References
- 감사원, 감사결과보고서-금융회사 개인정보유출 관련 검사.감독 실태, 감사원, 2014.
- 강다연, 장명희, "정보보안정책 준수가 정보보안능력 및 행동에 미치는 영향 분석: 해운항만조직 구성원을 대상으로", 한국항만경제학회지, 제30권, 제1호, 2014, pp. 97-118.
- 강 욱, 전용태, "산업보안 담당자의 보안정책 준수에 영향을 미치는 요인-억제이론과 합리적 선택이론을 중심으로", 한국경찰연구, 제13권, 제3호, 2014, pp. 273-298.
- 강주영, 이재규, "산업은행: 금융 IT 아웃소싱-공동협력으로 안전한 문을 연다", Information Systems Review, 제7권, 제2호, 2005, pp. 229-255.
- 김상현, 송영미, "조직 구성원들의 정보보안정책 준수 동기요인에 관한 연구", e-비즈니스연구, 제12권, 제3호, 2011, pp. 327-349.
- 김양훈, 문제욱, 황선호, 장항배, "ICT 아웃소싱 환경에서 보안관리 방안 연구", 정보보호학회지, 제24권, 제1호, 2014, pp. 23-31.
- 삼정KPMG 경제연구원, Asian Outsourcing: the next wave, SAMJONG Insight, 제4권, 2007, pp. 1-7.
- 송지호, 전략적 Outsourcing-은행산업을 중심으로, Opentide ViSTA, 2001.
- 안중호, 박준형, 성기문, 이재홍, "처벌과 윤리교육이 정보보안준수에 미치는 영향: 조직유형의 조절효과를 중심으로", Information Systems Review, 제12권, 제1호, 2010, pp. 23-42.
- 이민화, "The factors affecting outsourcing of data processing services", 정보시스템연구, 제6권, 제2호, 1997, pp. 1-28.
- 이정하, 이상용, "금융회사 정보보안정책의 위반에 영향을 주는 요인 연구: 지각된 고객정보 민감도에 따른 조절효과", Journal of Information Technology Applications and Management, 제22권, 제4호, 2015, pp. 225-251.
- 이학식, 임지훈, SPSS 20.0 매뉴얼, 집현재, 2013.
- 임명성, "조직 구성원들의 정보보안 정책 준수행위 의도에 관한 연구", 디지털정책연구, 제10권, 제10호, 2012, pp. 119-128.
- 임명성, "정보보안정책의 특성이 구성원들의 보안정책 준수 행위에 미치는 영향에 관한 연구", 디지털정책연구, 제11권, 제1호, 2013a, pp. 27-38.
- 임명성, "조직 구성원들의 정보보안 정책 위반에 영향을 미치는 요인", 디지털융복합연구, 제11권, 제2호, 2013b, pp. 19-32.
- 장효강, 류황건, 배성권, "병원 아웃소싱 직원과 정규직원의 조직문화 인식이 직무에 미치는 영향", 한국콘텐츠학회논문지, 제9권, 제2호, 2009, pp. 279-288.
- 정우진, 신유형, 이상용, "금융회사의 고객정 보보호에 대한 내부직원의 태도 연구", Asia Pacific Journal of Information Systems, 제22권, 제1호, 2012, pp. 53-77.
- 최창래, 윤장호, 이경호, "금융보안 리스크 기반의 IT도급 정책 연구", 정보보호학회논문지, 제24권, 제4호, 2014, pp. 681-694.
- KRG, IT 아웃소싱 동향 보고서, KRG Report, 2002.
- Ajzen, I., "The theory of planned behavior", Organizational Behavior and Human Decision Processes, Vol.50, No.2, 1991, pp. 179-211.
- Ajzen, I., D. Albarracin, and R. Hornik, Prediction and change of health behavior: Applying the reasoned action approach, Lawrence Erlbaum Associates, New Jersey, 2007.
- Apte, U., "Global outsourcing of information systems and processing services", The Information Society, Vol.7, No.4, 1990, pp. 287-303.
- Aurigemma, S., "A composite framework for behavioral compliance with information security policies", Journal of Organizational and End User Computing, Vol.25, No.3, 2013, pp. 32-51.
- Aurigemma, S. and R. Panko, "A composite framework for behavioral compliance with information security policies", 2012 45th Hawaii International Conference on System Science, 2012, pp. 3248-3257.
- Bardhan, A. D. and C. A. Kroll, "The new wave of outsourcing", Fisher Center for Real Estate and Urban Economics, 2003, pp. 1-12.
- Bulgurcu, B., H. Cavusoglu, and I. Benbasat, "Effects of individual and organization based beliefs and the moderating role of work experience on insiders' good security behaviors", International Conference on Computational Science and Engineering, Vol.3, 2009, pp. 476-481.
- Bulgurcu, B., H. Cavusoglu, and I. Benbasat, "Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness", MIS Quarterly, Vol.34, No.3, 2010, pp. 523-548.
- Carroll, M. D., "Information security: Examining and managing the insider threat", Proceedings of the 3rd annual conference on Information security curriculum development, 2006, pp. 156-158.
