DOI QR코드

DOI QR Code

The Influence of Shared Goal and Value of Information Security Policy: The Role of Demand-ability Fit and Person-organization Fit

정보보안 정책 목표 공유 및 가치의 영향: 요구-능력 적합성 및 개인-조직 적합성의 역할

  • In-Ho Hwang (College of General Education, Kookmin University)
  • Received : 2024.04.29
  • Accepted : 2024.06.12
  • Published : 2024.06.30

Abstract

The escalating demand for organized information resource management within organizations necessitates increased investment in information security (IS), as a single error can lead to information exposure incidents, underscoring the importance of IS compliance by insiders. The research aims to elevate IS compliance within the organization by examining the influence of the shared goal of information security policy (ISP), perceived ISP value and individual's fits on an insider's intention to comply with the ISP. Antecedent research in organizational behavior and IS led to a proposed hypothesis, tested using 366 obtained samples. The ISP shared goal's positive influence on ISP compliance intentions was evident from the test results, primarily through the perceived ISP value. Furthermore, the person-organization and demand-ability fit moderated the antecedent factors associated with ISP compliance intentions. Our findings suggest the methods for sustaining organizational IS levels by examining the requisite conditions from the viewpoints of the organizational environment, ISP values, and fits.

조직의 정보 자원에 대한 체계적인 관리의 필요성이 제기되면서, 조직들은 정보보안 투자를 높이고 있다. 정보 노출 사고는 단 한 건의 실수로 발생할 수 있으므로, 내부자까지 정보보안 준수가 요구된다. 본 연구는 내부의 보안 목표 수준을 높이는 것을 목적으로, 보안정책 목표 공유와 개인의 가치 인식, 그리고 적합성이 내부자의 준수 의도에 미치는 영향을 제시하였다. 조직 행동 및 보안 분야의 선행연구를 기반으로 연구 가설을 제시하였으며, 366건의 표본을 활용하여 가설 검정을 하였다. 결과적으로, 정보보안 정책 목표 공유가 조직원의 정책에 대한 가치 인식을 높여 준수 의도로 연계되는 것을 확인하였다. 또한, 개인-조직 적합성과 요구-능력 적합성이 준수 의도 관련 선행 요인들과 조절 효과를 가졌다. 연구 결과는 조직 환경과 조직원 가치, 그리고 적합성 관점에서 보안 목표 달성을 위한 조건을 제시하여, 조직의 보안 수준을 유지하는 방안을 제시한다.

