DOI QR코드

DOI QR Code

Moral Disengagement in Information Security Context: A Study of Antecedents and Outcomes

정보보안 상황에서의 도덕적 해방: 선행요인과 결과요인에 대한 연구

  • Received : 2013.08.28
  • Accepted : 2013.11.20
  • Published : 2013.11.28

Abstract

Every big online security breach seems to end in a big lecture. Thus, although a predominant weakness in properly securing information assets is the individual user within an organization, much of the focus of extant security research is on technical issues. The purpose of this study is to explain why insiders breach security policy by applying the moral disengagement theory. There are no consistent, widely accepted theories or theoretical frameworks in the literatures as to why insiders breach of information security, and therefore no clear, effective guidance on what to do to prevent employees from violating information security policy in organization. To do this, we theorize that moral disengagement may play a mediating role connecting stable individual differences to intention to breach security policy, because of some of the individual differences. We found that policy awareness and perceived punishment have a negatively significant effect on moral disengagement. However, negative affectivity has a positively significant influence on moral disengagement. Furthermore, moral disengagement has a positive effect on intention to breach security policy. Conclusions and implications are discussed.

최근 정보보안사고의 가장 큰 문제 중 하나가 조직 내 내부인임에도 불구하고 아직까지 보안사고의 원인을 기술적 문제에만 초점을 맞추고 있다. 이에 본 연구는 도덕적 해방이론을 기반으로 조직 내부인의 보안정책 이탈의도가 무엇인지 탐색해보고자 한다. 정보보안 분야에서 조직내부인의 보안정책 이탈을 설명하기 위해 사용되는 일반화된 이론은 전무하다. 따라서 본 도덕적 이탈 이론을 기반으로 정보보안을 위한 가이드라인을 제시하고자 한다. 분석결과 보안정책인지와 인지된 처벌은 도덕적 이탈에 부정적 영향을 미치는 것으로 나타났다. 반면에 정보보안에 대한 부정적 정서는 도덕적 해방에 긍정적 영향을 미치는 것으로 나타났다. 마지막으로 도덕적 해방은 보안정책 위반 의도에 긍정적 영향을 미치는 것으로 나타났다.

