Journal of Digital Contents Society (디지털콘텐츠학회 논문지)

Digital Contents Society (한국디지털콘텐츠학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on the Factors of Experience and Habit on Information Security Behavior of New Services - based on PMT and UTAUT2

경험 및 습관이 신규서비스의 정보보호 행동에 미치는 요인에 대한 연구 - 보호 동기이론과 UTAUT2을 중심으로

  • Lee, Hong-Je (Department of IT Policy Management, Soongsil University) ;
  • Kho, Hyeong-Seog (Department of IT Policy Management, Soongsil University) ;
  • Roh, Eun-Hee (Department of College of Liberal Arts & Sciences, Hansung University) ;
  • Han, Kyeong-Seok (Department of Business Administration, Soongsil University)
  • Received : 2017.11.20
  • Accepted : 2018.01.29
  • Published : 2018.01.31
Download PDF
⟨ Previous Next ⟩

Abstract

This study aims to present policy implications by analyzing information security behavior factors of internet users. The research model, based on PMT and UTAUT2, consists of perceived threat, severity, social influence, self-efficacy, experience and habits, PC and privacy behaviors, security behaviors on new services and set demographic characteristics, use places of internet, use of paid products, and experiences of accident as moderate variables to analyze the effect on security behavior. The results showed that perceived severity, self-efficacy significantly influenced on experience and habits, and experience and habits and self-efficacy had a high influence on PC and privacy behavior. Also, PC and privacy behaviors have a high impact on security behavior of new services. Age, income, use of paid products, and experience of accidents have a moderating effects on security behaviors. The results of this study are expected to help policy decision making to improve the level of information security of internet users.

본 연구는 지능화된 보안 위협에 인터넷 이용자의 정보보호 행동 요인을 분석하여 정책적 시사점을 제안하고자 한다. 연구 모델은 보호동기이론과 UTAUT2를 기반으로, 인지된 위협, 심각성, 사회적 영향, 자기효능감, 정보보안 제품 이용 경험 및 습관, PC/개인정보보호 행동, 신규 서비스의 정보보호 행동으로 구성 하였고, 인구 통계학적 특성과 인터넷 사용 장소, 유료 보안제품 이용, 침해사고 경험 등을 조절변수로 하여 인터넷 이용자의 보안 행동에 미치는 영향을 분석하였다. 연구 결과는 인지된 심각성, 자기효능감이 보안 제품 이용 경험 및 습관에 높은 영향을 미쳤으며, 경험 및 습관, 자기효능감은 PC/개인정보보호 행동에 높은 영향을 미치고, PC/개인정보보호 행동은 신규 서비스의 보안 행동에 높은 영향을 미치는 것으로 나타났다. 연령, 소득, 유료 보안제품 이용, 침해사고 경험은 인터넷 이용자의 정보보안 행동에 조절효과가 있었다. 본 연구의 결과가 인터넷 이용자의 정보보호 수준 향상을 위한 정책 의사결정에 도움을 줄 것으로 기대한다.

