$\require{mediawiki-texvc}$
  • 검색어에 아래의 연산자를 사용하시면 더 정확한 검색결과를 얻을 수 있습니다.
  • 검색연산자
검색연산자 기능 검색시 예
() 우선순위가 가장 높은 연산자 예1) (나노 (기계 | machine))
공백 두 개의 검색어(식)을 모두 포함하고 있는 문서 검색 예1) (나노 기계)
예2) 나노 장영실
| 두 개의 검색어(식) 중 하나 이상 포함하고 있는 문서 검색 예1) (줄기세포 | 면역)
예2) 줄기세포 | 장영실
! NOT 이후에 있는 검색어가 포함된 문서는 제외 예1) (황금 !백금)
예2) !image
* 검색어의 *란에 0개 이상의 임의의 문자가 포함된 문서 검색 예) semi*
"" 따옴표 내의 구문과 완전히 일치하는 문서만 검색 예) "Transform and Quantization"
쳇봇 이모티콘
안녕하세요!
ScienceON 챗봇입니다.
궁금한 것은 저에게 물어봐주세요.

논문 상세정보

정보보안 정책 준수 의도에 대한 영향요인

Influencing Factors for Compliance Intention of Information Security Policy

초록

본 연구는 중화이론, 계획된 행동이론, 보호동기이론에 기반하여 조직원들의 정보보안 정책 준수에 영향을 미치는 요인들을 도출하고 이들 요인들의 관계에 관한 연구모형 및 가설을 설정하였다. 연구모형 및 가설에 대한 실증분석을 위해 웹 서베이를 통해 자료를 수집하였고 총 207개의 설문 중 194개 설문이 사용 가능하였다. 통계분석은 PLS 방법에 의하였고 신뢰도, 타당도, 모형의 적합도가 모두 적정한 것으로 나타났으며, 가설검증 결과는 총 8개의 가설 중 7개의 가설이 모두 지지되는 것으로 나타났다. 본 연구의 이론적인 시사점은 첫째, 조직원들의 정보보안 정책 준수에 대한 향후 연구들의 초석이 될 것으로 기대된다. 둘째, 심리학에서 근거한 요인을 접목하여 IS 연구와 심리학연구의 고찰을 통해 정보보안연구의 학제 간 접근을 시도한 것과 마지막으로 이론적 고찰을 통해 정보보안 정책 준수에 관한 요인들에 대한 조작적 정의를 구체화시켜 제시하였다는 점이다. 아울러 실무적 시사점은 첫째, 조직에서 정보보안 정책의 성공적인 실행을 위한 전략방안을 수립할 때 본 연구결과에 근거한 가이드라인을 제공할 수 있다는 점이며, 둘째, 조직원들의 정보보안 정책 위반에 대한 중화심리를 억제시키기 위해 조직구성원들에 대한 의식교육 및 훈련 프로그램 실시에 대한 필요성을 부각시켰다는 점이다.

Abstract

This research derived the influencing factors for employees' compliance with the information security policy in organizations on the basis of Neutralization Theory, Theory of Planned Behavior and Protection Motivation Theory. To empirically analyze the research model and the hypotheses, data were collected by conducting web survey, 194 of 207 questionnaires were available. The test of causal model was conducted by PLS. Reliability, validity and model fit were found to be statistically significant. the results of hypotheses tests showed that seven ones of eight hypotheses could be accepted. The theoretical implications of this study are as follows : 1) this study is expected to play a role of baseline for future research about employee compliance with the information security policy, 2) this study attempted interdisciplinary approach through combining psychology and information system security research, and 3) it suggested concrete operational definitions of influencing factors for information security policy compliance through comprehensive theoretical review. Also, this study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for implement of information system security policies in organizations. Second, it is proved that the need for conducting education and training program suppressing employees. neutralization psychology to violate information security policy should be emphasized in the organizations.

