Journal of Convergence for Information Technology (융합정보논문지)

Convergence Society for SMB (중소기업융합학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on Mitigation of Information Security Related Work Stress

정보보안 관련 업무 스트레스 완화에 대한 연구

  • Hwang, Inho (Department of General Education, Kookmin University)
  • Received : 2020.07.18
  • Accepted : 2020.09.20
  • Published : 2020.09.28
Download PDF
⟨ Previous Next ⟩

Abstract

Recently organizations are implementing strict security policies and technologies to minimize security incidents. However, strict information security can cause work stress of employees and can make it difficult to achieve security goals. The purpose of this study is to present the preconditions for mitigating the negative impact of security-related work stress. We conducted a questionnaire survey of employees working in the financial industry and secured a total of 266 samples. The test of the research hypothesis was carried out by structural equation modeling. As a result, work stress had a negative effect on compliance intention, and value congruence reduced work stress. Also, security feedback had a moderating effect on the relationship between research factors. The results have theoretical and practical implications for mitigating work stress of employees.

최근 조직들은 보안 사고 최소화를 위하여 엄격한 보안 정책 및 기술을 도입하고 있다. 반면, 엄격한 수준의 정보보안 도입은 조직원의 업무 스트레스를 발생시켜, 조직의 보안 목표 달성에 어려움을 줄 수 있다. 본 연구의 목적은 보안 관련 업무스트레스의 부정적 영향을 완화하는 방안을 제시하는 것이다. 금융산업에서 근무하는 조직원들을 대상으로 서베이를 실시하였으며, 266개의 표본을 확보하였다. 가설 검증은 AMOS 22.0을 활용하여 구조방정식모델링을 통해 실시하였다. 가설검증 결과, 업무 스트레스가 정보보안 준수의도에 부정적인 영향을 미쳤으며, 가치 일치가 업무 스트레스를 완화하는 것을 확인하였다. 또한, 보안 피드백이 변인간의 부정적 관계를 줄이는 것을 확인하였다. 결과는 이론적, 실무적 측면에서 조직원의 정보보안 관련 업무스트레스를 완화하기 위한 시사점을 제시한다.

