$\require{mediawiki-texvc}$
  • 검색어에 아래의 연산자를 사용하시면 더 정확한 검색결과를 얻을 수 있습니다.
  • 검색연산자
검색연산자 기능 검색시 예
() 우선순위가 가장 높은 연산자 예1) (나노 (기계 | machine))
공백 두 개의 검색어(식)을 모두 포함하고 있는 문서 검색 예1) (나노 기계)
예2) 나노 장영실
| 두 개의 검색어(식) 중 하나 이상 포함하고 있는 문서 검색 예1) (줄기세포 | 면역)
예2) 줄기세포 | 장영실
! NOT 이후에 있는 검색어가 포함된 문서는 제외 예1) (황금 !백금)
예2) !image
* 검색어의 *란에 0개 이상의 임의의 문자가 포함된 문서 검색 예) semi*
"" 따옴표 내의 구문과 완전히 일치하는 문서만 검색 예) "Transform and Quantization"
쳇봇 이모티콘
안녕하세요!
ScienceON 챗봇입니다.
궁금한 것은 저에게 물어봐주세요.

논문 상세정보

조직구성원의 정보보안 정책 준수의도: 계획된 행동이론, 목표설정이론, 억제이론의 적용

The Employee's Information Security Policy Compliance Intention : Theory of Planned Behavior, Goal Setting Theory, and Deterrence Theory Applied

초록

정보보안의 중요성의 증대에 따라, 조직은 정보보안을 위한 정책 개발 및 기술 도입을 위한 지속적인 투자를 하고 있다. 조직 내부의 보안 수준을 높이기 위해서는 조직원들의 보안 준수의도 향상을 위한 조직 차원의 체계적인 지원이 필요하다. 본 연구는 조직의 보안 정책 기획 및 실행에 있어, 조직원의 보안 준수를 개선시킬 수 있는 방법으로서, 보안 정책 목표 설정 및 제재 실행을 제시하고, 조직원의 보안 준수의도를 설명하는 계획된 행동이론(Theory of Planned Behavior)와의 연관 관계를 검증하고자 한다. 연구가설 검증을 위하여 구조방정식 모델링을 사용하며, 정보보안 정책이 도입되어 있는 조직의 조직원들을 대상으로 설문을 실시하였다. 346개의 응답을 기반으로 가설을 검증하였다. 결과는 목표 설정 수준과 제재 실행 수준이 조직원들의 준수의도에 영향을 주는 선행 변수들인 자기효능감과 대처효능감에 긍정적인 영향을 미치는 것을 확인하였다. 결과적으로, 본 연구는 조직원의 보안 준수의도 향상을 위해서 보안정책 목표 설정의 중요성과 제재의 실행의 중요성을 제시함으로써, 조직 내 정보보안부서가 수행해야할 효과적인 조직 보안을 위한 전략적 행동 방향을 제시하였다.

Abstract

In accordance with the increase of the importance of information security, organizations are making continuous investments to develop policies and adapt technology for information security. Organization should provide systemized support to enhance employees' security compliance intention in order to increase the degree of organization's internal security. This research suggests security policy goal setting and sanction enforcement as a method to improve employees' security compliance in planning and enforcing organization's security policy, and verifies the influencing relationship of Theory of Planned Behavior which explains employee's security compliance intention. We use structural equation modeling to verify the research hypotheses, and conducted a survey on the employees of organization with information security policy. We verified the hypotheses based on 346 responses. The result shows that the degree of goal setting and sanction enforcement has positive influence on self-efficacy and coping efficacy which are antecedents that influence employees' compliance intention. As a result, this research suggested directions for strategic approach for enhancing employee's compliance intention on organization's security policy.

