• Informatization Policy
• /
• v.25 no.3
• /
• pp.95-115
• /
• 2018

This study aims to examine organization members' intention to violate security policies based on the Person-Environment Fit Model. This study investigated the effect of the relationship between organizational security environment and the individual security value on the intention of organizational security policy violation. The security environments are classified into the organizational information security culture and peers' behavior of security compliance, while the personal values are classified into reconstructing the conduct, distorting the consequence, and devaluing the organization as presented in the moral disengagement theory. Based on the concept of the moral disengagement theory, we measured the individual security values as a second order factor. This study found that the information security culture had a statistically significant impact on devaluing the organization, but did not have as much impact on reconstructing the conduct and distorting the consequence. Peers' behavior of security compliance had a significant impact on reconstructing the conduct, distorting the consequence and devaluing the organization, all of which also had relevant impact on the organizational members' intention of security policy violation.This study measured a persons' perception on security policy breach by presenting scenarios of password sharing that is common in many organizations. This study is expected to make practical contributions, as it deals with challenges that many organizations are actually faced with.

• Journal of the Korea Convergence Society
• /
• v.12 no.1
• /
• pp.211-218
• /
• 2021

This study is composed of a convergence research design plan as the necessity of information security field dealing with human factors are raised. The purpose of this study is to analyze the effectiveness of the aspect of information security on the cognitive process related to security policy. The research method consisted of the cross-design of the availability dimension and the culture dimension, and the information security process was measured with information security awareness, response efficacy, compliance behavioral intention, and information security behavior. As a result of the study, the dimension of availability had a significant effect on response efficacy, and it was found that the influence of the case-based condition was greater than that of the statistics-based condition. The cultural dimension had a significant effect on information security awareness, response efficacy, compliance behavioral intention, and information security behavior, and the influence of the homogeneity condition was found to be greater than that of the diversity condition. The proposed research model was verified as a multiple mediation model reconstructed with measurement variables. In addition, the discussion describes the necessity of an information security strategy in consideration of individual factors and organizational characteristics.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.5
• /
• pp.1243-1250
• /
• 2016

The purpose of this study is to investigate how abusive supervision influences on security policy compliance in their work place and find moderation effects of organizational justice. The results is that abusive supervision decreases employees' affective commitment or social bond to their organizations. And it negatively affect employees' behavioral intent to comply with security policies. Organizational justice acts to attenuate the negative relationship between the stress from abusive supervision and willingness to comply with the security policy. Especially, distributive justice has a significant effect on decreasing the negative relationship.

• Information Systems Review
• /
• v.17 no.3
• /
• pp.65-76
• /
• 2015

This paper examines the influence of neutralization techniques and voluntary actions on intention to comply information security policy. Data were collected through an online survey and hypothesis results were all hypotheses were supported. The results of this study improve understanding on the voluntary nature of employee behavior for participating in the organization's policies and the rationalization of the employees trying weakening the organization's policy intentions. The organization shoud implement specific education and training in order to suppress the rationalization of employees and develop a plan to have a kinship with the employees of the organization.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.18 no.2
• /
• pp.337-348
• /
• 2023

As protecting organizations' information assets affects their substantiality, they are increasing their investments in policies, regulations, and technologies for systematic information asset management and protection. This study confirms the impact on information security(IS) compliance from the perspective of employees who apply IS policies to actual work. In particular, this study identifies mechanisms linked to IS policy awareness, sanction, justice, and IS compliance from the perspective of expanding deterrence theory. We applied 316 samples obtained from workers of organizations that applied IS policies and regulations to work and verified the relationship between mechanisms by using AMOS and SPSS packages. As a result of the verification, IS policy awareness had a positive effect on organization justice and compliance intention through the severity and clarity of sanctions. Individual justice sensitivity had a moderating effect on the cause and outcome of justice. The sanction-related mechanism presented in this study provides strategic implications for organizations that require active IS activities by insiders.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.5
• /
• pp.841-850
• /
• 2015

