DOI QR코드

DOI QR Code

The Role of Psychological Distance and Relative Optimism in Information Security Decision Making

정보보호 의사결정에서 정보보호 침해사고 발생가능성의 심리적 거리감과 상대적 낙관성의 역할

  • Jongki Kim (Department of Business Administration, Pusan National University) ;
  • Jiyun Kim (Graduate School, Pusan National University)
  • Received : 2018.07.20
  • Accepted : 2018.09.21
  • Published : 2018.09.30

Abstract

Many studies in the field of information security reveal the need to increase awareness. However, although awareness of information security has been raised to a considerable extent, actual security behavior has been shown to fall short of that. Therefore, we wanted to identify the role of psychological factors in making information security decisions by conducting a experimental study. The results show that there are differences in perception of information security risks according to the probabilistic distance and the degree of relative optimism due to social distance. In relation to their relative optimism and intention of information security, they reduced the level of perceived risk compared to those close to them and found that their influence varied according to their probabilistic distance. This study has made valuable attempt in terms of methodology and it is meaningful that the psychological factor is taken into consideration for the information protection behavior, so that the range of relative optimism that actually affects the perception of risk is narrowed. It is expected to contribute to the improvement of information security level of information technology users and protection of information assets by empirically identifying necessity of various approaches to decision making process for information security.

많은 정보보호 분야 연구들은 인식을 높여야 할 필요성을 밝히고 있다. 그러나 정보보호에 대한 인식이 상당한 수준으로 높아졌음에도 실제 보호행동은 최근까지 그에 미치지 못하고 있다. 이에 인식수준과는 별개로 정보보호 의사결정에 심리적 요인이 작용할 것으로 가정하고 정보보호에 대한 인식에 차이가 없는 실험상황에서 심리적 거리감과 낙관편향에 따른 차이를 확인하고 정보보호 행동에 대한 영향을 확인하고자 하였다. 연구결과 모바일 기기 사용자의 확률적 거리감에 따라 정보보호 위험의 지각에 차이가 있었으며, 사회적 거리감에 따라 상대적 낙관성의 정도에 차이가 있었다. 이를 바탕으로 상대적 낙관성을 개념화하고 정보보호 행동의도와의 관계를 분석한 결과 자신과 가까운 사람과 비교해 더 낙관적이라 생각했을 때 정보보호 위험의 수준을 낮게 평가하고 확률적 거리감에 따라 영향력이 달라짐을 확인했다. 본 연구는 방법론적 측면에서 의미 있는 시도를 하였고, 정보보호와 관련한 행동에 있어 심리적 요인을 고려함으로써 실질적 위험지각에 영향을 미치는 상대적 낙관성의 범위를 좁혔다는 데 의의가 있다. 정보보호를 위한 의사결정 과정에 다각도로 접근할 필요성을 실증적으로 규명함으로써 궁극적으로 정보기술 사용자의 정보보호 수준 향상과 정보자산의 보호에 기여할 것으로 기대한다.

