The Journal of the Korea institute of electronic communication sciences (한국전자통신학회논문지)

Korea Institute of Electronic Communication Science (한국전자통신학회)
권호 표지
DOI QR코드

DOI QR Code

The Influence of Information Security Policy, Technology, and Communication Uncertainties: The Role of Information Security Role Identity

정보보안 정책, 기술, 그리고 커뮤니케이션 불확실성의 영향: 정보보안 역할 정체성의 역할

  • In-Ho Hwang (College of General Education, Kookmin University)
  • Received : 2023.11.19
  • Accepted : 2024.02.17
  • Published : 2024.02.29
Download PDF
⟨ Previous Next ⟩

Abstract

Socially, organizations are required to effectively manage their information resources, both in terms of acquiring information from external sources and safeguarding against potential breaches by insiders. While information security policies and technologies implemented by organizations contribute to achieving internal security, an overly complex or disorganized security structure can create uncertainty among employees. In this study, we identify factors of structural information security (IS)-related uncertainty within organizations and propose that they contribute to non-compliance. We develop a research model and hypotheses based on previous studies on the information security environment and test these hypotheses using structural equation modeling. Our findings indicate that uncertainties related to IS policy, technology, and communication decrease employees' IS role identity and their intention to comply with IS measures. By addressing these uncertainties, organizations can improve their IS environment and work towards achieving there is goals.

사회적으로, 조직이 보유한 정보 자원에 대한 엄격한 관리를 요구하고 있다. 조직들은 기술적으로 외부 정보 침입에 대처해야 할 뿐 아니라, 내부자에 의한 정보 노출 가능성까지 관리해야 하는 상황에 직면해 있다. 하지만, 조직이 도입한 정보보안 정책, 기술 등은 조직 내부의 보안 수준 달성에 도움을 주지만, 과도하거나 체계적이지 못한 보안 구조는 조직원의 불확실성을 높일 수 있다. 본 연구는 정보보안 관련 조직의 구조적인 불확실성 요인을 제시하고 행동에 미치는 영향을 제시한다. 즉, 정보보안 정책, 기술, 그리고 커뮤니케이션 불확실성이 구조적으로 존재할 수 있음을 밝힌다. 정보보안 환경 관련 선행연구를 통해 연구 모델과 가설을 제시하였으며, 구조방정식 모델링을 적용하여 가설을 검정하였다. 가설 검정 결과, 정보보안 정책, 기술, 그리고 커뮤니케이션 불확실성이 조직원의 역할 정체성과 준수 의도를 감소시켰다. 연구 결과는 조직 내 정보보안 관련 구조적인 불확실성 개선 조건을 제시하였기 때문에, 조직 내부의 정보보안 목표 달성을 위한 환경 전략 방향을 제언한다.

Keywords

References

  1. I. Hwang and O. Cha, "Examining technostress creators and role stress as potential threats to employees' information security compliance," Computers in Human Behavior, vol. 81, 2018, pp. 282-293.
  2. Fortune Business Insights, "The global cyber security market size is projected to grow from $172.32$172.32 billion in 2023 to $424.97 billion in 2030, at a CAGR of 13.8%," Report, Apr. 2023.
  3. Verizon, "2021 data breach investigations report," Report, Dec. 2021.
  4. Y. Chen, K. Ramamurthy, and K. W. Wen, "Organizations' information security policy compliance: Stick or carrot approach?," J. of Management Information Systems, vol. 29, no. 3, 2012, pp. 157-188.
  5. Z. Tang, A. S. Miller, Z. Zhou, and M. Warkentin, "Does government social media promote users' information security behavior towards COVID-19 scams? Cultivation effects and protective motivations," Government Information Quarterly, vol. 38, no. 2, 2021, pp. 101572.
  6. P. Ifinedo, "Exploring personal and environmental factors that can reduce nonmalicious information security violations," Information Systems Management, vol. 40, no. 4, 2023, pp. 1-21.
  7. M. Tarafdar, Q. Tu, B. S. Ragu-Nathan, and T. S. Ragu-Nathan, "The impact of technostress on role stress and productivity," J. of Management Information Systems, vol. 24, no. 1, 2007, pp. 301-328.
  8. Z. Adahman, Z. W. Malik and Z. Anwar, "An analysis of zero-trust architecture and its cost-effectiveness for organizational security," Computers & Security, vol. 122, 2022, pp. 102911.
  9. Korea Information Security Industry Association, "2021 survey on information security," Report, Jan. 2022.
  10. I. Hwang, "The influence of competitive psychological climate and IS related anxiety: The role of IS related value dissimilarity," J. of the Korea Institute of Electronic Communication Sciences, vol. 18, no. 4, 2023, pp. 649-660.
  11. M. Ma and R. Agarwal, "Through a glass darkly: Information technology design, identity verification, and knowledge contribution in online communities," Information Systems Research, vol. 18, no. 1, 2007, pp. 42-67.
  12. S. M. Farmer, P. Tierney, and K. Kung-McIntyre, "Employee creativity in Taiwan: An application of role identity theory," Academy of Management J., vol. 46, no. 5, 2003, pp. 618-630.
  13. I. Hwang, "Reinforcement of IS voice behavior within the organization: A perspective on mitigating role stress through organization justice and individual social-identity," J. of the Korea Institute of Electronic Communication Sciences, vol. 17, no. 4, 2022, pp. 649-662.
  14. O. Ogbanufe, "Enhancing end-user roles in information security: Exploring the setting, situation, and identity," Computers & Security, vol. 108, 2021, pp. 102340.
  15. P. A. Pavlou, H. Liang, and Y. Xue, "Understanding and mitigating uncertainty in online exchange relationships: A principal-agent perspective," MIS Quarterly, vol. 31, no. 1, 2007, pp. 105-136.
  16. I. Hwang, "The influence on the information security techno-stress on security policy resistance through strain: Focusing on the moderation of task technology fit," J. of the Korea Institute of Electronic Communication Sciences, vol. 16, no. 5, 2021, pp. 931-939.
  17. A. Vedadi, M. Warkentin, and A. Dennis, "Herd behavior in information security decision-making," Information & Management, vol. 58, no. 8, 2021, pp. 103526.
  18. H. Chen, M. Liu, and T. Lyu, "Understanding employees' information security-related stress and policy compliance intention: The roles of information security fatigue and psychological capital," Information and Computer Security, vol. 30, no. 5, 2022, pp. 751-770.
  19. I. Jo and J. Jo, "Differentiation of uncertainty and ambiguity in communication within the organization: On Antecedent Variables and Influences of Uncertainty and Ambiguity," J. of Communication Research, vol. 49, no. 1, 2012, pp. 220-258.
  20. J. D'Arcy and P. L. Teh, "Predicting employee information security policy compliance on a daily basis: The interplay of security-related stress, emotions, and neutralization," Information & Management, vol. 56, no. 7, 2019, pp. 103151.
  21. J. D'Arcy, T. Herath, and M. K. Shoss, "Understanding employee responses to stressful information security requirements: A coping perspective," J. of Management Information Systems, vol. 31, no. 2, 2014, pp. 285-318.
  22. J. C. Nunnally, Psychometric theory (2nd ed.). New York: McGraw-Hill, 1978.
  23. C. Fornell and D. F. Larcker, "Evaluating structural equation models with unobservable variables and measurement error," J. of Marketing Research, vol. 18, no. 1, 1981, pp. 39-50.