001, pp.471-499. https://doi.org/10.1348/014466601164939
  25. Baldwin, N. S., and Rice, R. E., "Information- Seeking Behavior of Securities Analysis: Individual Institutional Influences, Information Sources and Channels and Outcomes," Journal of The American Society for Information Science, Vol.48, No.8. 1997, pp.674-693. https://doi.org/10.1002/(SICI)1097-4571(199708)48:8<674::AID-ASI2>3.0.CO;2-P
  26. Bansal, H. S., Service Switching Model(SSM): A Model of Customer Switching Behavior in the Service Industry, Queen's University, in Canada, Dissertation paper, 1997.
  27. Brown, S. A., and Venkatesh, V., "Model of Adoption of Technology in Households: A Baseline Model Test and Extension Incorporating Household Life Cycle," MIS Quarterly, Vol.29, No.3, 2005, pp.399-426. https://doi.org/10.2307/25148690
  28. Bulgurcu, B., Cavusoglu, H., and Benbasat, I., "Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness," MIS Quarterly, Vol.34, No.3, 2010, pp.523-548. https://doi.org/10.2307/25750690
  29. Catherine, L., A., and Ritu, A., "Practicing Safe Computing: A Multimethod Empirical Examination of Home Computer User Security Behavioral Intentions," MIS Quarterly, Vol.34, No.3, 2010, pp.613-644. https://doi.org/10.2307/25750694
  30. Chin, W. W., The Partial Least Squares Approach to Structural Equation Modeling, in Marcoulides, G.A.(Eds), Modern Methods for Business Research, Lawrence Eelbaum Associates, Mahwah, NJ, 1998a.
  31. Choi, N. J., Kim, D., Goo, J. Y., and Andrew W., "Knowing Is Doing: An Eempirical Validation of the Rrelationship between Managerial Information Security Awareness and Action," Information Management & Computer Security Vol.16, No.5, 2008, pp.484-501. https://doi.org/10.1108/09685220810920558
  32. Davies, S., "Re-Engineering the Right to Privacy: How Privacy Has Been Transformed from a Right to a Commodity," In P. Agre and M. Rotenberg(ed.), Technology and Privacy, 1998.
  33. Davis, F. D, Bagozzi, R. P., and Warshaw, P. R., "User Acceptance of Computer Technology: A Ccomparison of Two Theoretical Models," Management Science, Vol.35, No.8, 1989, pp.982-1003. https://doi.org/10.1287/mnsc.35.8.982
  34. Dubbeld, L., "The Role of Technology in Shaping CCTV Surveillance Practices," Information Communication & Society, Vol.8, No.1, 2005, pp.84-100. https://doi.org/10.1080/13691180500067142
  35. Eagly, A. H., and Caiken, S., The Psychology of Attitudes, Harcourt Brace Jovanvich. TX: Forth Worth, 1993.
  36. Engel, J. F., Blackwell, R. D., and Miniard, P. W., Consumer Behavior: International Edition (8 ed.), Forth Worth: The Dryden Press, 1995.
  37. Fiske, S. T., and Taylor, S. E., Social Cognition, NY: McGraw-Hill, Inc, 1991.
  38. Fornell, C. R., and Larcker, D. F., "Sturctural Equation Models with Unobservable Variables and Measurement Error," Journal of Marketing Research, Vol.18, No.3, 1981, pp.312-325.
  39. Gefen, D., Karahanna, E., and Straub, D. W., "Trust and TAM in Online Shopping: An Integrated Model," MIS Quarterly, Vol.27, No.1, 2003, pp.51-90. https://doi.org/10.2307/30036519
  40. Goodhue D., and Straub, D., "Security Concerns of System Users: A Study of Perception of the Adequacy of Security," Information & Management, Vol.20, No.1, 1991, pp.13-27. https://doi.org/10.1016/0378-7206(91)90024-V
  41. Harison, E., and Boonstra, A., "Essential Competencies for Technochange Management: Towards an Assessment Model," International Journal of Information Management, Vol. 29, No.4, 2009, pp.283-294. https://doi.org/10.1016/j.ijinfomgt.2008.11.003
  42. Jaime T., William J., and Benjamin B. B., "Personal Information Management," Communications of the ACM , Vol.49, No.1, January 2006, pp.412-425.