Keywords

References

  1. 김민지, 민병아, 신현식, 황성욱, 이인성, 김진우, "해석수준 이론에 기반한 모바일 기부 플랫폼 사례연구: 빅워크와 트리플래닛을 대상으로", Information Systems Review, 제17권, 제3호, 2015, pp. 135-157.  https://doi.org/10.14329/isr.2015.17.3.135
  2. 김종기, 김지윤, "컴퓨터 사용자의 데이터 백업의도에 영향을 미치는 요인", 연세경영연구, 제54권, 제3호, 2017, pp. 77-106. 
  3. 박도형, "심리적 거리로서의 가상성: 가상성에 따른 광고메시지 전략", Journal of Information Technology Applications & Management, 제24권, 제2호, 2017, pp. 39-54. 
  4. 박정현, 강성민, "사용자의 PC와 스마트폰에 대한 정보보안 인식 차이에 관한 연구", Information Systems Review, 제19권, 제3호, 2017, pp. 69-89.  https://doi.org/10.14329/isr.2017.19.3.069
  5. 배병렬, SPSS Amos LISREL SmartPLS에 의한 조절효과 및 매개효과분석, 청람, 서울, 2015. 
  6. 한국인터넷진흥원, 2016년 정보보호 실태조사, 2017. 
  7. 한국인터넷진흥원, 2017년 정보보호 실태조사, 2018. 
  8. Anderson, C. L. and R. Agarwal, "Practicing safe computing: A multimedia empirical examination of home computer user security behavioral intentions", MIS Quarterly, Vol.34, No.3, 2010, pp. 613-643.  https://doi.org/10.2307/25750694
  9. Bauer, R. A., "Consumer behavior as risk taking", Risk Taking and Information Handling in Consumer Behavior, Harvard University Press, Cambridge, MA, 1960. 
  10. Bauer, S. and E. W. Bernroider, "From information security awareness to reasoned compliant action: analyzing information security policy compliance in a large banking organization", The DATABASE for Advances in Information Systems, Vol.48, No.3, 2017, pp. 44-68.  https://doi.org/10.1145/3130515.3130519
  11. Boss, S. R., D. F. Galletta, P. B. Lowry, G. D. Moody, and P. Polak, "What do system users have to fear? Using fear appeals to engender threats and fear that motivate protective security behaviors", MIS Quarterly, Vol.39, No.4, 2015, pp. 837-864.  https://doi.org/10.25300/MISQ/2015/39.4.5
  12. Bulgurcu, B., H. Cavusoglu, and I. Benbasat, "Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness", MIS Quarterly, Vol.34, No.3, 2010, pp. 523-548.  https://doi.org/10.2307/25750690
  13. Chen, C. C., B. Dawn Medlin, and R. S. Shaw, "A cross-cultural investigation of situational information security awareness programs", Information Management & Computer Security, Vol.16, No.4, 2008, pp. 360-376.  https://doi.org/10.1108/09685220810908787
  14. Cho, H., J. S. Lee, and S. Chung, "Optimistic bias about online privacy risks: Testing the moderating effects of perceived controllability and prior experience", Computers in Human Behavior, Vol.26, No.5, 2010, pp. 987-995.  https://doi.org/10.1016/j.chb.2010.02.012
  15. Cohen, J., "A power primer", Psychological Bulletin, Vol.112, No.1, 1992, pp. 155-159.  https://doi.org/10.1037/0033-2909.112.1.155
  16. Featherman, M. S. and P. A. Pavlou, "Predicting e-services adoption: A perceived risk facets perspective", International Jurnal of HumanComputer Studies, Vol.59, No.4, 2003, pp. 451-474.  https://doi.org/10.1016/S1071-5819(03)00111-3
  17. Feng, Y., P. Wu, G. Ye, and D. Zhao, "Risk-Compensation behaviors on construction sites: Demographic and psychological determinants", Journal of Management in Engineering, Vol.33, No.4, 2017, pp. 1-10.  https://doi.org/10.1061/(ASCE)ME.1943-5479.0000520
  18. Floyd, D. L., S. Prentice-Dunn, and R. W. Rogers, "A meta-analysis of research on protection motivation theory", Journal of Applied Social Psychology, Vol.30, No.2, 2000, pp. 407-429.  https://doi.org/10.1111/j.1559-1816.2000.tb02323.x
  19. Freitas, A. L., P. Gollwitzer, and Y. Trope, "The influence of abstract and concrete mindsets on anticipating and guiding others' self-regulatory efforts", Journal of Experimental Social Psychology, Vol.40, No.6, 2004, pp. 739-752.  https://doi.org/10.1016/j.jesp.2004.04.003
