[논문]정보보안 인식 교육의 효과에 대한 연구

임명성

doi:10.14400/jdc.2014.12.2.27

정보보안 인식 교육의 효과에 대한 연구
Why Security Awareness Education is not Effective? 원문보기

디지털융복합연구 = Journal of digital convergence, v.12 no.2, 2014년, pp.27 - 37

초록
AI-Helper

많은 조직들이 여전히 정보보안 수준을 향상시키기 위해 공식적/비공식적 통제 메커니즘(예. 정책, 절차, 조직 문화)의 향상에 상당한 노력을 쏟고 있으나, 이러한 메커니즘의 영향과 효과에 대한 연구는 아직 초기 수준이다. 보안 정책의 실행가능성을 높이기 위한 가장 확실한 방법 중 하나는 준수자들로 하여금 정책을 이해하고 필수요소로 받아들이게 하는 것이다. 하지만 조직 구성원들의 보안에 관한 지식 및 인지의 부족은 여전히 주요한 문제이다. 그동안 많은 연구에서 보안 지식과 인지를 높이기 위해 보안인식 교육의 수행을 주장하였으나 많은 연구에서 제시된 결과는 일관되지 않는다. 따라서 본 연구는 왜 보안인식 교육이 효과적이지 못한지 그 의문에 대한 해답을 찾기 위해 수행되었다.

Abstract ▼ AI-Helper

While organizations are making a considerable effort to leverage formal and informal control mechanisms (e.g., policies, procedures, organizational culture) to improve security, their impact and effectiveness is under scrutiny as employees seldom comply with information security procedures. The best way to ensure the viability of a security policy is to make sure users understand it and accept necessary precautions. From an organization's perspective, a lack of security knowledge and awareness on the part of employees is a major problem. However, previous studies suggest that effect of security awareness education is inconsistent. Thus, this study is to find the answer why security awareness education is not effective. Conclusions and implications are discussed.

주제어

AI 본문요약
AI-Helper

* AI 자동 식별 결과로 적합하지 않은 문장이 있을 수 있으니, 이용에 유의하시기 바랍니다.

문제 정의

The purpose of this study is to investigate the effect of the security awareness program on likelihood of information security breach. We found that security awareness program does not directly contribute to reduce the likelihood of information security breach.

가설 설정

Hypothesis 2. Self efficacy will negatively affect likelihood of information security breach.
Hypothesis 3. Perceived severity will negatively affect likelihood of information security breach.

제안 방법

In this study, in an attempt to avoid common method and respondent bias, we conducted the Harman's one-factor test to statistically detect or eliminate the presence CMV after the data have been collected.
However, more samples are required to yield more rigorous research results. Second, this research involves examining the relationships among two or more self-reported measures of constructs of interest. However, survey research based on same-source data can be problematic since same-respondent studies can face concerns about common method variance (CMV)- spurious correlation that arises from using the same method to measure the independent and dependent variables within a relationship [6] [27].
To examine the suitability of the data for factor analysis, Kaiser–Meyer–Oklin's (KMO) sampling adequacy test and Bartlett's sphericity test were performed.
To test the research model proposed in this paper, this study uses a survey instrument for data collection. Self administered surveys that provide anonymity are a well suited method of inquiry since they can offer privacy to the respondent and are recommended where possibly sensitive answers are sought.

대상 데이터

200 questionnaires were distributed across five organizations in Korea. These organizations were selected largely due to their willingness to cooperate with this research due to the contacts of author.
First, an important limitation of the study lies in sample size. In this study, 169 samples were used to assess the proposed model. However, more samples are required to yield more rigorous research results.

이론/모형

Partial Least Squares (PLS), a component-based Structural Equation Modeling (SEM) technique, was used to examine the hypothesized paths in the model using the SmartPLS v2.0 M2 [25]. SmartPLS is a software application for the design of structural equation models (SEM) on a graphical user interface (GUI).

성능/효과

In this test, all items are entered into an unrotated principal component analysis with a varimax rotation to determine whether a single factor emerges or a single factor accounts for the majority of the variance. In our test, we found four factors, the largest of which accounted for 39.165 percent of the variance. Since several factors, as opposed to one single factor, were identified, and as the first factor did not account for a large percentage of the variance, we were less concerned about potential problems associated with CMB.
Harman’s one-factor test is to examine whether CMB may have augmented relationships. In this test, all items are entered into an unrotated principal component analysis with a varimax rotation to determine whether a single factor emerges or a single factor accounts for the majority of the variance. In our test, we found four factors, the largest of which accounted for 39.