Keywords

References

  1. T. Kim. (2018). Concern and Prediction for Future Information Security expected by IT Executives. Journal of Convergence for Information Technology, 8(6), 117-122. DOI : 10.22156/CS4SMB.2018.8.6.117
  2. Statista. (2020) Information security technology market size 2016-2023. (Online) https://www.statista.com/statistics
  3. Verizon. (2020), 2020 Data Breach Investigations Report.
  4. K. D. Loch, H. H. Carr & M. E. Warkentin. (1992). Threats to information systems: Today's reality, yesterday's understanding. MIS Quarterly, 16(2), 173-186. DOI : 10.2307/249574.
  5. J. D'Arcy, A. Hovav & D. Galletta. (2009). User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach, Information Systems Research, 20(1), 79-98. DOI : 10.1287/isre.1070.0160.
  6. I. Hwang, D. Kim, T. Kim & S. Kim. (2017). Why not comply with information security? An empirical approach for the causes of non-compliance, Online Information Review, 41(1), 1-17. DOI : 10.1108/OIR-11-2015-0358.
  7. B. Bulgurcu, H. Cavusoglu & I. Benbasat. (2010). Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness, MIS Quarterly, 34(3), 523-548. https://doi.org/10.2307/25750690
  8. S. Aurigemma & T. Mattson, (2017). Deterrence and punishment experience impacts on ISP compliance attitudes. Information and Computer Security, 25(4), 421-436. DOI : 10.1108/ICS-11-2016-0089.
  9. J. Y. Son. (2011). Out of fear or desire? Toward a better understanding of employees' motivation to follow IS security policies. Information & Management, 48(7), 296-302. DOI : 10.1016/j.im.2011.07.002.
  10. N. S. Safa, C. Maple, S. Furnell, M. A. Azad, C. Perera, M. Dabbagh & M. Sookhak. (2019). Deterrence and prevention-based model to mitigate information security insider threats in organizations. Future Generation Computer Systems, 97, 587-597. DOI : 10.1016/j.future.2019.03.024.
  11. I. Hwang & O. Cha. (2018). Examining technostress creators and role stress as potential threats to employees' information security compliance. Computers in Human Behavior, 81, 282-293. DOI : 10.1016/j.chb.2017.12.022.
  12. J. D'Arcy & P. L. Teh. (2019). Predicting employee information security policy compliance on a daily basis: The interplay of security-related stress, emotions, and neutralization. Information & Management, 56(7), 103151. DOI : 10.1016/j.im.2019.02.006.
  13. I. Yun & J. Lee. (2016). An empirical study information security awareness of elderly welfare workers on security empowerment and information security behavior. Journal of Convergence for Information Technology, 6(4), 9-15. DOI : 10.22156/CS4SMB.2016.6.4.009.
  14. Y. Chen, K. Ramamurthy & K. W. Wen. (2012). Organizations' information security policy compliance: Stick or carrot approach?. Journal of Management Information Systems, 29(3), 157-188. DOI : 10.2753/MIS0742-1222290305.
  15. I. Hwang, R. Wakefield, S. Kim & T. Kim. (2019). Security awareness: The first step in information security compliance behavior. Journal of Computer Information Systems, 1-12. DOI: 10.1080/08874417.2019.1650676
  16. R. Ayyagari, V. Grover & R. Purvis. (2011). Technostress: Technological antecedents and implications. MIS Quarterly, 35(4), 831-858. DOI : 10.2307/41409963.
  17. C. L. Cooper, P. J. Dewe & M. P. O'Driscoll. (2001). Organizational stress: A review and critique of theory, Research, and Applications. Sage.
  18. P. S. Galluch, V. Grover & J. B. Thatcher. (2015). Interrupting the workplace: Examining stressors in an information technology context. Journal of the Association for Information Systems, 16(1), 1-47. DOI : 10.17705/1jais.00387.
  19. D. F. Parker & T. A. DeCotiis. (1983). Organizational determinants of job stress. Organizational Behavior and Human Performance, 32(2), 160-177. DOI : 10.1016/0030-5073(83)90145-9.
  20. M. Tarafdar, Q. Tu, B. S. Ragu-Nathan & T. S. Ragu-Nathan. (2007). The impact of technostress on role stress and productivity. Journal of Management Information Systems, 24(1), 301-328. DOI : 10.2753/MIS0742-1222240109.
  21. M. Tarafdar, E. Bolman Pullins & T. S. Ragu-Nathan. (2014). Examining impacts of technostress on the professional salesperson's behavioral performance. Journal of Personal Selling and Sales Management, 34(1), 51-69. DOI : 10.1080/08853134.2013.870184.
  22. S. Kim, J. Im & J. Hwang. (2015). The effects of mentoring on role stress, job attitude, and turnover intention in the hotel industry. International Journal of Hospitality Management, 48, 68-82. DOI : 10.1016/j.ijhm.2015.04.006.
