Asia pacific journal of information systems

The Korea Society of Management Information Systems (한국경영정보학회)
권호 표지

Understanding Security Knowledge and National Culture: A Comparative Investigation between Korea and the U.S

  • Kwak, Dong-Heon (Lubar School of Business, University of Wisconsin-Milwaukee) ;
  • Kizzier, Donna Mcalister (College of Business and Public Affairs, Morehead State University) ;
  • Zo, Hang-Jung (Department of Management Science, Korea Advanced Institute of Science and Technology (KAIST)) ;
  • Jung, Eui-Sung (Lubar School of Business, University of Wisconsin-Milwaukee)
  • Received : 2011.03.09
  • Accepted : 2011.07.15
  • Published : 2011.09.30
Download PDF
⟨ Previous Next ⟩

Abstract

Security has been considered one of the most critical issues for managing IT resources in many organizations. Despite a growing interest and extensive research on security at various levels, little research has focused on the comparison of security knowledge levels between different cultures. The current study investigates and compares the security knowledge level between Korea and the U.S. Based on the literature review of spyware, Hofstede's cultural dimensions, and security knowledge, this study identifies three constructs (i.e., security familiarity, spyware awareness, and spyware knowledge) to examine the difference of security knowledge levels between Korea and the U.S. Six hundred ninety-six respondents from Korea and the U.S. participated in the survey, and an in-depth analysis based on analysis of covariance (ANCOVA) was carried out. The results show that the levels of security familiarity, spyware awareness, and spyware knowledge are significantly lower in Korea than in the U.S., as expected. These findings present a significant association between national culture and security knowledge, and the degree of individualism (or collectivism) plays an especially critical role in the perception of security. A number of implications for academia and practitioners emerge. Limitations and future research directions are discussed in the conclusion.