  43. Janine, L., "User Participation in Information System Security Risk Management," MIS Quarterly, Vol.34, No.3, 2010, pp.503-522. https://doi.org/10.2307/25750689
  44. Johnston, A. C., and Warkentin, M., "Fear Appeals and Information Security Behaviors: An Empirical Study," MIS Quarterly, Vol.34, No.3, 2010, pp.548-566.
  45. Ina o'merchu, Jahn, G. B., and Stefan, D., Online Social and Business Networking Communities, Digital Enterprise Research Institute Technical Report, 2004.
  46. King, R. C., and Xia, W., "Media Appropriateness: Effects of Experience on Communication Media Choice," Decision Sciences, Vol. 28, No.4. 1997, pp.877-910. https://doi.org/10.1111/j.1540-5915.1997.tb01335.x
  47. Lee, C., and Green, R. T., "Cross-Cultural Examination of the Fishbein Behavioral Intention Model," Journal of International Business Studies, Vol.22, No.2, 1991, pp.289-305. https://doi.org/10.1057/palgrave.jibs.8490304
  48. Lee, S. M., and Kim, Y. R., and Lee, J., "An Empirical Study of the Relationships among End-User Information Systems Acceptance, Training and Effectiveness," Journal of Management Information Systems, Vol.12, No.2. 1995, pp.189-202. https://doi.org/10.1080/07421222.1995.11518086
  49. Lee, Y., and Kozar, K. A., "Investigating Factors Affecting the Adoption of Anti-Spyware Systems," Communications of the ACM , Vol.48, No.8, 2005, pp.72-77. https://doi.org/10.1145/1076211.1076243
  50. Liang. H., and Xue. Y., "Understanding Security Behaviors in Personal Computer Usage: A Threat Avoidance Perspective," Journal of the Association for Information Systems, Vol.11, No.7, 2010, pp.394-413. https://doi.org/10.17705/1jais.00232
  51. Marrelli, A., "An Introduction to Competency Analysis and Modeling," Performance Improvement, Vol.37, No.5, 1998, pp.8-16. https://doi.org/10.1002/pfi.4140370505
  52. Mathieson, K., "Predicting User Intentions: Comparing the Technology Acceptance Model with the Theory of Planned Behavior," Information Systems Research, Vol.2, No.3, 1991. pp.173-191. https://doi.org/10.1287/isre.2.3.173
  53. McArthur, L. Z., Kiesler, C. A., and Cook, B. P. "Acting on an Attitudes as a Function of Delf-Percept and Iinequity," Journal of Personality and Social Psychology, Vol.12, No.1, 1969, pp.295-302. https://doi.org/10.1037/h0027789
  54. McClelland, D., "Testing for Competence Rather than for Intelligence," American Psychologist, Vol.28, No.1, 1973, pp.1-14. https://doi.org/10.1037/h0034092
  55. McLagan, P., Models of HRD Practice, ASTD Press, 1989.
  56. Mikko, S., "Neutralization: New Insights into the Problem of Employee Information Systems Security Policy Violations" MIS Quarterly, Vol.34, No.3, 2010, pp.487-502. https://doi.org/10.2307/25750688
  57. Munro, M. C., Huff, S. L., and Marcolin, B. L., and Compeau, D. R., "Understanding and Measuring User Competence," Information & Management, Vol.33, No.1, 1997, pp.45-57. https://doi.org/10.1016/S0378-7206(97)00035-9
  58. Ostrom, E., Private and Common Property Rights, On-line, Available : http://allserv.rug.ac.be/-gdegeest/ 2000book.pdf, 2002.
