The Journal of Information Systems (한국정보시스템학회지:정보시스템연구)

Korea Association of Information Systems (한국정보시스템학회)
권호 표지
DOI QR코드

DOI QR Code

The Impact of Organizational Information Security Climate on Employees' Information Security Participation Behavior

조직의 정보보안 분위기가 조직 구성원의 정보보안 참여 행동에 미치는 영향

  • Received : 2020.10.29
  • Accepted : 2020.12.04
  • Published : 2020.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

Purpose Although examining the antecedents of employees' extra-role behavior (i.e. information security participation behavior) in the information security context is significant for researchers and practitioners, most behavioral security studies have focused on employees' in-role behavior (i.e. information security policy compliance). Thus, this research addresses this gap by investigating how organizational information security climate influences information security participation behavior based on social information processing theory and Griffin and Neal's safety model. Design/methodology/approach We developed a research model by applying Griffin and Neal's safety model to the information security context and then tested our research model by conducting an online survey for employees of organizations with information security policies. Structural equation modeling (SEM) with SmartPLS 3.3.2 is used to test the corresponding hypothesis. Findings Our results show that organizational information security climate, information security knowledge, information security motivation are effective in motivating information security participation behavior. Also, we find that organizational information security climate positively influences both information security knowledge and information security motivation. Our findings emphasize the importance of organizational information security climate because it is capable of affecting employees on information security participation behavior. Our study contributes to the literature on information security by exploring the role of organizational information security climate in enhancing employees' information security participation behavior.

Keywords

Acknowledgement

이 저서(논문·예술연구)는 연세대학교 학술연구비의 지원으로 이루어진 것임.