  20. Guo, K. H., Y. Yuan, N. P. Archer, and C. E. Connelly, "Understanding nonmalicious security violations in the workplace: A composite behavior model", Journal of Management Information Systems, Vol.28, No.2, 2011, pp. 203-236.  https://doi.org/10.2753/MIS0742-1222280208
  21. Hair, J. F., G. T. M. Hult, C. Ringle, and M. Sarstedt, A Primer on Partial Least Squares Structural Equation Modeling (PLS-SEM), Sage Publications, 2014, (PLS 구조모델의 이해: BASIC, 김장현, 심경환, 이철성 옮김, 피앤씨 미디어, 2014). 
  22. Harris, P. and W. Middleton, "The illusion of control and optimism about health: On being less at risk but no more in control than others", British Journal of Social Psychology, Vol.33, No.4, 1994, pp. 369-386.  https://doi.org/10.1111/j.2044-8309.1994.tb01035.x
  23. Hayes, Introduction to Mediation, Moderation, and Conditional Process Analysis: A Regression-Based Approach, The Guilford Press, 2013. 
  24. Henseler, J., "PLS-MGA: A non-parametric approach to partial least squares-based multi-group analysis", Challenges at The Interface of Data Analysis, Computer Science, and Optimization, Springer, 2012, pp. 495-501. 
  25. ISO/IEC 27000, Information Technology-Security Techniques-Information Security Management Systems-Overview and Vocabulary, International Organization for Standardization, 2016. 
  26. Kim, K. K., B. Prabhakar, and S. K. Park, "Trust, perceived risk, and trusting behavior in Internet banking", Asia Pacific Journal of Information Systems, Vol.19, No.3, 2009, pp. 1-23.  https://doi.org/10.1111/j.1365-2575.2008.00323.x
  27. Kirk, R. E., Experimental Design: Procedures for the Behavioral Sciences (4th ed.), Sage, 2014. 
  28. Lazarus, R. S. and S. Folkman, Stress, Appraisal, and Coping, Springer, 1984, (스트레스와 평가 그리고 대처, 김정희 옮김, 대광문화사, 2001). 
  29. Liberman, N., Y. Trope, and E. Stephan, "Psychological Distance", Social Psychology: Handbook of Basic Principles, 2007, pp. 353-383. 
  30. Luo, X., H. Li, J. Zhang, and J. P. Shim, "Examining multi-dimensional trust and multi-faceted risk in initial acceptance of emerging technologies: An empirical study of mobile banking services", Decision Support Systems, Vol.49, No.2, 2010, pp. 222-234.  https://doi.org/10.1016/j.dss.2010.02.008
  31. Maglio, S. J., Y. Trope, and N. Liberman, "Distance from a distance: Psychological distance reduces sensitivity to any further psychological distance", Journal of Experimental Psychology, Vol.142, No.3, 2013, pp. 644-657.  https://doi.org/10.1037/a0030258
  32. Marett, K., "Checking the manipulation checks in information security research", Information & Computer Security, Vol.23, No.1, 2015, pp. 20-30.  https://doi.org/10.1108/ICS-12-2013-0087
  33. Mingers, J., "Combining IS research methods: Towards a pluralist methodology", Information Systems Research, Vol.12, No.3, 2001, pp. 240-259.  https://doi.org/10.1287/isre.12.3.240.9709
  34. Otten, W. and J. Van der Pligt, "Risk and behavior: The mediating role of risk appraisal", Acta Psychologica, Vol.80, No.1, 1992, pp. 325-346.  https://doi.org/10.1016/0001-6918(92)90054-H
  35. Park, J. and C. G. Oh, "Cognitive bias and information security research: Research trends and opportunities", Asia Pacific Journal of Information Systems, Vol.26, No.2, 2016, pp. 290-298.  https://doi.org/10.14329/apjis.2016.26.2.290
  36. Park, R. E., "The concept of social distance as applied to the study of racial attitudes and racial relations", Journal of Applied Sociology, Vol.8, No.6, 1924, pp. 339-344. 
