한국정보시스템학회지:정보시스템연구 (The Journal of Information Systems)

  • 제28권2호
  • /
  • Pages.129-152
  • /
  • 2019
  • /
  • 1229-8476(pISSN)
  • /
  • 2733-8770(eISSN)
한국정보시스템학회 (Korea Association of Information Systems)
권호 표지
DOI QR코드

DOI QR Code

모바일 기기 사용자는 왜 정보보호에 위험한 행동을 하는가? : 위험행동 결정요인 모델을 중심으로

Why Do Mobile Device Users Take a Risky Behavior?: Focusing on Model of the Determinants of Risk Behavior

  • 투고 : 2019.06.07
  • 심사 : 2019.06.25
  • 발행 : 2019.06.30
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

Purpose The purpose of this study is to empirically identify the risky behavior of mobile device users using the Internet of Things on a situational perspective. Design/methodology/approach This study made a design of the research model based on model of the determinants of risk behavior. Data were collected through a survey including hypothetical scenario. SmartPLS 2.0 was used for the structural model analysis and t-test was conducted to compare the between normal and situational behavior. Findings The results were as follows. First, the central roles of risk propriety and risk perception were verified empirically. Second, we identified the role of locus of control as a new factor of impact on risky behavior. Third, mobile risk propensity has been shown to increase risk perception. Fouth, it has been shown that risk perception does not directly affect risky behavior and reduce the relationship between mobile risk propensity and risk behavior. According to the empirical analysis result, Determinants of risk behavior for mobile users were identified based on a theoretical framework. And it raised the need to pay attention to the impact of locus of control on risk behavior in the IS security field. It provided direction to the approach to risky behavior of mobile device users. In addition, this study confirmed that there was a possibility of taking risky behavior in the actual decision-making.

