정보시스템 오남용 의도에 관한 실증적 연구 : 의료기관을 대상으로

The Empirical Study on the Misuse Intention Using Information System : Focus on Healthcare Service Sector

  • 김은지 (중앙대학교 산업융합보안학과) ;
  • 이준택 (중앙대학교 산업보안학과)
  • 투고 : 2016.08.22
  • 심사 : 2016.09.19
  • 발행 : 2016.09.30

초록

최근 정보보안 사건의 상당 부분을 의료 분야에서 차지함에도 불구하고 기존의 연구는 기업 중심으로 이루어졌다. 이에 따라 본 연구는 의료기관의 조직원을 대상으로 정보시스템을 사용한 오남용 의도에 관한 연구를 수행하였다. 분석 결과, 정보보안 관리 중 보안 소프트웨어가 인지된 제재 효과에 직접적인 영향을 미치는 것으로 나타났다. 반면 보안정책, 보안 인식 프로그램, 모니터링 실시는 본 설문의 변수의 경우의 수의 부족으로 신뢰성을 확보할 수 없었으나, 보안 소프트웨어와 동등한 제재효과가 있을 것으로 판단되어 추가 분석이 필요할 것으로 나타났다.

Despite the number of security incidents in healthcare sector is considerable, earlier studies have been done in business sector. We have tried to empirically analyze the misuse intention using information system for healthcare sector. As a result, the preventative security software of the information security management have positive impact on the effectiveness of sanctions. Though further analysis is needed, the security policies, security awareness program and monitoring practices are determined to have a valid impact on the effectiveness of sanctions equivalent to the preventative security software.

키워드

참고문헌

  1. ISACA, 'State of Cybersecurity:Implications for 2015', 보도자료, 2015.
  2. ITRC, 'Data Breaches Reports 2015', 2015.
  3. 한국인터넷진흥원, '2016 인터넷 및 정보보호 10대 이슈 전망', 2015.
  4. Hill, L. B. and Pemberton, J. M, "Information security: An overview and resource guide for inf.", Information Management, Vol.29, No.1, pp.14-24, 1995.
  5. Kesar, S. and S. Rogerson. "Developing ethical practices to minimize computer misuse", Social science computer review, Vol.16, No.3, pp.240-251, 1998. https://doi.org/10.1177/089443939801600302
  6. Wasik, M. 'Crime and the Computer', Oxford: Clarendon Press, 1991.
  7. Fafinski, S. 'Computer Misuse: Response, regulation and the law', Routledge, 2013.
  8. Straub, D. W. 'Deterring computer abuse: The effectiveness of deterrent countermeasures in the computer security environment', Diss, 1989.
  9. Ajzen, I. "The theory of planned behavior", Organizational behavior and human decision processes, Vol.50, No.2 pp.179-211, 1991. https://doi.org/10.1016/0749-5978(91)90020-T
  10. Nagin, D. "Crime rates, sanction levels, and constraints on prison population", Law and Society Review, pp.341-366, 1978.
  11. Tittle, C. R. 'Sanctions and social deviance: The question of deterrence', Praeger, 1980.
  12. Hollinger, R. C., and John P. C. "Deterrence in the workplace: Perceived certainty, perceived severity, and employee theft", Social forces, Vol.62 No.2 pp.398-418, 1983. https://doi.org/10.2307/2578314
  13. Dhillon, G. "Managing and controlling computer misuse", Information Management & Computer Security, Vol.7 No.4 pp.171-175, 1999. https://doi.org/10.1108/09685229910292664
  14. Lee, J. and Y. Lee. "A holistic model of computer abuse within organizations", Information management&computer security, Vol.10 No.2 pp.57-63, 2002. https://doi.org/10.1108/09685220210424104
  15. Wybo, M. D. and D. W. Straub Jr. "Protecting organizational information resources", Information Resources Management Journal, Vol.2 No.4 pp.1-16, 1989. https://doi.org/10.4018/irmj.1989100101
  16. Kankanhalli, A. et al. "An integrative study of information systems security effectiveness", International journal of information management, Vol.23 No.2 pp.139-154, 2003. https://doi.org/10.1016/S0268-4012(02)00105-6
  17. Irakleous, I. et al. "An experimental comparison of secret-based user authentication technologies", Information Management&Computer Security, Vol.10 No.3 pp.100-108, 2002. https://doi.org/10.1108/09685220210431854
  18. Skinner, W. F. and A. M. Fream, "A social learning theory analysis of computer crime among college students". Journal of research in crime and delinquency, Vol.34 No.4 pp.495-518, 1997. https://doi.org/10.1177/0022427897034004005
  19. Stanton, J. et al. "Behavioral information security: two end user survey studies of motivation and security practices", AMCIS 2004 Proceedings, 2004.
  20. Chin, W. W. "The partial least squares approach to structural equation modeling", Modern methods for business research, Vol.295 No.2 pp.295-336, 1998.
  21. Gefen, D, D. Straub, and Marie-Claude B. "Structural equation modeling and regression: Guidelines for research practice", Communications of the association for information systems, Vol.4 No.1, 2000.