저자의 다른 논문

참고문헌 (47)

  1. 1. Gartner, Gartner Says Worldwide Information Security Spending Will Grow Almost 8 Percent in 2014 as Organizations Become More Threat-Aware, 2014, http://www.gartner.com/newsroom/id/2828722. 
  2. 2. J. Han, and Y. Kim, "Investigating of Psychological Factors Affecting Information Security Compliance Intention: Convergent Approach to Information Security and Organizational Citizenship Behavior", Journal of Digital Convergence, Vol.13, No.8, pp.133-144, 2015. 
  3. 3. T. Jeong, M. Yim, and J.Lee, "A Development of Comprehensive Framework for Continuous Information Security", Journal of Digital Convergence, Vol. 10, No. 2, pp.1-10, 2012. 
  4. 4. Verizon, Verizon 2013 Data Breach Investigations Report, 2013. 
  5. 5. C. Park, and M. Yim, "An Understanding of Impact of Security Countermeasures on Persistent Policy Compliance", Journal of Digital Convergence, Vol. 10, No. 4, pp. 23-35, 2012. 
  6. 6. B. Bulgurcu, H. Cavusoglu, and I. Benbasat, "Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness", MIS Quarterly, Vol. 34, No. 3, pp.523-548, 2010. 
  7. 7. Y. Chen, K. Ramamurthy, and K. W. Wen, "Organizations' Information Security Policy Compliance: Stick or Carrot Approach?", Journal of Management Information Systems, Vol. 29, No. 3, pp.157-188, 2012. 
  8. 8. J. D'Arcy, A. Hovav, and D. Galletta, "User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach", Information Systems Research, Vol. 20, No. 1, pp.79-98, 2009. 
  9. 9. T. Herath, and H. R. Rao, "Encouraging Information Security Behaviors in Organizations: Role of Penalties, Pressures and Perceived Effectiveness", Decision Support Systems, Vol. 47, No. 2, pp.154-165, 2009. 
  10. 10. Q. Hu, Z. Xu, T. Dinev, and H. Ling, "Does Deterrence Work in Reducing Information Security Policy Abuse by Employees?", Communications of the ACM, Vol. 54, No. 6, pp.54-60, 2011. 
  11. 11. M. Siponen, S. Pahnila, and M. A. Mahmood, "Compliance with Information Security Policies: An Empirical Investigation", Computer, Vol. 43, No. 2, pp. 64-71, 2010. 
  12. 12. A. Vance, M. Siponen, and S. Pahnila, "Motivating IS Security Compliance: Insights from Habit and Protection Motivation Theory", Information & Management, Vol. 49, No. 3, pp.190-198, 2012. 
  13. 13. E. A. Locke, and G. P. Latham, "Building a Practically Useful Theory of Goal Setting and Task Motivation: A 35-year Odyssey", American Psychologist, Vol. 57, No. 9, pp.705-717, 2002. 
  14. 14. B. E. Wright, and B. S. Davis, "Job Satisfaction in the Public Sector the Role of the Work Environment", The American Review of Public Administration, Vol. 33, No. 1, pp.70-90, 2003. 
  15. 15. R. West, "The Psychology of Security", Communications of the ACM, Vol. 51, No. 4, pp.34-40, 2008. 
  16. 16. M. Yim, "A Path Way to Increase the Intention to Comply with Information Security Policy of Employees", Journal of Digital Convergence, Vol. 10, No. 10, pp.119-128, 2012. 
  17. 17. D. Kim, I. Hwang, and J. Kim, "A Study on Employee's Compliance Behavior towards Information Security Policy : A Modified Triandis Model", Journal of Digital Convergence, Vol. 14, No. 4, pp.209-220, 2016. 
  18. 18. J. Do, and J. Kim, "A Study on Critical Success Factors for Enterprise Security Collaboration", Journal of Digital Convergence, Vol. 12, No. 10, pp.235-242, 2014. 
  19. 19. M. Yim, "An Investigation of the Factors that Influence the Compliance to Information Security Policy: From Risk Compensation Theory", Journal of Digital Convergence, Vol. 11, No. 2, pp.19-32, 2013. 
  20. 20. I. Hwang, D. Kim, T. Kim, and J. Kim, "The Study about Security Compliance Intention and Knowledge of Employee based on Security Culture of Organization", Information Systems Review, Vol. 18, No. 1, pp.1-23, 2016. 
  21. 21. I. Ajzen, "The Theory of Planned Behavior", Organizational Behavior and Human Decision Processes, Vol. 50, No. 2, pp.179-211, 1991. 
  22. 22. A. C. Johnston, and M. Warkentin, "Fear Appeals and Information Security Behaviors: An Empirical Study", MIS Quarterly, Vol. 34, No. 3, pp.549-566, 2010. 
  23. 23. N. S. Safa, M. Sookhak, R. Von Solms, S. Furnell, N. A. Ghani, and T. Herawan, "Information Security Conscious Care Behaviour Formation in Organizations", Computers & Security, Vol. 53, pp.65-78, 2015. 
