• Title/Summary/Keyword: Policy Violation

Search Result 109, Processing Time 0.024 seconds

A Study on the Factors for Violation of Information Security Policy in Financial Companies : Moderating Effects of Perceived Customer Information Sensitivity (금융회사 정보보안정책의 위반에 영향을 주는 요인 연구 : 지각된 고객정보 민감도에 따른 조절효과)

  • Lee, Jeong-Ha;Lee, Sang-Yong Tom
    • Journal of Information Technology Applications and Management
    • /
    • v.22 no.4
    • /
    • pp.225-251
    • /
    • 2015
  • This paper analyzed factors for employees to violate information security policy in financial companies based on the theory of reasoned action (TRA), general deterrence theory (GDT), and information security awareness and moderating effects of perceived sensitivity of customer information. Using the 376 samples that were collected through both online and offline surveys, statistical tests were performed. We found that the perceived severity of sanction and information security policy support to information policy violation attitude and subjective norm but the perceived certainty of sanction and general information security awareness support to only subjective norm. Also, the moderating effects of perceived sensitivity of customer information against information policy violation attitude and subjective norm were supported. Academic implications of this study are expected to be the basis for future research on information security policy violations of financial companies; Employees' perceived sanctions and information security policy awareness have an impact on the subjective norm significantly. Practical implications are that it can provide a guide to establish information security management strategies for information security compliance; when implementing information security awareness training for employees to deter violations by emphasizing the sensitivity of customer information, a company should make their employees recognize that the customer information is very sensitive data.

Understanding an Employee Information Systems Security Violations (조직 구성원들의 정보보안 정책 위반에 영향을 미치는 요인)

  • Yim, Myung-Seong
    • Journal of Digital Convergence
    • /
    • v.11 no.2
    • /
    • pp.19-32
    • /
    • 2013
  • The purpose of this paper is to find an answer why employees in organization violate the organizational information security policy. To do this, this study is rooted in the moral disengagment theory. This study found that moral belief and perceived sanction have an effect on security policy violation. However, if moral disengagement is involved in the research model, perceived sanction is not significant. Finally, SETA, moral belief, and perceived sanction have a negative effect on moral disengagement, which in turn moral disengagement influences positively the security policy violation. The conclusions and implications are discussed.

A Study on the Effective Countermeasures for Preventing Computer Security Incidents (기업의 침해사고 예방을 위한 관리 모델)

  • Kang, Shin-Beom;Lee, Sang-Jin;Lim, Jong-In
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.1
    • /
    • pp.107-115
    • /
    • 2012
  • The level of information protection is relatively low, in comparison with the informatisation in this country. The budget for information protection is also quite marginal at 5% of the entire information-related policy budget. The passive information protection practices by companies, which focus more on the aftermaths, lead to repeated expenses for risk management. The responses to the violation of information protection should be changed from the current aftermaths-oriented focus to prevention and early detection of possible violations. We should also realize that the response to a violation of protected information is not a responsibility of an individual but a joint responsibility of the nation and the industry. South Korea has been working towards to building a systematic foundation since 2004 when guidelines were announced regarding the information protection policy and the safety diagnosis. The current level of safety policies cannot provide a perfect protection against actual violation cases in administrative, technological and physical ways. This research evaluates the level of prevention that the current systematic protection policy offers, and discusses its limitation and possible ways for improvement. It also recommends a list effective measures for protection against information violation that companies can employ to maintain the actual target safety level.

