융 복합 시대 도래로 인한 옴니 채널 환경에서 기술적 및 관리적 정보보안대책 확충과 더불어 기업구성원의 자발적 참여를 통해 정보보안대책이 효과적으로 실행되는 것이 매우 중요하다. 이러한 맥락에서 기업구성원이 정보보안대책 인식 이후 자발적으로 조직시민행동을 전개하면 정보보안 대책에 대한 준수의도가 형성될 것으로 본다. 따라서 본 연구에서는 기업의 정보보안대책(정보보안정책, 정보보안 교육훈련)이 조직시민행동을 매개로 정보보안 준수의도에 미치는 영향을 실증연구를 통해 검증하고자 한다. 이를 위해 문헌연구를 기반으로 설문문항을 작성하였으며 다양한 업종의 기업을 대상으로 설문조사를 실시하였다. 수집된 설문자료를 분석한 결과, 정보보안정책과 정보보안 교육훈련이 정보보안 준수의도에 영향을 주는 것으로 나타났다. 또한 정보보안정책과 정보보안 교육훈련 모두 조직시민행동(참여 활동)을 매개로 정보보안 준수의도에 영향을 주는 것으로 나타났다.
In digital convergence environment, information security management plays crucial role in maintaining firms' competitiveness. Organizational citizenship behavior(OCB) enables informations security countermeasures to be more effectively worked by helping employees to have much knowledge of information security policy, by facilitating employees to participate in information security education/training. Thus, the purpose of this study is to investigate the mediating effect of OCB on the relationships between information security countermeasures and compliance intention. Questionary was designed based on prior information security research, and survey was conducted among companies' employees across the industry. Results showed that information security policy and information security education/training were found to be key predictors of compliance intention. In addition, OCB was proven to mediate the relationships between information security countermeasures and compliance intention.
H. B. Kim, D. S. Lee, & S. Ham, Impact of hotel information security on system reliability, International Journal of Hospitality Management, Vol. 35, pp. 369-379, 2013.
Y. H. Kim, An Implementation of Audit System Applying Forensic Analysis Technology Over Network Node, Journal of Society for e-Business Studies, Vol. 4, No. 1, pp. 169-181, 2009.
S. H. Kim & G. N. Kim, Firm's Environmental Determinants Impacting the Information Security Management and the Moderating Effects of Regulatory Influence, Journal of the Korean Operations Research and Management Science Society, Vol. 37, No. 3, pp. 79-94, 2012.
J. M. Do & J. Kim, A Study on Critical Success Factors for Enterprise Security Collaboration, Journal of Digital Convergence, Vol. 12, No. 10, pp. 235-242, 2014.
B. Bulgurcu, H. Cavusoglu, & I. Benbasat, Roles of Information Security Awareness and Perceived Fairness in Information Security Policy Compliance. AMCIS 2009 Proceedings, 419, 2009.
J. H. Ahn, J. H. Park, G. M. Sung, & J. H. Lee, Impacts of Punishment and Ethics Training on Information Security Compliance: Focus on the Moderating Role of Organizational Type. Information Systems Review, Vol. 12, pp. 23-42, 2010.
S. H. Kim & S. Y. Park, Influencing Factors for Compliance Intention of Information Security Policy, Journal of Society for e-Business Studies, Vol. 16, No. 4, pp. 34-51, 2011.
M. S. Yim, A Path Way to Increase the Intention to Comply with Information Security Policy of Employees, Journal of Digital Convergence, Vol. 10, No. 10, pp. 119-128, 2012.
M. S. Yim & K. H. Han, An Investigation of the Factors that Influence the Compliance to Information Security Policy : From Risk Compensation Theory, Journal of Digital Convergence, Vol. 11, No. 10, pp. 153-168, 2013.
M. J. Baek & S. H. Sohn, A Study on the Effect of Information Ethics on the Information Security Awareness and Behavior in Organization, Koreanische Zeitschrift fur Wirtschaftswissenschaften, Vol. 28 No. 4, pp. 119-145, December 2010.
T. S. Jung, M. S. Yim, & J. B. Lee, A Development of Comprehensive Framework for Continuous Information Security, Journal of Digital Convergence, Vol. 10, No.2, pp. 479-498, 2012.
D. W. Organ, Organizational Citizenship Behavior: The Good Soldier Syndrome: Lexington books, 1988.
D. W Organ, P. M. Podsakoff, & S. B. MacKenzie, Organizational Citizenship Behavior: Its Nature, Antecedents, and Consequences: Sage Publications, Inc., 2006.
T. Y. Chou, S. C. T. Chou, J. J. Jiang, & G. Klein, The organizational citizenship behavior of IS personnel: Does organizational justice matter?, Information & Management, Vol. 50, pp. 105-111, 2013.
J. Shropshire, M. Warkentin, & S. Sha, Personality, attitudes, and intentions: Predicting initial adoption of information security behavior, Computers & Security, Vol. 49, pp. 177-191, 2015.
R. E. Crossler, A. C. Johnston, P. B. Lowry, Q. Hu, M. Warkentin, & R. Baskerville, Future directions for behavioral information security research. Computers & Security, Vol. 32, pp. 90-101, 2013.
P. Ifinedo, Information systems security policy compliance: An empirical study of the effects of socialization, influence, and cognition. Information & Management, Vol. 51, No. 1, pp. 69-79, 2014.
S. G. Lee & M. S. Chae, An Study on the Factors that Motivate The Compliance of the Organizational Security Policy. Korean Journal of Business Administration, Vol. 27, No. 6, pp. 927-953, 2014.