Keywords

References

  1. Alba, J.W. and Hutchinson, J.W., "Dimensions of Consumer Expertise," Journal of Consumer Research, Vol. 13, No. 4, 1987, pp. 411-454. https://doi.org/10.1086/209080
  2. Arnett, K.P. and Schmidt, M.B., "Busting the Ghost in the Machine," Communications of the ACM, Vol. 48, No. 8, 2005, pp. 92-95. https://doi.org/10.1145/1076211.1076246
  3. Asaravala, A., "Sick of Spam? Prepare for Adware," Wired News, Retrieved 2011. 2. 20 from http://www.wired.com/science/discove ries/news/2004/05/63345, 2004.
  4. Baker, W.M., "What's Your Main Technology Concern?," Strategic Finance, December, 2006, pp. 49-54.
  5. Bower, G.H. and Hilgard, E.R., Theories of Learning, Englewood Cliffs, NJ: Prentice-Hall, 1981.
  6. Chen, C.C., Medlin B.D., and Shaw, R.S., "A Cross-Cultural Investigation of Situational Information Security Awareness Programs," Information Management and Computer Security, Vol. 16, No. 4, 2008, pp. 360-376. https://doi.org/10.1108/09685220810908787
  7. Chen, Y. and Zahedi, F.M., "Internet Users Security Behaviors and Trust," Proceedings of the Pre-ICIS Workshop on Privacy and Security, 2009.
  8. Claburn, T., "70 of Top 100 Web Sites Spread Malware," InformationWeek, Retrieved 2011. 2. 20 from http://www.informationweek.com/ news/internet/security/212901775, 2009.
  9. Cohen, J.E., "DRM and Privacy," Communications of the ACM, Vol. 46, No. 4, 2003, pp. 46-49. https://doi.org/10.1145/641205.641230
  10. Computer Security Institute, "CSI Computer Crime and Security Survey 2009," Retrieved 2010. 2. 20, from http://gocsi.com/survey, 2009.
  11. Consumer Reports, "Social Insecurity: What Millions of Online Users Don't Know Can Hurt Them," Retrieved 2010. 8. 20 from http:// www.consumerreports.org/cro/magazinearchive/ 2010/june/electronics-computers/ social-insecurity/overview/index.htm, 2010.
  12. Cook, T.D. and Campbell, D.T., Quasi Experimentation: Design and Analytical Issues for Field Settings, Chicago, IL: Rand McNally, 1979.
  13. Dhillon, G. and Backhouse, J., "Current Directions in IS Security Research: Towards Socio-Organizational Perspectives," Information Systems Journal, Vol. 11, No. 2, 2001, pp. 127-153. https://doi.org/10.1046/j.1365-2575.2001.00099.x
  14. Dinev, T. and Hu, Q., "The Centrality of Awareness in the Formation of User Behavioral Intention toward Protective Information technology," Journal of the Association for Information Systems, Vol. 8, No. 7, 2007, pp. 386-408. https://doi.org/10.17705/1jais.00133
  15. Dinev, T., Goo, J., Hu, Q., and Nam, K., "User Behaviour towards Protective Information Technologies: The Role of National Cultural Differences," Information Systems Journal, Vol. 19, No. 4, 2009, pp. 391-412. https://doi.org/10.1111/j.1365-2575.2007.00289.x
  16. Fishbein, M. and Ajzen, I., Belief, Attitude, Intention and Behavior: An Introduction to Theory and Research, Reading, MA: Addison- Wesley, 1975.
  17. Gefen, D., Karahanna, E., and Straub, D.W., "Trust and TAM in Online Shopping: An Integrated Model," MIS Quarterly, Vol. 27, No. 1, 2003, pp. 51-90. https://doi.org/10.2307/30036519
  18. Gefen, D., Straub, D.W., and Boudreau, M.C., "Structural Equation Modeling and Regression: Guidelines for Research Practice," Communications of AIS, Vol. 4, No. 7, 2000, pp. 1-79.
  19. Hair, J.F., Tatham, R.L., Anderson, R.E., and Black, W., Multivariate Data Analysis, 7th ed., Englewood Cliffs, NJ: Prentice-Hall, 2009.
  20. Hofstede, G., Culture's Consequences, 2nd ed., Thousand Oaks, CA: Sage Publications, 2001.
  21. Hofstede, G., Geert Hofstede Cultural Dimensions, Retrieved 2010. 12. 12. from http://www. geert-hofstede.com, 2010.
  22. Hwang, W., Jung, H.-S., and Salvendy, G., "Internationalisation of E-Commerce: A Comparison of Online Shopping Preferences among Korean, Turkish and US populations," Behaviour and Information Technology, Vol. 25, No. 1, 2006, pp. 3-18. https://doi.org/10.1080/01449290512331335636
  23. Im, G.P. and Baskerville, R.L., "A Longitudinal Study of Information System Threat Categories: The Enduring Problem of Human Error," The DATA BASE for Advances in Information Systems, Vol. 36, No. 4, 2005, pp. 68-79. https://doi.org/10.1145/1104004.1104010
  24. Internet World Stat, "World Internet Usage and Population Statistics," Retrieved 2010. 8. 20 from http://www.internetworldstats.com, 2010.
  25. Johnston, A.C. and Warkentin, M., "Fear Appeals and Information Security Behaviors: An Empirical Study," MIS Quarterly, Vol. 34, No. 3, 2010, pp. 549-566. https://doi.org/10.2307/25750691
  26. Karahanna, E., Evaristo, J.R., and Srite, M., "Methodological Issues in MIS Cross-Cultural Research," Journal of Global Information Management, Vol. 10, No. 1, 2002, pp. 48-55. https://doi.org/10.4018/jgim.2002010105
  27. Kenyon, H.S., "Spyware Stymies Network Operators," Armed Forces Communications and Electronics Association, Vol. 58, No. 12, 2004, pp. 47-48.