저자의 다른 논문

참고문헌 (38)

  1. 김윤호, "네트워크 노드에 대한 포렌식분석기법을 적용한 감사시스템의 구현", 한국전자거래학회지, 제14권 ,제3호, pp. 169- 181, 2009. 
  2. 안중호, 최규철, 성기문, 이재홍, "보안위험 수준이 지식관리시스템의 성공에 미치는 영향 : '신뢰'를 매개변인으로", 한국전자거래학회지, 제15권, 제4호, pp. 143- 163, 2010. 
  3. 이선중, 이미정, "정보보호 문화의 평가지표에 관한 탐색적 연구", 정보화정책, 제15권, 제3호, pp. 100-119, 2008. 
  4. 이철, "순응자 일탈에 대한 중화기술의 영향에 관한 연구", 형사정책연구, pp. 243-278, 2008. 
  5. 정익재, "정보사회 위험관리로서 정보보안의 정책 논리", 한국행정학회 2005년도 추계학술대회, pp. 19-34, 2005. 
  6. Ajzen, I., "The Theory of Planned Behavior," Organizational Behavior and Human Decision, Vol. 50, pp. 179-211, 1991. 
  7. Boss, S. R., Kirsch, L. J., Angermeier, I., Shingler, R. A., and Boss, R. W. "If Someone Is Watching, I'll Do What I'm Asked : Mandatoriness, Control, and Information Security," European Journal of Information Systems, Vol. 18, No. 2, pp. 151-164, 2009. 
  8. Bulgurcu, Burcu Cavusoglu, Hasan Benbasat and Izak, "Information Security Policy Compliance : An Empirical Study of Rationality-Based Beliefs and Information Security Awareness," MIS Quarterly, Vol. 34, No. 3, pp. 523-A7, 2010. 
  9. Chen, C., Medlin, B., and Shaw, R., "A cross-cultural investigation of situational information security awareness programs," Information Management and Computer Security, Vol. 16, No. 4, pp. 360-376, 2008. 
  10. Chin, W., "Issues and opinion on structural equation modeling," MIS Quarterly, Vol. 22, No. 1, pp. 7-16, 1998. 
  11. Cohen, J., Statistical Power Analysis for the Behavioral Sciences(2nd ed.), Lawrence Erlbaum, 1988. 
  12. Coleman, James, W., "Toward an Integrated Theory of Whitte-Collar Crime," American Journal of Sociology, Vol. 93, pp. 406-439, 1987. 
  13. Cressey, Donald R., "Other People's Money : A study in the Social Psychology of Embezzlement," Glencoe, IL : Free Press, 1953. 
  14. Durgin, M., "Understanding the Importance of and Implementing Internal Security Measures," SANS Institute Reading Room, 2007. 
  15. Fishbein, M. and Ajen, I., Belief, Attitude, Intention, and Behavior : An Introduciton to Theory and Research, Reading, Addison-Wesley, 1975. 
  16. Gefen, D. and Straub, D. W., "A Practical Guide to Factorial Validity Using PLSGraph : Tutorial and Annotated Example," Communications of the Association for Information Systems, Vol. 16, No. 5, pp. 91-109, 2005. 
  17. Greenberg, J., The cognitive geometry of employee theft : negotiating 'the line' between taking and stealing. In R. Griffin, A. O'Leary-Kelly, and J. Collins (Eds.), Dysfunctional behavior in organizations : Nonviolent behaviors in organizations. Part B. Stamford, CT : JAI Press, 1998. 
  18. Hoffer, J. A. and Straub, D. W., "The 9 to 5 underground : Are you policing computer crimes?," Sloan Management Review, Vol. 30, pp. 35-43, 1989. 
  19. Johnston, Allen C. Warkentin and Merrill, "Fear Appeals and Information Security Behaviors : An Empirical Study," MIS Quarterly, Vol. 34, No. 3, pp. 549-A4, 2010. 
  20. Johnston, K. L. and White, K. M., "Bingedrinking : A test of the roll of group norms in the roy of planned behavior," psychology and Health, Vol. 18, No. 1, pp. 63-77, 1995. 
  21. Klockars, C. B., "The Professional Fence," New York, FreePress, 1974. 
  22. Minor, W. W., "Techniques of Neutralization : A Reconceptualization and Empirical Examination," Journal of Research in Crime and Delinquency, Vol. 18, No. 2, pp. 295-318, 1981. 
  23. Petter, S., Straub, D. and Rai, A., "Specifying Formative Constructs in IS Research," MIS Quarterly, Vol. 31, No. 4, pp. 623- 656, 2007. 
  24. Piquero, N. L., Tibbetts, S. G., and Blankenship, M. B., "Examining the Role of Differential Association and Techniques of Neutralization in Explaining Corporate Crime," Deviant Behavior, Vol. 26, No. 2, pp. 159-188, 2005. 