Keywords

References

  1. Arekete, Samson, Princely Ifinedo, and Boluwaji Ade Akinnuwesi, "Antecedent factors to end-users' symbolic acceptance of enterprise systems: An analysis in Nigerian organization," in Adaptive Science & Technology (ICAST), 2014 IEEE 6th International Conference, pp. 1-8, 2014.
  2. Bandura, A., Adams, N. E., Hardy, A. B. and Howells, G. N, "Tests of the generality of self-efficacy theory," Cognitive therapy and research, Vol. 4, No. 1, pp. 39-66, 1980. https://doi.org/10.1007/BF01173354
  3. Chenoweth, Tim, Robert Minch, and Sharon Tabor, "Expanding views of technology acceptance: seeking factors explaining security control adoption," AMCIS 2007 Proceedings, 2007.
  4. Condiotte, Mark M., and Edward Lichtenstein, "Self-efficacy and relapse in smoking cessation programs," Journal of consulting and clinical psychology, Vol. 49, No. 5, 1981.
  5. Fruin, Donna J., Chris Pratt, and Neville Owen, "Protection motivation theory and adolescents' perceptions of exercise," Journal of Applied Social Psychology, Vol. 22, No. 1, pp. 55-69, 1992. https://doi.org/10.1111/j.1559-1816.1992.tb01521.x
  6. Gore, Thomas D., and Cheryl Campanella Bracken, "Testing the theoretical design of a health risk message: Reexamining the major tenets of the extended parallel process model," Health Education & Behavior, Vol. 32, No. 1, pp.27-41, 2005. https://doi.org/10.1177/1090198104266901
  7. Gurung, Anil, Xin Luo, and Qinyu Liao, "Consumer motivations in taking action against spyware: an empirical investigation," Information Management & Computer Security, Vol. 17, No. 3, pp. 276-289, 2009. https://doi.org/10.1108/09685220910978112
  8. Hanus, Bartlomiej, and Yu and Wu, "Impact of Users' Security Awareness on Desktop Security Behavior: A Protection Motivation Theory Perspective," Information Systems Management, Vol. 33, No. 1, pp.2-16, 2016. https://doi.org/10.1080/10580530.2015.1117842
  9. Hsu, Chien-Lung, Ming-Ren Lee, and Chien-Hui Su, "The role of privacy protection in healthcare information systems adoption," Journal of medical systems, Vol. 37, No. 5, 2013.
  10. Ifinedo, Princely, "Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory," Computers & Security, Vol. 31, No. 1, pp. 83-95, 2012. https://doi.org/10.1016/j.cose.2011.10.007
  11. Jee, B. S., Fan, L., Lee, S. C., & Suh, Y. H., "Personal Information Protection Behavior for Information Quality: Health Psychology Theory Perspectives," Journal of the Korean society for quality management, Vol. 39, No. 3, pp. 432-443, 2011.
  12. Johnston, Allen C., and Merrill Warkentin, "Fear appeals and information security behaviors: an empirical study," MIS quarterly, pp. 549-566, 2010.
  13. LaRose, R., Rifon, N., Liu, S., & Lee, D., "Understanding online safety behavior: A multivariate model," The 55th annual conference of the international communication association, New York, 2005.
  14. Liang, Huigang, and Yajiong Xue, "Understanding security behaviors in personal computer usage: A threat avoidance perspective," Journal of the Association for Information Systems, Vol. 11, No. 7, 2010.
  15. Maddux, James E., and Melinda A. Stanley, "Self-efficacy theory in contemporary psychology: An overview," Journal of Social and Clinical psychology, Vol. 4, No. 3, pp. 249-255, 1986. https://doi.org/10.1521/jscp.1986.4.3.249
  16. Maddux, James E., and Ronald W. Rogers, "Protection motivation and self-efficacy: A revised theory of fear appeals and attitude change," Journal of experimental social psychology, Vol. 19, No. 5, pp. 469-479, 1983. https://doi.org/10.1016/0022-1031(83)90023-9
  17. Milne, George R., Andrew J. Rohm, and Shalini Bahl, "Consumers' protection of online privacy and identity," Journal of Consumer Affairs, Vol. 38, No. 2, pp. 217-232, 2004. https://doi.org/10.1111/j.1745-6606.2004.tb00865.x
  18. Milne, Sarah, Paschal Sheeran, and Sheina Orbell, "Prediction and intervention in health‐related behavior: A meta‐analytic review of protection motivation theory," Journal of Applied Social Psychology, Vol. 30, No. 1, pp. 106-143, 2000. https://doi.org/10.1111/j.1559-1816.2000.tb02308.x