참고문헌 (33)

Bagozzi, R. P., Yi, Y., and Phillips, L. W., Assessing Construct Validity in Organizational Research, Administrative Science Quarterly, vol. 36, pp. 421-458, 1991.

상세보기
Bandura, A., Social Foundations of Thought and Action: A Social Cognitive Theory, Prentice hall, Englewood Cliffs, NJ., 1986.
Barclay, D. W., Higgins, C. A., and Thompson, R., The Partial Least Squares Approach to Causal Modeling: Personal Computer Adoption and Use as Illustration, Technology Studies, vol. 2, no. 2, pp. 285-309, 1995.
Chen, C. C., Shaw, R. S., and Yang, S. C., Mitigating Information Security Awareness: A Case Study of an Information Security Awareness System, Information Technology, Learning, and Performance Journal, vol. 24, no. 1, pp. 1-14, 2006.
Chin, W. W., The Partial Least Squares Approach to Structural Equation Modeling. In G. A. Marcoulides (Ed.), Modern Methods for Business Research. Mahwah, New Jersey: Lawrence Erlbaum Associates, pp. 295-336, 1998.
Craighead, C. W., Ketchen, D. J., Dunn, K. S., and Hult, T. M., Addressing Common Method Variance: Guidelines for Survey Research on Information Technology, Operations, and Supply Chain Management, IEEE Transactions on Engineering Management, vol. 58, no. 3, pp. 578-588, 2011.

상세보기
D'Arcy, J., and Herath, T., A Review and Analysis of Deterrence Theory in the IS Security Literature: Making Sense of the Disparate Findings, European Journal of Information Systems, vol. 20, pp. 643-658, 2011.

상세보기
D'Arcy, J., Hovav, A., and Galletta, D., User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach, Information Systems Research, vol. 20, no. 1, pp. 79-98, 2009.

상세보기
D'Arcy, J., and Hovav, A., Deterring Internal Information Systems Misuse, Communications of the ACM, vol. 50, no. 10, pp. 113-144, 2007.

상세보기
Fornell, C., and Larcker, D. F., Evaluating Structural Equation Models with Unobservable and Measurement Error, Journal of Marketing Research, vol. 18, pp. 39-50, 1981.

상세보기
Gefen, D., and Straub, D., A Practical Guide to Factorial Validity Using PLS-Graph: Tutorial and Annotated Example, Communications of the Association for Information Systems, vol. 16, pp. 91-109, 2005.
Hair, J. F., Black, W. C., Babin, B. J., Anderson, R. E., Tatham, R. L., Multivariate Data Analysis, 6th eds., Pearson Education, Inc., Upper Saddle River, New Jersey, 2006.
Hair, J. F., Sarstedt, M., Ringle, C. M., and Mena, J. A., An Assessment of the Use of Partial Least Squares Structural Equation Modeling in Marketing Research, Journal of the Academy of Marketing Science, vol. 40, pp. 414-433, 2012.

상세보기
Hansmann, K., and Ringle, C. M., SmartPLS Manual, Universitat Hamburg, 2004.
Henseler, J., Ringle, C. M., and Sinkovics, R. R., The Use of Partial Least Squares Path Modeling in International Marketing, Advances in International Marketing, vol. 20, pp. 277-319, 2009.
Hulland, J., Use of Partial Least Squares (PLS) in Strategic Management Research: A Review of Four Recent Studies, Strategic Management Journal, vol. 20, pp. 195-204, 1999.

상세보기
Kankanhalli, A., Teo, H. H., Tan, B. C. Y., and Wei, K. K., An Integrative Study of Information Systems Security Effectiveness, International Journal of Information Management, vol. 23, pp. 139-154, 2003.

상세보기
Kruger, H. A., and Kearney, W. D., A Prototype for Assessing Information Security Awareness, Computers & Security, vol. 25, pp. 289-296, 2006.

상세보기
Lindell, M. K., and Whitney, D. J., Accounting for Common Method Variance in Cross-Sectional Research Designs, Journal of Applied Psychology, vol. 86, no. 1, pp. 114-121, 2001.

상세보기
Malhotra, N. K., Kim, S. S., and Patil, A., Common Method Variance in IS Research: A Comparison of Alternative Approaches and a Reanalysis of Past Research, Management Science, vol. 52, no. 12, pp. 1865-1883, 2006.

상세보기
Nunnally, J. C., and Bernstein, I. H., Psychometric Theory, 3rd eds. McGraw-Hill Inc., New York, 1994.
Pavlou, P., Liang, H., and Xue, Y., Understanding and Mitigating Uncertainty in Online Exchange Relationships: A Principal-Agent Perspective, MIS Quarterly, vol. 31, no. 1, pp. 105-136, 2007.

