• 한국정보시스템학회지:정보시스템연구
• /
• 제24권3호
• /
• pp.1-19
• /
• 2015

Purpose This study discusses the contradictory behavior of smart-phone users who consider security is important, but they do not follow the security recommendations. We found through literature research that this contradictory behavior is resulted from a low level of efficacy. Design/methodology/approach Research hypotheses were set based on Extended Parallel Process Model, Control Theory, and Self Efficacy Mechanism. The data were collected from undergraduate students. Total of 178 data were used for the analysis. Findings Results of the analysis, first, showed that the relationship between threat and security attitude varies with the level of coping efficacy. Second, showed that the relationship between threat and fear does not vary with the level of coping efficacy. Both the groups with high coping efficacy and low coping efficacy had a statistically significant effect on the relationship between threat and fear.

• 디지털융복합연구
• /
• 제19권8호
• /
• pp.49-57
• /
• 2021

본 연구의 목적은 자기통제 차원의 통제 소재 차원과 조직통제 차원의 경직성 문화 차원이 정보보안 태도에 미치는 영향력을 확인하는 것이다. 연구는 통제 소재와 경직성 문화의 교차방안으로 구조화되었고, 정보보안 태도는 정보보안 실제 태도, 준수행동 태도, 정보보안 효능감의 세 가지 변수들로 이루어졌다. 연구 결과, 통제 소재 차원이 정보보안 태도에 끼치는 효과는 통계학적으로 유의미한 것으로 실증되었다. 즉, 정보보안 실제 태도, 준수행동 태도, 정보보안 효능감에 영향력을 미치고 있었으며, 내적통제 조건의 영향이 외적통제 조건보다 더 큰 것으로 실증되었다. 두 번째로 경직성 문화 차원이 정보보안 태도에 끼치는 효과는 통계학적으로 유의미한 것으로 실증되었다. 즉, 준수행동 태도, 정보보안 효능감에 영향력을 미치고 있었으며, 경직된 문화 조건의 영향이 느슨한 문화 조건보다 더 큰 것으로 실증되었다. 아울러, 논의점은 이러한 결과들을 중심으로 정보보안에 요구되는 내용들을 중심으로 학술적, 제도적 지향성을 설명하였다.

• Asia pacific journal of information systems
• /
• 제33권4호
• /
• pp.863-898
• /
• 2023

Previous studies have shown that insiders pose risks to the security of organisations' secret information. Information security policy (ISP) intentional violation can jeopardise organisations. For years, ISP violations persist despite organisations' best attempts to tackle the problem through security, education, training and awareness (SETA) programs and technology solutions. Stopping hacking attempts e.g., phishing relies on personnel's behaviour. Therefore, it is crucial to consider employee behaviour when designing strategies to protect sensitive data. In this case, organisations should also focus on improving employee behaviour on security and creating positive security perceptions. This paper investigates the role of psychological capital (PsyCap), punishment and organisational security resources in influencing employee behaviour and ultimately reducing ISP violations. The model of the proposed study has been modified to investigate the connection between self-efficacy, resilience, optimism, hope, perceived sanction severity, perceived sanction certainty, security response effectiveness, security competence and ISP violation. The sample of the study includes 364 bank employees in Jordan who participated in a survey using a self-administered questionnaire. The findings show that the proposed approach acquired an acceptable fit with the data and 17 of 25 hypotheses were confirmed to be correct. Furthermore, the variables self-efficacy, resilience, security response efficacy, and protection motivation directly influence ISP violations, while perceived sanction severity and optimism indirectly influence ISP violations through protection motivation. Additionally, hope, perceived sanction certainty, and security skills have no effect on ISP infractions that are statistically significant. Finally, self-efficacy, resiliency, optimism, hope, perceived severity of sanctions, perceived certainty of sanctions, perceived effectiveness of security responses, and security competence have a substantial influence on protection motivation.