Keywords

References

  1. Alnuaimi, O. A., Robert Jr., L. P., and Maruping, L. M., Team Size, Dispersion, and Social Loafing in Technology-Supported Teams: A Perspective on the Theory of Moral Disengagement. Journal of Management Information Systems, Vol. 27, No. 1, pp. 203-230, 2010. https://doi.org/10.2753/MIS0742-1222270109
  2. Aroian, L. A., The probability function of the product of two normally distributed variables. Annals of Mathematical Statistics, Vol. 18, pp. 265-271, 1944.
  3. Ashforth, B. E., and Anand, V., The Normalization of Corruption in Organizations. In R. M. Kramer and B. M. Shaw (Eds.), Research in Organizational Behavior, Vol. 25, Amsterdam: Elsevier, pp. 1-52, pp. 2003.
  4. Bagozzi, R. P., Yi. Y. and Phillips, L. W., Assessing Construct Validity in Organizational Research. Administrative Science Quarterly, Vol. 36, No. 3, pp. 421-458, 1991. https://doi.org/10.2307/2393203
  5. Bandura, A., Social Foundations of Thought and Action: A Social Cognitive Theory. Englewood Cliffs, NJ: Prentice Hall, 1986.
  6. Bandura, A., Social Cognitive Theory of Moral Thought and Action. In W. M. Kurtines & J. L. Gewirtz (eds.), Handbook of Moral Behavior and Development: Theory, Research, and Applications, Hillsdale, NJ:Erlbaum, pp. 71-129, 1991.
  7. Bandura, A., Barbaranelli, C., Caprara, G. V., and Pastorelli, C., Mechanisms of Moral Disengagement in the Excercise of Moral Agency. Journal of Personality and Social Psychology, Vol. 71, No. 2, pp. 364-374, 1996. https://doi.org/10.1037/0022-3514.71.2.364
  8. Bandura, A., Caprara, G. V., Barbaranelli, C., and Pastorelli, C., Sociocognitive Self-Regulatory Mechanisms Governing Transgressive Behavior. Journal of Personality and Social Psychology, Vol. 80, No. 1, pp. 125-135, 2001. https://doi.org/10.1037/0022-3514.80.1.125
  9. Baron, R. M., and Kenny, D. A., The Moderator-Mediator Variable Distinction in Social Psychological Research: Conceptual, Strategic, and Statistical Considerations. Journal of Personality and Social Psychology, Vol. 51, pp. 1173-1182, 1986. https://doi.org/10.1037/0022-3514.51.6.1173
  10. Broardley, I. D., and Kavussanu, M., Development and Validation of the Moral Disengagement in Sport Scale. Journal of Sport & Exercise Psychology, Vol. 29, pp. 608-628, 2007. https://doi.org/10.1123/jsep.29.5.608
  11. Chan, M., Woon, R., and Kankanhalli, A., Perceptions of Information Security at the Workplace: Linking Information Security Climate to Compliant Behavior. Journal of Information Privacy and Security, Vol. 1, No. 3, pp. 18-41, 2005. https://doi.org/10.1080/15536548.2005.10855772
  12. Costello, A. B., and Osborne, J. W., Best Practices in Exploratory Factor Analysis: Four Recommendations for Getting the Most from Your Analysis. Practical Assessment, Research & Evaluation, Vol. 10, No. 7, pp. 1-9, 2005.
  13. D'Arcy, J., Hovav, A., and Galletta, D., User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach. Information Systems Research, Vol. 20, No. 1, pp. 79-98, 2009. https://doi.org/10.1287/isre.1070.0160
  14. Detert, J. R., Trevino, L. K., and Sweitzer, V. L., Moral Disengagement in Ethical Decision Making: A Study of Antecedents and Outcomes. Journal of Applied Psychology, Vol. 93, No. 2, pp. 374-391, 2008. https://doi.org/10.1037/0021-9010.93.2.374
  15. Foltz, C. B., Schwager, P. H., and Anderson, J. E., Why Users (Fail to) Read Computer Usage Policies. Industrial Management & Data Systems, Vol. 108, No. 6, pp. 701-712, 2008. https://doi.org/10.1108/02635570810883969
  16. Fornell, C., and Larcker, D. F., Evaluating Structural Equation Models with Unobservable Variables and Measurement Error. Journal of Marketing Research, Vol. 18, No. 1, pp. 39-50, 1981. https://doi.org/10.2307/3151312
  17. Goel, S., and Chengalur-Smith, I. M., Metrics for Characterizing the Form of Security Policies. Journal of Strategic Information Systems, Vol. 19, pp. 281-295, 2010. https://doi.org/10.1016/j.jsis.2010.10.002
  18. Goodman, L. A., On the Exact Variance of Products. Journal of the American Statistical Association, Vol. 55, pp. 708-713, 1960. https://doi.org/10.1080/01621459.1960.10483369
  19. Hair, Jr., J. F., Black, W. C., Babin, B. J., Anderson, R. E., and Tatham, R. L., Multivariate Data Analysis, 6th eds. Pearson International Edition, 2006.
  20. Hair, Jr., J. F., Ringle, C. M, and Sarstedt, M., Partial Least Squares Structural Equation Modeling: Rigorous Applications, Better Results and Higher Acceptance. Long Range Planning, Vol. 46, pp. 1-12, 2013. https://doi.org/10.1016/j.lrp.2013.01.001
  21. Hair, J. F., Sarstedt, M., Ringle, C. M., and Mena, J. A., An Assessment of the Use of Partial Least Squares Structural Equation Modeling in Marketing Research. Journal of Academy of Marketing Science, Vol. 40, pp. 414-433, 2012. https://doi.org/10.1007/s11747-011-0261-6
  22. Henson, R. K., and Roberts, J. K., Use of Exploratory Factor Analysis in Published Research: Common Errors and Some Comment on Improved Practice. Educational and Psychological Measurement, Vol. 66, No. 3, pp. 393-416, 2006. https://doi.org/10.1177/0013164405282485