  37. Rhee, H. S., Y. U. Ryu, and C. T. Kim, "Unrealistic optimism on information security management", Computers & Security, Vol.31, No.2, 2012, pp. 221-232.  https://doi.org/10.1016/j.cose.2011.12.001
  38. Rigdon, E. E., C. M. Ringle, and M. Sarstedt, "Structural modeling of heterogeneous data with partial least squares", Review of Marketing Research, Emerald Group Publishing Limited, 2010, pp. 255-296. 
  39. Rosemann, M. and I. Vessey, "Toward improving the relevance of information systems research to practice: The role of applicability checks", MIS Quarterly, Vol.32, No.1, 2008, pp. 1-22.  https://doi.org/10.2307/25148826
  40. Rossiter, J. R., "Marketing measurement revolution: The C-OAR-SE method and why it must replace psychometrics", European Journal of Marketing, Vol.45, No.11, 2011, pp. 1561-1588.  https://doi.org/10.1108/03090561111167298
  41. Sitkin, S. B. and A. L. Pablo, "Reconceptualizing the determinants of risk behavior", Academy of Management Review, Vol.17, No.1, 1992, pp. 9-38.  https://doi.org/10.2307/258646
  42. Todorov, A., A. Goren, and Y. Trope, "Probability as a psychological distance: Construal and preferences", Journal of Experimental Social Psychology, Vol.43, No.3, 2007, pp. 473-482.  https://doi.org/10.1016/j.jesp.2006.04.002
  43. Trope, Y. and N. Liberman, "Construal-level theory of psychological distance", Psychological Review, Vol.117, No.2, 2010, pp. 440-463.  https://doi.org/10.1037/a0018963
  44. Trope, Y., N. Liberman, and C. Wakslak, "Construal levels and psychological distance: Effects on representation, prediction, evaluation, and behavior", Journal of Consumer Psychology, Vol.17, No.2, 2007, pp. 83-95.  https://doi.org/10.1016/S1057-7408(07)70013-X
  45. Tu, Z., O. Turel, Y. Yuan, and N. Archer, "Learning to cope with information security risks regarding mobile device loss or theft: An empirical examination", Information & Management, Vol.52, No.4, 2015, pp. 506-517.  https://doi.org/10.1016/j.im.2015.03.002
  46. Van Schaik, P., J. Jansen, J. Onibokun, J. Camp, and P. Kusev, "Security and privacy in online social networking: Risk perceptions and precautionary behaviour", Computers in Human Behavior, Vol.78, 2018, pp. 283-297.  https://doi.org/10.1016/j.chb.2017.10.007
  47. Weinstein, N. D., "Optimistic biases about personal risks", Science, Vol.246, No.4935, 1989, pp. 1232-1234.  https://doi.org/10.1126/science.2686031
  48. Weinstein, N. D., "Unrealistic optimism about future life events", Journal of Personality and Social Psychology, Vol.39, No.5, 1980, pp. 806-820.  https://doi.org/10.1037/0022-3514.39.5.806
  49. Weinstein, N. D., "Unrealistic optimism about susceptibility to health problems: Conclusions from a community-wide sample", Journal of Behavioral Medicine, Vol.10, No.5, 1987, pp. 481-500.  https://doi.org/10.1007/BF00846146
  50. Weinstein, N. D. and W. M. Klein, "Unrealistic Optimism: Present and Future", Journal of Social and Clinical Psychology, Vol.15, No.1, 1996, pp. 1-8.  https://doi.org/10.1521/jscp.1996.15.1.1
  51. Wottrich, V. M., E. A. van Reijmersdal, and E. G. Smit, "The privacy trade-off for mobile app downloads: The roles of app value, intrusiveness, and privacy concerns", Decision Support Systems, Vol.106, No.1, 2017, pp. 44-52.  https://doi.org/10.1016/j.dss.2017.12.003
  52. Xu, H., H. Wang, and H. H. Teo, "Predicting the usage of P2P sharing software: The role of trust and perceived risk", Proceedings of the 38th Hawaii International Conference, System Sciences, 2005, pp. 1-10.