키워드

JBSTB0_2019_v28n2_129_f0001.png 이미지

<그림 1> 위험행동 결정요인 모델

JBSTB0_2019_v28n2_129_f0003.png 이미지

<그림 2> 연구모형

JBSTB0_2019_v28n2_129_f0004.png 이미지

<그림 3> 위험행동 시나리오

JBSTB0_2019_v28n2_129_f0005.png 이미지

<그림 4> 구조모형 분석 결과

<표 1> 연구변수의 조작적 정의 및 측정항목

JBSTB0_2019_v28n2_129_t0001.png 이미지

<표 2> 표본의 인구통계학적 특성

JBSTB0_2019_v28n2_129_t0002.png 이미지

<표 3> 측정도구의 신뢰성 및 타당성 분석 결과

JBSTB0_2019_v28n2_129_t0003.png 이미지

<표 4> 구조모형의 설명력 분석

JBSTB0_2019_v28n2_129_t0004.png 이미지

<표 5> 가설 검정 결과

JBSTB0_2019_v28n2_129_t0005.png 이미지

<표 6> 주효과 모델과 상호작용 모델 결과 비교

JBSTB0_2019_v28n2_129_t0006.png 이미지

<표 7> 평소 위험행동과 실제 위험행동 의도

JBSTB0_2019_v28n2_129_t0007.png 이미지

참고문헌

  1. 김종기, 김지윤, "스마트폰 사용자가 모바일뱅킹을 사용하지 않는 이유: 소극적 저항과 적극적 저항의 차이를 중심으로. 정보시스템연구", 제27권, 제3호, 2018, pp. 81-102.
  2. 김종기, 김지윤, "정보보호 의사결정에서 정보보호 침해사고 발생가능성의 심리적 거리감과 상대적 낙관성의 역할", Information Systems Review, 제20권, 제3호, 2018, pp. 51-71. https://doi.org/10.14329/isr.2018.20.3.051
  3. 박종석, 권혁인, "생체인증 기술의 혁신저항 및 사용의도에 영향을 미치는 요인에 관한 연구", 정보시스템연구, 제27권, 제2호, 2018, pp. 53-75.
  4. 배병렬, SPSS Amos LISREL SmartPLS에 의한 조절효과 및 매개효과분석, 청람, 2015.
  5. 배재권, "핀테크 (FinTech) 서비스의 정보보안 위협요인과 개인정보보호행위와의 구조적 관계에 관한 연구: 기술위협회피와 건강행동이론 관점에서", 정보시스템연구, 제26권, 제3호, 2017, pp. 313-337.
  6. 이지혜, 정제민, 이종식, "모바일 ICT 융합서비스", 정보와 통신 열린강좌, 한국통신학회, 제34권, 제2호, 2017, pp. 3-11.
  7. 한국인터넷진흥원. 2017년 정보보호 실태조사, 2018.
  8. 한국인터넷진흥원. 2019년 1분기 사이버 위협동향 보고서, 2019.
  9. 한국인터넷진흥원. 사물인터넷 소형 스마트 홈.가전 보안 가이드[이용자용], 2016.
  10. Ajzen, I., "Perceived behavioral control, selfefficacy, locus of control, and the theory of planned behavior", Journal of Applied Social Psychology, Vol. 32, No. 4, 2002, pp. 665-683. https://doi.org/10.1111/j.1559-1816.2002.tb00236.x
  11. Anderson, C. L., and Agarwal, R., "Practicing safe computing: a multimedia empirical examination of home computer user security behavioral intentions", MIS Quarterly, Vol. 34, No. 3, 2010, pp. 613-643. https://doi.org/10.2307/25750694
  12. Bauer, R. A., "Consumer behavior as risk taking", In Risk Taking and Information Handling in Consumer Behavior, Harvard University Press, Cambridge, MA, 1960.
  13. Boss, S. R., Galletta, D. F., Lowry, P. B., Moody, G. D., and Polak, P., "What do system users have to fear? Using fear appeals to engender threats and fear that motivate protective security behaviors", MIS Quarterly, Vol. 39, No. 4, 2015, pp. 837-864. https://doi.org/10.25300/MISQ/2015/39.4.5
  14. Chen, R., Wang, J., Herath, T., and Rao, H. R., "An investigation of email processing from a risky decision making perspective", Decision Support Systems, Vol. 52, No. 1, 2011, pp. 73-81. https://doi.org/10.1016/j.dss.2011.05.005
  15. Chen, Y., and Zahedi, F. M., "Individuals' internet security perceptions and behaviors: polycontextual contrasts between the United States and China", MIS Quarterly, Vol. 40, No. 1, 2016, pp. 205-222. https://doi.org/10.25300/MISQ/2016/40.1.09
  16. Cho, J., and Lee, J., "An integrated model of risk and risk-reducing strategies", Journal of Business Research, Vol. 59, No. 1, 2006, pp. 112-120. https://doi.org/10.1016/j.jbusres.2005.03.006
  17. Cohen, J, "A power primer", Psychological Bulletin, Vol. 112, No. 1, 1992, pp. 155-159. https://doi.org/10.1037/0033-2909.112.1.155
  18. Cooper, W. H., and Withey, M. J., "The strong situation hypothesis", Personality and Social Psychology Review, Vol. 13, No. 1, 2009, pp. 62-72. https://doi.org/10.1177/1088868308329378
  19. Cox, J., "Information systems user security: A structured model of the knowing-doing gap", Computers in Human Behavior, Vol. 28, No. 5, 2012, pp. 1849-1858. https://doi.org/10.1016/j.chb.2012.05.003