  23. Herath, T., and Rao, H. R., Encouraging Information Security Behaviors in Organizations: Role of Penalties, Pressures and Perceived Effectiveness. Decision Support Systems, Vol. 47, No. 2, pp. 154-165, 2009a. https://doi.org/10.1016/j.dss.2009.02.005
  24. Herath, T., and Rao, H. R., Protection Motivation and Deterrence: A Framework for Security Policy compliance in Organisations. European Journal of Information Systems, Vol. 18, No. 2, pp. 106-225, 2009b. https://doi.org/10.1057/ejis.2009.6
  25. Hyde, L. W., Sahw, D. S., and Moilanen, K. L., Developmental Precursors of Moral Disengagement and the Role of Moral Disengagement in the Development of Antisocial Behavior. Journal of Abnormal Child Psychology, Vol. 38, pp. 197-209, 2010. https://doi.org/10.1007/s10802-009-9358-5
  26. Johnston, A. C., and Warkentin, M., Fear Appeals and Information Security Behaviors: An Empirical Study. MIS Quarterly, Vol. 34, No. 1, pp. 1-20, 2010. https://doi.org/10.2307/20721412
  27. Kahn, J. H., Factor Analysis in Counseling Psychology Research, Training, and Practice: Principles, Advances, and Applications. Counseling Psychologist, Vol. 34, No. 5, pp. 684-718, 2006. https://doi.org/10.1177/0011000006286347
  28. Malhotra, N., Kim, S. and Patil, A., Common Method Variance in IS Research: A Comparison of Alternative Approaches and a Reanalysis of Past Research. Management Science, Vol. 52, No. 12, pp. 1865-1883, 2006. https://doi.org/10.1287/mnsc.1060.0597
  29. Margolis, J. D., and Mlinsky, A., Navigating the Bind of Necessary Evils: Psychological Engagement and the Production of Interpersonally Sensitive Behavior. Academy of Management Journal, Vol. 51, No. 5, pp. 847-872, 2008. https://doi.org/10.5465/AMJ.2008.34789639
  30. McAlister, A. L., Bandura, A., and Owen, S. V., Mechanisms of Moral Disengagement in Support of Military Force: The Impact of Sept. 11. Journal of Social and Clinical Psychology, Vol. 25, No. 2, pp. 141-165, 2006. https://doi.org/10.1521/jscp.2006.25.2.141
  31. Pavlou, P., Liang, H. and Xue, Y., Understanding and Mitigating Uncertainty in Online Exchange Relationships: A Principal-Agent Perspective. MIS Quarterly, Vol. 31, No. 1, pp. 105-136, 2007. https://doi.org/10.2307/25148783
  32. Pelton, J., Gound, M., Forehand, R., and Brody, G., The Moral Disengagement Scale: Extension with an American Minority Sample. Journal of Psychopathology and Behavioral Assessment, Vol. 26, No. 1, pp. 31-39, 2004. https://doi.org/10.1023/B:JOBA.0000007454.34707.a5
  33. Podsakoff, P. M., Lee, J. Y. and Podsakoff, N. P., Common Method Biases in Behavioral Research: A Critical Review of the Literature and Recommended Remedies. Journal of Applied Psychology, Vol. 88, No. 5, pp. 879-903, 2003. https://doi.org/10.1037/0021-9010.88.5.879
  34. Preacher, K. J., and Hayes, A. F., SPSS and SAS Procedures for Estimating Indirect Effects in Simple Mediation Models. Behavior Research Methods, Instruments, & Computers, Vol. 36, pp. 717-731, 2004. https://doi.org/10.3758/BF03206553
  35. Ringle, C. M., Wende, S., and Will, A., SmartPLS 2.0(beta). Hamburg, Germany, 2005.
  36. Siponen, M., and Vance, A., Neutralization; New Insights into the Problem of Employee Information Security Policy Violations. MIS Quarterly, Vol. 34, No. 3, pp. 487-502, 2010. https://doi.org/10.2307/25750688
  37. Sobel, M. E., Asymptotic Intervals for Indirect Effects in Structural Equations Models. In S. Leinhart (Ed.), Sociological Methodology. San Francisco: Jossey-Bass, pp. 290-312, 1982.
  38. Sosik, J. J., Kahai, S. S., and Piovoso, M. J., Silver Bullet or Voodoo Statistics? A Primer for Using Partial Least Squares Data Analytic Technique in Group and Organization Research. Group & Organization Management, Vol. 34, No. 1, 5-36, 2009. https://doi.org/10.1177/1059601108329198
  39. Sykes, G. M., and Matza, D., Techniques of Neutralization: A Theory of Delinquency. American Sociological Review, Vol. 22, pp. 664-670, 1957. https://doi.org/10.2307/2089195
  40. Symantec, What's Yours is Mine: How Employees are Putting Your Intellectual Property at Risk. Ponemon Institute White Paper, 2013.
  41. White, J., Bandura, A., and Bero, L. A., Moral Disengagement in the Corporate World. Accountability in Research, Vol. 16, pp. 41-74, 2009. https://doi.org/10.1080/08989620802689847
  42. Yim, M. S., Understanding an Employee Information Systems Security Violations. Journal of Digital Policy and Management, Vol. 11, No. 2, pp. 19-32, 2013.
  43. Yoon, C., Theory of Planned Behavior and Ethics Theory in Digital Piracy: An Integrated Model. Journal of Business Ethics, Vol. 100, No. 3, pp. 405-417, 2011. https://doi.org/10.1007/s10551-010-0687-7

Cited by

  1. A Study on the Relationship between Customer and Supplier Network and Innovation Performance: Focused on Mediating Effect of T-Shaped Skill vol.13, pp.1, 2015, https://doi.org/10.14400/JDC.2015.13.1.93