DOI QR코드

DOI QR Code

A Firm's Environmental Determinants Impacting the Information Security Management and the Moderating Effects of Regulatory Influence

정보보안관리에 영향을 미치는 기업환경요소와 규제자 영향의 조절효과

  • Received : 2012.07.13
  • Accepted : 2012.08.13
  • Published : 2012.09.30

Abstract

According to the higher dependence of contemporary firms on data digitalization and the information technology, the role and importance of Information Security Management (ISM) is getting higher. Thus, there is a need to arrange proper procedure and a series of device within the organization in order to reduce diverse security risks, which take place from the inside and the outside of firm. In other words, prior examination for reinforcing recognition of ISM, and of a systematic performance method in the refined form is important. This study investigate the key variables influencing the ISM. Thus, this study suggests firm environmental factors that include four exogenous variables, market volatility, task interdependence, perceived benefits, and coordination mechanism affecting awareness of ISM. In addition, it proposes a concept of the ISM process with awareness, development, and performance, and examines the moderating effects of regulatory influence. The research model was tested by using Structural Equation Modeling, via SmartPLS 2.0 analysis on a sample collected from 186 employees in various industries. The research results provide the evidence that supports the tested hypotheses except significance of coordination mechanism. The implications of the findings suggest a new theoretical framework of the ISM and offers important solutions for the practical application guidelines.