  28. Kogut, B. and Zander, U., "Knowledge of the Firm, Combinative Capabilities and the Replication of Technology," Organization Science, Vol. 3, No. 3, 1992, pp. 383-397. https://doi.org/10.1287/orsc.3.3.383
  29. Kwak, D.-H., Kizzier, D., Zo, H., and Jung, E., "Cross-Cultural Investigation of Security Knowledge Process," International Journal of Business Information Systems, Forthcoming.
  30. Lee, Y. and Kozar, K.A., "An Empirical Investigation of Anti-Spyware Software Adoption: A Multi theoretical Perspective," Information and Management, Vol. 45, No. 2, 2008, pp. 109-119. https://doi.org/10.1016/j.im.2008.01.002
  31. Lee, Y. and Kozar, K.A., "Investigating Factors Affecting the Adoption of Antispyware Systems," Communication of the ACM, Vol. 48, No. 8, 2005, pp. 72-77. https://doi.org/10.1145/1076211.1076243
  32. Liang, H. and Xue Y., "Avoidance of Information Technology Threats: A Theoretical Perspective," MIS Quarterly, Vol. 33, No. 1, 2009, pp. 71-90. https://doi.org/10.2307/20650279
  33. Looney, C.A., Akbulut, A.Y., and Poston, R.S., "Understanding the Determinants of Service Channel Preference in the Early Stages of Adoption: A Social Cognitive Perspective on Online Brokerage Services," Decision Sciences, Vol. 39, No. 4, 2008, pp. 821-857. https://doi.org/10.1111/j.1540-5915.2008.00215.x
  34. Myyry, L., Siponen, M., Pahnila, S., Vartiainen, T., and Vance, A., "What Levels of Moral Reasoning and Values Explain Adherence to Information Security Rules: An Empirical Study," European Journal of Information Systems, Vol. 18, No. 2, 2009, pp. 126-139. https://doi.org/10.1057/ejis.2009.10
  35. Page, K. and Uncles, M., "Consumer Knowledge of the World Wide Web: Conceptualization and Measurement," Psychology and Marketing, Vol. 21, No. 8, 2004, pp. 573-591. https://doi.org/10.1002/mar.20023
  36. Probst, T.M. and Lawler, J., "Cultural Values as Moderators of the Outcomes of Job Insecurity: The Role of Individualism and Collectivism," Applied Psychology: An International Review, Vol. 55, No. 2, 2006, pp. 234-254. https://doi.org/10.1111/j.1464-0597.2006.00239.x
  37. Rogers, E.M., Diffusion of Innovations, 5th ed., New York, NY: Free Press, 2003.
  38. Schmidt, M.B., Johnston, A.C., Arnett, K.P., Chen, J.Q., and Li, S., "A Cross-Cultural Comparison of U.S. and Chinese Computer Security Awareness," Journal of Global Information Management, Vol. 16, No. 2, 2008, pp. 91-103. https://doi.org/10.4018/jgim.2008040106
  39. Spring, T., "Striking Back at Spyware," PC World, Vol. 33, No. 1, 2004, pp. 36-38.
  40. Sriramachandramurthy, R., Balasubramanian, S., and Hodis, M., "Spyware and Adware: How do Internet Users Defend Themselves?," American Journal of Business, Vol. 24, No. 2, 2009, pp. 41-52.
  41. Srite, M. and Karahanna, E., "The Role of Espoused National Cultural Values in Technology Acceptance," MIS Quarterly, Vol. 30, No. 3, 2006, pp. 679-704. https://doi.org/10.2307/25148745
  42. Stafford, T.F. and Urbaczewski, A., "Spyware: The Ghost in the Machine," Communications of the AIS, Vol. 14, No. 1, 2004, pp. 291-306.
  43. Straub, D. and Welke, R., "Coping with Systems Risk: Security Planning Models for Management Decision Making," MIS Quarterly, Vol. 22, No. 4, 1998, pp. 441-469. https://doi.org/10.2307/249551
  44. Straub, D., "Effective IS Security: An Empirical Study," Information Systems Research, Vol. 1, No. 3, 1990, pp. 255-276. https://doi.org/10.1287/isre.1.3.255
  45. Sun, L., Srivastava, R.P., and Mock, T.J., "An Information Systems Security Risk Assessment Model Under the Dempster- Shafer Theory of Belief Functions," Journal of Management Information Systems, Vol. 22, No. 4, 2006, pp. 109-142. https://doi.org/10.2753/MIS0742-1222220405
  46. Sung, S., "There is No Cyber Privacy(?)," Digital Contents, April, 2004, pp. 120-128.
  47. Triandis H.C., "The Self and Social Behavior in Differing Cultural Contexts," Psychological Review, Vol. 96, No. 3, 1989, pp. 269-289.
  48. Triandis, H.C. and Suh, E.M., "Cultural Influences on Personality," Annual Review of Psychology, Vol. 53, 2002, pp. 133-160. https://doi.org/10.1146/annurev.psych.53.100901.135200
  49. Triandis, H.C., "Individualism-Collectivism and Personality," Journal of Personality, Vol. 69, No. 6, 2001, pp. 907-924. https://doi.org/10.1111/1467-6494.696169
  50. Venkatesh, V., Morris, M.G., Davis, F.D., and Davis, G.B., "User Acceptance of Information Technology: Toward a Unified View," MIS Quarterly, Vol. 27, No. 3, 2003, pp. 425-478. https://doi.org/10.2307/30036540
  51. Warkentin, M., Luo, X., and Templeton, G. F., "A Framework for Spyware Assessment," Communication of the ACM, Vol. 48, No. 8, 2005, pp. 79-84. https://doi.org/10.1145/1076211.1076244
  52. Zhang, X., "What Do Consumers Really Know About Spyware?," Communication of the ACM, Vol. 48, No. 8, 2005, pp. 45-48.