- Chin, W. W., "The partial least squares approach to structural equation modeling", in Marcoulides G. A.(eds), Modern Methods for Business Research, Lawrence Erlbaum Associates, New Jersey, 1998, pp. 295-336.
- Chin, W. W., B. L. Marcolin, and P. R. Newsted, "A partial least squares latent variable modeling approach for measuring interaction effects: Results from a monte carlo simulation study and an electronic-mail emotion/adoption study", Information Systems Research, Vol.14, No.2, 2003, pp. 189-217.
- Cohen, J., Statistical power analysis for the behavioral sciences, Lawrence Erlbaum Associates, New Jersey, 2013.
- D'Arcy, J. and A. Hovav, "Deterring internal information systems misuse", Communications of the ACM, Vol.50, No.10, 2007, pp. 113-117.
- D'Arcy, J., A. Hovav, and D. Galletta, "User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach", Information Systems Research, Vol.20, No.1, 2009, pp. 79-98.
- Fornell, C. and D. F. Larcker, "Evaluating structural equation models with unobservable variables and measurement error", Journal of Marketing Research, Vol.18, No.1, 1981, pp. 39-50.
- Gaonjur, P. and C. Bokhoree, "Risk of insider threats in information technology outsourcing: Can deceptive techniques be applied?", Proceedings of the 2006 International Conference on Security and Management, 2006, pp. 522-529.
- Gefen, D. and D. Straub, "A practical guide to factorial validity using PLS-Graph: Tutorial and annotated example", Communications of the Association for Information Systems, Vol.16, 2005, pp. 91-109.
- Geisser, S., "The predictive sample reuse method with applications", Journal of the American Statistical Association, Vol.70, No.350, 1975, pp. 320-328.
- Guo, K. H., Y. Yuan, N. P. Archer, and C. E. Connelly, "Understanding nonmalicious security violations in the workplace: A composite behavior model", Journal of Management Information Systems, Vol.28, No.2, 2011, pp. 203-236.
- Hair, J. F., W. C. Black, B. J. Babin, R. E., Anderson, and R. L. Tatham, Multivariate data analysis, 6th edition, Pearson, 2006.
- Hair, J. F., M. Sarstedt, C. M. Ringle, and J. A. Mena, "An assessment of the use of partial least squares structural equation modeling in marketing research", Journal of the Academy of Marketing Science, Vol.40, No.3, 2012, pp. 414-433.
- Hamin, Z., "Insider cyber-threats: Problems and perspectives", International Review of Law, Computers and Technology, Vol.14, No.1, 2000, p. 105.
- Henseler, J., C. M. Ringle, and R. R. Sinkovics, "The use of partial least squares path modeling in international marketing", Advances in International Marketing, Vol.20, 2009, pp. 277-320.
- Herath, T. and H. R. Rao, "Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness", Decision Support Systems, Vol.47, No.2, 2009a, pp. 154-165.
- Herath, T. and H. R. Rao, "Protection motivation and deterrence: A framework for security policy compliance in organizations", European Journal of Information Systems, Vol.18, No.2, 2009b, pp. 106-125.
- Hong, J., J. Kim, and J. Cho "The trend of the security research for the insider cyber threat", International Journal of Future Generation Communication and Networking, Vol.3, No.2, 2010, pp. 31-40.
- Hu, Q., T. Dinev, P. Hart, and D. Cooke, "Managing employee compliance with information security policies: The critical role of top management and organizational culture", Decision Sciences, Vol.43, No.4, 2012, pp. 615-660.
- Hu, Q., Z. Xu, T. Dinev, and H. Ling, "Does deterrence work in reducing information security policy abuse by employees?", Communications of the ACM, Vol.54, No.6, 2011, pp. 54-60.
- Hulland, J., "Use of partial least squares(PLS) in strategic management research: A review of four recent studies", Strategic Management Journal, Vol.20, No.2, 1999, pp. 195-204.
- Ifinedo, P., "Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory", Computers and Security, Vol. 31, No.1, 2012, pp. 83-95.
- Kankanhalli, A., H. H. Teo, B. C. Tan, and K. K. Wei, "An integrative study of information systems security effectiveness", International Journal of Information Management, Vol.23, No.2, 2003, pp. 139-154.
- Keil, M., A. Rai, and S. Liu, "How user risk and requirements risk moderate the effects of formal and informal control on the process performance of it projects", European Journal of Information Systems, Vol.22, No.6, 2013, pp. 650-672.
- Keil, M., B. C. Tan, K. K. Wei, T. Saarinen, V. Tuunainen, and A. Wassenaar, "A cross-cultural study on escalation of commitment behavior in software projects", MIS Quarterly, Vol.24, No.2, 2000, pp. 299-325.
- Kim, S. H., K. H. Yang, and S. Park, "An integrative behavioral model of information security policy compliance", The Scientific World Journal, Vol.2014, 2014, pp. 1-12.
- Lacity, M. C. and R. A. Hirschheim, Information systems outsourcing; myths, metaphors, and realities, John Wiley & Sons, Inc., New York, 1993.
- Leach, J., "Improving user security behaviour", Computers and Security, Vol.22, No.8, 2003, pp. 685-692.