Keywords

References

  1. J. W. Lian, "Understanding cloud-based BYOD information security protection behaviour in smart business: In perspective of perceived value," Enterprise Information Systems, vol. 15, no. 9, 2021, pp. 1216-1237. https://doi.org/10.1080/17517575.2020.1791966
  2. Fortune Business Insights, "The global cyber security market size is projected to grow from $172.32$172.32 billion in 2023 to $424.97 billion in 2030, at a CAGR of 13.8%," Report, Apr. 2023.
  3. I. Hwang, "The influence of information security policy, technology, and communication uncertainties: The role of information security role identity," J. of the Korea Institute of Electronic Communication Sciences, vol. 19, no. 1, 2024, pp. 241-248.
  4. Verizon, "2022 data breach investigations report," Report, Dec. 2022.
  5. C. Tam, C. Matos Conceicao, and T. Oliveira, "What influences employees to follow security policies?," Safety Science, vol. 147, 2022, pp. 105595.
  6. I. Hwang, "The effect on the IS role stress on the IS compliance intention through IS self-determination: Focusing on the moderation of person-organization fit," J. of the Korea Institute of Electronic Communication Sciences, vol. 17, no. 2, 2022, pp. 375-386.
  7. Y. Chen, K. Ramamurthy, and K. W. Wen, "Organizations' information security policy compliance: Stick or carrot approach?," J. of Management Information Systems, vol. 29, no. 3, 2012, pp. 157-188.
  8. D. M. Cable and D. S. DeRue, "The convergent and discriminant validity of subjective fit perceptions," J. of Applied Psychology, vol. 87, no. 5, 2002, pp. 875-884. https://doi.org/10.1037/0021-9010.87.5.875
  9. S. Bhattacharya, M. Kunte, and P. Sharma, "Cultural factors affecting early turnover intention moderated by person-job fit and person-supervisor fit," Int. J. of Indian Culture and Business Management, vol. 17, no. 3, 2018, pp. 338-358. https://doi.org/10.1504/IJICBM.2018.094588
  10. E. A. Saether, "Motivational antecedents to high-tech R&D employees' innovative work behavior: Self-determined motivation, person-organization fit, organization support of creativity, and pay justice," The J. of High Technology Management Research, vol. 30, no. 2, 2019, pp. 100350.
  11. P. B. Lowry, C. Posey, R. B. J. Bennett, and T. L. Roberts, "Leveraging fairness and reactance theories to deter reactive computer abuse following enhanced organisational information security policies: An empirical study of the influence of counterfactual reasoning and organisational trust," Information Systems J., vol. 25, no. 3, 2015, pp. 193-273. https://doi.org/10.1111/isj.12063
  12. Ministry of Science and ICT, Korea Information Security Industry Association, "2023 survey on information security," Report, Feb. 2024.
  13. G. Solomon and I. Brown, "The influence of organisational culture and information security culture on employee compliance behaviour," J. of Enterprise Information Management, vol. 34, no. 4, 2021, pp. 1203-1228. https://doi.org/10.1108/JEIM-08-2019-0217
  14. H. Kim, H. C. Chan, and S. Gupta, "Value-based adoption of mobile internet: An empirical investigation," Decision Support Systems, vol. 43, no. 1, 2007, pp. 111-126. https://doi.org/10.1016/j.dss.2005.05.009
  15. Y. Liu, S. Dong, J. Wei, and Y. Tong, "Assessing cloud computing value in firms through socio-technical determinants," Information & Management, vol. 57, no. 8, 2020, pp. 103369.
  16. P. Liu, M. Li, D. Dai, and L. Guo, "The effects of social commerce environmental characteristics on customers' purchase intentions: The chain mediating effect of customer-to-customer interaction and customer-perceived value," Electronic Commerce Research and Applications, vol. 48, 2021, pp. 101073.
  17. M. A. Nadeem, Z. Liu, U. Ghani, A. Younis, and Y. Xu, "Impact of shared goals on knowledge hiding behavior: The moderating role of trust," Management Decision, vol. 59, no. 6, 2020, pp. 1312-1332.
  18. W. S. Chow and L. S. Chan, "Social network, social trust and shared goals in organizational knowledge sharing," Information & Management, vol. 45, no. 7, 2008, pp. 458-465. https://doi.org/10.1016/j.im.2008.06.007
  19. W. A. Cram, J. G. Proudfoot, and J. D'Arcy, "When enough is enough: Investigating the antecedents and consequences of information security fatigue," Information Systems J., vol. 31, no. 4, 2021, pp. 521-549. https://doi.org/10.1111/isj.12319
  20. I. Hwang, "The mitigation of information security role stress: The role of information security policy goal setting and regulatory focus," J. of the Korea Institute of Electronic Communication Sciences, vol. 18, no. 6, 2023, pp. 1177-1188.
  21. S. Valentine, L. Godkin, and M. Lucero, "Ethical context, organizational commitment, and person-organization fit," J. of Business Ethics, vol. 41, no. 4, 2002, pp. 349-360. https://doi.org/10.1023/A:1021203017316
  22. H. Chen and W. Li, "Understanding commitment and apathy in is security extra-role behavior from a person-organization fit perspective," Behaviour & Information Technology, vol. 38, no. 5, 2019, pp. 454-468. https://doi.org/10.1080/0144929X.2018.1539520
  23. E. M. David, T. Kim, J. L. Farh, X. Lin, and F. Zhou, "Is 'be yourself' always the best advice? The moderating effect of team ethical climate and the mediating effects of vigor and demand-ability fit," Human Relations, vol. 74, no. 3, 2021, pp. 437-462. https://doi.org/10.1177/0018726719894054
  24. H. Gul, M. Usman, Y. Liu, Z. Rehman, and K. Jebran, "Does the effect of power distance moderate the relation between person environment fit and job satisfaction leading to job performance? Evidence from Afghanistan and Pakistan," Future Business J., vol. 4, no. 1, 2018, pp. 68-83. https://doi.org/10.1016/j.fbj.2017.12.001
  25. J. C. Nunnally, Psychometric theory (2nd ed.). New York: McGraw-Hill, 1978.
  26. C. Fornell and D. F. Larcker, "Evaluating structural equation models with unobservable variables and measurement error," J. of Marketing Research, vol. 18, no. 1, 1981, pp. 39-50.
  27. A. F. Hayes, Introduction to mediation, moderation, and conditional process analysis: A regression-based approach. New York: Guilford Publications, 2017.