Journal of Convergence for Information Technology (융합정보논문지)

Convergence Society for SMB (중소기업융합학회)
권호 표지
DOI QR코드

DOI QR Code

Analysis of the Effects of Information Security Policy Awareness, Information Security Involvement, and Compliance Behavioral Intention on Information Security behavior : Focursing on Reward and Fairness

정보보안 정책 인식과 정보보안 관여성, 준수 의도성이 정보보안 행동에 미치는 영향 분석: 보상 차원과 공정성 차원을 중심으로

  • Hu, Sung-ho (Department of Psychology, Chung-Ang University) ;
  • Hwang, In-ho (Department of General Education, Kookmin University)
  • Received : 2020.11.07
  • Accepted : 2020.12.20
  • Published : 2020.12.28
Download PDF
⟨ Previous Next ⟩

Abstract

The aim of this study to assess the effect of information security policy awareness, information security involvement, compliance behavioral intention on information security behavior The research method is composed of a cross-sectional design of reward and fairness. This paper focuses on the process of organizational policy on the information security compliance intention in the individual decision-making process. As a result, the reward had a significant effect on compliance behavioral intention, and it was found that influence of the psychological reward-based condition was greater than the material reward-based condition. The fairness had a significant effect on information security policy awareness, information security involvement, information security behavior, and it was found that influence of the equity-based condition was greater than the equality-based condition. The exploration model was verified as a multiple mediation model. In addition, the discussion presented the necessary research direction from the perspective of synergy by the cultural environment of individuals and organizations.

본 연구의 목적은 정보보안 정책 인식, 정보보안 관여성, 준수 의도성이 정보보안 행동에 미치는 영향력을 분석하는 것이다. 연구 방법은 보상 차원과 공정성 차원의 교차설계로 구성되었고, 조직적인 차원의 정책이 개인의 의사결정 수준에서 발생하는 정보처리 단계를 통해 정보보안 준수의도로 나타나는 과정에 주안점을 두었다. 연구 결과, 보상 차원은 준수 의도성에 유의미한 영향을 미치고 있었으며, 심리적 조건의 영향력이 물질적 조건보다 더 큰 것으로 나타났다. 공정성 차원은 정보보안 정책 인식, 정보보안 관여성, 정보보안 행동에 유의미한 영향을 미치고 있었으며, 형평성 조건의 영향력이 동등성 조건보다 더 큰 것으로 나타났다. 결과적으로 도출한 결과 모형은 측정변인으로 재구성된 복합 매개모형으로 확인되었고, 개인과 조직의 문화적 환경에 의한 시너지 관점에서 필요한 연구 방향을 논의하였다.