Keywords

References

  1. 박용재, 임명환, "RFID 기술의 인식, 채택, 실행별 영향요인 분석," 한국경영과학회지, 제26권, 제3호(2009), pp.205-221.
  2. 이수열, "협력적 공급사슬관리가 참여기업 성과에 미치는 영향에 대한 연구," 한국경영과학회지, 제34권, 제3호(2009), pp.85-104.
  3. 이웅규, 권정일, "기술수용 모형과 전환비용의 관계 분석," 한국경영과학회지, 제37권, 제1호(2012), pp.89-104.
  4. Anderson, D.L. and R. Agarwal, "Practicing Safe Computing:A Multimethod Empirical Examination of Home Computer User Security Behavioral Intentions," MIS Quarterly, Vol.34, No.3(2010), pp.613-643. https://doi.org/10.2307/25750694
  5. Babatunde, D.A. and M.H. Selamat, "Investigating Information Security Management and Its Influencing Factors in the Nigerian Banking Industry:A Conceptual Model," International Journal on Social Science, Economics and Art, Vol.2, No.2(2012), pp.55-59.
  6. Bassellier, G. and I. Benbasat, "Business Competence of Information Technology Professionals: Conceptual Development and Influence on IT-Business Partnerships," MIS Quarterly, Vol.28, No.4(2004), pp.673-694. https://doi.org/10.2307/25148659
  7. Baker, W.H. and L. Wallace, "Is Information Security Under Control?," IEEE Security and Privacy, Vol.5, No.1(2007), pp.36-44. https://doi.org/10.1109/MSP.2007.11
  8. Boss, S.R., L.J. Kirsch, I. Angermmeier, R.A. Shingler, and R.W. Boss, "If Someone is Watching, I'll Do What I'm Asked:Mandatoriness, Control, and Information Security," European Journal of Information Systems, Vol.18, No.2(2009), pp.151-164.
  9. Brandon, D.P. and A.B. Hollingshead, "Transactive Memory Systems in Organizations: Matching Tasks, Expertise, and People," Organization Science, Vol.15, No.6(2004), pp.633-644. https://doi.org/10.1287/orsc.1040.0069
  10. Cavusoglu, H., B. Mishra, and S. Raghunathan, "A Model for Evaluating IT Security Investments," Communications of the ACM, Vol.47, No.7(2004), pp.87-92. https://doi.org/10.1145/1005817.1005828
  11. Chang, S.E. and C.B. Ho, "Organizational Factors to the Effectiveness of Implementing Information Security Management," Industrial Management and Data Systems, Vol.106, No.3(2006), pp.345-361. https://doi.org/10.1108/02635570610653498
  12. Chatterjee, D., R. Grewal, and V. Sambamurthy, "Shaping Up for E-Commerce:Institutional Enablers of the Organizational Assimilation of Web Technologies," MIS Quarterly, Vol.26, No.2(2002), pp.65-89. https://doi.org/10.2307/4132321
  13. Chau, P.Y.K. and K.Y. Tam, "Organizational Adoption of Open Systems:A 'Technology-Push, Need-Pull' Perspective," Information and Management, Vol.37, No.5(2000), pp.229-239. https://doi.org/10.1016/S0378-7206(99)00050-6
  14. Cooper, R. and R. Zmud, "Information Technology Implementation Research:A Technological Diffusion Approach," Management Science, Vol.36, No.2(1990), pp.123-139. https://doi.org/10.1287/mnsc.36.2.123
  15. Damanpour, F. and M. Schneider, "Phases of the Adoption of Innovation in Organizations :Effects of Environment, Organization and Top Managers," British Journal of Management, Vol.17, No.3(2006), pp.215-236. https://doi.org/10.1111/j.1467-8551.2006.00498.x
  16. Dhillon, G. and J. Backhouse, "Information System Security Management in the New Millennium," Communications of the ACM, Vol.43(2000), pp.125-128. https://doi.org/10.1145/341852.341877
  17. Doz, Y.L., P.M. Olk, and P.S. Ring, "Formation Processes of R&D Consortia:Which Path to Take? Where Does it Lead?," Strategic Management Journal, Vol.21, No.3(2000), pp.239-266. https://doi.org/10.1002/(SICI)1097-0266(200003)21:3<239::AID-SMJ97>3.0.CO;2-K
  18. Flanagin, A.J., "Social Pressures on Organizational Website Adoption," Human Communication Research, Vol.26, No.4(2000), pp.618-646. https://doi.org/10.1111/j.1468-2958.2000.tb00771.x
  19. Fornell, C. and D. Larcker, "Evaluating Structural Equation Models with Unobservable Variables and Measurement Error," Journal of Marketing Research, Vol.18, No.1(1981), pp. 39-50. https://doi.org/10.2307/3151312
  20. Goodhue, D.L. and E.W. Straub, "Security Concerns of System Users:A Study of Perceptions of the Adequacy of Security," Information and Management, Vol.20, No.1(1991), pp.13-27. https://doi.org/10.1016/0378-7206(91)90024-V
  21. Grover, V. and K.A. Saeed, "The Impact of Product, Market, and Relationship Characteristics on Interorganizational System Integration in Manufacturer-Supplier Dyads," Journal of Management Information Systems, Vol.23, No.4(2007), pp.185-216. https://doi.org/10.2753/MIS0742-1222230409
  22. Guo, K.H., Y. Yuan, N.P. Archer, and C.E. Connelly, "Understanding Nomnalicious Security Violations in the Workplace:A Composite Behavior Model," Journal of Management Information Systems, Vol.28, No.2(2011), pp.203-236. https://doi.org/10.2753/MIS0742-1222280208
  23. Gupta, A. and R. Hammond, "Information Systems Security Issues and Decisions for Small Business:An Empirical Examination," Information Management and Computer Security, Vol.13, No.4(2005), pp.297-310. https://doi.org/10.1108/09685220510614425
  24. Ho, C.R., Y.P. Chi, and Y.M. Tai, "A Structural Approach to Measuring Uncertainty in Supply Chains," International Journal of Electronic Commerce, Vol.9, No.3(2005), pp.91-114.
  25. Hsu, C., J.N. Lee, and D.W. Straub, "Institutional Influences on Information Systems Security Innovations," Information Systems Research, Vol.23, No.1(2012), pp.1-22. https://doi.org/10.1287/isre.1110.0352
  26. Hu, Q., P. Hart, and D. Cooke, "The Role of External and Internal Influences on Information Systems Security-A Neo-Institutional Perspective," The Journal of Strategic Information Systems, Vol.16, No.2(2007), pp.153-172. https://doi.org/10.1016/j.jsis.2007.05.004
