DOI QR코드

DOI QR Code

A Study on the Mitigation of Information Security Avoid Behavior: From Goal Setting, Justice, Trust perspective

정보보안 회피행동 완화에 대한 연구: 정보보안 관련 목표설정, 공정성, 신뢰의 관점을 중심으로

  • Hwang, In-Ho (Department of General Education, Kookmin University)
  • Received : 2020.09.18
  • Accepted : 2020.12.20
  • Published : 2020.12.28

Abstract

Globally, information protection of organization has become an essential management factor, and organizations continue to invest high-level resources for information security. Security threats from insiders are not decreasing. The purpose of this study is to present the antecedence factors to mitigate the role conflict that is the cause of the security avoid behavior. For the study, a survey was conducted for employees of organizations with information security policies, and structural equation modeling was conducted using a total of 383 samples for hypothesis verification. As a result of the analysis, role conflict increased avoid behavior, and goal difficulty, goal specificity, justice, and trust mitigated role conflict. In particular, justice influenced the reduction of role conflict and avoid behavior through trust. The implications were to present the causes and mitigation factors for avoid behavior of employee, and it is judged that it will help the organization to establish a security strategy.

세계적으로, 정보보호는 조직의 필수적인 관리 조건이 되고 있으며, 조직들은 정보보안을 위하여 높은 수준의 자원을 지속적으로 투자하고 있다. 조직 내부자들의 보안 위협은 감소하지 않고 있어, 정보보안 행동 준수를 위한 관심이 필요한 상황이다. 본 연구의 목적은 조직원들의 보안 회피 행동의 원인인 역할갈등을 완화시키기 위한 선행 요인을 제시하는 것이다. 연구는 정보보안 정책을 보유한 조직에서 근무하는 조직원을 대상으로 설문을 실시하였으며, 383개의 표본을 활용하여 구조방정식모델링을 통한 가설 검증을 하였다. 가설 검증 결과, 역할갈등이 회피행동을 증가시키는 것으로 나타났으며, 목표 난이도와 세밀성, 공정성, 신뢰가 역할갈등을 완화하는 것으로 나타났다. 특히, 공정성은 신뢰를 통해 역할갈등과 회피 행동 감소에 영향을 주는 것으로 나타났다. 연구 결과는 조직원의 정보보안 회피행동 원인과 완화 요인을 제시함으로써, 정보보안 수준 향상을 위한 정보보안 전략 수립에 영향을 줄 것으로 판단한다.

Keywords

Acknowledgement

This work was supported by the Ministry of Education of the Republic of Korea and the National Research Foundation of Korea(NRF-2018S1A5A8027420)

