Informatization Policy (정보화정책)

National Information Society Agency (한국지능정보사회진흥원)
권호 표지
DOI QR코드

DOI QR Code

A Study on the Influence of Victimization Experience and Awareness on Cyber Security Behavior - Focusing on Dual Process Theory

침해 경험 및 정보보호 인식이 정보보호 행동에 미치는 영향에 대한 연구 : 이중 프로세스 이론을 중심으로

  • Kim, Chang-Il (Graduate school of public policy and information technology, Seoul national university of science and technology) ;
  • Heo, Deok-Won (Graduate school of public policy and information technology, Seoul national university of science and technology) ;
  • Lee, Hye-Min (Graduate school of public policy and information technology, Seoul national university of science and technology) ;
  • Sung, Wook-Joon (Graduate school of public policy and information technology, Seoul national university of science and technology)
  • Received : 2019.02.10
  • Accepted : 2019.03.18
  • Published : 2019.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

The purpose of this study is to investigate the direct effect of victimization experience on cyber security behavior and the indirect effect of information protection awareness through the Dual Process Theory. Baron & Kenny regression analysis was conducted and the results are as follows - first, victimization experience has a positive effect on cyber security behavior; second, the relationship between victimization experience and cyber security behavior is mediated by cyber security awareness; and third, the direct effect of victimization experience on cyber security behavior and the indirect mediating effect of cyber security awareness are both positive (+). The direct effect of victimization experience on cyber security behavior is analyzed to be relatively large compared to the indirect effect that cyber security awareness has on cyber security behavior. Based on these results, It is suggested that periodic cyber security education and campaign policies are needed to enhance cyber security behavior.

본 연구의 목적은 정보침해 경험이 정보보호 활동에 직관적으로 미치는 영향과 정보보호 인식을 통해 분석적으로 미치는 영향을 이중 프로세스 이론(Dual Process Theory)을 통해 분석하는데 있다. 이를 위해 Baron & Kenny 매개 회귀분석을 사용하였으며 그 분석결과는 다음과 같다. 첫째, 정보침해 경험은 정보보호 활동에 긍정적인 영향을 미치는 것으로 분석되었다. 둘째, 정보보호 인식은 정보침해 경험과 정보보호 활동 간의 관계를 매개하는 것으로 분석되었다. 셋째, 정보침해 경험이 정보보호 활동에 직접적으로 주는 영향과 인식을 매개하여 주는 간접적 영향의 효과는 모두 정(+)의 효과를 주는 것으로 분석되었다. 또한 정보침해 경험이 정보보호 활동에 주는 직접적 영향은 인식을 매개하여 정보보호 활동에 주는 간접적 영향에 비해 상대적으로 큰 것으로 분석되었다. 해당 분석결과를 바탕으로 정보보안 활동이 제고 될 수 있도록 하는 주기적 정보보안 교육 및 캠페인 정책이 필요함을 제언하였다.

Keywords

JBSHBC_2019_v26n2_62_f0001.png 이미지

<그림 1> 연구분석틀 Research and Analysis Framework

JBSHBC_2019_v26n2_62_f0002.png 이미지

<그림 2> 정보보호 중요성 인식의 매개모형 검증결과: 표준화 계수 Result of Mediating Model Test on Cyber Security Awareness; Standardized Regression Coefficient

<표 1> 이중 프로세스 이론의 두 가지 사고과정

Two Thinking Processes in Dual Process Theory

JBSHBC_2019_v26n2_62_t0001.png 이미지

<표 2> 정보보호 활동 영향 변수 정리

Variables and Operational Definitions

JBSHBC_2019_v26n2_62_t0002.png 이미지

<표 3> 주요 설명변수 및 비밀번호 설정 사례 분포

Key Explanatory Variables and Distribution of Password Setting Cases

JBSHBC_2019_v26n2_62_t0003.png 이미지

<표 4> 개인의 침해경험이 정보보호 중요성 인식에 미치는 영향력에 관한 다중회귀분석 결과

Multiple Regression Analysis Results on the Impact of Victimization Experience on Cyber Security Awareness

JBSHBC_2019_v26n2_62_t0004.png 이미지

<표 5> 정보보호 중요성 인식의 매개효과에 관한 다중회귀분석 결과

Multiple Regression Analysis Results on the Mediating Effect of Cyber Security Awareness