- Lee, J. T. and Y. H. Lee, "A holistic model of computer abuse within organizations", Information Management and Computer Security, Vol.10, No.2, 2002, pp. 57-63.
- Loh, L. and N. Venkatraman, "An empirical study of information technology outsourcing: Benefits, risks, and performance implications", ICIS 1995 Proceedings, 1995, pp. 277-288.
- Nagin, D. S. and R. Paternoster, "Enduring individual differences and rational choice theories of crime", Law and Society Review, Vol.27, No.3, 1993, pp. 467-496.
- Nagin, D. S. and G. Pogarsky, "Integrating celerity, impulsivity, and extralegal sanction threats into a model of general deterrence: Theory and evidence", Criminology, Vol.39, No.4, 2001, pp. 865-892.
- Pahnila, S., M. Siponen, and A. Mahmood, "Employees' behavior towards is security policy compliance", Proceedings of the 40th Annual Hawaii International Conference on System Sciences, 2007, p. 156b.
- Paternoster, R. and S. Simpson, "Sanction threats and appeals to morality: Testing a rational choice model of corporate crime", Law and Society Review, Vol.30, No.3, 1996, pp. 549-583.
- Peltier, T. R., "Implementing an information security awareness program", Information Systems Security, Vol.14, No.2, 2005, pp. 37-49.
- Pfleeger, C. P., "Reflections on the insider threat", in Stolfo, S. J., S. M. Bellovin, A. D. Keromytis, S. Hershkop, S. W. Smith, and S. Sinclair(eds), Insider Attack and Cyber Security: Beyond the Hacker, Springer US, Boston, 2008, pp. 5-16.
- Sarkar, K. R,, "Assessing insider threats to information security using technical, behavioural and organisational measures", Information Security Technical Report, Vol.15, No.3, 2010, pp. 112-133.
- Schultz, E. E., "A framework for understanding and predicting insider attacks", Computers and Security, Vol.21, No.6, 2002, pp. 526-531.
- Siponen, M., M. M. Adam, and S. Pahnila, "Employees' adherence to information security policies: An exploratory field study", Information and Management, Vol.51, No.2, 2014, pp. 217-224.
- Siponen, M., S. Pahnila, and M. A. Mahmood, "Compliance with information security policies: An empirical investigation", Computer, Vol.43, No.2, 2010, pp. 64-71.
- Siponen, M. and A. Vance, "Neutralization: New insights into the problem of employee information systems security policy violations", MIS Quarterly, Vol.34, No.3, 2010, pp. 487-502.
- Siponen, M., "A conceptual foundation for organizational information security awareness", Information Management and Computer Security, Vol. 8, No.1, 2000, pp. 31-41.
- Sommestad, T., J. Hallberg, K. Lundholm, and J. Bengtsson, "Variables influencing information security policy compliance", Information Management and Computer Security, Vol.22, No.1, 2014, pp. 42-75.
- Son, J. Y., "Out of fear or desire? Toward a better understanding of employees' motivation to follow is security policies", Information and Management, Vol.48, No.7, 2011, pp. 296-302.
- Stone, M., "Cross-validatory choice and assessment of statistical predictions", Journal of the Royal Statistical Society. Series B (Methodological), Vol.36, No.2, 1974, pp. 111-147.
- Straub, D. W., "Effective is security: An empirical study", Information Systems Research, Vol.1, No. 3, 1990, pp. 255-276.
- Tenenhaus, M., S. Amato, and V. E. Vinzi, "A global goodness-of-fit index for PLS structural equation modelling", Proceedings of the XLII SIS Scientific Meeting, Vol.1, 2004, pp. 739-742.
- Tenenhaus, M., V. E. Vinzi, Y. M. Chatelin, and C. Lauro, "PLS path modeling", Computational Statistics and Data Analysis, Vol.48, No.1, 2005, pp. 159-205.
- Theoharidou, M., S. Kokolakis, M. Karyda, and E. Kiountouzis, "The insider threat to information systems and the effectiveness of ISO17799", Computers and Security, Vol.24, No.6, 2005, pp. 472-484.
- Vance, A. and M. Siponen, "Is security policy violations: A rational choice perspective", Journal of Organizational and End User Computing, Vol.24, No.1, 2012, pp. 21-41.
- Whitman, M. E., A. M. Townsend, and R. J. Aalberts, "Information systems security and the need for policy", In Dhillon, G.(eds), Information Security Management: Global Challenges in the New Millennium, IGI Global, Pennsylvania, 2001, pp. 9-18.
- Wixom, B. H. and H. J. Watson, "An empirical investigation of the factors affecting data warehousing success", MIS Quarterly, Vol.25, No.1, 2001, pp. 17-41.
- Yang, D. H., S. Kim, C. Nam, and J. W. Min, "Developing a decision model for business process outsourcing", Computers and Operations Research, Vol.34, No.12, 2007, pp. 3769-3778.
- Yoon, C., "Theory of planned behavior and ethics theory in digital piracy: An integrated model", Journal of Business Ethics, Vol.100, No.3, 2011, pp. 405-417.