References

  1. Security News. (2020). 2020 Security Market Report.
  2. Grand View Research. (2020). Cyber Security Market Size, Share & Trends Analysis Report By Component, By Security Type, By Solution, By Service, By Deployment, By Organization, By Application, By Region, And Segment Forecasts, 2020 - 2027.
  3. I. Hwang & S. Hu. (2018). A Study on the Influence of Information Security Compliance Intention of Employee: Theory of Planned Behavior, Justice Theory, and Motivation Theory Applied. Journal of Digital Convergence, 16(3), 225-236. DOI : 10.14400/JDC.2018.16.3.225.
  4. K. D. Loch, H. H. Carr & M. E. Warkentin. (1992). Threats to Information Systems: Today's Reality, Yesterday's Understanding. MIS Quarterly, 16(2), 173-186. DOI : 10.2307/249574.
  5. Verizon. (2019). 2019 data breach investigations report.
  6. R. West. (2008). The Psychology of Security. Communications of the ACM, 51(4), 34-40. DOI : 10.1145/1330311.1330320.
  7. J. Han & Y. Kim. (2015). Investigating of Psychological Factors Affecting Information Security Compliance Intention: Convergent Approach to Information Security and Organizational Citizenship Behavior. Journal of Digital Convergence, 13(8), 133-144. https://doi.org/10.14400/JDC.2015.13.8.133
  8. S. Aurigemma & T. Mattson. (2017). Deterrence and Punishment Experience Impacts on ISP Compliance Attitudes. Information and Computer Security, 25(4), 421-436. DOI : 10.1108/ICS-11-2016-0089.
  9. B. Bulgurcu, H. Cavusoglu & I. Benbasat. (2010). Information Security Policy Compliance: An Empirical Study of Rationality-based Beliefs and Information Security Awareness, MIS Quarterly, 34(3), 523-548. https://doi.org/10.2307/25750690
  10. J. Y. Son. (2011). Out of Fear or Desire? Toward a Better Understanding of Employees' Motivation to Follow IS Security Policies. Information & Management, 48(7), 296-302. DOI : 10.1016/j.im.2011.07.002.
  11. N. S. Safa, C. Maple, S. Furnell, M. A. Azad, C. Perera, M. Dabbagh & M. Sookhak. (2019). Deterrence and Prevention-based Model to Mitigate Information Security Insider Threats in Organisations. Future Generation Computer Systems, 97, 587-597. DOI : 10.1016/j.future.2019.03.024.
  12. I. Hwang & O. Cha. (2018). Examining Technostress Creators and Role Stress as Potential Threats to Employees' Information Security Compliance. Computers in Human Behavior, 81, 282-293. DOI : 10.1016/j.chb.2017.12.022.
  13. J. D'Arcy & P. L. Teh. (2019). Predicting Employee Information Security Policy Compliance on a Daily Basis: The Interplay of Security-related Stress, Emotions, and Neutralization. Information & Management, 56(7), 103151. DOI : 10.1016/j.im.2019.02.006.
  14. I. Hwang & H. Lee. (2016). The Employee's Information Security Policy Compliance Intention: Theory of Planned Behavior, Goal Setting Theory, and Deterrence theory Applied. Journal of Digital Convergence, 14(7), 155-166, DOI : 10.14400/JDC.2016.14.7.155.
  15. J. M. Stanton, K. R. Stam, P. Mastrangelo & J. Jolton. (2005). Analysis of End User Security Behaviors. Computers and Security, 24(2), 124-133. DOI : 10.1016/j.cose.2004.07.001.
  16. Y. Chen & F. M. Zahedi. (2016). Individuals' Internet Security Perceptions and Behaviors: Polycontextual Contrasts Between the United States and China. MIS Quarterly, 40(1), 205-222. https://doi.org/10.25300/MISQ/2016/40.1.09
  17. H. Liang & Y. Xue. (2010). Understanding Security Behaviors in Personal Computer Usage: A Threat Avoidance Perspective. Journal of the Association for Information Systems, 11(7), 394-413. DOI : 10.17705/1jais.00232
  18. P. S. Galluch, V. Grover & J. B. Thatcher. (2015). Interrupting the Workplace: Examining Stressors in an Information Technology Context. Journal of the Association for Information Systems, 16(1), 1-47. DOI : 10.17705/1jais.00387.
  19. R. Ayyagari, V. Grover & R. Purvis. (2011). Technostress: Technological Antecedents and Implications. MIS Quarterly, 35(4), 831-858. DOI : 10.2307/41409963.
  20. K. J. Lauver & A. Kristof-Brown. (2001). Distinguishing between Employees' Perceptions of Person-Job and Person-Organization Fit. Journal of Vocational Behavior, 59(3), 454-470. DOI : 10.1006/jvbe.2001.1807.