  20. Dowling, G. R., and Staelin, R., "A model of perceived risk and intended risk-handling activity", Journal of Consumer Research, Vol. 21, No. 1, 1994, pp. 119-134. https://doi.org/10.1086/209386
  21. Featherman, M. S., and Pavlou, P. A., "Predicting e-services adoption: A perceived risk facets perspective", International Journal of Human-Computer Studies, Vol. 59, No. 4, 2003, pp. 451-474. https://doi.org/10.1016/S1071-5819(03)00111-3
  22. Feng, Y., Wu, P., Ye, G., and Zhao, D., "Risk-compensation behaviors on construction sites: Demographic and psychological determinants", Journal of Management in Engineering, Vol. 33, No. 4, 2017, pp. 1-10.
  23. Figner, B., and Weber, E. U., "Who takes risks when and why? Determinants of risk taking", Current Directions in Psychological Science, Vol. 20, No. 4, 2011, pp. 211-216. https://doi.org/10.1177/0963721411415790
  24. Fischhoff, B., Lichtenstein, S., Slovic, P., Derby, S. L., and Keeney, R. L., Acceptable Risk, Cambridge University Press, New York, 1981.
  25. Furr, R. M., and Funder, D. C., "Persons, situations, and person-situation interactions", In Handbook of Personality: Theory and Research, Guilford, 2009.
  26. Heider, F., The Psychology of Interpersonal Relations, Wiley, New York, 1958.
  27. Keil, M., Tan, B. C., Wei, K. K., Saarinen, T., Tuunainen, V., and Wassenaar, A., "A cross-cultural study on escalation of commitment behavior in software projects", MIS Quarterly, Vol. 24, No. 2, 2000, pp. 299-325. https://doi.org/10.2307/3250940
  28. Kim, K. K., Prabhakar, B., and Park, S. K., "Trust, perceived risk, and trusting behavior in internet banking", Asia Pacific Journal of Information Systems, Vol. 19, No. 3, 2009, pp. 1-23. https://doi.org/10.1111/j.1365-2575.2008.00323.x
  29. Lazarus, R. S. and Folkman, S., Stress, Appraisal, and Coping, Springer, 1984, (스트레스와 평가 그리고 대처, 김정희 옮김, 대광문화사, 2001).
  30. Loosemore, M., and Lam, A. S. Y., "The locus of control: a determinant of opportunistic behaviour in construction health and safety", Construction Management and Economics, Vol. 22, No. 4, 2004, pp. 385-394. https://doi.org/10.1080/0144619042000239997
  31. Luo, X., Li, H., Zhang, J., and Shim, J. P., "Examining multi-dimensional trust and multi-faceted risk in initial acceptance of emerging technologies: An empirical study of mobile banking services", Decision Support Systems, Vol. 49, No. 2, 2010, pp. 222-234. https://doi.org/10.1016/j.dss.2010.02.008
  32. Marett, K., "Checking the manipulation checks in information security research", Information & Computer Security, Vol. 23, No. 1, 2015, pp. 20-30. https://doi.org/10.1108/ICS-12-2013-0087
  33. Markiewicz, L., and Kubinska, E., "Information use differences in hot and cold risk processing: When does information about probability count in the columbia card task?", Frontiers in Psychology, Vol. 6, 2015, pp. 1-11. https://doi.org/10.3389/fpsyg.2015.00001
  34. Milne, G. R., Labrecque, L. I., and Cromer, C., "Toward an understanding of the online consumer's risky behavior and protection practices", Journal of Consumer Affairs, Vol. 43, No. 3, 2009, pp. 449-473. https://doi.org/10.1111/j.1745-6606.2009.01148.x
  35. Mischel, W., "The interaction of person and situation," In Personality at the Crossroads: Current Issues in Interactional Psychology, Lawrence Erlbaum, 1977.
  36. Ogbanufe, O., and Kim, D. J., "Just how risky is it anyway? The role of risk perception and trust on click-through intention", Information Systems Management, Vol. 35, No. 3, 2018, pp. 182-200. https://doi.org/10.1080/10580530.2018.1477292
  37. Parsons, K., Calic, D., Pattinson, M., Butavicius, M., McCormac, A., and Zwaans, T., "The human aspects of information security questionnaire (HAIS-Q): Two further validation studies", Computers & Security, Vol. 66, 2017, pp. 40-51. https://doi.org/10.1016/j.cose.2017.01.004
