DOI QR코드

DOI QR Code

Analysis of Differences in Information Security Compliance according to Individual Coping and Organizational Homogeneity Culture

개인 대처와 조직 동질성 문화에 따른 정보보안 준수 차이 분석

  • Hwang, In-ho (Department of General Education, Kookmin University)
  • Received : 2020.12.16
  • Accepted : 2021.02.20
  • Published : 2021.02.28

Abstract

The purpose of this study is to present the effect of differences in individual coping and organizational homogeneity culture on information security compliance from an exploratory perspective. The study divided groups into individual coping (task-oriented, emotion-oriented) and organizational homogeneity culture (homogeneity, heterogeneity), confirms the difference in information security for each group through cross-design and presents a multiple mediation model between information security factors. As a result of the study, in the coping dimension, the average of the security compliance factors was higher in the emotion-oriented than the task-oriented, and in the homogeneity culture dimension, the average of the security compliance factors was higher in the homogeneity than the heterogeneity. Additionally, social influence and involvement had a multiple mediation effect on the relationship between information security awareness and compliance intention. The implications of this study were to confirm the difference in the effect of individual decision-making styles on security compliance according to the organizational culture differences. The results suggest the necessity of applying a customized information security compliance model for each organization and individual characteristics.

연구 목적은 탐색적 관점에서 개인 대처와 조직 동질성 문화의 차이에 따른 조직 구성원의 정보보안 준수에 미치는 영향을 확인하는 것이다. 연구는 개인 대처(업무 중심, 감정 중심)과 조직 동질성 문화(동질성, 이질성)으로 집단을 구분하였으며, 교차설계를 통한 각 집단별 정보보안의 차이를 확인하고, 정보보안 준수 선행요인과 정보보안 준수의 도간의 이중매개 모델을 제시하였다. 연구 대상은 정보보안 정책을 보유한 조직에 근무하는 직장인을 대상으로 하였으며, SPSS 21.0을 통해 일변량 분석 및 위계적 회귀분석을 실시하였다. 연구 결과, 대처 차원은 감정 중심이 업무 중심보다 정보보안 관련 평균이 높았으며, 동질성 문화 차원은 동질성이 이질성보다 정보보안 관련 평균이 높았다. 또한, 정보보안 인식과 준수의도간의 영향 관계를 사회적 영향과 정보보안 관여도가 완전 매개효과를 갖는 것을 확인하였다. 연구 시사점은 조직 문화 차원에 따른 개인의 의사결정 유형의 정보보안 준수의 차이를 확인하였고, 정보보안 준수의도를 높이기 위한 방안을 제시하였다. 즉, 결과는 조직과 개인 특성별 차별화된 정보보안 준수 모델 정립의 방향을 제시한다.

