Journal of Navigation and Port Research (한국항해항만학회지)

Korean Institute of Navigation and Port Research (한국항해항만학회)
권호 표지
DOI QR코드

DOI QR Code

The Influence of Information Security Behaviors on Information Security Performance in Shipping and Port Organization

해운항만조직의 정보보안이행이 정보보안성과에 미치는 영향

  • Kang, Da-Yeon (Division of Shipping Management, Tongmyong University) ;
  • Chang, Myung-Hee (Division of Shipping Management, Korea Maritime and Ocean University)
  • 강다연 (동명대학교 해운경영학과) ;
  • 장명희 (한국해양대학교 해운경영학부)
  • Received : 2016.06.20
  • Accepted : 2016.08.29
  • Published : 2016.08.31
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, as cases of organizations' information disclosure occur continuously, it is urgent to manage security of information and establish measures to enhance security of information by an organization itself. Especially, members of an organization should be prepared with measures for information security, and an organization should do its efforts to raise its members' awareness toward information security. I set a research model to verify what effects an organization's fulfillment of regulations to secure information brings to performance of information security and selected members from maritime and port organizations and financial and insurance institutes as sample. Results of the analysis to identify factors affecting information security performance among members of maritime and port organizations are as follows. Firstly, I found that the factors affecting information security awareness are information security attitude and information security standards. Secondly, the factor giving influence on information security policy of an organization was found to be information security standards. In contrast, information security punishments and information security training were verified not to give influence on compliance of information security policy. Thirdly, information security awareness was identified to give significant influence on compliance of information security policy, information security competence and information security behavior. Fourthly, compliance of information security policy was verified to be those factors that give influence on information security competence and information security behavior. Lastly, information security competence and information security behavior were found to be such factors that give influence on information security performance.

최근 조직의 정보유출사고가 연이어 발생하면서 조직차원에서 정보보안 관리와 정보보안대책 수립이 시급하다. 특히 조직구성원들의 정보보안 관리 강화 방안을 마련하고 조직구성원들의 정보보안 인식의 제고를 위해 노력을 기울여야 한다. 조직의 정보보안이행 정도가 정보보안성과에 미치는 영향을 확인하기 위한 연구모형을 설정하였으며, 표본 집단으로 해운 항만조직과 금융 보험 조직의 구성원들을 선정하였다. 구조방정식 모형을 이용하여 결과요인을 도출하였으며 설문지를 통해 수집된 데이터를 실증적으로 분석하였다. 해운 항만조직 구성원을 대상으로 정보보안성과에 영향을 미치는 요인을 분석한 결과는 다음과 같다. 첫째, 정보보안인식에 영향을 미치는 요인으로 정보보안태도, 정보보안관심도로 확인되었으며, 둘째, 조직의 정보보안정책에 영향을 미치는 요인으로는 정보보안규범인 것으로 확인되었다. 반면에 정보보안처벌과 정보보안교육은 정보보안정책 준수에 영향을 미치지 않는 것으로 확인되었다. 셋째, 정보보안인식은 정보보안정책준수, 정보보안능력, 정보보안행동에 유의한 영향을 미치는 것으로 확인되었다. 넷째, 정보보안정책준수는 정보보안능력과 정보보안행동에 영향을 미치는 요인으로 확인되었다. 마지막으로 정보보안능력과 정보보안행동은 정보보안성과에 영향을 미치는 요인으로 확인되었다.