A Study on Voluntary Acceptance and Diffusion of Game Shut-Down Policy Based on Excellence Theory and Psychological Reactance Theory (게임 셧다운제도의 자발적 수용 및 확산방안에 관한 연구 : 우수성 이론과 심리적 반발이론을 중심으로)

  • Park, Chan-Uk;Lee, Sin-Bok
    • Journal of Information Technology Services
    • /
    • v.11 no.2
    • /
    • pp.93-106
    • /
    • 2012
  • Recently, a Game Shut-down policy, partially limiting the time for the use of online game service, has been implemented in order to protect the youth from the excessive use of games by limiting their access to games in the late hours, based on the serious side effects of online games on the youth. However, the effectiveness of a Game Shut-down policy becomes a social issue. Thus, this study aims to investigate the alternative policies through the levels of the communications suggested by the theory of excellence, for the successful implementation of the policy. As a result of the study, the government and students, the recipient of those policies, need to strengthen their two-way communication in respect of the Game Shut-down policy, breaking from the existing views on the perception. The problem is that the current government's way of the communication for the Game Shut-down policy is one-way and it is aiming at achieving the objectives only. Thus, the communication in this manner will cause the side effect. 'the opportunistic violation of the system in the future', even if the students seemingly accept the system. Two-way communication will enhance the motivation for the voluntary acceptance of the system and lower the motivation for the opportunistic violation of the system. Thus, the government needs to strengthen two-way communication in the future.

Investigate the Roles of Sanctions, Psychological Capital, and Organizational Security Resources Factors in Information Security Policy Violation

  • Ayman Hasan Asfoor;Hairoladenan kasim;Aliza Binti Abdul Latif;Fiza Binti Abdul Rahim
    • Asia pacific journal of information systems
    • /
    • v.33 no.4
    • /
    • pp.863-898
    • /
    • 2023
  • Previous studies have shown that insiders pose risks to the security of organisations' secret information. Information security policy (ISP) intentional violation can jeopardise organisations. For years, ISP violations persist despite organisations' best attempts to tackle the problem through security, education, training and awareness (SETA) programs and technology solutions. Stopping hacking attempts e.g., phishing relies on personnel's behaviour. Therefore, it is crucial to consider employee behaviour when designing strategies to protect sensitive data. In this case, organisations should also focus on improving employee behaviour on security and creating positive security perceptions. This paper investigates the role of psychological capital (PsyCap), punishment and organisational security resources in influencing employee behaviour and ultimately reducing ISP violations. The model of the proposed study has been modified to investigate the connection between self-efficacy, resilience, optimism, hope, perceived sanction severity, perceived sanction certainty, security response effectiveness, security competence and ISP violation. The sample of the study includes 364 bank employees in Jordan who participated in a survey using a self-administered questionnaire. The findings show that the proposed approach acquired an acceptable fit with the data and 17 of 25 hypotheses were confirmed to be correct. Furthermore, the variables self-efficacy, resilience, security response efficacy, and protection motivation directly influence ISP violations, while perceived sanction severity and optimism indirectly influence ISP violations through protection motivation. Additionally, hope, perceived sanction certainty, and security skills have no effect on ISP infractions that are statistically significant. Finally, self-efficacy, resiliency, optimism, hope, perceived severity of sanctions, perceived certainty of sanctions, perceived effectiveness of security responses, and security competence have a substantial influence on protection motivation.

The Effects of Psychological Contract Violation on OS User's Betrayal Behaviors: Window XP Technical Support Ending Case (심리적 계약 위반이 OS이용자의 배신 행동에 미치는 영향: 윈도우 XP 기술적 지원서비스 중단 사례)

