• Journal of Digital Convergence
• /
• v.10 no.4
• /
• pp.23-35
• /
• 2012

The goal of this study is to identify factors that influence on the persistent information security compliance intention of employees. Antecedents suggested in research model are security awareness training and perceived effectiveness of information security policy. Research results show that security awareness training has a positive effect on persistent information security compliance intention as well as effectiveness of information security policy. While policy breadth, which is one of the effectiveness of information security policy, influences on persistent information security compliance attitude and intention, policy brevity does not effect on persistent information security compliance intention. Conclusions and implications are discussed.

• Journal of Digital Convergence
• /
• v.10 no.5
• /
• pp.37-51
• /
• 2012

The purpose of this study is to approach information security from a more comprehensive perspective. Particularly, information countermeasures includes a technological tool for end users, thereby increasing the end users' technological stresses. Based on the technostress framework, we investigate a effect of security awareness training on technostress, and also examine a effect of technostress on the persistent security compliance. Results showed that security awareness training influenced on techno-overload and techno-uncertainty. We also found that techno-overload and techno-uncertainty have a significant effect on the persistent security compliance. Conclusion and implications are discussed.

• Journal of Convergence for Information Technology
• /
• v.10 no.12
• /
• pp.91-99
• /
• 2020

The aim of this study to assess the effect of information security policy awareness, information security involvement, compliance behavioral intention on information security behavior The research method is composed of a cross-sectional design of reward and fairness. This paper focuses on the process of organizational policy on the information security compliance intention in the individual decision-making process. As a result, the reward had a significant effect on compliance behavioral intention, and it was found that influence of the psychological reward-based condition was greater than the material reward-based condition. The fairness had a significant effect on information security policy awareness, information security involvement, information security behavior, and it was found that influence of the equity-based condition was greater than the equality-based condition. The exploration model was verified as a multiple mediation model. In addition, the discussion presented the necessary research direction from the perspective of synergy by the cultural environment of individuals and organizations.

• Information Systems Review
• /
• v.19 no.3
• /
• pp.69-89
• /
• 2017

In the information age, the rapid development of information technology provides people with an enriching experience yet also causes them harm because of information security (IS) issues. The IS of smartphones faces great challenges. Although many studies on IS awareness have been conducted, most of them have focused on PCs and do not consider the security issues of smartphones. In this study, we focus on those factors that affect IS awareness for both PCs and smartphones. We also analyze the differences in the impacts of certain factors on PCs and smartphones based on the proposed research model. The results are summarized as follows. First, the understanding of security technique, understanding of IS threat, and IS education have significant impacts on IS awareness for PCs and smartphones, while IS intention has a significant impact on IS awareness for PCs but not for smartphones. Moreover, IS policy has no significant impact on IS awareness. Second, PCs and smartphones show no significant differences in IS awareness, IS threat, and IS intention, but show significant differences in understanding of security technique, IS education, and IS policy.

• Information Systems Review
• /
• v.18 no.3
• /
• pp.137-153
• /
• 2016

Organizations depend on smart working environments, such as mobile networks. This development motivates companies to focus on information security. Information leakage negatively affects companies. To address this issue, management and information security researchers focus on compliance of employees with information security policies. Countermeasures in information security are known antecedents of intention to comply information security policies. Despite the importance of this topic, research on the antecedents of information security countermeasures is scarce. The present study proposes information security intelligence as an antecedent of information security countermeasures. Information security intelligence adapted the concept of safety intelligence provided by Kirwan (2008). Information security intelligence consists of problem solving skills, social skills, and information security knowledge related to information security. Results show that problem solving skills and information security knowledge have positive effects on the awareness of employees of information security countermeasures.

• Journal of Digital Convergence
• /
• v.12 no.2
• /
• pp.27-37
• /
• 2014

While organizations are making a considerable effort to leverage formal and informal control mechanisms (e.g., policies, procedures, organizational culture) to improve security, their impact and effectiveness is under scrutiny as employees seldom comply with information security procedures. The best way to ensure the viability of a security policy is to make sure users understand it and accept necessary precautions. From an organization's perspective, a lack of security knowledge and awareness on the part of employees is a major problem. However, previous studies suggest that effect of security awareness education is inconsistent. Thus, this study is to find the answer why security awareness education is not effective. Conclusions and implications are discussed.