Keywords

References

  1. Berejikian, J. D.(2002), "A Cognitive Theory of Deterrence", Journal of Peace Research, Vol. 39, No. 2, pp. 165-183. https://doi.org/10.1177/0022343302039002002
  2. Bulgurcu, B., Cavusoglu, H., and Benbasat I.(2010), "Information Security Policy Com- pliance: An Empirical Study of Rationality -Based Beliefs and Information Security Awareness", MIS Quarterly, Vol. 34, No. 3, pp. 523-548. https://doi.org/10.2307/25750690
  3. Chen, C. C., Medlin, B. D., and Shaw, R. S.(2008), "A Cross-Cultural Investigation of Situational Information Security Awareness Programs", Information Management and Computer Security, Vol. 16, No. 4, pp. 360-376. https://doi.org/10.1108/09685220810908787
  4. Choi, N., Kim, D., Goo, J. and Whitmore, A.(2008), "Knowing is Doing: An Empirical Validation of the Relationship between Managerial Information Security Awareness and Action", Information Management and Computer Security, Vol .16, No. 5, pp. 484-501. https://doi.org/10.1108/09685220810920558
  5. Drevin, L., Kruger, H. A. and Steyn, T.(2007), "Value Focused Assessment of ICT Security Awareness in an Academic Environment", Computers and Security, Vol .26, No. 1, pp. 36-43. https://doi.org/10.1016/j.cose.2006.10.006
  6. Frank, J., Shamir, B. and Briggs, W.(1991), "Security-related Behavior of PC Users in Organizations", Information and Management, Vol. 21, No. 3, pp. 127-135. https://doi.org/10.1016/0378-7206(91)90059-B
  7. Goodhue, D. L. and Straub, D. W.(1991), "Security Concerns of System User: A Study of Perceptions of the Adequacy of Security", Information and Management, Vol. 20, No. 1, pp. 13-27. https://doi.org/10.1016/0378-7206(91)90024-V
  8. Govindarajan, V. and Fisher, J(1990)., "Strategy, Control Systems, and Resource Sharing: Effects on Business-unit Performance", The Academy of Management Journal, Vol. 33, No. 2, pp. 259-285. https://doi.org/10.2307/256325
  9. Ha, S. W. and Kim, H. J.(2013), "The Effects of User's Security Awareness on Password Security Behavior", Journal of Digital Contents Society Vol. 14 No. 2, pp. 179-189. https://doi.org/10.9728/dcs.2013.14.2.179
  10. Kang, D. Y. and Chang, M. H.(2012), "Factors Influencing on the Compliance of Information Security Policy of Workers of Shipping and Port Organization", The Korea Port Economic Association, Vol. 28, No. 1, pp. 1-23.
  11. Kang, J. Y.(2013), "A Study on the Systematized and Unified Plan of Port Logistics Security Management System" Journal of Law and Politics research, Vol. 13, No. 2, pp. 389-436.
  12. Kankanhalli, A., Teo, H. H., Tan, B. C. Y. and Wei, K. (2003), "An Integrative Study of Information Systems Security Effectiveness", International Journal of Information Manage- ment, Vol. 23, No. 2, pp. 139-154. https://doi.org/10.1016/S0268-4012(02)00105-6
  13. Kim, H. j. and Ahn, J. H.(2013), "An Empirical Study of Employee's Deviant Behavior for Improving Efficiency of Information Security Governance", Society for e-Business Studies, Vol. 18, No. 1, pp. 147-164. https://doi.org/10.7838/jsebs.2013.18.1.147
  14. Kim, S. H. and Song, Y. M.(2011), "An Empirical Study on Motivational Factors Influencing Information Security Policy Com- pliance and Security Behavior of End-Users (Employees) in Organizations", The e-Business Studies, Vol. 12, No. 3, pp. 327-249. https://doi.org/10.15719/geba.12.3.201109.327
  15. Knapp, K. J., Marshall, T. E., Rainer, R. K., and Ford, F. N.(2005), "Managerial Dimensions in Information Security: A Theoretical Model of Organizational Effectiveness. White Paper", Information Systems Security Certification Consortium (ISC), Vol. 2.
  16. Layton, T.(2005), Information Security Awareness : The Psychology behind the Technology, AuthorHouse.
  17. Lebow, R. and Stein. J.(1990), "Deterrence: The Elusive Dependent Variable", World Politics, Vol. 42, No. 3, pp. 336-369. https://doi.org/10.2307/2010415
  18. Lee, S. M., Lee,. S. G. and Yoo. S.(2004), "An Integrative Model of Computer Abuse Based on Social Control and General Deterrence Theories", Information and Management, Vol. 41, No. 6, pp. 707-718. https://doi.org/10.1016/j.im.2003.08.008
  19. Lee, S. J. and Lee, M. J.(2008), "An Exploratory Study on the Information Security Culture Indicator", Informatization policy, Vol. 15, No.3, pp.100-119.
  20. Nosworthy, J.(2000), "Implementing Information Security in the 21st Century-do You Have the Balancing Factors?", Computer and Security, Vol. 19, No. 4, pp. 337-347. https://doi.org/10.1016/S0167-4048(00)04021-9
  21. Park, C. J. and Yim, M. S.(2012), "An Understanding of Impact of Security Counter- measures on Persistent Policy Compliance", The Society of Digital Policy & Management, Vol. 10, No. 4, pp. 23-35.
  22. Park, I. B. and Kim, J. D.(2011), "A Study on the Policy Management for Industrial Security's Culture", The Journal of Korean Association for Industry Security, Vol. 2, No.1, pp. 33-46.
  23. Park, J. Y.(2012), "An Analysis on Training Curriculum for Educating Information Security Experts", Management Information Systems Review, Vol. 31, No. 1, pp.149-165. https://doi.org/10.29214/damis.2012.31.1.007
  24. Park, S. S.(2007), "Concept of Strategy in Organizational Information Security", Journal of Information and Security, Vol. 7, No. 3, pp. 15-24.
  25. Rezgui, Y., and Marks, A.(2008), "Information Security Awareness in Higher Education: An Exploratory Study", Computers and Security, Vol. 27 No. 7-8, pp. 241-253. https://doi.org/10.1016/j.cose.2008.07.008
  26. Stanton, J., Stam, K., Mastrangelo, P., Jolton, J.(2005), "Analysis of End User Security Behaviors", Computers and Security, Vol. 24, No. 2, pp. 124-133. https://doi.org/10.1016/j.cose.2004.07.001
  27. Siponen, M. T.(2000), "A Conceptual Foundation for Organization Information Security Awareness", Information Management and Computer Security, Vol. 8, No. 1, pp. 31-41. https://doi.org/10.1108/09685220010371394
  28. Siponen, M., Pahnila S., and Mahmood, M. A.(2010), "Compliance with Information Security Policies: An Empirical Investigation", Computer, Vol. 43, No. 2, pp. 64-71. https://doi.org/10.1109/MC.2010.35
  29. Sun, H. G.(2005), "Impacts of Information Security Policies and Organizations on the Information Security Performance in Korean Enterprises", The Korea Society of Management Information Systems proceedings, Vol. 2005, No. 1, pp. 1087-1095.
  30. Woo, S. H.(2012), "A Study on Security Capability of IDPS", The Institute of Electronics and Information Engineers-CI, Vol. 49, No. 4, pp.9-15. https://doi.org/10.5573/ieek.2012.49.11.009
  31. Workman, M., and Gathegi, J.(2006), "Puni- shment and Ethics Deterrents: A Study of Insider Security Contravention", Journal of the American Society for Information Science and Technology, Vol. 58, No. 2, pp. 212-222. https://doi.org/10.1002/asi.20474
  32. Yim, M. S.(2012), "A Path Way to Increase the Intention to Comply with Information Security Policy of Employees", The Society of Digital Policy & Management, Vol. 10, No. 10, pp. 119-128.