  • Lee, Un-Kon
    • Asia pacific journal of information systems
    • /
    • v.24 no.3
    • /
    • pp.325-344
    • /
    • 2014
  • Technical support of Window XP ended in March, 8, 2014, and it makes OS(Operating System) users fall in a state of confusion. Sudden decision making of OS upgrade and replacement is not a simple problem. Firms need to change the long term capacity plan in enterprise IS management, but they are pressed for time and cost to complete it. Individuals can not help selecting the second best plan, because the following OSs of Window XP are below expectations in performances, new PC sales as the opportunities of OS upgrade decrease, and the potential risk of OS technical support ending had not announced to OS users at the point of purchase. Microsoft as the OS vendors had not presented precaution or remedy for this confusion. Rather, Microsoft announced that the technical support of the other following OSs of Wndow XP such as Window 7 would ended in two years. This conflict between OS vendor and OS users could not happen in one time, but could recur in recent future. Although studies on the ways of OS user protection policy would be needed to escape from this conflict, few prior studies had conducted this issue. This study had challenge to cautiously investigate in such OS user's reactions as the confirmation with OS user's expectation in the point of purchase, three types of justice perception on the treatment of OS vendor, psychological contract violation, satisfaction and the other betrayal behavioral intention in the case of Window XP technical support ending. By adopting the justice perception on this research, and by empirically validating the impact on OS user's reactions, I could suggest the direction of establishing OS user protection policy of OS vendor. Based on the expectation-confirmation theory, the theory of justice, literatures about psychological contract violation, and studies about consumer betrayal behaviors in the perspective of Herzberg(1968)'s dual factor theory, I developed the research model and hypothesis. Expectation-confirmation theory explain that consumers had expectation on the performance of product in the point of sale, and they could satisfied with their purchase behaviors, when the expectation could have confirmed in the point of consumption. The theory of justice in social exchange argues that treatee could be willing to accept the treatment by treater when the three types of justice as distributive, procedural, and interactional justice could be established in treatment. Literatures about psychological contract violation in human behaviors explains that contracter in a side could have the implied contract (also called 'psychological contract') which the contracter in the other side would sincerely execute the contract, and that they are willing to do vengeance behaviors when their contract had unfairly been broken. When the psychological contract of consumers had been broken, consumers feel distrust with the vendors and are willing to decrease such beneficial attitude and behavior as satisfaction, loyalty and repurchase intention. At the same time, consumers feel betrayal and are willing to increase such retributive attitude and behavior as negative word-of-mouth, complain to the vendors, complain to the third parties for consumer protection. We conducted a scenario survey in order to validate our research model at March, 2013, when is the point of news released firstly and when is the point of one year before the acture Window XP technical support ending. We collected the valid data from 238 voluntary participants who are the OS users but had not yet exposed the news of Window OSs technical support ending schedule. The subject had been allocated into two groups and one of two groups had been exposed this news. The data had been analyzed by the MANOVA and PLS. MANOVA results indicate that the OSs technical support ending could significantly decrease all three types of justice perception. PLS results indicated that it could significantly increase psychological contract violation and that this increased psychological contract violation could significantly reduce the trust and increase the perceived betrayal. Then, it could significantly reduce satisfaction, loyalty, and repurchase intention, and it also could significantly increase negative word-of-month intention, complain to the vendor intention, and complain to the third party intention. All hypothesis had been significantly approved. Consequently, OS users feel that the OSs technical support ending is not natural value added service ending, but the violation of the core OS purchase contract, that it could be the posteriori prohibition of OS user's OS usage right, and that it could induce the psychological contract violation of OS users. This study would contributions to introduce the psychological contract violation of the OS users from the OSs technical support ending in IS field, to introduce three types of justice as the antecedents of psychological contract violation, and to empirically validate the impact of psychological contract violation both on the beneficial and retributive behavioral intentions of OS users. For practice, the results of this study could contribute to make more comprehensive OS user protection policy and consumer relationship management practices of OS vendor.

Privacy Level Indicating Data Leakage Prevention System

  • Kim, Jinhyung;Park, Choonsik;Hwang, Jun;Kim, Hyung-Jong
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.7 no.3
    • /
    • pp.558-575
    • /
    • 2013
  • The purpose of a data leakage prevention system is to protect corporate information assets. The system monitors the packet exchanges between internal systems and the Internet, filters packets according to the data security policy defined by each company, or discretionarily deletes important data included in packets in order to prevent leakage of corporate information. However, the problem arises that the system may monitor employees' personal information, thus allowing their privacy to be violated. Therefore, it is necessary to find not only a solution for detecting leakage of significant information, but also a way to minimize the leakage of internal users' personal information. In this paper, we propose two models for representing the level of personal information disclosure during data leakage detection. One model measures only the disclosure frequencies of keywords that are defined as personal data. These frequencies are used to indicate the privacy violation level. The other model represents the context of privacy violation using a private data matrix. Each row of the matrix represents the disclosure counts for personal data keywords in a given time period, and each column represents the disclosure count of a certain keyword during the entire observation interval. Using the suggested matrix model, we can represent an abstracted context of the privacy violation situation. Experiments on the privacy violation situation to demonstrate the usability of the suggested models are also presented.

