• Title/Summary/Keyword: 정보보안정책준수

Search Result 86, Processing Time 0.022 seconds

Effects of Biased Awareness of Security Policies on Security Compliance Behavior (보안정책에 대한 편향적 사고가 보안준수 행동에 미치는 영향)

  • Heo, Jun;Ahn, Seongjin
    • The Journal of Korean Association of Computer Education
    • /
    • v.23 no.1
    • /
    • pp.63-75
    • /
    • 2020
  • From the perspective of compliance with security policies by members of the organization, which is a major cause of security incidents, this study presented biased thinking as factors that affect compliance with security policies and verified the following: First, the impact of biased thinking on security policies on compliance with security policies is verified. Second, the participation of management, perceived risk, education and punishment of management will verify the adjustment effect of increasing or decreasing biased thinking. Finally, we have verified that compliance attitudes have a significant impact on compliance behavior. To this end, 157 people were surveyed, statistical analysis of research models and structural equations, and conformity analysis were conducted. Studies have shown that biased thinking has a negative effect on the attitude of compliance with information security. In addition, it was analyzed that the attitude of compliance with information security policy increases policy compliance behavior. On the other hand, the higher the perceived risk of information security, the lower the bias was the adjustment effect, but management's participation, education and punishment were found to have no adjustment effect.

A Study on the Influence of Organizational Information Security Goal Setting and Justice on Security Policy Compliance Intention (조직의 정보보안 목표 설정과 공정성이 보안정책 준수의도에 미치는 영향)

  • Hwang, In-Ho;Kim, Seung-Wook
    • Journal of Digital Convergence
    • /
    • v.16 no.2
    • /
    • pp.117-126
    • /
    • 2018
  • The threat to information security is growing globally. To this, organizations are increasing the weight of adapting and operating the more specialized information security policy and system. Information security requires participation from the employees who execute the security system and policy, and to increase the level of organization's internal security, requires organization's systematic support to improve employees' information security compliance intention. This research finds the mechanism for improving employee's information security compliance intention by applying justice theory and goal setting theory in information security. We use structural equation modeling to verify the research hypothesis, and conducted a survey on the employees of organization with information security policy. In other words, this research performs verification of the research model based hypothesis which claims that security policy goal setting has positive influence on employee's level of security related justice recognition, and claims that justice has positive influence on compliance intention. The object of study is the employees of the organization that adapts information security policy, and 383 valid samples were collected via survey. Structural equation modeling was performed to verify the research hypothesis. The result shows that security policy goal factor (goal difficulty, goal specificity) improves employee's security related justice recognition, and that security related justice (distribution, process, and information justice) has positive influence on compliance intention. The result suggests the strategic approach directions for improving employees' compliance intention on organization's security policy.

Analysis of the Effects of Information Security Policy Awareness, Information Security Involvement, and Compliance Behavioral Intention on Information Security behavior : Focursing on Reward and Fairness (정보보안 정책 인식과 정보보안 관여성, 준수 의도성이 정보보안 행동에 미치는 영향 분석: 보상 차원과 공정성 차원을 중심으로)

  • Hu, Sung-ho;Hwang, In-ho
    • Journal of Convergence for Information Technology
    • /
    • v.10 no.12
    • /
    • pp.91-99
    • /
    • 2020
  • The aim of this study to assess the effect of information security policy awareness, information security involvement, compliance behavioral intention on information security behavior The research method is composed of a cross-sectional design of reward and fairness. This paper focuses on the process of organizational policy on the information security compliance intention in the individual decision-making process. As a result, the reward had a significant effect on compliance behavioral intention, and it was found that influence of the psychological reward-based condition was greater than the material reward-based condition. The fairness had a significant effect on information security policy awareness, information security involvement, information security behavior, and it was found that influence of the equity-based condition was greater than the equality-based condition. The exploration model was verified as a multiple mediation model. In addition, the discussion presented the necessary research direction from the perspective of synergy by the cultural environment of individuals and organizations.

보안감사 활동하기-보안정책 얼마나 잘 준수하나

  • Korea Information Security Agency
    • 정보보호뉴스
    • /
    • s.131
    • /
    • pp.27-29
    • /
    • 2008
  • 회사의 정보보호 활동 기준을 제시하기 위해 '정보보호 정책규정집' 제작이라는 쉽지 않은 일을 해낸 김 대리. 그는 프로젝트를 마친 후에도 알림 게시판 공지, 포스터 제작, 자체 정보보호 교육 등을 통해 사내 구성원들이 회사의 보안 정책지침을 잘 이해하고 따를 수 있도록 별도의 정보보호 정책홍보를 시행했다. 두 달 뒤, 김 대리는 사내 구성원들이 '환상기업'의 보안정책을 얼마나 잘 준수하고 있는지 궁금해 하지 않을 수 없었다.

  • PDF

The Effect of Characteristics of Information Security Policy on Security Policy Compliance Intention of Employees (정보보안정책의 특성이 구성원들의 보안정책 준수 행위에 미치는 영향에 관한 연구)

  • Yim, Myung-Seong
    • Journal of Digital Convergence
    • /
    • v.11 no.1
    • /
    • pp.27-38
    • /
    • 2013
  • There are two elements of security policy that can have a bearing on its effectiveness: content and form. While the content of the security policy has been investigated extensively in the most of the previous studies, there is very little literature on the form of the security policy. Since the form of the policy influences its success, it is important to understand how to articulate the form of a security policy. Thus, the aim of this study is to investigate the relationship between security form and policy compliance of employees. Research results find that dimensions of security form have effect on attitude towards security compliance, subjective norm, perceived behavioral control, and perceived response costs, and besides attitude towards security compliance and subjective norm have an effect on persistent security compliance intention. The conclusions and implications are discussed.