• Journal of Korea Port Economic Association
• /
• v.28 no.1
• /
• pp.1-23
• /
• 2012

Advances in information technology has brought many benefits to businesses, but at the same time, businesses are facing serious problems caused by its use such as information leakage. In order to cope with problems, companies have established information security policies, demanding workers of a company to be compliant with the policies. This study proposes a research model that includes information security awareness, information security attitude, self-efficacy, standard belief and social influences as factors that affect the compliance of information security policy among the workers of shipping and port organization. The results of this study showed that there was a positive relationship not only between the information security awareness and the information security attitude, but also between the information security attitude and the information security policy among the workers of shipping and port organization. It was also found that there was a positive relationship between the self-efficacy and the compliance of information security policy, and between the social influence and the compliance of information security policy. However, there was no meaningful relationship between the standard belief and the compliance of information security policy. This study examined to what extent the workers of shipping and port organization that have a high possibility of the information leakage were compliant with the information security policy. The findings will contribute to organizations of shipping and port who attempt to establish strategies related to information security.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.18 no.2
• /
• pp.337-348
• /
• 2023

As protecting organizations' information assets affects their substantiality, they are increasing their investments in policies, regulations, and technologies for systematic information asset management and protection. This study confirms the impact on information security(IS) compliance from the perspective of employees who apply IS policies to actual work. In particular, this study identifies mechanisms linked to IS policy awareness, sanction, justice, and IS compliance from the perspective of expanding deterrence theory. We applied 316 samples obtained from workers of organizations that applied IS policies and regulations to work and verified the relationship between mechanisms by using AMOS and SPSS packages. As a result of the verification, IS policy awareness had a positive effect on organization justice and compliance intention through the severity and clarity of sanctions. Individual justice sensitivity had a moderating effect on the cause and outcome of justice. The sanction-related mechanism presented in this study provides strategic implications for organizations that require active IS activities by insiders.

• Journal of Navigation and Port Research
• /
• v.40 no.4
• /
• pp.213-222
• /
• 2016

Recently, as cases of organizations' information disclosure occur continuously, it is urgent to manage security of information and establish measures to enhance security of information by an organization itself. Especially, members of an organization should be prepared with measures for information security, and an organization should do its efforts to raise its members' awareness toward information security. I set a research model to verify what effects an organization's fulfillment of regulations to secure information brings to performance of information security and selected members from maritime and port organizations and financial and insurance institutes as sample. Results of the analysis to identify factors affecting information security performance among members of maritime and port organizations are as follows. Firstly, I found that the factors affecting information security awareness are information security attitude and information security standards. Secondly, the factor giving influence on information security policy of an organization was found to be information security standards. In contrast, information security punishments and information security training were verified not to give influence on compliance of information security policy. Thirdly, information security awareness was identified to give significant influence on compliance of information security policy, information security competence and information security behavior. Fourthly, compliance of information security policy was verified to be those factors that give influence on information security competence and information security behavior. Lastly, information security competence and information security behavior were found to be such factors that give influence on information security performance.

• Review of KIISC
• /
• v.13 no.3
• /
• pp.15-22
• /
• 2003

미국은 전자정부 구현을 위하여 각종 법규를 제정하였고 이를 통합하여 2002년에 전자정부법을 제정하였다. 그리고 동 법을 제정하면서 전자정부의 성공이 정보보안에 있다는 사실을 인식하고 전자정부법에 연방정보보안관리법을 삽입하여 통과시켰다. 이를 통하여 전자정부의 실현과 관련하여 연방 각 부처로 하여금 정보보안의 이행을 실질적으로 추진하고 보고하도록 하는 연방 정부의 체계적인 정보보안 정책을 확립하였다. 이러한 미국의 전자정부에 대한 정보보안 정책 확립은 우리나라 전자정부의 구현과 실행에 있어 체계적인 정보보안 정책 수립의 필요성과 중요성을 다시금 일깨우고 있다고 할 것이다.