  24. 24. T. Dugo, "The Insider Threat to Organizational Information Security: A Structural Model and Empirical Test", Auburn University, Auburn, AL, 2007. 
  25. 25. W. R. Flores, and M. Ekstedt, "Shaping Intention to Resist Social Engineering through Transformational Leadership, Information Security Culture and Awareness", Computers & Security, Vol. 59, pp.26-44, 2016. 
  26. 26. P. Ifinedo, "Understanding Information Systems Security Policy Compliance: An Integration of the Theory of Planned Behavior and the Protection Motivation Theory", Computers & Security, Vol. 31, No. 1, pp.83-95, 2012. 
  27. 27. E. A. Locke, and G. P. Latham, "New Directions in Goal Setting Theory", Current Directions in Psychological Science, Vol. 15, No. 5, pp.265-268, 2006. 
  28. 28. C. C. Pinder, Work Motivation in Organizational Behavior. Upper Saddle River, NJ: Prentice Hall, 1998. 
  29. 29. R. D. Pritchard, S. D. Jones, P. L. Roth, K. K. Stuebing, and S. E. Ekeberg, "Effects of Group Feedback, Goal Setting, and Incentives on Organizational Productivity", Journal of Applied Psychology, Vol. 73, No. 2, pp.337-358, 1988. 
  30. 30. J. M. Diefendorff, and G. A. Seaton, Work Motivation. International Encyclopedia of the Social & Behavioral Sciences, 2nd edn. Elsevier, Oxford, pp.680-686, 2015. 
  31. 31. R. Vollmeyer, B. D. Burns, and K. J. Holyoak, "The Impact of Goal Specificity on Strategy Use and the Acquisition of Problem Structure", Cognitive Science, Vol. 20, No. 1, pp.75-100, 1996. 
  32. 32. E. A. Locke, and G. P. Latham, "Work Motivation and Satisfaction: Light at the End of the Tunnel", Psychological Science, Vol. 1, No. 4, pp.240-246, 1990. 
  33. 33. A. Bandura, and D. Cervone, "Self-Evaluative and Self-Efficacy Mechanisms Governing the Motivational Effects of Goal Systems", Journal of Personality and Social Psychology, Vol. 45, No, 5, pp.1017-1028, 1983. 
  34. 34. K. H. Guo, Y. Yuan, N. P. Archer, and C. E. Connelly, "Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior Model", Journal of Management Information Systems, Vol. 28, No. 2, pp.203-236, 2011. 
  35. 35. J. Y. Son, "Out of Fear or Desire? Toward a Better Understanding of Employees' Motivation to Follow IS Security Policies", Information & Management, Vol. 48, No. 7, pp.296-302, 2011. 
  36. 36. Y. Chen, K. Ramamurthy, and K. W. Wen, "Organizations' Information Security Policy Compliance: Stick or Carrot Approach?", Journal of Management Information Systems, Vol. 29, No. 3, pp.157-188, 2012. 
  37. 37. N. S. Safa, and R. Von Solms, "An Information Security Knowledge Sharing Model in Organizations", Computers in Human Behavior, Vol. 57, pp.442-451, 2016. 
  38. 38. Y. Xue, H. Liang, and L. Wu, "Punishment, Justice, and Compliance in Mandatory IT Settings", Information Systems Research, Vol. 22, No. 2, pp.400-414, 2011. 
  39. 39. J. Zhang, B. J. Reithel, and H. Li, "Impact of Perceived Technical Protection on Security Behaviors", Information Management & Computer Security, Vol. 17, No. 4, pp.330-340, 2009. 
  40. 40. B. E. Wright, "The Role of Work Context in Work Motivation: A Public Sector Application of Goal and Social Cognitive Theories", Journal of Public Administration Research and Theory, Vol. 14, No. 1, pp.59-78, 2004. 
  41. 41. J. C. Nunnally, Psychometric theory (2nd ed.). New York: McGraw-Hill, 1978. 
  42. 42. B. H. Wixom, and H. J. Watson, "An Empirical Investigation of the Factors Affecting Data Warehousing Success", MIS Quarterly, Vol. 25, No. 1, pp.17-41, 2001. 
  43. 43. C. Fornell, and D. F. Larcker, "Evaluating Structural Equation Models with Unobservable Variables and Measurement Error", Journal of Marketing Research, Vol. 18, No. 1, pp.39-50, 1981. 
  44. 44. H. H. Harman, Modern Factor Analysis, University of Chicago Press, 1976. 
  45. 45. P. Podsakoff, S. MacKenzie, J. Lee, and N. Podsakoff, "Common Method Biases in Behavioral Research: A Critical Review of the Literature and Recommended Remedies", Journal of Applied Psychology, Vol. 88, No. 5, pp.879-903, 2003. 
  46. 46. L. J. Williams, and S. E. Anderson, "An Alternative Approach to Method Effects by Using Latent-Variable Models: Applications in Organizational Behavior Research", Journal of Applied Psychology, Vol. 79, No. 3, pp.323-331, 1994. 
  47. 47. E. T. Higgins, "Beyond Pleasure and Pain", American Psychologist, Vol. 52, No. 12, pp.1280-1300, 1997. 

