Journal of Advanced Navigation Technology (한국항행학회논문지)

The Korean Navigation Institute (한국항행학회)
권호 표지

A Study on the Influence of the Components Related to Information Security Governance on the Perception and Behavior of Employees

정보보안 거버넌스의 구성요소가 종업원의 보안 인식과 행위에 미치는 영향에 관한 연구

  • 김영곤 (경남대학교 e-비즈니스학부)
  • Received : 2010.11.10
  • Accepted : 2010.12.30
  • Published : 2010.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

The purpose of this study is to try to find out the relationship between the perception and behavior of employees and the Information Security Governance (ISG) which consists of leadership and governance, security management and organization, security policies, security program management, user security management, and technology protection and operations. Some effective suggestions from the verification of research hypotheses and the analysis of the most appropriate model were drawn out.

본 연구는 정보보안 거버넌스(Information Security Governance)의 구성 요소인 리더십과 거버넌스, 보안 관리 조직, 보안 정책, 보안 프로그램 관리, 사용자 보안 관리, 기술적 보안과 조직 구성원의 보안 인식과 보안 행위 간의 관계를 가설 검증과 최적 모델 분석을 통해 요소간의 관계를 검증하였으며, ISG 확립을 위한 효과적인 방향을 제시하였다.

Keywords

References

  1. 김정덕, 홍기향, "정보보호 거버넌스 이슈 및 연구 과제," 정보보호학회지, 제17권 제4호, pp. 18-25, 2007.
  2. 최훈, 김진우, "불확실성 회피성향이 수용 후 행동에 미치는 영향: 모바일 인터넷 서비스를 중심으로," 경영정보학연구, 제6권 제3호, pp. 95-116, 2006.
  3. Baggett, W.O., "Creating a culture of security", The Infernal Auditor, Vol. 60, No.3, pp. 37-41, 2001
  4. Chau, P.Y.K. and Hu, P.J.H,; "Information Technology Acceptance by Individual Professionals: A Model Comparison Approach," Decision Sciences, Vol. 32, No. 4, pp. 699-719, 2001. https://doi.org/10.1111/j.1540-5915.2001.tb00978.x
  5. COBIT security baseline- An information security survival kit. (2004). Rolling Meadows, USA: IT Governance Institute.
  6. Da Veiga, A. and Eloff J. H. P., "An Information Security Governance framework," Information Systems Management, Vol. 24, pp. 361-372, 2007. https://doi.org/10.1080/10580530701586136
  7. Da Veiga, A., Martins, N., and Eloff J. H. P., "Information security culture-validation of an assessment instrument," Southern African Business Review, Vol. 11, No. 1, pp. 147-66, 2007.
  8. Davis, F.D., "Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology," MIS Quarterly. Vol. 13. No.3, pp. 319-340, 1989. https://doi.org/10.2307/249008
  9. Davis, F.D., Bagoui. R.P., and Warshaw, P.R., "Extrinsic and Intrinsic Motivation to Use Computers in the Workplace," Journal of Applied Social Psychology. Vol. 11, No. 14, pp. 1111-1132, 1992.
  10. Deci, E.L, Intrinsic Motivation, Plenum Press, New York. 1975.
  11. Donaldson, W. H., U.S. capital markets in the post-Sarbanes-Oxley world: Why our markets should matter to foreign issuers. U.S. Securities and Exchange Commission. London School of Economics and Political Science, 2005.
  12. Duffy, J., IT Governance and business value part I: IT Governance- An issue of critical importance. IDC document #27291, 2002.
  13. Fishbein M. and Ajzen, I., Belief, Altitude, Intentions and Behavior: An Introduction to Theory and Research. Addison-Wesley. 1975.
  14. Guldentops, E., IT Governance: Pan and parcel of corporate governance, CIO Summit. European Financial Management & Marketing(EFMA) Conference, Brussels, 2003.
  15. Hellriegel, D., Slocum, J. W. (Jr), & Woodman, R. W., Organizational Behavior, (8th ed.). Cincinnati, OH: South-Western College. 1998.
  16. ISO/IEC 17799 (BS 7799-1), Information technology. Security techniques. Code of practice for information security management. Britain. 2005.
  17. IT Governance Institute, Board briefing on IT Governance (www.itgi.org). 2001.
  18. IT Governance Institute, CobiT Mapping: Overview of Internationanal Guidance. 2004.
  19. Johnston, Allen C. and Hale, Ron, "Improved Security through Information Security Governance," Communications of the ACM, Vol. 51 Issue 1, pp. 126-129, Jan. 2009.
  20. King Report. (2001). The King Report of corporate governance for South Africa, 2001 (Retrieved 12 January 2006 from http://www.iodsaco.za/downloads/King_Report_CORom_Brochure.pdf)
  21. Lee, I., Kim, J.S., and Kim, J.W., "Use Contexts for the Mobile Data: A Longitudinal Study Monitoring Actual Use of Mobile Data Services," International Journal of Human Computer Interaction, Vol. 18, No.3, pp. 269-292, 2005. https://doi.org/10.1207/s15327590ijhc1803_2
