디지털콘텐츠학회 논문지 (Journal of Digital Contents Society)

  • 제19권8호
  • /
  • Pages.1515-1525
  • /
  • 2018
  • /
  • 1598-2009(pISSN)
  • /
  • 2287-738X(eISSN)
한국디지털콘텐츠학회 (Digital Contents Society)
권호 표지
DOI QR코드

DOI QR Code

정보보호 투자의도에 영향을 미치는 요인에 대한 연구

A Study on Factors Affecting the Investment Intention of Information Security

  • Lee, Hong-Je (Department of IT Policy Management, Soongsil University) ;
  • Roh, Eun-Hee (Department of College of Liberal Arts & Sciences, Hansung University) ;
  • Han, Kyeong-Seok (Department of Business Administration, Soongsil University)
  • 투고 : 2018.07.20
  • 심사 : 2018.08.28
  • 발행 : 2018.08.31
⟨ 이전 논문 다음 논문 ⟩

초록

4차 산업혁명 시대의 보안은 안전의 문제로 확대되고 있으나, 기업의 정보보호 제반환경은 여전히 열악한 수준이다. 본 연구는 정보보호 투자의도 요인을 실증 분석하여 정책적 시사점을 제안 하고자 한다. 이에 정보보호 실태, 보호 행동이론을 고찰하고 UTAUT를 확장하여 연구 모델을 설계하고 가설을 검증하였다. 분석 결과는 정보 자산이 촉진조건에 영향을 미치고, 인지된 우려와 신규 우려가 사회적 영향에 영향을 미치는 것으로 나타났다. 사회적 영향은 경험과 습관에 영향을 미치지만, 정보보호 투자 의도에 미치는 영향은 기각되었다. 촉진조건, 경험 및 습관이 정보보호와 신규서비스 정보보호 투자의도에 가장 높은 영향을 미치는 것으로 나타났다. 하지만, 인지된 우려와 신규 우려가 정보보호 투자의도에 미치는 영향은 낮거나 기각되었다. 업종, 규모, 정보보호 조직 구성, 침해사고 경험, 정보보호 인력 비율, 개인정보 건수에 따라 집단 간 조절 효과가 있었다. 본 연구가 기업의 정보보호 수준 제고를 위한 정책 수립에 도움을 줄 수 있기를 기대한다.

Security threats in the 4th Industrial Revolution have expanded to the issue of safety, but the environment for information security of domestic companies is still at a low level. This study aims to propose policy implications by empirically analyzing factors affecting investment intention. We investigated the state of information security and protection behavior and expanded UTAUT to investigate correlations. The results showed that information assets affect facilitating conditions, and perceived and new concerns have impacts on social influence. Social influence affect experience and habits, but the impact on security investment intentions was rejected. Facilitation conditions, previous experiences and habits have great influences on investment intention, new service security investment intention. The influence of perceived and new concern are low or rejected. There are moderating effects between types of business, size, security organization, experience of infringement, security personnel ratio, and personal information collection. This study will help to establish policies for enhancing the level of information security.