Keywords

References

  1. Security Type, By Solution, By Service, By Deployment, By Organization, By Application, By Region, And Segment Forecasts, 2020 - 2027.
  2. Verizon. (2012). 2012 data breach investigations report.
  3. I. Hwang & S. Kim. (2018). A Study on the Influence of Organizational Information Security Goal Setting and Justice on Security Policy Compliance Intention. Journal of Digital Convergence. 16(2), 117-126. DOI : 10.14400/JDC.2018.16.2.117.
  4. B. Bulgurcu, H. Cavusoglu & I. Benbasat. (2010). Information Security Policy Compliance: An Empirical Study of Rationality-based Beliefs and Information Security Awareness. MIS Quarterly, 34(3), 523-548. https://doi.org/10.2307/25750690
  5. A. C. Johnston & M. Warkentin. (2010). Fear Appeals and Information Security Behaviors: An Empirical Study. MIS Quarterly, 34(3), 549-566, 2010. DOI : 10.2307/25750691
  6. P. Ifinedo. (2012). Understanding Information Systems Security Policy Compliance: An Integration of the Theory of Planned Behavior and the Protection Motivation Theory. Computers & Security, 31(1), 83-95. DOI : 10.1016/j.cose.2011.10.007.
  7. W. R. Flores & M. Ekstedt. (2016). Shaping Intention to Resist Social Engineering through Transformational Leadership, Information Security Culture and Awareness. Computers & Security, 59, 26-44. DOI : 10.1016/j.cose.2016.01.004.
  8. N. S. Safa, C. Maple, S. Furnell, M. A. Azad, C. Perera, M. Dabbagh & M. Sookhak. (2019). Deterrence and Prevention-based Model to Mitigate Information Security insider Threats in Organisations. Future Generation Computer Systems, 97, 587-597. 10.1016/j.future.2019.03.024
  9. J. E. Higgins & N. S. Endler. (1995). Coping, Life Stress, and Psychological and Somatic Distress. European Journal of Personality, 9(4), 253-270. DOI : 10.1002/per.2410090403
  10. H. Jang & S. Kim (2018), The Effects of Maladaptive Perfectionism and Stress Coping on Chronic Fatigue of Adolescent Athletes through Convergence. Journal of Digital Convergence, 16(1), 371-379. https://doi.org/10.14400/JDC.2018.16.1.371
  11. S. Folkman & R. S. Lazarus. (1985). If It Changes It Must Be a Process: Study of Emotion and Coping during Three Stages of a College Examination. Journal of Personality and Social Psychology, 48(1), 150-170. https://doi.org/10.1037/0022-3514.48.1.150
  12. J. D'Arcy, T. Herath & M. K. Shoss. (2014). Understanding Employee Responses to Stressful Information Security Requirements: A Coping Perspective. Journal of Management Information Systems, 31(2), 285-318. DOI : 10.2753/MIS0742-1222310210.
  13. P. S. Galluch, V. Grover & J. B. Thatcher. (2015). Interrupting the Workplace: Examining Stressors in an Information Technology Context. Journal of the Association for Information Systems, 16(1), 1-47. DOI : 10.17705/1jais.00387.
  14. Q. Hu, T. Dinev, P. Hart & D. Cooke. (2012). Managing Employee Compliance with Information Security Policies: The Critical Role of Top Management and Organizational Culture. Decision Sciences, 43(4), 615-660. DOI : 10.1111/j.1540-5915.2012.00361.x.
  15. K. M. Carley. (1995). Communication Technologies and their Effect on Cultural Homogeneity, Consensus, and the Diffusion of New Ideas. Sociological Perspectives, 38(4), 547-571. DOI: 10.2307/1389272.
  16. J. Chae & J. Lee. (2004). North Korea-South Korea Cultural Heterogeneity in Psychological Perspective: Focusing on the North Korean Defectors' Adaptation. Korean Journal of Psychological and Social Issues, 19(2), 79-101.
  17. A. McCormac, T. Zwaans, K. Parsons, D. Calic, M. Butavicius & M. Pattinson. (2017). Individual differences and Information Security Awareness. Computers in Human Behavior, 69, 151-156. DOI : 10.1016/j.chb.2016.11.065.
  18. E. H. Park, J. Kim & Y. S. Park. (2017). The Role of Information Security Learning and Individual Factors in Disclosing Patients' Health Information, Computers & Security, 65, 64-76. DOI :10.1016/j.cose.2016.10.011.
  19. I. Hwang & H. Lee. (2016). The Employee's Information Security Policy Compliance Intention: Theory of Planned Behavior, Goal Setting Theory, and Deterrence theory Applied. Journal of Digital Convergence, 14(7), 155-166, DOI : 10.14400/JDC.2016.14.7.155.
  20. H. H. Chang & S. S. Chuang. (2011), Social Capital and Individual Motivations on Knowledge Sharing: Participant Involvement as a Moderator, Information & Management, 48(1), 9-18. DOI : 10.1016/j.im.2010.11.001.
  21. M. Tarafdar, Q. Tu, B. S. Ragu-Nathan & T. S. Ragu-Nathan. (2007). The Impact of Technostress on Role Stress and Productivity. Journal of Management Information Systems, 24(1), 301-328. DOI : 10.2753/MIS0742-1222240109.
  22. R. West. (2008). The Psychology of Security. Communications of the ACM, 51(4), 34-40. DOI : 10.1145/1330311.1330320.
  23. I. Hwang & S. Hu. (2018). A Study on the Influence of Information Security Compliance Intention of Employee: Theory of Planned Behavior, Justice Theory, and Motivation Theory Applied. Journal of Digital Convergence, 16(3), 225-236. DOI : 10.14400/JDC.2018.16.3.225.
  24. N. S. Safa, C. Maple, T. Watson & R. Von Solms. (2018). Motivation and Opportunity based Model to Reduce Information Security insider Threats in Organisations. Journal of Information Security and Applications, 40, 247-257. DOI : 10.1016/j.jisa.2017.11.001.
  25. J. C. Nunnally. (1978). Psychometric theory (2nd ed.). New York: McGraw-Hill.
  26. P. Podsakoff, S. MacKenzie, J. Lee, and N. Podsakoff. (2003). Common Method Biases in Behavioral Research: A Critical Review of the Literature and Recommended Remedies, Journal of Applied Psychology, 88(5), 879-903. https://doi.org/10.1037/0021-9010.88.5.879