Keywords

References

  1. B. Khan, K. S. Alghathbar, S. I. Nabi & M. K. Khan. (2011). Effectiveness of information security awareness methods based on psychological theories. African Journal of Business Management, 5(26), 10862-10868. DOI : 10.5897/AJBM11.067
  2. R. W. Lee, I. H. Hwang & S. H. Hu. (2017). Exploratory research of information security strategy focused on human factors. The Journal of General Education, 6, 103-124. https://doi.org/10.24173/jge.2017.12.6.4
  3. J. D'Arcy & P. L. Teh. (2019). Predicting employee information security policy compliance on a daily basis: The interplay of security-related stress, emotions, and neutralization. Information & Management, 56(7), 103151. DOI : 10.1016/j.im.2019.02.006.
  4. I. Hwang, R. Wakefield, S. Kim & T. Kim. (2019). Security awareness: The first step in information security compliance behavior. Journal of Computer Information Systems, 1-12. DOI : 10.1080/08874417.2019.1650676
  5. H. Lee & J. Kim. (2018). A convergence study on the structural relationships among emotional labor and work performance of information security professionals. Journal of the Korea Convergence Society, 9(1), 67-74. DOI : 10.15207/JKCS.2018.9.1.067.
  6. Verizon. (2020). 2020 data breach investigations report.
  7. Grandviewresearch. (2019). Cyber security market size, share & trends analysis report by component, by security type, by solution, by service, by deployment, by organization, by application, and segment Forecasts, 2019 - 2025. https://www.globenewswire.com.
  8. L. Tredinnick. (2008). Digital information culture: the individual and society in the digital age, Amsterdam : Elsevier.
  9. M. I. Merhi & P. Ahluwalia. (2019). Examining the impact of deterrence factors and norms on resistance to information systems security. Computers in Human Behavior, 92, 37-46. DOI : 10.1016/j.chb.2018.10.031
  10. P. Van Schaik, K. Renaud, C. Wilson, J. Jansen, & J. Onibokun. (2020). Risk as affect: The affect heuristic in cybersecurity. Computers & Security, 90, 101651. https://doi.org/10.1016/j.cose.2019.101651
  11. S. Aurigemma & T. Mattson, (2017). Deterrence and punishment experience impacts on ISP compliance attitudes. Information and Computer Security, 25(4), 421-436. DOI : 10.1108/ICS-11-2016-0089.
  12. J. Cho, J. Yoo & J. I. Lim. (2019). An Impact Analysis of Information Security Professional's Job Stress and Job Satisfaction to Turnover Intention: Moderation of Organizational Justice. The Journal of Society for e-Business Studies, 24(3), 143-161.
  13. A. P. Getman, O. G. Danilyan, A. P. Dzeban, Y. Y. Kalinovsky, & Y. A. Hetman. (2020). Information security in modern society: Sociocultural aspects. Amazonia Investiga, 9(25), 6-14.
  14. J. G. Paolillo & S. J. Vitell. (2002). An empirical investigation of the influence of selected personal, organizational and moral intensity factors on ethical decision making. Journal of Business Ethics, 35(1), 65-74. https://doi.org/10.1023/A:1012648521593
  15. M. L. Foulds. (1971). Changes in locus of internal-external control: A growth group experience. Comparative Group Studies, 2(3), 293-300. DOI : 10.1177/104649647100200303
  16. J. Cameron & W. D. Pierce. (1994). Reinforcement, reward, and intrinsic motivation: A meta-analysis. Review of Educational research, 64(3), 363-423. DOI : 10.3102/00346543064003363
  17. E. A. Mannix, M. A. Neale & G. B. Northcraft. (1995). Equity, equality, or need? The effects of organizational culture on the allocation of benefits and burdens. Organizational Behavior and Human Decision Processes, 63(3), 276-286. https://doi.org/10.1006/obhd.1995.1079
  18. M. Siponen, S. Pahnila & M. A. Mahmood. (2010). Compliance with information security policies: An empirical investigation. Computer, 43(2), 64-71. DOI : 10.1109/MC.2010.35
  19. P. Ifinedo. (2014). Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition. Information & Management, 51(1), 69-79. DOI : 10.1016/j.im.2013.10.001
  20. E. Albrechtsen. (2007). A qualitative study of users' view on information security. Computers & Security, 26(4), 276-289. DOI : 10.1016/j.cose.2006.11.004
  21. A. E. Howe, I. Ray, M. Roberts, M. Urbanska & Z. Byrne, (2012). The psychology of security for the home computer user. IEEE.
  22. B. Bulgurcu, H. Cavusoglu & I. Benbasat. (2010). Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS quarterly, 34(3), 523-548. https://doi.org/10.2307/25750690
  23. S. H. Hu. (2020). Analysis of the impact of military organization's safety culture on safety behavior: Focusing on the mediating effect of safety leadership. Journal of Advances in Military Studies, 3(2), 63-81. DOI : 10.37944/jams.v3i2.70
  24. S. H. Hu. (2020). A comparative study on job orientation between enterprises and job seekers: Focusing on the recruitment process. Journal of Digital Convergence, 18(7), 85-92. https://doi.org/10.14400/JDC.2020.18.7.085
  25. N. S. Safa, C. Maple, T. Watson & R. Von Solms. (2018). Motivation and opportunity based model to reduce information security insider threats in organisations. Journal of information security and applications, 40, 247-257. DOI : 10.1016/j.jisa.2017.11.001