XaaS (Everything as a Service) provides re-usable, fine-grained software components like software, platform, infra across a network. Then users usually pay a fee to get access to the software components. It is a subset of cloud computing. Since XaaS is provided by centralized service providers, it can be a target of various security attacks. Specially, if XaaS becomes the target of APT (Advanced Persistent Threat) attack, many users utilizing XaaS as well as XaaS system can be exposed to serious danger. So various solutions against APT attack are proposed. However, they do not consider all aspects of security control, synthetically. In this paper, we propose overall security checkup considering technical aspect and policy aspect to securely operate XaaS.

• Information Systems Review
• /
• v.18 no.3
• /
• pp.137-153
• /
• 2016

Organizations depend on smart working environments, such as mobile networks. This development motivates companies to focus on information security. Information leakage negatively affects companies. To address this issue, management and information security researchers focus on compliance of employees with information security policies. Countermeasures in information security are known antecedents of intention to comply information security policies. Despite the importance of this topic, research on the antecedents of information security countermeasures is scarce. The present study proposes information security intelligence as an antecedent of information security countermeasures. Information security intelligence adapted the concept of safety intelligence provided by Kirwan (2008). Information security intelligence consists of problem solving skills, social skills, and information security knowledge related to information security. Results show that problem solving skills and information security knowledge have positive effects on the awareness of employees of information security countermeasures.

• Convergence Security Journal
• /
• v.19 no.2
• /
• pp.47-58
• /
• 2019

This study applied the Theory of Reasoned Action by Fishbein & Ajzen(1975) as the grounded theory and adopt sanctions of the General Deterrent Theory and protection motivation of the Protection Motivation Theory as the antecedents to discuss the theoretical factors and the cases of application in the field of information security. Then, it adopted subjective norm, a variable of the Theory of Reasoned Action, as a parameter to analyze the causality of sanctions, perceived vulnerability, response cost, and self-efficacy with the intention to follow the information security policies. As a result, all of the antecedents except for sanctions had causality with the intention and subjective norm proved its mediating effect as a parameter between the antecedents and the intention.

• The Journal of the Korea Contents Association
• /
• v.17 no.4
• /
• pp.461-467
• /
• 2017

Privacy laws are widely enforced throughout the general public and private sector, and the Ministry of Government Administration and Home Affairs is stepping up its annual level of protection and management levels annually. However, in actual field, it has limits to follow the laws that are amended to comply with the privacy laws of the public sector. Therefore, this study should examine the trends of privacy protection and examine items that require adherence to privacy practices in public institutions. In addition, it is hoped to draw implications for the problems arising from the task itself, as well as providing implications for the issues that are closely related to the public in the privacy of the privacy policies.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.17 no.4
• /
• pp.193-201
• /
• 2017

Financial firms strengthen to protect personal information from the leakage, introducing various security solutions such as print output security, internet network Isolation system, isolationg strorage of customer information, encrypting personal information, personal information detecting system, data loss prevention, personal information monitoring system, and so on. Financial companies are also entering the era of cutthroat competition due to accept of the new channels and the paradigm shift of financial instruments. Accordingly, The needs for security for customer information held by financial firms are keep growing. The large security accidents from the three card companies on January 2014 were happened, the case in which one of the outsourcing personnel seized customer personal information from the system of the thress card companies and sold them illegally to a loan publisher and lender. Three years after the large security accidents had been passed, nevertheless the security threat of the IT outsourcing workforce still exists. The governments including the regulatory agency realted to the financail firms are conducting a review efforts to prevent the leakage of personal information as well as strengthening the extent of the sanction. Through the analysis on the application of security policy for outsourcing personnel in case of large-scale Financial IT projects and the case study of appropriate security policies for security compliance, the theis is proposing a solution for both successfully completing large-scale financial IT Project and so far as possible minizing the risk from the security accidents by the outsouring personnel.