  25. Price waterhouse Coopers., "Employee Behavior Key to Improving Information Security, New Survey Finds," 2008. 
  26. Robinson, S. L. and Kraatz, M. S., Constructing the reality of normative behavior : the use of neutralization strategies by organizational deviants. In R. Griffin, A. O'Leary-Kelly, and J. Collins (Eds.), Dysfunctional behavior in organizations : Violent and deviant behavior. Part A. Stamford, CT : JAI Press, 1998. 
  27. Rogers, J. W. and Buffalo, M. D., "Neutralization Techniques : Toward a Simplified Measurement Scale," Pacific Sociological Review, Vol. 17, No. 3, pp. 313-331, 1974. 
  28. Rogers, R. W., "A Protection Motivation Theory of Fear Appeals and Attitude Change," Journal of Psychology, Vol. 91, pp. 93-114, 1975. 
  29. Rogers, R. W., Cognitive and psychological process in fear appeals and attitude change : A revised theory of protection motivation. In J. Cacioppo and R. Petty (Eds.), Social Psychology, NY : Guilford, 1983. 
  30. Scholtz, J. T., "Enforcement policy and corporate misconduct : The changing perspective of deterrence theory," Law and Contemporary Problems, Vol.60, pp. 253-268, 1997. 
  31. Siponen, M. T., Pahnila, S., and Mah mood, A., "Employees'Adherence to Information Security Policies : An Empirical Study," in New Approaches for Security, Privacy and Trust in Complex Environments, H. Venter, M. Eloff, L. Labuschagne, J. Eloff, and R. von Solms, Boston : Springer, 2007. 
  32. Siponen, Mikko Vance and Anthony, "Neutralization : New Insights into the Problem of Employee Information Systems Security Policy Violations," MIS Quarterly, Vol. 34, No. 3, pp. 487-A12, 2010. 
  33. Srite, M. and Karahanna, E., "The Role of Espoused National Cultural Values in Technology Acceptance," MIS Quarterly, Vol. 30, No. 3, pp. 679-704, 2006. 
  34. Straub, D. W. and Nance, W. D., "Discovering and disciplining computer abuse in organizations : A field study," MIS Quarterly, Vol. 14, pp. 45-60, 1990. 
  35. Sykes, G. and Matza, D., "Techniques of Neutralization : A Theory of Delinquency," American Sociological Review, Vol. 22, No. 6. pp. 664-670, 1957. 
  36. Tenenhaus, M., Vinzi, V. E., Chatelin, Y. M., and Lauro, C., "PLS path modeling," Computational statistics and Data analysis, Vol. 48, No. 1. pp. 159-205, 2005. 
  37. Theoharidou, M., Kokolakis, S., Karyda, M., and Kiountouzis, E., "The insider threat of information systems and the effectiveness of ISO17799," Computers and Security, Vol. 24, pp. 472-484, 2005. 
  38. Tyler, T. R. and Blader, S. L., "Can Businesses Effectively Regulate Employee Conduct? The Antecedents of Rule Following in Work Settings," Academy of Management Journal, Vol. 48, No. 6, pp. 1143-1158, 2005. 

이 논문을 인용한 문헌 (4)

  1. Choi, Woong-Gyu ; Lee, Young-Jai 2013. "Factors Influencing the Introduction of Mobile Security Technology" 한국전자거래학회지 = The Journal of Society for e-Business Studies, 18(4): 215~240 
  2. Yang, Chang-Gyu ; Lee, Choong-Kwon ; Huang, Yunchu 2014. "The Effect of the Precedential Factors on the SNS User's Revisit and Switching Intention" 한국전자거래학회지 = The Journal of Society for e-Business Studies, 19(2): 125~142 
  3. Kim, Sunhee ; Kwon, Ohbyung 2014. "Factors Affecting Sustainable Web Technology Adoption : Pro-social Behavior Perspectives" 한국전자거래학회지 = The Journal of Society for e-Business Studies, 19(4): 205~229 
  4. Shim, Joonbo ; Hwang, K.T. 2015. "A Study on the Information Security Measures Influencing Information Security Policy Compliance Intentions of IT Personnel of Banks" Journal of information technology applications & management = 한국데이타베이스학회지, 22(2): 171~199 

DOI 인용 스타일