  23. Z. Yan, X. Guo, M. K. Lee & D. R. Vogel. (2013). A conceptual model of technology features and technostress in telemedicine communication. Information Technology & People, 26(3), 283-297. DOI : 10.1108/ITP-04-2013-0071.
  24. J. D'Arcy, T. Herath & M. K. Shoss. (2014). Understanding employee responses to stressful information security requirements: A coping perspective. Journal of Management Information Systems, 31(2), 285-318. DOI : 10.2753/MIS0742-1222310210.
  25. J. R. Edwards & D. M. Cable, D. M. (2009). The value of value congruence. Journal of Applied Psychology, 94(3), 654. DOI : 10.1037/a0014891.
  26. J. A. Chatman. (1989). Improving interactional organizational research: A model of person-organization fit. Academy of Management Review, 14(3), 333-349. DOI : 10.5465/amr.1989.4279063.
  27. S. Valentine, L. Godkin & M. Lucero. (2002). Ethical context, organizational commitment, and person-organization fit. Journal of Business Ethics, 41(4), 349-360. DOI : 10.1023/A:1021203017316.
  28. T. R. Tyler & S. L. Blader. (2005). Can businesses effectively regulate employee conduct? The antecedents of rule following in work settings. Academy of Management Journal, 48(6), 1143-1158. DOI : 10.5465/amj.2005.19573114.
  29. I. Topa & M. Karyda. (2015, September). Identifying factors that influence employees' security behavior for enhancing ISP compliance. In International Conference on Trust and Privacy in Digital Business (pp. 169-179). Springer, Cham.
  30. P. Jimenez, A. Dunkl & S. PeiBl. (2015). Workplace incivility and its effects on value congruence, recovery-stress-state and the intention to quit. Psychology, 6(14), 1930-1939. DOI : 10.4236/psych.2015.614190.
  31. M. Siegall & T. McDonald. (2004). Person‐organization value congruence, burnout and diversion of resources. Personnel Review. 33(3), 291-301. DOI : 10.1108/00483480410528832.
  32. B. E. Wright. (2004). The role of work context in work motivation: A public sector application of goal and social cognitive theories. Journal of Public Administration Research and Theory, 14(1), 59-78. DOI : 10.1093/jopart/muh004.
  33. M. C. Andrews & K. M. Kacmar. (2001). Confirmation and extension of the sources of feedback scale in service-based organizations. The Journal of Business Communication, 38(2), 206-226. DOI : 10.1177/002194360103800204
  34. M. A. Campion & R. G. Lord. (1982). A control systems conceptualization of the goal-setting and changing process. Organizational Behavior and Human Performance, 30(2), 265-287. DOI : 0.1016/0030-5073(82)90221-5. https://doi.org/10.1016/0030-5073(82)90221-5
  35. B. McAfee, V. Quarstein & A. Ardalan. (1995). The effect of discretion, outcome feedback, and process feedback on employee job satisfaction. Industrial Management & Data Systems. 95(5), 7-12. DOI :10.1108/02635579510088128.
  36. K. J. Knapp, R. F. Morris Jr, T. E. Marshall & T. A. Byrd. (2009). Information security policy: An organizational-level process model. Computers & security, 28(7), 493-508. DOI : 10.1016/j.cose.2009.07.001
  37. A. H. .Hon, W. W. Chan & L. Lu. (2013). Overcoming work-related stress and promoting employee creativity in hotel industry: The role of task feedback from supervisor. International Journal of Hospitality Management, 33, 416-424. DOI : 10.1016/j.ijhm.2012.11.001.
  38. J. C. Nunnally. (1978). Psychometric theory (2nd ed.). New York: McGraw-Hill.
  39. B. H. Wixom & H. J. Watson. (2001). An empirical investigation of the factors affecting data warehousing success. MIS Quarterly, 25(1), 17-41. DOI : 10.2307/3250957.
  40. C. Fornell & D. F. Larcker. (1981). Evaluating structural equation models with unobservable variables and measurement error. Journal of Marketing Research, 18(1), 39-50. DOI: 10.2307/3151312.
  41. P. M. Podsakoff, S. B. MacKenzie, J. Y. Lee & N. P. 2Podsakoff. (2003). Common method biases in behavioral research: A critical review of the literature and recommended remedies. Journal of Applied Psychology, 88(5), 879-903. DOI : 10.1037/0021-9010.88.5.879.
  42. G. C. Lin, Z. Wen, H. W. Marsh & H. S. Lin. (2010). Structural equation models of latent interactions: Clarification of orthogonalizing and double-mean-centering strategies. Structural Equation Modeling, 17(3), 374-391. DOI : 10.1080/10705511.2010.488999.
  43. J. F. Dawson. (2014). Moderation in management research: What, why, when and how. Journal of Business and Psychology, 29, 1-19. DOI : 10.1007/s10869-013-9308-7.