  21. M. Tarafdar, Q. Tu, B. S. Ragu-Nathan & T. S. Ragu-Nathan. (2007). The Impact of Technostress on Role Stress and Productivity. Journal of Management Information Systems, 24(1), 301-328. DOI : 10.2753/MIS0742-1222240109.
  22. M. Tarafdar, E. Bolman Pullins & T. S. Ragu-Nathan. (2014). Examining Impacts of Technostress on the Professional Salesperson's Behavioral Performance. Journal of Personal Selling and Sales Management, 34(1), 51-69. DOI : 10.1080/08853134.2013.870184.
  23. J. D'Arcy, T. Herath & M. K. Shoss. (2014). Understanding Employee Responses to Stressful Information Security Requirements: A Coping Perspective. Journal of Management Information Systems, 31(2), 285-318. DOI : 10.2753/MIS0742-1222310210.
  24. I. Hwang & S. Ahn. (2019). The Effect of Organizational Justice on Information Security-Related Role Stress and Negative Behaviors. Journal of The Korea Society of Computer and Information, 24(11), 87-98. DOI: 10.9708/jksci.2019.24.11.087.
  25. D. Nachmias. (1985). Determinants of Trust within the Federal Bureaucracy. In Rosenbloom, D. H. (Eds), Public Personnel Policy: The Politics of Civil Service, New York: Associated Faculty Press, Port Washington, 133-143.
  26. R. C. Mayer, J. H. Davis & F. D. Schoorman. (1995). An Integrative Model of Organizational Trust. Academy of Management Review, 20(3), 709-734. DOI : 10.5465/amr.1995.9508080335
  27. N. Gillespie & G. Dietz. (2009). Trust Repair After an Organization-Level Failure. Academy of Management Review, 34(1), 127-145. DOI : 10.5465/amr.2009.35713319.
  28. V. Agarwal. (2013). Investigating the Convergent Validity of Organizational Trust. Journal of Communication Management. 17(1), 24-39. DOI : 10.1108/13632541311300133.
  29. R. J. Lewicki, D. J. McAllister & R. J. Bies. (1998). Trust and Distrust: New Relationships and Realities. Academy of Management Review, 23(3), 438-458. DOI : 10.5465/amr.1998.926620
  30. M. Top, M. Akdere & M. Tarcan. (2015). Examining Transformational Leadership, Job Satisfaction, Organizational Commitment and Organizational Trust in Turkish Hospitals: Public Servants Versus Private Sector Employees. The International Journal of Human Resource Management, 26(9), 1259-1282. DOI : 10.1080/09585192.2014.939987.
  31. M. A. Krosgaard, S. E. Brodt & E. M. Whitener. (2002). Trust in the Face of Conflict: The Role of Managerial Trustworthy Behavior and Organizational Context. Journal of Applied Psychology, 87(2), 312-319. DOI : 10.1037/0021-9010.87.2.312.
  32. P. B. Lowry, C. Posey, R. B. J. Bennett & T. L. Roberts. (2015). Leveraging Fairness and Reactance Theories to Deter Reactive Computer Abuse Following Enhanced Organisational Information Security Policies: An Empirical Study of the Influence of Counterfactual Reasoning and Organisational Trust. Information Systems Journal, 25(3), 193-273. DOI : 10.1111/isj.12063.
  33. J. Guinot, R. Chiva & V. Roca-Puig. (2014). Interpersonal Trust, Stress and Satisfaction at Work: An Empirical Study. Personnel Review, 43(1), 96-115. DOI : 10.1108/PR-02-2012-0043.
  34. M. Top & S. Tekingunduz. (2018). The Effect of Organizational Justice and Trust on Job Stress in Hospital Organizations. Journal of Nursing Scholarship, 50(5), 558-566. DOI : 10.1111/jnu.12419.
  35. E. A. Locke & G. P. Latham. (2006). New Directions in Goal Setting Theory. Current Directions in Psychological Science, 15(5), 265-268. DOI: 10.1111/j.1467-8721.2006.00449.x.
  36. B. E. Wright. (2004). The Role of Work Context in Work Motivation: A Public Sector Application of Goal and Social Cognitive Theories. Journal of Public Administration Research and Theory, 14(1), 59-78. DOI : 10.1093/jopart/muh004
  37. R. D. Pritchard, S. D. Jones, P. L. Roth, K. K. Stuebing & S. E. Ekeberg. (1988). Effects of Group Feedback, Goal Setting, and Incentives on Organizational Productivity. Journal of Applied Psychology, 73(2), 337-358. https://doi.org/10.1037//0021-9010.73.2.337
  38. R. Vollmeyer, B. D. Burns & K. J. Holyoak. (1996). The Impact of Goal Specificity on Strategy Use and the Acquisition of Problem Structure. Cognitive Science, 20(1), 75-100. DOI : 10.1207/s15516709cog2001_3.
  39. J. M. Diefendorff & G. A. Seaton. (2015). Work Motivation. International Encyclopedia of the Social & Behavioral Sciences, 2nd edn. Elsevier, Oxford, 680-686.