  19. Mohamed, Norshidah, and Ili Hawa Ahmad, "Information privacy concerns, antecedents and privacy measure use in social networking sites: Evidence from Malaysia," Computers in Human Behavior, Vol. 28, No. 6, pp. 2366-2375, 2012. https://doi.org/10.1016/j.chb.2012.07.008
  20. Rogers, Ronald W, "A protection motivation theory of fear appeals and attitude change," The journal of psychology, Vol. 91, No. 1, pp. 93-114, 1975. https://doi.org/10.1080/00223980.1975.9915803
  21. Rogers, Ronald W, "Cognitive and psychological processes in fear appeals and attitude change: A revised theory of protection motivation," Social psychophysiology: A sourcebook, pp. 153-176, 1983.
  22. Siponen, Mikko, Seppo Pahnila, and Adam Mahmood, "Employees' adherence to information security policies: an empirical study, in " IFIP International Information Security Conference, Boston, 2007.
  23. Venkatesh, V., Morris, M. G., Davis, G. B., & Davis, F. D., "User acceptance of information technology: Toward a unified view," MIS quarterly, pp. 425-478, 2003.
  24. Venkatesh, Viswanath, James YL Thong, and Xin Xu, "Consumer acceptance and use of information technology: extending the unified theory of acceptance and use of technology," MIS Quarterly, Vol. 36, No. 1, pp. 157-178, 2012.
  25. Wang, Ping An, and Easwar Nyshadham, "Knowledge of online security risks and consumer decision making: An experimental study," in 2011 44th Hawaii International Conference on System Sciences, 2011.
  26. Wang, Ping An, "Assessment of cyber security knowledge and behavior: An anti-phishing scenario, in " Proc. IEEE Int. Conf. Internet Monitor. Protection (ICIMP), p. 1-7, 2013.
  27. Wang, Ping An, "Information security knowledge and behavior: An adapted model of technology acceptance," in 2010 2nd International Conference on Education Technology and Computer, Vol. 2, pp. 364-367, 2010.
  28. Witte, K, The handbook of communication and emotion: Research, theory, applications, and contexts, in P. A.Andersen & L. K.Guerrero Eds. San Diego, CA: Academic Press, pp. 423-450, 1998.
  29. Witte, Kim, "Fear control and danger control: A test of the extended parallel process model (EPPM)," Communications Monographs, Vol. 61, No. 2, pp. 113-134, 1994. https://doi.org/10.1080/03637759409376328
  30. Woon, Irene, Gek-Woo Tan, and R. Low, "A protection motivation theory approach to home wireless security," ICIS 2005 proceedings, 2005.
  31. Youn, Seounmi, "Teenagers' perceptions of online privacy and coping behaviors: a risk-benefit appraisal approach," Journal of Broadcasting & Electronic Media, Vol. 49, No. 1, pp. 86-110, 2005. https://doi.org/10.1207/s15506878jobem4901_6
  32. Kim, Sang-Hoon, and Gab-Su Lee, "An Empirical Study on Influencing Factors of Using Information Security Technology," Journal of Society for e-Business Studies, Vol. 20, No. 4, pp. 151-175, 2015. https://doi.org/10.7838/jsebs.2015.20.4.151
  33. Park, Chanouk, and Sang-Woo Lee, "A Study of the User Privacy Protection Behavior in Online Environment: Based on Protection Motivation Theory," Journal of Internet Computing and Services, Vol. 15, No. 2, pp. 59-71, 2014. https://doi.org/10.7472/jksii.2014.15.2.59
  34. Lee, Sang-Gi, Sei-Yoon Lee, and Jeong-Chul Kim, "A Study on Security Vulnerability Management in Electric Power Industry IoT," Journal of Digital Contents Society, Vol 17, No. 6, pp. 499-507, 2016 https://doi.org/10.9728/dcs.2016.17.6.499
  35. Park, H. S., and S. Kim, "An Empirical Study on SNS Users' Privacy Protection Behaviors," Management and Economics, Vol. 46, No. 2, pp. 69-91, 2013.
  36. Jung, J. W, Empirical study on acceptance of personal information protection technology in the 'Smart' era, Ph.D. dissertation, Busan University, Busan, 2012.
  37. KISA. 2016 Survey on Information Security Individual. Available:https://isis.kisa.or.kr/board/?pageId=060200.
  38. KISA. Cyber Threat Trend Report (Q3 2017). Available: https://www.boho.or.kr/data/reportView.do?bulletin_writing_sequence=26797.