• Asia pacific journal of information systems
• /
• 제30권2호
• /
• pp.308-327
• /
• 2020

The importance of information security is increasing, and various efforts are being made to improve users' information security behaviors. Among these various efforts, information security education is mainly aimed at providing users with information security knowledge and improving information security awareness. This study classified the types of information security education into offline and online to examine the effects of each education method on attitudes toward information security (perceived severity, vulnerability, self-efficacy and response-efficacy) and information security behaviors. A survey was conducted for users with information security education experiences. The results obtained by comparing the differences in the path coefficients of personal information security behaviors according to information security education experiences showed that security behaviors were more significant in the online experience group than the offline group. In addition, gender differences were analyzed, and it was found that females had a greater impact on information security attitudes than males. This study also found that among Internet users with online information security education experience, females tend to have more information security behavior than males, but there were contrasting results among users with offline information security education experiences. The results of this study finally address the necessity of reflecting users' personalities in the systematic design of information security education in the future. Furthermore, the results of this study support the need for an appropriate education system that sufficiently understands education types to maximize the effects of information security education.

• 한국정보시스템학회지:정보시스템연구
• /
• 제31권1호
• /
• pp.1-24
• /
• 2022

Purpose The purpose of this study is to investigate the factors that affect the user satisfaction and continuous use intention of the improved ATCIS in the Korean Army. Design/methodology/approach Based on the various theories in relation to IT continuance, user satisfaction was identified as the main factor with regard to the continuous use intention of the improved ATCIS. In addition, computer self-efficacy, education-training, and system quality were hypothesized as antecedent variables to user satisfaction, and information security stress was set as a moderating variable for these relationships. Findings Survey results show that computer self-efficacy, education and training, and system quality had a positive effect on user satisfaction, and information security stress was found to moderate these relationships. The effects of computer self-efficacy and education-training on user satisfaction were higher in the group with low information security stress. However, the relationship between system quality and user satisfaction was higher in the group with high information security stress. User satisfaction is found to have a positive effect on the continuous use intention even with habit considered as a control variable.

• 한국정보시스템학회지:정보시스템연구
• /
• 제18권2호
• /
• pp.1-18
• /
• 2009

Recently, internet banking is growing rapidly. Moot banks in Korea provide internet banking services. Internet banking becomes a major trend in the financial marketplace. With advanced computer technology and declining communication costs, many customers prefer online alternatives such as internet banking, mobile banking or phone banking rather than going to banks by themselves. The number of customers using those alternatives is skyrocketing and domestic commercial banks encourage them of the use. As the internet is highly developed, customers demand higher quality services and banks develop and provide diverse services in order to respond to them. However, internet banking service users are still afraid of their personal and financial information being exposed on the internet. The purpose of this research is to empirically analyze the influence that appropriate internet banking affect user's security intention. The research model proposed in this study includes user's security intention which is influenced by self-efficacy, security trust, Internet banking attitude, perceived security and security intention. According to the result of this study, self-efficacy and security trust are related to the security attitude. There is a significant relationship between security attitude and perceived security. Also, user's security attitude and perceived security is significantly affected by security intention.

• 한국융합학회논문지
• /
• 제12권1호
• /
• pp.211-218
• /
• 2021

본 연구는 정보보안의 연구 중 인간 요소를 다루는 분야의 필요성이 제기되어 융합연구 설계방안을 구성하였다. 본 연구의 목적은 정보보안의 측면이 보안 정책과 연관되는 인지과정에 미치는 효과성을 검정하는 것이다. 연구 방법은 가용성 차원과 문화 차원의 교차설계로 구성되었고, 정보보안 과정은 정보보안 의식, 대처 효능감, 준수의향, 정보보안 행동의 네 가지 변인으로 측정되었다. 연구 결과, 가용성 차원은 대처 효능감에 유의미한 영향을 미치고 있었으며, 사례 중심 조건의 영향력이 통계중심 조건보다 더 큰 것으로 나타났다. 문화 차원은 정보보안 의식, 대처 효능감, 준수의향, 정보보안 행동에 유의미한 영향을 미치고 있었으며, 동질성 조건의 영향력이 다양성 조건보다 더 큰 것으로 나타났다. 결과적으로 제시한 연구 모형은 측정변인으로 재구성된 다원적 매개모형으로 검증되었다. 아울러, 논의는 개인 요소와 조직 특성을 고려한 정보보안 전략의 필요성에 대하여 기술하고 있다.