상세보기
Podsakoff, P. M., MacKenzie, S. B., Lee, J. Y., and Podsakoff, N. P., Common Method Biases in Behavioral Research: A Critical Review of the Literature and Recommended Remedies, Journal of Applied Psychology, vol. 88, no. 5, pp. 879-903, 2003.

상세보기
Puhakainen, P., and Siponen, M., Improving Employees' Compliance through Information Systems Security Training: An Action Research Study, MIS Quarterly, vol. 34, no. 4, pp. 757-778, 2010.

상세보기
Ringle, C. M., Wende, S., and Will, A., SmartPLS 2.0 (beta), Hamburg, Germany, 2005.
Siponen, M., Vance, A., and Willison, R., New Insights into the Problem of Software Piracy: The Effects of Neutralization, Shame, and Moral Beliefs, Information & Management, vol. 49, pp. 334-341, 2012.

상세보기
Slater, S. F., and Atuahene-Gima, K., Conducting Survey Research in Strategic Management, vol. 1, Emerald Group Publishing Ltd., pp. 227-249, 2004.
Sosik, J. J., Kahai, S. S., and Piovoso, M. J., Silver Bullet or Voodoo Statistics? A Primer for Using the Partial Least Squares Data Analytic Technique in Group and Organization research, Group and Organization Management, vol. 34, no. 1, pp. 5-36, 2009.

상세보기
Straub, D. W., and Welke, R. J., Coping with Systems Risk: Security Planning Models for Management Decision-Making, MIS Quarterly, vol. 22, no. 4, pp. 441-469, 1998.

상세보기
Tenenhaus, M., Vinzi, V. E., Chaterlin, Y. M., and Lauro, C., PLS Path Modeling, Computational Statistics & Data Analysis, vol. 48, no. 1, pp. 159-205, 2005.

상세보기
Tsohou, A., Kokolakis, S., Karyda, M., and Kiountouzis, E., Investigating Information Security Awareness: Research and Practice Gaps, Information Security Journal: A Global Perspective, vol. 17, pp. 207-227, 2008a.

상세보기
Tsohou, A., Kokolakis, S., Karyda, M., and Kiountouzis, E., Process-variance Models in Information Security Awareness Research, Information Management & Computer Security, vol. 16, no. 3, pp. 271-287, 2008b.

상세보기
Wetzels, M., Odekerken-Schroder, G., and van Oppen, C., Using PLS Path Modeling for Assessing Hierarchical Construct Models: Guidelines and Empirical Illustration, MIS Quarterly, vol. 33, no. 1, pp. 177-195, 2009.

상세보기

저자의 다른 논문 :

표제어: PCR

동의어: Packet Collision Rate

용어 설명 출처 목록 (6)

용어 설명: PCR은 세균 특이성이 있는 primer를 이용하여 적은 수의 세균이 있을지라도 쉽게 검출할 수 있는 유용한 방법이며, 이를 이용하여 구강 내 치면세균막이나 타액에서 직접 세균을 검출할 수 있게 되었다[8].

내보내기 구분	파일저장 인쇄 메일전송
구성항목	기본정보 상세정보 관리번호, 논문명, 저널/프로시딩명, 저자 , 발행년, 권, 호, 시작페이지, 끝페이지, 발행기관 관리번호, 논문명, 대등논문명, 저자 , 저널/프로시딩명, 발행기관, 발행년, 발행언어, 권, 호, 시작페이지, 끝페이지, ISBN, ISSN, 주제분야, 키워드, 초록(한글), 초록(영문), 저자(소속기관)
저장형식	Text(ASCII format) Excel format RefWorks Direct Export RIS format (for Reference Manager, ProCite, EndNote), Scholar's Aids, Mendeley
메일정보	받는사람 (필수) @ 보내는사람 (선택) @ 제목 내용 KISTI 검색결과 이메일 서비스
안내	총 건의 자료가 검색되었습니다. 다운받으실 자료의 인덱스를 입력하세요. (1-10,000) 검색결과의 순서대로 최대 10,000건 까지 다운로드가 가능합니다. 데이타가 많을 경우 속도가 느려질 수 있습니다.(최대 2~3분 소요) 다운로드 파일은 UTF-8 형태로 저장됩니다. 파일의 내용이 제대로 보이지 않을실 때는 웹브라우저 상단의 보기 -> 인코딩 -> 자동선택 여부를 확인하십시오. ~ Text(ASCII format) Excel format

연합인증