  27. Kankanhalli, A., H.H. Teo, B.C.Y. Tan, and K.K. Wei, "An Integrative Study of Information Systems Security Effectiveness," International Journal of Information Management, Vol.23, No.2(2003), pp.139-154. https://doi.org/10.1016/S0268-4012(02)00105-6
  28. Kearns, G.S. and A.L. Lederer, "The Impact of Industry Contextual Factors on IT Focus and the Use of IT for Competitive Advantage," Information and Management, Vol.41, No.7(2004), pp.899-919. https://doi.org/10.1016/j.im.2003.08.018
  29. Keller, S., A. Powell, B. Horstmann, C. Predmore, and M. Crawford, "Information Security Threats and Practices in Small Business," Information System Management, Vol.22, No.2(2005), pp.7-19. https://doi.org/10.1201/1078/45099.22.2.20050301/87273.2
  30. Kuan, K.K.Y. and P.Y.K. Chau, "A Perception-Based Model for EDI Adoption in Small Businesses Using a Technology-Organization-Environment Framework," Information and Management, Vol.38, No.8(2001), pp.507-521. https://doi.org/10.1016/S0378-7206(01)00073-8
  31. Lee, Y. and K.A. Kozar, "An Empirical Investigation of Anti-Spyware Software Adoption: A Multitheoretical Perspective," Information and Management, Vol.45, No.2(2008), pp.109-119. https://doi.org/10.1016/j.im.2008.01.002
  32. Lee, Y. and K.R. Larsen, "Threat of Coping Appraisal:Determinants of SMB Executives' Decision to Adopt Anti-Malware Software," European Journal of Information Systems, Vol.18, No.2(2009), pp.177-187. https://doi.org/10.1057/ejis.2009.11
  33. Ma, Q. and P. Ratnasingam, "Factors Affecting the Objectives of Information Security Management," International Conference on Information Resources Management 2008 Proceedings, 2008.
  34. Nunnally, J.C., Psychometric theory, 2nd ed., New York:McGraw Hill, 1978.
  35. Pee, L.G., I.M.Y. Woon, and A. Kankanhalli, "Explaining Non-Work-Related Computing in the Workplace:A Comparison of Alternative Models," Information and Management, Vol.45, No.2(2008), pp.120-130. https://doi.org/10.1016/j.im.2008.01.004
  36. Rogers, E.M., Diffusion of Innovations, 5th ed., The Free Press, New York, 2003.
  37. Sharma, R. and P. Yetton, "The Contigent Effects of Management Support and Task Interdependence on Successful Information Systems Implementation," MIS Quarterly, Vol.27, No.4(2003), pp.533-556. https://doi.org/10.2307/30036548
  38. Sharma, R. and P. Yetton, "The Contingent Effects of Training, Technical Complexity, and Task Interdependence on Successful Information Systems Implementation," MIS Quarterly, Vol.31, No.2(2007), pp.219-238. https://doi.org/10.2307/25148789
  39. Shih, H.P., "Technology-Push and Communication- Pull Forces Driving Message-Based Coordination Performance," Journal of Strategic Information Systems, Vol.15, No.2(2006), pp.105-123. https://doi.org/10.1016/j.jsis.2005.08.004
  40. Spears, J.L. and H. Barki, "User Participation in Information Systems Security Risk Management," MIS Quarterly, Vol.34, No.3(2010), pp.503-522. https://doi.org/10.2307/25750689
  41. Straub, D.W., "Effective IS Security:An Empirical Study," Information Systems Research, Vol.1, No.3(1990), pp.255-276. https://doi.org/10.1287/isre.1.3.255
  42. Straub, D.W. and R.J. Welke, "Coping with Systems Risk:Security Planning Models for Management Decision Making," MIS Quarterly, Vol.22, No.4(1998), pp.441-469. https://doi.org/10.2307/249551
  43. Teo, H.H., K.K. Wei, and I. Benbasat, "Predicting Intention to Adopt Interorganizational Linkages:An Institutional Perspective," MIS Quarterly, Vol.27, No.1(2003), pp.19-49. https://doi.org/10.2307/30036518
  44. von Solms, B. and R. von Solms, "The 10 Deadly Sins of Information Security Management," Computers and Security, Vol.23, No.5(2004), pp.371-376. https://doi.org/10.1016/j.cose.2004.05.002
  45. Yeh, Q.J. and A.J.T. Chang, "Threats and Countermeasures for Information System Security: A Cross-Industry Study," Information and Management, Vol.44, No.5(2007), pp. 480-491. https://doi.org/10.1016/j.im.2007.05.003
  46. Yildirim, E.Y., G. Akalp, S. Aytac, and N. Bayram, "Factors Influencing Information Security Management in Small-and Medium-Sized Enterprises:A Case Study From Turkey," International Journal of Information Management, Vol.31, No.4(2011), pp.360-365. https://doi.org/10.1016/j.ijinfomgt.2010.10.006
  47. Yoo, Y. and M. Alavi, "Media and group cohesion: Relative influences on social presence, task participation, and group consensus," MIS Quarterly, Vol.25, No.3(2001), pp. 371-390. https://doi.org/10.2307/3250922
  48. Zhang, J., B.J. Reithel, and H. Li, "Impact of Perceived Technical Protection on Security Behaviors," Information Management and Computer Security, Vol.17, No.4(2009), pp. 330-340. https://doi.org/10.1108/09685220910993980
  49. Zumd, R.W., "Diffusion of Modern Software Practices:Influence of Centralization and Formalization," Management Science, Vol.28, No.12(1982), pp.1421-1431. https://doi.org/10.1287/mnsc.28.12.1421

Cited by

  1. An Empirical Study on Factors Influencing the Assimilation and Expected Benefits of Cloud Computing and the Moderating Effect of Organizational Readiness vol.30, pp.2, 2013, https://doi.org/10.7737/KMSR.2013.30.2.063
  2. Investigating of Psychological Factors Affecting Information Security Compliance Intention: Convergent Approach to Information Security and Organizational Citizenship Behavior vol.13, pp.8, 2015, https://doi.org/10.14400/JDC.2015.13.8.133