• 한국정보시스템학회지:정보시스템연구
• /
• 제29권1호
• /
• pp.51-74
• /
• 2020

Purpose Since the number of personal information breach incidents increased, many people have perceived the importance of personal information protection, in the recent. Especially, the number of personal information breach targeting middle-aged and elderly people rapidly increases. Therefore, the purpose of this study is to identify the factors which influence to fail of online information security behaviors among the elderly. Design/methodology/approach This study made a research model by adopting the factors deducted from the protection motivation theory. To analyze the research model, we conducted an online survey targeted on the elderly and middle ages users who have nations of Korean and Chinese respectively. Findings According to the empirical analysis result, we identified that only perceived severity and perceived vulnerability affected information security awareness. On contrast, it was also discovered that perceived barriers, self-efficacy, and response efficacy did not affect information security awareness. Additionally, the awareness of information security also did not affect information security behaviors. Middle-aged and elderly people with personal information protection education did more information security behaviors than people those who no education experiences. Korean middle-aged and elderly people with education significantly did more information protection behaviors than the people without the education.

• 디지털융복합연구
• /
• 제19권1호
• /
• pp.89-97
• /
• 2021

연구 목적은 조직원의 정보보안 관련 조직시민행동과 연관되는 인지과정의 영향관계를 검증하는 것이다. 연구방법은 개인의 전망차원(이익, 손실)과 조직의 목표지향성 차원(성취지향, 안정지향)의 교차설계를 실시하고, 정보보안인지요인은 분배공정성, 대처효능감, 자기효능감, 그리고 조직시민행동으로 구성하였다. 연구결과 전망차원은 대처효능감과 자기효능감에 유의미한 영향을 미치고 있었으며, 이익의 영향력이 손실보다 높은 것으로 나타났다. 목표지향성은 대처효능감과 자기효능감에 유의미한 영향을 미치고 있었으며, 성취지향의 영향력이 안전지향보다 높은 것으로 나타났다. 정보보안 요인간의 관계를 설명한 연구모형은 분배공정성, 대처효능감, 조직시민행동간의 부분매개모형으로 검증되었다. 연구의 시사점은 개인 의사결정 요인과 조직 문화 요인을 복합적으로 고려하여 정보보안 전략 수립을 하는 것이 필요함을 제시한다.

• 경영정보학연구
• /
• 제17권3호
• /
• pp.39-64
• /
• 2015

기업들은 정보보안 위험을 관리하기 위해 보안대책을 수립하고 있지만 직원들은 이를 잘 지키려하지 않고, 그들의 정보보안 행동의도는 명확하게 규명되지 않았다. 본 연구는 금융기관 구성원들의 정보보안 위험관리 의도를 이해하기 위해 보호동기이론과 감독 당국의 압력 그리고 보호동기의 근원이 되는 배경요인(근원정보)을 사용해서 연구모형을 개발했다. 금융기관 구성원 201명의 설문조사 자료를 분석해 실증적인 연구결과를 제시했다. 인지된 심각성, 자기 효능감 그리고 감독 당국의 압력은 정보보안 위험관리 의도에 정(+)의 영향을 주었고, 인지된 취약성과 반응 효능감은 의도에 영향을 주지 못했다. 배경요인으로 고려한 보안회피습관은 모든 매개변수에 부(-)의 영향을 주었지만 의도와의 직접적인 영향관계를 확인하지는 못했다. 보안인식교육은 정보보안 위험관리 의도와 인지된 취약성, 자기 효능감, 반응 효능감 그리고 감독 당국의 압력에 정(+)의 영향을 주었고 인지된 심각성에 영향을 주지 못했다. 본 연구의 시사점은 연구자들이 향후 감독 당국의 압력을 조직과 조직 구성원의 행동 관련 정보보안 분야의 연구에서 사용할 수 있는 기반을 마련했고, 배경요인 사용은 보호동기이론의 확장을 위한 근거를 제공했다. 또 보안 실무자와 감독 당국의 정보보안 활동을 위한 기반자료를 제공했다. 그리고 본 연구는 한계점과 향후 연구방향을 제시하고 있다.