JBSHBC_2019_v26n2_62_t0005.png 이미지

<표 6> 개인의 침해 경험의 정보보호 행동에 대한 직접 및 간접 효과

Direct and Indirect Effect of Victimization Experience on Cyber Security Behavior

JBSHBC_2019_v26n2_62_t0006.png 이미지

<표 7> 연구가설 검증표

Hypothesis Test Results

JBSHBC_2019_v26n2_62_t0007.png 이미지

References

  1. Ahlan, A. R., Lubis, M. & Lubis, A. R. (2015). "Information Security Awareness at the Knowledge-Based Institution: Its Antecedents and Measures." Procedia Computer Science, 72, 361-373. https://doi.org/10.1016/j.procs.2015.12.151
  2. Bae, J. (2016). "An Empirical Study on the Effect of Leakage Threat of Personal Informationon Protective Behavior Intention in Big Data Environment: Based on Health Psychology Theory and Protection Motivation Theory." The e-Business Studies, 17(3), 191-208. https://doi.org/10.20462/TeBS.2016.06.17.3.191
  3. Baron, R. M. & Kenny, D. A. (1986). "The moderator-mediator variable distinction in social psychological research: Conceptual, strategic, and statistical considerations." Journal of Personality and Social Psychology, 51(6), 1173-1182. https://doi.org/10.1037/0022-3514.51.6.1173
  4. Choi, J. (2015). "An Empirical Study on the Relationship of Personal Optimistic Bias and Information Security Awareness and Behavior in the Activity of Information Ethic." Master's Thesis, Department of Management Information Systems, Seoul Venture University.
  5. Choi, J. & Che, M. (2016). "An empirical study on the relationship of personal optimistic bias and information security awareness and behavior in the activity of information ethics." Journal of the Korea Academia-Industrial, 17(5), 538-547.
  6. Choi, M. (2017). "A study on the Influence of the Work Environment Characteristics of Coworking office on Information Security Awareness and Behavior." Master's Thesis, Department of f Financial Information Security, Kookmin University.
  7. Choi, N., Kim, D. J., Goo, J. & Whitmore, A. (2008). "Knowing is doing: An empirical validation of the relationship between managerial information security awareness and action." Information Management & Computer Security, 16(5), 484-501. https://doi.org/10.1108/09685220810920558
  8. Choi, S., Kim, H. & Kim, T. (2016). "Factors Affecting Information Security Practice of Elementary School Students." Journal of the Korea Institute of Information Security & Cryptology, 26(2), 449-461. https://doi.org/10.13089/JKIISC.2016.26.2.449
  9. Choi, S., Lim, D., Ko, I. & Moon. I. (2016). "Perception and Performance about Patients' Medical Information Protection in Allied Health College Students." The Journal of Korean Academic Society of Nursing Education, 22(1), 83-95. https://doi.org/10.5977/jkasne.2016.22.1.83
  10. Choi, Y. & Kang, H. (2016). "A Study on Dental Hygienist' Knowledge, Awareness and Performance of Patient's Personal Information Protection." Journal of the Korea Academia-Industrial cooperation Society, 17(2), 416-426. https://doi.org/10.5762/KAIS.2016.17.2.416
  11. Chou, P. H. B. & Wister, A. V. (2007). "From Cues to Action: Information Seeking and Exercise Self-care among Older Adults Managing Chronic Illness." Canadian Journal on Aging, 24(4), 395-408. https://doi.org/10.1353/cja.2006.0005
  12. Cline, R. R., Farley, J. F., Hansen, R. A. & Schommer, J. C. (2004). "Osteoporosis Beliefs and Antiresorptive Medication Use." 50, 196-208. https://doi.org/10.1016/j.maturitas.2004.05.004
  13. Ha, S. & Kim, H. (2013). "The Effects of User's Security Awareness on Password Security Behavior." Journal of Digital Contents Society, 14(2), 179-189. https://doi.org/10.9728/dcs.2013.14.2.179
  14. Hwang, E. (2006). "The Mediating Effects of Self-Conscious Affects on Depression and Anxiety in Children's Abusive Experience." Master's Thesis, Department of Child Welfare and Studies, Sookmyung Women's University.
  15. Jang, I. & Choi, B. (2014). "Analyzing the Privacy Leakage Prevention Behavior of Internet Users Based on Risk Perception and Efficacy Beliefs : Using Risk Perception Attitude Framework." The Jounal of Society for e-Business Studies, 19(3), 65-89. https://doi.org/10.7838/jsebs.2014.19.3.065