  59. Parry, S., "The Quest for Competencies," Training, Vol.33, No.7, 1996, pp.48-56.
  60. Ploeg, I. V. D., "Biometrics and Privacy," Information Communication & Society, Vol.6, No.1, 2003, pp.85-104. https://doi.org/10.1080/1369118032000068741
  61. Regan, P., "Privacy As a Common Good in the Digital World," Information Communication & Society, Vol.5, No.3, 2002, pp.382-405. https://doi.org/10.1080/13691180210159328
  62. Rhee, H. S., and Kim, C. T., and Young U. R., "Self-efficacy in Information Security: Its Influence on End Users' Information Security Practice Behavior," Science Direct, Computers & Security, Vol.28, No.8, 2009, pp.816-826. https://doi.org/10.1016/j.cose.2009.05.008
  63. Rholes, W. S., and Bailey, S. "The Effects of Level of Moral Reasoning on Consistency between Moral Attitudes and Related Behaviors," Social Cognition, Vol.2, No.1, 1983, pp.32-48. https://doi.org/10.1521/soco.1983.2.1.32
  64. Scott, W., "Consumer Socialization," Journal of Consumer Reserch, Vol.1, No.2, 1974, pp.2-3.
  65. Sheeran, P., and Taylor, S., "Predicting Intentions to Use Condoms: Meta-Analysis and Comparison of the Theories of Reasoned Action and Planned Behavior," Journal of Applied Social Psychology, Vol.29, No.3, 1997, pp.1624-1675.
  66. Smith B., Caputi P., and Rawstorne P., "Differentiating Computer Experience and Attitudes toward Computers: An Empirical Investigation," Computers in Human Behavior, Vol.16, No.1, 2000, pp.59-81. https://doi.org/10.1016/S0747-5632(99)00052-7
  67. Spencer, L., and Spencer, S., Competence at Work: A Model for Superior Performance, New York : Wiley, 1993.
  68. Tenenhaus, M., Vinzi, V. E., Chatelin, Y. M., and Lauro, C., "PLS Path Modeling," Computational Statistics & Data Analysis, Vol.48, No.1, 2005, pp.159-205. https://doi.org/10.1016/j.csda.2004.03.005
  69. Torkzadeh, G. and Lee, J., "Measures of Perceived End-User's Computing Skills," Information and Management, Vol.40, No.7, 2003, pp.607-615. https://doi.org/10.1016/S0378-7206(02)00090-3
  70. Venkatesh, V., Morris, M. G., Davis, G. B., and Davis, F. D., "User Acceptance of Information Technology: Toward a Unified View," MIS Quarterly, Vol.27, No.3, 2003, pp.425-478. https://doi.org/10.2307/30036540
  71. Warren, S. D., and Brandeis, L. D., "The Right to Privacy," Harvard Law Review, Vol.4, No.5, 1890, pp.193-220. https://doi.org/10.2307/1321160
  72. Weiss, S., "Online Social Networks and the Need for New Privacy Research in Information and Communication Technology," Third International Summer School Organized by IFIP WG 9.2, 9.6/117, 11.6, 2007.
  73. Westin, A., Privacy and Freedom, NY: Atheneum, 1967.
  74. Whitaker, R., The End of Privacy: How Total Surveillance is Becoming a Reality, New York: New Press, 1999.
  75. Williamson, O. E., "Calculativeness, Trust, andEconomic Orhanization," The Jouranl ofLaw & Economics, Vol.34, No.1, 1993,pp.453-502.
  76. Winter, S. J., Chudoba, K. M., and Gutek, B. A., "Attitudes Toward Computers: When Do They Predict Computer Use?," Information & management, Vol.34, No.5, 1998, pp.275-284. https://doi.org/10.1016/S0378-7206(98)00065-2
  77. KISA, http://www.kisa.or.kr, 2010.

Cited by

  1. Business Performance Impact Caused by Display Restriction of Customer Information Identifier: Focusing on Domestic Securities Business vol.22, pp.4, 2013, https://doi.org/10.5859/KAIS.2013.22.4.49