References

  1. 김기식, 박영석, "안전 분위기가 안전 행동 및 사고에 미치는 효과," 한국심리학회지: 산업 및 조직, 제15권, 제1호, 2020, pp. 19-39. https://doi.org/10.17315/KJHP.2010.15.1.002
  2. 김영민, "물류 안전 분위기가 물류 안전행동 및 물류 안전성과에 미치는 영향: 물류 안전지식과 물류 안전동기의 매개효과," 무역학회지, 제45권, 제1호, 2020, pp. 259-277.
  3. 박상수, 이현철, "개인정보 유출의 정보전이 효과," 정보시스템연구, 제27권, 제1호, 2018, pp. 193-224.
  4. 임명성, "조직의 보안 분위기가 개인의 기회주의 행동에 미치는 영향에 관한 실증 연구," 디지털융복합연구, 제10권, 제10호, 2012, pp. 31-46. https://doi.org/10.14400/JDPM.2012.10.10.031
  5. 정하진, 이수란, 손영우, "변혁적 안전리더십이 안전행동에 미치는 영향," 한국심리학회지: 산업 및 조직, 제28권, 제2호, 2015, pp. 249-274.
  6. 황인호, 김대진, 김태하, 김진수, "조직의 정보 보안 문화 형성이 조직 구성원의 보안 지식 및 준수의도에 미치는 영향 연구," Information Systems Review, 제18권, 제1호, 2016, pp. 1-23. https://doi.org/10.14329/isr.2016.18.1.001
  7. 황인호, 김상현, "SCO Framework 을 적용한 조직과 조직원의 정보보안 준수 관계 연구," 정보시스템연구, 제28권, 제4호, 2019, pp. 105-129.
  8. 황인호, 허성호., "조직 내 정보보안 기술스트레스 완화와 준수의도," 정보시스템연구, 제29권, 제1호, 2020, pp. 23-50.
  9. Bulgurcu, B., Cavusoglu, H., and Benbasat, I., "Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness," MIS quarterly, Vol. 34, No. 3, 2010, pp. 523-548. https://doi.org/10.2307/25750690
  10. Campbell, K., Gordon, L.A., Loeb, M.P., and Zhou, L., "The Economic Cost of Publicly Announced Information Security Breaches : Empirical Evidence from the Stock Market," Journal of Computer Security, Vol. 11, No. 3, 2003, pp. 431-448. https://doi.org/10.3233/JCS-2003-11308
  11. Cavusoglu, H., Mishra, B., and Raghunathan, S., "The Effect of Internet Security Breach Announcements on Market Value : Capital Market Reactions for Breached Firms and Internet Security Developers," International Journal of Electronic Commerce, Vol. 9, No. 1, 2004, pp. 70-104. https://doi.org/10.1080/10864415.2004.11044320
  12. Chan, M., Woon, I., and Kankanhalli, A., "Perceptions of information security in the workplace: linking information security climate to compliant behavior," Journal of information privacy and security, Vol. 1, No. 3, 2005, pp. 18-41. https://doi.org/10.1080/15536548.2005.10855772
  13. Chen, H., and Li, W., "Understanding commitment and apathy in is security extra-role behavior from a personorganization fit perspective," Behaviour & Information Technology, Vol. 38, No. 5, 2019, pp. 454-468. https://doi.org/10.1080/0144929X.2018.1539520
  14. Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., and Baskerville, R., "Future directions for behavioral information security research," Computers & Security, Vol. 32, No. 1, 2013, pp. 90-101. https://doi.org/10.1016/j.cose.2012.09.010
  15. D'Arcy, J., Hovav, A., and Galletta, D., "User awareness o fsecurity countermeasures and its impact on information systems misuse: A deterrence approach," Information Systems Research, Vol. 20, No. 1, 2009, pp. 79-98. https://doi.org/10.1287/isre.1070.0160
  16. Gefen, D., Straub, D., and Boudreau, M. C., "Structural equation modeling and regression: Guidelines for research practice," Communications of the association for information systems, Vol. 4, Article 7, 2000.
  17. Goo, J., Yim, M. S., and Kim, D. J., "A path to successful management of employee security compliance: An empirical study of information security climate," IEEE Transactions on Professional Communication, Vol. 57, No. 4, 2014, pp. 286-308. https://doi.org/10.1109/TPC.2014.2374011
  18. Griffin, M. A., and Neal, A., "Perceptions of safety at work: a framework for linking safety climate to safety performance, knowledge, and motivation," Journal of occupational health psychology, Vol. 5, No. 3, 2000, 347-358. https://doi.org/10.1037/1076-8998.5.3.347
  19. Guan, B., and Hsu, C., "The role of abusive supervision and organizational commitment on employees' information security policy noncompliance intention," Internet Research, 2020.
  20. Hair, J. F., Ringle, C. M., and Sarstedt, M., "PLS-SEM: Indeed a silver bullet," Journal of Marketing theory and Practice, Vol. 19, No. 2, 2011, pp. 139-152. https://doi.org/10.2753/MTP1069-6679190202
  21. Hofmann, D. A., Jacobs, R., and Landy, F., "High reliability process industries: Individual, micro, and macro organizational influences on safety performance," Journal of safety research, Vol. 26, No. 3, 1995, pp. 131-149. https://doi.org/10.1016/0022-4375(95)00011-E
  22. Hsu, J. S. C., Shih, S. P., Hung, Y. W., and Lowry, P. B., "The role of extra-role behaviors and social controls in information security policy effectiveness," Information Systems Research, Vol. 26, No. 2, 2015, pp. 282-300. https://doi.org/10.1287/isre.2015.0569