  16. Jeon, J. (2018). "Analysis of motivational and psychological factors affecting information security perception of employees." Master's Thesis, Department of Security Convergence, Chung-AngUniversity.
  17. Joung, Y. (2013). "Seeking for Component Parts of Information Security's Legal Concept :Based on Analysis of Cases about Information Security." Public Law Journal, 14(4), 209-243. https://doi.org/10.31779/plj.14.4.201311.008
  18. Kim, H., Jeon, E. & Kim, S. (2016). "An Empirical Study of People's Perceptions and Attitudes Toward Personal Information Disclosure Online : Focusing on 'Psychological Reactance' in the Big Data Age." Korean Journal of Communication & Information, 80, 143-166.
  19. Kim, J. (2010). "The Effects of victimized Experiences as Internal Cues to Action on Preventive Behavioral Intentions in Cyber Communication: Modifying Health Belief Model." Journal of Cybercommunication Academic Society, 27(3), 5-46.
  20. Kim, J. & Kang, D. (2008). "The Effects of Security Policies, Security Awareness and Individual Characteristics on Password Security Effectiveness." Journal of the Korea Institute of Information Security & Cryptology, 18(4), 123-133.
  21. Kim, J. & Lim, S. (2016). "A Preliminary Research on the Impact of Perception of Personal Information Leakage Incidents on the Behavior of Individual Information Management in the Mobile Banking Contexts." Journal of the Korea Institute of Information Security & Cryptology, 26(3), 735-744. https://doi.org/10.13089/JKIISC.2016.26.3.735
  22. Kim, S. & Park, H. (2013). "An Analysis of Influence Factors on Privacy Protection Awareness and Protection Behavior and moderating Effect of Privacy Invasion Experience." The Journal of Internet Electronic Commerce Resarch, 13(4), 79-105.
  23. Kim, Y. (2018). "The Effects of Trust in Government, Disaster Experience, and Social Capital on Disaster Risk Perception: Focusing on Disaster Victims in Local Areas." Ph.D. Thesis, Department of Public Administration, Yonsei University.
  24. Koo. J. (2016). "Effects of Primary School Students' Human Rights Related Experience on Their Human Rights Awareness." Theory and Research in Citizenship Education, 48(3), 1-25.
  25. Korea Internet & Security Agency (2018). 2017 Survey on Information security(Individual). Korea Internet & Security Agency.
  26. Jang, I. & Choi, B. (2014). "Analyzing the Privacy Leakage Prevention Behavior of Internet Users Based on Risk Perception and Efficacy Beliefs : Using Risk Perception Attitude Framework." The Jounal of Society for e-Business Studies, 19(3), 65-89. https://doi.org/10.7838/jsebs.2014.19.3.065
  27. Jeon, J. (2018). "Analysis of motivational and psychological factors affecting information security perception of employees." Master's Thesis, Department of Security Convergence, Chung-Ang University.
  28. Joung, Y. (2013). "Seeking for Component Parts of Information Security's Legal Concept :Based on Analysis of Cases about Information Security." Public Law Journal, 14(4), 209-243. https://doi.org/10.31779/plj.14.4.201311.008
  29. Lebek, B., Uffen, J., Neumann, M., Hohler, B. & H. Breitner, M. (2014). "Information security awareness and behavior: a theory-based literature review." Management Research Review, 37(12), 1049-1092. https://doi.org/10.1108/MRR-04-2013-0085
  30. Lee, H., Kho, H. Roh, E. & Han, K. (2018). "A Study on the Factors of Experience and Habit on Information Security Behavior of New Services-based on PMT and UTAUT2." Journal of Digital Contents Society, 19(1), 93-102. https://doi.org/10.9728/DCS.2018.19.1.93
  31. Lee, M. (2002). "Articles: The Reactions to Cybercrime victimized: Testing a Generic Model." Korean Journal of Victimology, 10(2), 209-247.
  32. Lee, S. & Park, C. (2014) "A study of the User Privacy Protection Behavior in Online Environment: Based on Protection Motivation Theory." Journal of Internet Computing and Services(JICS), 15(2), 59-71. https://doi.org/10.7472/jksii.2014.15.2.59