  40. C. C. Pinder. (1998). Work Motivation in Organizational Behavior. Upper Saddle River, NJ: Prentice Hall.
  41. I. Hwang & S. Kim. (2018). A Study on the Influence of Organizational Information Security Goal Setting and Justice on Security Policy Compliance Intention. Journal of Digital Convergence. 16(2), 117-126. DOI : 10.14400/JDC.2018.16.2.117.
  42. I. Koskosas. (2008). Goal Setting and Trust in a Security Management Context. Information Security Journal: A Global Perspective, 17(3), 151-161. DOI : 10.1080/19393550802290337.
  43. J. C. Quick. (1979). Dyadic Goal Setting and Role Stress: A Field study. Academy of Management Journal, 22(2), 241-252. DOI : 10.5465/255587.
  44. C. Lee & R. S. Schuler. (1980). Goal Specificity and Difficulty and Leader Initiating Structure as Strategies for Managing Role Stress. Journal of Management, 6(2), 177-187. DOI : 10.1177/014920638000600206.
  45. R. H. Moorman. (1991). Relationship between Organizational Justice and Organizational Citizenship Behaviors: Do Fairness Perceptions Influence Employee Citizenship?. Journal of Applied Psychology, 76(6), 845-855. DOI : 10.1037/0021-9010.76.6.845.
  46. J. A. Colquitt. (2001). On the Dimensionality of Organizational Justice: A Construct Validation of a Measure. Journal of Applied Psychology, 86(3), 386-400. https://doi.org/10.1037/0021-9010.86.3.386
  47. B. Meyer. (2001). Allocation Processes in Mergers and Acquisitions: An Organizational Justice Perspective. British Journal of Management, 12(1), 47-66. DOI : 10.1111/1467-8551.00185.
  48. Y. T. Wong, H. Y. Ngo & C. S. Wong. (2006). Perceived Organizational Justice, Trust, and OCB: A Study of Chinese Workers in Joint Ventures and State-owned Enterprises. Journal of World Business, 41(4), 344-355. DOI : 10.1016/j.jwb.2006.08.003.
  49. H. Zeinabadi & K. Salehi. (2011). Role of Procedural Justice, Trust, Job Satisfaction, and Organizational Commitment in Organizational Citizenship Behavior (OCB) of Teachers: Proposing a Modified Social Exchange Model. Procedia-Social and Behavioral Sciences, 29, 1472-1481. DOI : 10.1016/j.sbspro.2011.11.387.
  50. Y. Xue, H. Liang & L. Wu. (2011). Punishment, Justice, and Compliance in Mandatory IT Settings. Information Systems Research, 22(2), 400-414. DOI : 10.1287/isre.1090.0266.
  51. K. A. Alshare, P. L. Lane & M. R. Lane. (2018). Information Security Policy Compliance: A Higher Education Case Study. Information & Computer Security. 26(1), 91-108, DOI : 10.1108/ICS-09-2016-0073.
  52. H. Li, R. Sarathy, J. Zhang & X. Luo. (2014). Exploring the Effects of Organizational Justice, Personal Ethics and Sanction on Internet Use Policy Compliance. Information Systems Journal, 24(6), 479-502. DOI : 10.1111/isj.12037.
  53. J. Cho, J. Yoo & J. Lim. (2019). An Impact Analysis of Information Security Professional's Job Stress and Job Satisfaction to Turnover Intention: Moderation of Organizational Justice. Journal of Society for e-Business Studies, 24(3), 143-161, DOI: 10.7838/jsebs.2019.24.3.143.
  54. M. L. Ambrose & M. Schminke. (2009). The Role of Overall Justice Judgments in Organizational Justice Research: A Test of Mediation. Journal of Applied Psychology, 94(2), 491-500. DOI : 10.1037/a0013203.
  55. J. C. Nunnally. (1978). Psychometric theory (2nd ed.). New York: McGraw-Hill.
  56. B. H. Wixom & H. J. Watson. (2001). An Empirical Investigation of the Factors Affecting Data Warehousing Success, MIS Quarterly, 25(1), 17-41. DOI : 10.2307/3250957.
  57. C. Fornell & D. F. Larcker. (1981). Evaluating Structural Equation Models with Unobservable Variables and Measurement Error, Journal of Marketing Research, 18(1), 39-50. DOI: 10.1177/002224378101800104.
  58. S. G. West. J. F., Finch & P. J. Curran. (1995). Structural Equation Models with Non-normal Variables: Problems and Remedies. In R. H. Hoyl (Ed.). Structural Equation Modeling: Conceots, Issues, and Applications, pp. 56-75. Thousand Oaks, CA: Sage.
  59. P. M. Podsakoff, S. B. MacKenzie, J. Y. Lee & N. P. Podsakoff. (2003). Common Method Biases in Behavioral Research: A Critical Review of the Literature and Recommended Remedies. Journal of Applied Psychology, 88(5), 879-903. DOI : 10.1037/0021-9010.88.5.879.