M. S. Yim, The Effect of Characteristics of Information Security Policy on Security Policy Compliance Intention of Employees in Financial Firms, Journal of the Korea Service Management Society, Vol. 14, No. 1, pp. 143-171, 2013.
A. Hovav & J. D'Arcy, Applying an extended model of deterrence across cultures: An investigation of information systems misuse in the US and South Korea. Information & Management, Vol. 49, No. 2, pp. 99-110, 2012.
C. L Anderson & R. Agarwal, Practicing safe computing: a multimedia empirical examination of home computer user security behavioral intentions. MIS quarterly, Vol. 34, No. 3, pp. 613-643. 2010.
B. Bulgurcu, H. Cavusoglu, & I. Benbasat, Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness, MIS quarterly, Vol. 34, No. 3, pp. 523-548, 2010.
T. Bateman & D. Organ, Job Satisfaction and the Good Soldier: The Relationship between Affect and Employee Citizenship. Academy of Management Journal, Vol. 26, No. 4, pp. 587-595, 1983.
S. W. Lee, Y. E. Cho, & K. S. Lee Y. E., The Role of Justice and Organizational Citizenship Behaviour in the Relation between Measurement Diversity and Managerial Performance, Journal of Digital Convergence, Vol. 11, No. 11, pp. 219-231, 2013.
J. W. Graham & L. V. Dyne, Gathering information and exercising influence: Two forms of civic virtue organizational citizenship behavior. Employee Responsibilities and Rights Journal, Vol. 18, No. 2, pp. 89-109, 2006.
D. W Organ, The Motivational Basis of Organizational Citizenship Behavior. Research in Organizational Behavior, Vol. 12, No. 1, pp. 43-72, 1990.
D. J. Koys, The effects of employee satisfaction, organizational citizenship behavior, and turnover on organizational effectiveness: a unit-level, longitudinal study, Personnel Psychology, Vol. 54, No. 1, pp. 101-114, 2001.
P. M. Podsakoff & S. B. MacKenzie, Organizational citizenship behaviors and sales unit effectiveness, Journal of Marketing Research, Vol. 31, No. 3, pp. 351-363, 1994.
P. M. Podsakoff, M. Ahearne, & S. B. MacKenzie, Organizational citizenship behavior and the quantity and quality of work group performance, Journal of Applied Psychology, Vol. 82, No. 2, pp. 262-270, 1997.
H. J. R. Yen & B. P. Niehoff, Organizational citizenship behaviors and organizational effectiveness: examining relationships in Taiwanese banks, Journal of Applied Social Psychology, Vol. 34, No. 8, pp. 1617-1637, 2004.
S. C. Yang & C. K. Farn, Exploring tacit knowledge sharing intention and behavior within workgroup from the perspectives of social capital and behavioral control. PACIS 2007 Proceedings, 38, 2007.
H. R. Yen, E. Y. Li, Brian, & P. Niehoff, Do organizational citizenship behaviors lead to information system success?: Testing the mediation effects of integration climate and project management, Information & Management, Vol. 45, No. 6, pp. 394-402, 2008.
C. Yoon, The effects of organizational citizenship behaviors on ERP system success, Computers in Human Behavior, Vol. 25, No. 2, pp. 421-428, 2009.
K. L. Thomson, Rossouw von Solms, & Lynette Louw, Cultivating an organizational information security culture, Computer Fraud & Security, Vol. 10, pp. 7-11, 2006.
S. Goel & I. N. Chengalur-Smith, Metrics for characterizing the form of security policies. The Journal of Strategic Information Systems, Vol. 19, No. 4, pp. 281-295, 2010.
T. Dinev, J. Goo, Q. Hu, & K. Nam, User Behaviour towards Protective Information Technologies: The Role of National Cultural Differences. Information Systems Journal, Vol. 19, No. 4, pp. 391-412. 2009.
J. D'Arcy, A. Hovav, & D. Galletta, User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach. Information Systems Research, Vol. 20, No. 1, pp. 79-98, 2009.
S. M. Lee, S. G. Lee, & S. Yoo, An integrative model of computer abuse based on social control and general deterrence theories. Information & Management, Vol. 41, No. 6, pp. 707-718, 2004.
C. J. Park & M. S. Yim. An Understanding of Impact of Security Countermeasures on Persistent Policy Compliance. Journal of Digital Convergence, Vol. 10, No. 4, pp. 23-35, 2012.
T. Herath, & H. R. Rao, Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness. Decision Support Systems, Vol. 47, No. 2, pp. 154-165, 2009.
W. Chin, B. Marcolin, & P. Newsted, A partial least squares latent variable modeling approach for measuring interaction effects: Results from a Monte Carlo simulation study and an electronic-mail emotion/adoption study. Information Systems Research, Vol. 14, No. 2, pp. 189-217, 2003.
C. Fornell & D. Larcker, Evaluating structural equation models with unobservable variables and measurement error. Journal of marketing Research, Vol. 18, No. 1. pp. 39-50, 1981.
M. Wetzels, Using PLS path modeling for assessing hierachical construct models: Guidelines and empirical illustration, MIS Quarterly, Vol. 33, No. 1, pp. 177-195, 2009.
M. Sobel, Asymptotic confidence intervals for indirect effects in structural equation models. Sociological methodology, Vol. 13, pp. 290-312, 1982.
R. M. Baron & D. A. Kenny, The moderator-mediator variable distinction in social psychological research: Conceptual, strategic, and statistical considerations. Journal of Personality and Social Psychology, Vol. 51, No. 6, pp. 1173-1182, 1986.