The Message Server Access Control Algorithm Enforcing Two Multi Security Policies (두개의 다중 보안정책을 준수하는 메세지서버 액세스 제어 알고리즘)

  • 김석우
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.4 no.2
    • /
    • pp.71-88
    • /
    • 1994
  • 메세지 전달시스템을 이용한 원거리 정보전달이 일반화되고 있다. X.400 메세지처리시스템 및 OSI 보안구조는 보안기능 및 서비스에 대한 표준을 개념적으로 정의하고 있으나, 메세지 전달시스템이 제공하는 보안서비스에 의존하여 중요정보를 송,수신하는 유저는 자신의 보안정책이 준수되기를 원한다. 이를 위해, 메세지 전달시스템과 유저의 독립적 또는 중첩된 2개의 다중 보안정책이 메세지 서버에서 준수되어야 한다. 메세지의 전송 및 프로세싱은 주체와 객체가 지닌 보안레이블이 강제적, 임의적, 마킹, 특권제어의 다중 보안정책에 부합될 때 액세스가 허용된다. 제안된 알고리즘이 메세지 서버에서 보안메카니즘으로 동작될 때, OSI 보안구조와 유저가 요구하는 보안요구조건이 만족됨으로서, 유저의 메세지가 안전하게 전송될 수 있다.

A Study on Neutralization and Organizational Citizenship Behavior for Information Security Policy Compliance (직원의 정보보안 정책 준수에 대한 중화기술과 조직시민행동의 영향 연구)

  • Choi, Myeonggil;Choi, Hwayoung
    • Information Systems Review
    • /
    • v.17 no.3
    • /
    • pp.65-76
    • /
    • 2015
  • This paper examines the influence of neutralization techniques and voluntary actions on intention to comply information security policy. Data were collected through an online survey and hypothesis results were all hypotheses were supported. The results of this study improve understanding on the voluntary nature of employee behavior for participating in the organization's policies and the rationalization of the employees trying weakening the organization's policy intentions. The organization shoud implement specific education and training in order to suppress the rationalization of employees and develop a plan to have a kinship with the employees of the organization.

A Study on the Influence of Information Security Compliance Intention of Employee: Theory of Planned Behavior, Justice Theory, and Motivation Theory Applied (조직원의 정보보안 정책 준수의도에 미치는 영향 연구: 계획된 행동이론, 공정성이론, 동기이론의 적용)

  • Hwang, In-Ho;Hu, Sung-Ho
    • Journal of Digital Convergence
    • /
    • v.16 no.3
    • /
    • pp.225-236
    • /
    • 2018
  • Organizations continue to invest in the security of information technology as a means to be more competitive than others in their industry do. However, there is a relatively lack of interest in the information security compliance of employees who implement information security technologies and policies of organization. This study finds mechanisms for enhancing security compliance by applying theory of planned behavior, justice theory, and motivation theory in information security field. We use structural equation modeling to verify the research hypotheses, and conducted a survey on the employees of organization with information security policy. The results showed that organizational justice, sanction, and organizational identification affect the factors of the planned behavior theory and affect the employee's compliance intention. As a result, this research suggested directions for strategic approach for enhancing employee's compliance intention on organization's security policy.

The Employee's Information Security Policy Compliance Intention : Theory of Planned Behavior, Goal Setting Theory, and Deterrence Theory Applied (조직구성원의 정보보안 정책 준수의도: 계획된 행동이론, 목표설정이론, 억제이론의 적용)

  • Hwang, In-Ho;Lee, Hye-Young
    • Journal of Digital Convergence
    • /
    • v.14 no.7
    • /
    • pp.155-166
    • /
    • 2016
  • In accordance with the increase of the importance of information security, organizations are making continuous investments to develop policies and adapt technology for information security. Organization should provide systemized support to enhance employees' security compliance intention in order to increase the degree of organization's internal security. This research suggests security policy goal setting and sanction enforcement as a method to improve employees' security compliance in planning and enforcing organization's security policy, and verifies the influencing relationship of Theory of Planned Behavior which explains employee's security compliance intention. We use structural equation modeling to verify the research hypotheses, and conducted a survey on the employees of organization with information security policy. We verified the hypotheses based on 346 responses. The result shows that the degree of goal setting and sanction enforcement has positive influence on self-efficacy and coping efficacy which are antecedents that influence employees' compliance intention. As a result, this research suggested directions for strategic approach for enhancing employee's compliance intention on organization's security policy.

The Impact of IS Policy and Sanction Perceptions on Compliance Intention through Justice: The Role of Justice Sensitivity (정보보안 정책 및 제재 인식이 공정성을 통해 준수 의도에 미치는 영향: 공정 민감성의 역할)

  • In-Ho Hwang
    • The Journal of the Korea institute of electronic communication sciences
    • /
    • v.18 no.2
    • /
    • pp.337-348
    • /
    • 2023
  • As protecting organizations' information assets affects their substantiality, they are increasing their investments in policies, regulations, and technologies for systematic information asset management and protection. This study confirms the impact on information security(IS) compliance from the perspective of employees who apply IS policies to actual work. In particular, this study identifies mechanisms linked to IS policy awareness, sanction, justice, and IS compliance from the perspective of expanding deterrence theory. We applied 316 samples obtained from workers of organizations that applied IS policies and regulations to work and verified the relationship between mechanisms by using AMOS and SPSS packages. As a result of the verification, IS policy awareness had a positive effect on organization justice and compliance intention through the severity and clarity of sanctions. Individual justice sensitivity had a moderating effect on the cause and outcome of justice. The sanction-related mechanism presented in this study provides strategic implications for organizations that require active IS activities by insiders.