  22. Lufiman, J. and T. Brier, "Achieving and Sustaining Busiess - IT Alignment," California Management Review. Vol. 42, No. 1, pp. 109-122, 1999. https://doi.org/10.2307/41166021
  23. Martins, N., "A model for managing trust," International Journal of Manpower. Vol. 23, No.8, pp. 754-69, 2002. https://doi.org/10.1108/01437720210453984
  24. Mantins, A. & Eloff, J. H. P., Information Security Culture. In Security in the information society, IFIP/SEC2002. Boston: Kluwer Academic Publishers, 2002.
  25. Mathieson, K., "Predicting User Intention: Comparing the Technology Acceptance Model with Theory, of Planned Behavior," Information Systems Research, Vol. 1, No.3, pp. 173-191, 1991. https://doi.org/10.1111/j.1365-2575.1991.tb00035.x
  26. McCarthy, M. P. & Campbell, S., Security Transformation, McGraw-Hill: New York, 2001.
  27. Peterson, R. R., Information stratgeies and tactics for Information Technology governance, Hershey. PA: Idea Group Publishing, 2003.
  28. Posthumus, S. & von Solms, R., "A framework for the governance of information security," Computers and Security, Vol. 13, pp. 638-646, 2004.
  29. Posthumus, S. & Von Solms, R., "IT Governance," Computer Fraud and Security, Vol. 6, pp. 11-17, 2005.
  30. Price WaterhouseCoopers. Information Security Breaches Survey, 2004. (Retrieved 12 March 2005 from http://www.dti.gov.uk/industry_files/pdf/isbs_2004v3.pdf)
  31. Richards, N., "The critical importance of information security to financial institutions," Business Credit, Vol. 104. NO.9. pp. 35-36. 2002.
  32. Robbins. S., Organizational Behaviour, (9th ed.), New, Jersey: Prentice Hall, 2001.
  33. Ross. B., "New directives beef lip trust in e-commerce," Computer Weekly News. Vol. 172, 2000.
  34. Ryan R.M. and Deci, E.L., "Intrinsic and Extrinsic Motivations: Classic Definitions and New Directions." Contemporary Educational Psychology, Vol. 25, pp. 54-67, 2000. https://doi.org/10.1006/ceps.1999.1020
  35. Sambamurthy, V. and R.W. Zmud, "Arrangements for Information Technology Governance: A Theory of Multiple Contingencies," MIS Quarterly. Vol. 23, No.2, pp. 261-290, 1999. https://doi.org/10.2307/249754
  36. Taylor. S. and Todd, P., "Understanding Information Technology Use: A Test of Competing Models," Information System Research, Vol. 6, NO. 2, pp. 144-176, 1995. https://doi.org/10.1287/isre.6.2.144
  37. Trelic, S., "Can you keep a secret?" Intelligent Enterprise. Vol. 4, No. 1. Jan. 2001.
  38. Tudor, J. K., Information Security Architecture-An integrated approach to security in an organization. Boca Raton. FL: Auerbach, 2000.
  39. Van Grembergen, W., "Introduction to the Minitrack: IT governance and the mechanisms," Proceedings of the 35th Hawaii International Conference on System Sciences (HICSS). IEEE., 2002.
  40. Venkatesh, V. and Brown, S.A., "A Longitudinal Investigation of Personal Computers in Homes: Adoption Determinants and Emerging Challenges," MIS Quarterly, Vol. 25, No. 1, pp. 71-102, 2001. https://doi.org/10.2307/3250959
  41. Venkatesh, V. and Davis, F.D., "A Theoretical Extension of the Technology Acceptance Model: Four Longitudinal Field Studies," Management Science, Vol. 46, No.2. pp. 186-204, 2000. https://doi.org/10.1287/mnsc.46.2.186.11926
  42. Venkatesh, V. Moms, M.G., Davis, G.B, and Davis, F.D., "'User Acceptance of Information Technology toward a Unified View," MIS Quarterly, Vol. 27, No. 3, pp. 425-478, 2003. https://doi.org/10.2307/30036540
  43. Von Solms, B., "Information security"'1he third wave?'" Computers and Security, Vol. 19, No.7, pp. 615-620, Nov. 2000. https://doi.org/10.1016/S0167-4048(00)07021-8
  44. Von Solms, S. H.. "Information Security Governance-compliance management vs. operational Management." Computers and Security, Vol. 24, No.6, pp. 443-447, 2005. https://doi.org/10.1016/j.cose.2005.07.003
  45. Vroom, C., & Von Solms, R., "Towards information security behavioural compliance." Computers and Security, Vol. 23, No. 33, pp. 191-198, 2004. https://doi.org/10.1016/j.cose.2004.01.012
  46. Weill, P. and M. Vitale, "What IT infrastructure capabilities arc needed to implement e-business models." MIS Quarterly Executive, Vol. 1, No. 1, pp. 17-34, 2002.
  47. Witty, R.J. & Hallawell, A., Client issues for security policies and architecture. Gartner. ID number: K-20-7780, 2003.