키워드

참고문헌

  1. Anderson, Catherine L., and Ritu Agarwal. "Practicing safe computing: a multimedia empirical examination of home computer user security behavioral intentions." MIS quarterly 34.3 (2010): 613-643. https://doi.org/10.2307/25750694
  2. Chenoweth, Tim, Robert Minch, and Sharon Tabor, "Expanding views of technology acceptance: seeking factors explaining security control adoption," AMCIS 2007 Proceedings, 2007.
  3. Davis, Fred D., Richard P. Bagozzi, and Paul R. Warshaw. "User acceptance of computer technology: a comparison of two theoretical models." Management science 35.8 (1989): 982-1003. https://doi.org/10.1287/mnsc.35.8.982
  4. Fruin, Donna J., Chris Pratt, and Neville Owen, "Protection motivation theory and adolescents' perceptions of exercise," Journal of Applied Social Psychology, Vol. 22, No. 1, pp. 55-69, 1992. https://doi.org/10.1111/j.1559-1816.1992.tb01521.x
  5. Gurung, Anil, Xin Luo, and Qinyu Liao, "Consumer motivations in taking action against spyware: an empirical investigation," Information Management & Computer Security, Vol. 17, No. 3, pp. 276-289, 2009. https://doi.org/10.1108/09685220910978112
  6. Hanus, Bartlomiej, and Yu and Wu, "Impact of Users' Security Awareness on Desktop Security Behavior: A Protection Motivation Theory Perspective," Information Systems Management, Vol. 33, No. 1, pp.2-16, 2016. https://doi.org/10.1080/10580530.2015.1117842
  7. Hong Je Lee, Eun Hee Roh and Kyeong Seok Han, "A Study on Factors of Information Security Investment in the Fourth Industrial Revolution," International Journal of Advanced Science and Technology, Vol 111, pp.157-174, 2018. https://doi.org/10.14257/ijast.2018.111.14
  8. Hong-Je Lee, Eun-Hee Roh, Kyeong-Seok Han, "A Study on the Factors of Experience and Habit on Information Security Behavior of New Services - based on PMT and UTAUT2," Journal of Digital Contents Society, Vol 19.1, pp. 93-102, 2018. https://doi.org/10.9728/DCS.2018.19.1.93
  9. Hsu, Chien-Lung, Ming-Ren Lee, and Chien-Hui Su, "The role of privacy protection in healthcare information systems adoption," Journal of medical systems, Vol. 37, No. 5, 2013.
  10. Ifinedo, Princely, "Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory," Computers & Security, Vol. 31, No. 1, pp. 83-95, 2012. https://doi.org/10.1016/j.cose.2011.10.007
  11. Jae Kwon Bae, "An Empirical Study on the Effect of Leakage Threat of Personal Information on Protective Behavior Intention in Big Data Environment: Based on Health Psychology Theory and Protection Motivation Theory," The e-Business Studies, Vol. 17, No. 3, pp.191-208
  12. Jee, B. S., Fan, L., Lee, S. C., & Suh, Y. H., "Personal Information Protection Behavior for Information Quality: Health Psychology Theory Perspectives," Journal of the Korean society for quality management, Vol. 39, No. 3, pp. 432-443, 2011.
  13. Johnson, Alice M. (2005). The technology acceptance model and the decision to invest in information security. Southern Association of Information Systems Conference, pp. 114-118.
  14. Johnston, Allen C., and Merrill Warkentin, "Fear appeals and information security behaviors: an empirical study," MIS quarterly, pp. 549-566, 2010.
  15. Jung, J. W, Empirical study on acceptance of personal information protection technology in the 'Smart' era, Ph.D. dissertation, Busan University, Busan, 2012.
  16. Kim, Sang-Hoon, and Gab-Su Lee, "An Empirical Study on Influencing Factors of Using Information Security Technology," Journal of Society for e-Business Studies, Vol. 20, No. 4, pp. 151-175, 2016. https://doi.org/10.7838/JSEBS.2015.20.4.151
  17. KISA. 2016 Survey on Information Security Individual. Available:https://isis.kisa.or.kr/board/?pageId=060200.
  18. KISA. 2017 Survey on Information Security Individual. Available:https://isis.kisa.or.kr/board/?pageId=060200.
  19. LaRose, R., Rifon, N., Liu, S., & Lee, D., "Understanding online safety behavior: A multivariate model," The 55th annual conference of the international communication association, New York, 2005.
  20. Maddux, James E., and Melinda A. Stanley, "Self-efficacy theory in contemporary psychology: An overview," Journal of Social and Clinical psychology, Vol. 4, No. 3, pp. 249-255, 1986. https://doi.org/10.1521/jscp.1986.4.3.249
  21. Maddux, James E., and Ronald W. Rogers, "Protection motivation and self-efficacy: A revised theory of fear appeals and attitude change," Journal of experimental social psychology, Vol. 19, No. 5, pp. 469-479, 1983. https://doi.org/10.1016/0022-1031(83)90023-9
  22. Park, Chanouk, and Sang-Woo Lee, "A Study of the User Privacy Protection Behavior in Online Environment: Based on Protection Motivation Theory," Journal of Internet Computing and Services, Vol. 15, No. 2, pp. 59-71, 2014. https://doi.org/10.7472/jksii.2014.15.2.59
  23. Park, H. S., and S. Kim, "An Empirical Study on SNS Users' Privacy Protection Behaviors," Management and Economics, Vol. 46, No. 2, pp. 69-91, 2013.
  24. Posey, Clay, Tom L. Roberts, and Paul Benjamin Lowry. "The impact of organizational commitment on insiders' motivation to protect organizational information assets." Journal of Management Information Systems 32.4 (2015): 179-214. https://doi.org/10.1080/07421222.2015.1138374
  25. Rogers, Ronald W, "A protection motivation theory of fear appeals and attitude change," The journal of psychology, Vol. 91, No. 1, pp. 93-114, 1975. https://doi.org/10.1080/00223980.1975.9915803
  26. Rogers, Ronald W, "Cognitive and psychological processes in fear appeals and attitude change: A revised theory of protection motivation," Social psychophysiology: A sourcebook, pp. 153-176, 1983.
  27. Siponen, Mikko, Seppo Pahnila, and Adam Mahmood, "Employees' adherence to information security policies: an empirical study, in " IFIP International Information Security Conference, Boston, 2007.
  28. Venkatesh, V., Morris, M. G., Davis, G. B., & Davis, F. D., "User acceptance of information technology: Toward a unified view," MIS quarterly, pp. 425-478, 2003.
  29. Venkatesh, Viswanath, James YL Thong, and Xin Xu, "Consumer acceptance and use of information technology: extending the unified theory of acceptance and use of technology," MIS Quarterly, Vol. 36, No. 1, pp. 157-178, 2012. https://doi.org/10.2307/41410412
  30. Wang, Ping An, "Assessment of cyber security knowledge and behavior: An anti-phishing scenario, in " Proc. IEEE Int. Conf. Internet Monitor. Protection (ICIMP), p. 1-7, 2013.
  31. Wang, Ping An, "Information security knowledge and behavior: An adapted model of technology acceptance," in 2010 2nd International Conference on Education Technology and Computer, Vol. 2, pp. 364-367, 2010.
  32. Wang, Ping An, and Easwar Nyshadham, "Knowledge of online security risks and consumer decision making: An experimental study," in 2011 44th Hawaii International Conference on System Sciences, 2011.
  33. Witte, Kim, "Fear control and danger control: A test of the extended parallel process model(EPPM)," Communications Monographs, Vol. 61, No. 2, pp. 113-134, 1994. https://doi.org/10.1080/03637759409376328

피인용 문헌

  1. A New Anonymity Service Providing Protocol Using Secret Sharing Scheme for Group Communication vol.19, pp.11, 2018, https://doi.org/10.9728/dcs.2018.19.11.2173
  2. The Effects of IT System Utilization of SME on the Environment Management Performance vol.21, pp.3, 2018, https://doi.org/10.9728/dcs.2020.21.3.529
  3. 개인정보보호 활동 결정요인 연구: 개인정보처리자를 중심으로 vol.28, pp.1, 2021, https://doi.org/10.22693/niaip.2021.28.1.064