Energy and Service Level Agreement Aware Resource Allocation Heuristics for Cloud Data Centers

  • Sutha, K.;Nawaz, G.M.Kadhar
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.12 no.11
    • /
    • pp.5357-5381
    • /
    • 2018
  • Cloud computing offers a wide range of on-demand resources over the internet. Utility-based resource allocation in cloud data centers significantly increases the number of cloud users. Heavy usage of cloud data center encounters many problems such as sacrificing system performance, increasing operational cost and high-energy consumption. Therefore, the result of the system damages the environment extremely due to heavy carbon (CO2) emission. However, dynamic allocation of energy-efficient resources in cloud data centers overcomes these problems. In this paper, we have proposed Energy and Service Level Agreement (SLA) Aware Resource Allocation Heuristic Algorithms. These algorithms are essential for reducing power consumption and SLA violation without diminishing the performance and Quality-of-Service (QoS) in cloud data centers. Our proposed model is organized as follows: a) SLA violation detection model is used to prevent Virtual Machines (VMs) from overloaded and underloaded host usage; b) for reducing power consumption of VMs, we have introduced Enhanced minPower and maxUtilization (EMPMU) VM migration policy; and c) efficient utilization of cloud resources and VM placement are achieved using SLA-aware Modified Best Fit Decreasing (MBFD) algorithm. We have validated our test results using CloudSim toolkit 3.0.3. Finally, experimental results have shown better resource utilization, reduced energy consumption and SLA violation in heterogeneous dynamic cloud environment.

Reasons for Violation of the Self Carfree Day Policy (승용차요일제 준수와 위반에 미치는 영향 분석)

  • Bin, Mi-Yeong;Jeong, Ui-Seok
    • Journal of Korean Society of Transportation
    • /
    • v.28 no.4
    • /
    • pp.61-73
    • /
    • 2010
  • This research is to analyze reasons for violation of the Self Carfree day policy. It also analyzes satisfaction of the policy participation incentives. The results are that the violation rate is increasing if the drivers live in a zone which is highly energy consuming, which has low potential demand per bus stop and low trip generation per number of houses, which therefore requires more bus routes and bus services, and in which the drivers pay more car operating fees and show less tendancy towards participation even with the 5-10% oil price increase. The results are significant at the 0.05 level.

Principle of Proportionality of Contractual Penalty in Arbitral Awards in Russia

  • Eunok Park;Liliia Andreevskikh
    • Journal of Korea Trade
    • /
    • v.27 no.1
    • /
    • pp.176-191
    • /
    • 2023
  • Purpose - When recovered through arbitration a contractual penalty that is disproportionately high can become grounds for challenging an arbitral award or an obstacle to its enforcement within Russian jurisdiction. This article investigates how violation of the principle of proportionality can affect the enforcement and challenging of arbitral awards in Russia. Based on the examination of the current legislation, along with the analysis of recent court cases on the subject, the ultimate object of this article is to discern practical recommendations for Korean practitioners who are looking to challenge and/or enforce arbitral awards in Russian courts. Design/methodology - The research process included the reviewing of current Russian legislation conducted in concurrence with academic literature review, searching and analyzing recent court cases where the relevant legal provisions and concepts were applied, and formulating practical implications of the research at its final stage. Findings - Through its relation to the principle of fairness/justice the authors establish the connection between the principle of proportionality and the public policy of Russia. Analysis of recent court cases showed two conflicting trends of whether a disproportionate penalty can be considered a public policy violation. The authors offer practical recommendations on how to substantiate a relevant claim regarding contractual penalty reduction by the court, depending on the desired outcome. Originality/value - The article contains an up-to-date summary of the legal provisions on the principle of proportionality of civil liability in Russia and identifies the most recent trends in court practice on the issue that is not covered by existing studies.