이 논문을 인용한 문헌 (6)

  1. 1. 황인호 2020. "정보보안 회피행동 완화에 대한 연구: 정보보안 관련 목표설정, 공정성, 신뢰의 관점을 중심으로" 디지털융복합연구 = Journal of digital convergence, 18(12): 217~229 
  2. 2. 황인호, 허성호 2020. "조직 내 정보보안 기술스트레스 완화와 준수의도" 정보시스템연구 = The Journal of information systems, 29(1): 23~50 
  3. 3. 황인호, 허성호 2021. "정보보안 관련 조직시민행동에 대한 연구: 개인 전망, 조직 목표지향성 관점을 중심으로" 디지털융복합연구 = Journal of digital convergence, 19(1): 89~97 
  4. 4. 황인호 2021. "개인 대처와 조직 동질성 문화에 따른 정보보안 준수 차이 분석" 디지털융복합연구 = Journal of digital convergence, 19(2): 105~115 
  5. 5. 김종기 2021. "억제이론 기반의 정보보안 행동의도에 대한 메타분석" 디지털융복합연구 = Journal of digital convergence, 19(2): 169~174 
  6. 6. Hwang, Inho, Hu, Sungho 2020. "The Influence of Organizational Goal Orientation and Structure on Information Security Compliance Intention" 디지털콘텐츠학회 논문지 = Journal of Digital Contents Society, 21(12): 2179~2187 

원문보기

원문 PDF 다운로드

  • ScienceON :
  • KCI :

원문 URL 링크

원문 PDF 파일 및 링크정보가 존재하지 않을 경우 KISTI DDS 시스템에서 제공하는 원문복사서비스를 사용할 수 있습니다. (원문복사서비스 안내 바로 가기)

이 논문 조회수 및 차트

  • 상단의 제목을 클릭 시 조회수 및 차트가 조회됩니다.

DOI 인용 스타일

"" 핵심어 질의응답