  33. Lee, T., Youn, Y. & Kim, H. (2016). "The Analysis of Information Security Awareness Using A Text Mining Approach." Informatization policy, 23(4), 76-94. https://doi.org/10.22693/NIAIP.2016.23.4.076
  34. Lee, Y. (2009). "A Study on Factors Influencing the Preventive Efforts toward Personal Information Privacy." Master's Thesis, Department of Business & Information Education, Sungkyunkwan University.
  35. Lim, J. & Kwon, S. (2018). "An Experimental Study on the Effects of Risk Cognition of Personal Information and Self-Expression Information on Conation of Privacy Protection." Journal of the Korea Institute of Information Security & Cryptology, 28(3), 681-694. https://doi.org/10.13089/JKIISC.2018.28.3.681
  36. Mattson, M. (1999). "Toward a Reconceptualization of Communication Cues to Action in the Health Belief Model: HIV Test Counseling." Communication Monographs, 66, 240-265. https://doi.org/10.1080/03637759909376476
  37. Mha, J. (2016). "Are consumers Really Reasonable Beings?: A Theoretical Approach of Applying Behavioral Economics to Advertising Researches." Advertising Research, 111, 101-131. https://doi.org/10.16914/ar.2016.111.101
  38. Moon, K. & Kim, S. (2017). "Relationship between Information Security Activities of Enterprise and Its Infringement : Mainly on the Effects of Information Security Awareness." Journal of the Korea Institute of Information Security & Cryptology, 27(4), 897-912. https://doi.org/10.13089/JKIISC.2017.27.4.897
  39. Noh, J. & Seo, J. (2016). "Information Security and Its Awareness in Local Governments." Informatization policy, 23(1), 20-37. https://doi.org/10.22693/NIAIP.2016.23.1.020
  40. Park, G. (2015). "A Study on the Determinants of the Internet Privacy Protection Behavior: Focused on the Net Users' Characteristics." Ph. D. Thesis, Department of Public Administration, Hanyang University.
  41. Park, I. Kim, S. & Seo, S. (2010). "Improving Research Information Security in Academic Institutes through the Analysis of Security Awareness and Activities." Journal of the Korea Institute of Information Security & Cryptology, 20(2), 91-108.
  42. Park, J., Kim, B. & Cho, S. (2011). "Primary Factors Affecting Corporate Employees' Attitudes Toward Information Security." korean management review, 40(4), 955-985.
  43. Park, Y. (2016). "A Dual-process Theoretical Interpretation of Decision making under Uncertainty." Ph. D. Thesis, Department of Psychology, Ajou University.
  44. Pharm, H., Brennan, L. & Richardson. J. (2017) "Review of behavioral theories in security compliance and research challenges." Proceedings of the Informing Science + Information Technology Education conference, 65-76.
  45. Rodriguez-Reimann, cNicassio P, Reimann JO, Gallegos PI, Olmedo EL. (2004). "Acculturation and health beliefs of Mexican Americans regarding tuberculosis prevention." J Immigr Health, 6(2), 51-62. https://doi.org/10.1023/B:JOIH.0000019165.09266.71
  46. Rutten, L. J. F. & Iannotti, R. J. (2004). "Health Beliefs, Salience of Breast Cancer Family History, and Involvement with Breast Cancer Issues: Adherences to Annual Mammography Screening Recommendations." Cancer Detection and Prevention, 27, 353-359. https://doi.org/10.1016/S0361-090X(03)00133-8
  47. Sherman, A. C., Pennington, J., Simonton, S., Latif, U., Arent, L. & Farley H. (2008). "Determinants of Participation in Cancer Support Groups: The Role of Health Beliefs." International Journal of Behavioral Medicine, 15, 92-100. https://doi.org/10.1080/10705500801929601
  48. Son, Y. (2015). "A Study on the Relationship between Cognition of personal information protection and Following protection Activities." Master's Thesis, Department of Security Management, Sangmyung University.
  49. Um, M. & Kim, M. (2007). An Exploratory Study on Factors affecting Efforts for Information Protection in Cyber space. Informatization policy, 14(1), 125-143.