  23. Johnston, A. C., and Warkentin, M., "Fear Appeals and Information Security Behaviors: An Empirical Study," Management Information Systems Quarterly, Vol. 34, No. 3, 2010, pp. 549-566. https://doi.org/10.2307/25750691
  24. Katz, D., "The motivational basis of organizational behavior," Behavioral science, Vol. 9, No. 2, 1964, pp. 131-146. https://doi.org/10.1002/bs.3830090206
  25. Knapp, K. J., Marshall, T. E., Rainer Jr, R. K., and Ford, F. N., "Information security effectiveness: Conceptualization and validation of a theory," International Journal of Information Security and Privacy, Vol. 1, No.2, 2007, pp. 37-60. https://doi.org/10.4018/jisp.2007040103
  26. Lee, M., and Lee, J., "The impact of information security failure on customer behaviors: A study on a large-scale hacking incident on the internet," Information Systems Frontiers, Vol. 14, No. 2, 2012, pp. 375-393. https://doi.org/10.1007/s10796-010-9253-1
  27. Liu, C., Wang, N., and Liang, H., "Motivating information security policy compliance: The critical role of supervisor-subordinate guanxi and organizational commitment," International Journal of Information Management, 54, 2020.
  28. Neal, A., and Griffin, M. A., "A study of the lagged relationships among safety climate, safety motivation, safety behavior, and accidents at the individual and group levels," Journal of applied psychology, Vol. 91, No. 4, 2006, pp. 946-953. https://doi.org/10.1037/0021-9010.91.4.946
  29. Padayachee, K., "Taxonomy of compliant information security behavior," Computers & Security, Vol. 31, No. 5, 2012, pp. 673-680. https://doi.org/10.1016/j.cose.2012.04.004
  30. Payne, S. C., Bergman, M. E., Beus, J. M., Rodriguez, J. M., and Henning, J. B., "Safety climate: Leading or lagging indicator of safety outcomes?," Journal of Loss Prevention in the Process Industries, Vol. 22, No. 6, 2009, pp. 735-739. https://doi.org/10.1016/j.jlp.2009.07.017
  31. Podsakoff, P. M., MacKenzie, S. B., Paine, J. B., and Bachrach, D. G., "Organizational citizenship behaviors: A critical review of the theoretical and empirical literature and suggestions for future research," Journal of management, Vol. 26, No. 3, 2000, pp. 513-563. https://doi.org/10.1177/014920630002600307
  32. Posey, C., Roberts, T. L., Lowry, P. B., and Hightower, R. T., "Bridging the divide: A qualitative comparison of information security thought patterns between information security professionals and ordinary organizational insiders," Information & management, Vol. 51, No. 5, 2014, pp. 551-567. https://doi.org/10.1016/j.im.2014.03.009
  33. Reichers, A. E., and Schneider, B., "Climate and Culture: An Evolution of Constructs," Organizational climate and culture, 1, 1990, pp. 5-39.
  34. Salancik, G. R., and Pfeffer, J., "A social information processing approach to job attitudes and task design," Administrative science quarterly, Vol. 23, No. 2, 1978, pp. 224-253. https://doi.org/10.2307/2392563
  35. Schneider, B., Ehrhart, M. G., and Macey, W. H., "Organizational climate and culture," Annual review of psychology, Vol. 64, 2013, pp. 361-388. https://doi.org/10.1146/annurev-psych-113011-143809
  36. Siponen, M., and Vance, A. O., "Neutralization: New Insights into the Problem of Employee Systems Security Policy Violations," Management Information Systems Quarterly, Vol. 34, No. 3, 2010, pp. 487-502. https://doi.org/10.2307/25750688
  37. Teng, C. C., Lu, A. C. C., Huang, Z. Y., and Fang, C. H., "Ethical work climate, organizational identification, leader-member-exchange (LMX) and organizational citizenship behavior (OCB)," International Journal of Contemporary Hospitality Management, Vol. 32, No.1, 2020, pp. 212-229. https://doi.org/10.1108/ijchm-07-2018-0563
  38. Van Dyne, L., and LePine, J. A., "Helping and voice extra-role behaviors: Evidence of construct and predictive validity," Academy of Management Journal, Vol. 41, No. 1, 1998, pp. 108-119. https://doi.org/10.2307/256902
  39. Vinodkumar, M. N., and Bhasi, M., "Safety management practices and safety behaviour: Assessing the mediating role of safety knowledge and motivation," Accident Analysis & Prevention, Vol. 42, No. 6, 2010, pp. 2082-2093. https://doi.org/10.1016/j.aap.2010.06.021
  40. Vroom,V. H., Work and motivation, NY: John Wiley and Sons, 1964.