  38. Rimal, R. N., and Real, K., "Perceived risk and efficacy beliefs as motivators of change: Use of the risk perception attitude (RPA) framework to understand health behaviors", Human Communication Research, Vol. 29, No. 3, 2003, pp. 370-399. https://doi.org/10.1093/hcr/29.3.370
  39. Rossiter, J. R., "Marketing measurement revolution: The C-OAR-SE method and why it must replace psychometrics", European Journal of Marketing, Vol. 45, No. 11, 2011, pp. 1561-1588. https://doi.org/10.1108/03090561111167298
  40. Rotter, J. B., "Generalized expectancies for internal versus external control of reinforcement", Psychological Monographs: General and Applied, Vol. 80, No. 1, 1966, pp. 1-28. https://doi.org/10.1037/h0092976
  41. Siponen, M., and Vance, A., "Neutralization: New insights into the problem of employee information systems security policy violations", MIS Quarterly, Vol. 34, No. 3, 2010, pp. 487-502. https://doi.org/10.2307/25750688
  42. Sitkin, S. B., and Pablo, A. L., "Reconceptualizing the determinants of risk behavior", Academy of Management Review, Vol. 17, No. 1, 1992, pp. 9-38. https://doi.org/10.2307/258646
  43. Sitkin, S. B., and Weingart, L. R., "Determinants of risky decision-making behavior: A test of the mediating role of risk perceptions and propensity", Academy of Management Journal, Vol. 38, No. 6, 1995, pp. 1573-1592. https://doi.org/10.2307/256844
  44. Taylor III, L. A., Hall, P. D., Cosier, R. A., and Goodwin, V. L., "Outcome feedback effects on risk propensity in an MCPLP task", Journal of Management, Vol. 22, No. 2, 1996, pp. 299-311. https://doi.org/10.1016/S0149-2063(96)90050-1
  45. Trevino, L. K., "Experimental approaches to studying ethical-unethical behavior in organizations", Business Ethics Quarterly, Vol. 2, No. 2, 1992, pp. 121-136. https://doi.org/10.2307/3857567
  46. Tu, Z., Turel, O., Yuan, Y., and Archer, N., "Learning to cope with information security risks regarding mobile device loss or theft: An empirical examination", Information & Management, Vol. 52, No. 4, 2015, pp. 506-517. https://doi.org/10.1016/j.im.2015.03.002
  47. van Schaik, P., Jansen, J., Onibokun, J., Camp, J., and Kusev, P., "Security and privacy in online social networking: Risk perceptions and precautionary behaviour", Computers in Human Behavior, Vol. 78, 2018, pp. 283-297. https://doi.org/10.1016/j.chb.2017.10.007
  48. Warkentin, M., Goel, S., Williams, K. J., and Renaud, K., "Are we predisposed to behave securely? Influence of risk disposition on individual security behaviors", In ECIS 2018 Proceedings Association for Information Systems, 2018.
  49. Warkentin, M., Straub, D., and Malimage, K., "Featured talk: Measuring secure behavior: A research commentary", In Annual Symposium of Information Assurance & Secure Knowledge Management, Albany, 2012.
  50. Workman, M., Bommer, W. H., and Straub, D., "Security lapses and the omission of information security measures: A threat control model and empirical test", Computers in Human Behavior, Vol. 24, No. 6, 2008, pp. 2799-2816. https://doi.org/10.1016/j.chb.2008.04.005
  51. Wottrich, V. M., van Reijmersdal, E. A., and Smit, E. G., "The privacy trade-off for mobile app downloads: The roles of app value, intrusiveness, and privacy concerns", Decision Support Systems, Vol. 106, No. 1, 2017, pp. 44-52.
  52. Xu, H., Wang, H., and Teo, H. H., "Predicting the usage of P2P sharing software: The role of trust and perceived risk", In Proceedings of the 38th Hawaii International Conference, System Sciences, 2005, pp. 1-10.