Journal of Information Technology Services (한국IT서비스학회지)

Korea Society of IT Services (한국IT서비스학회)
권호 표지
DOI QR코드

DOI QR Code

Security Enhancement of Public Organization Members Based on the Protection Motivation Theory

보호동기이론에 기반한 조직구성원의 보안강화 : 보안정책에 대한 신뢰와 보안스트레스의 매개효과를 중심으로

  • 최희영 (아주대학교 경영대학 경영정보학과) ;
  • 강주영 (아주대학교 경영대학 e-비즈니스학과)
  • Received : 2020.11.12
  • Accepted : 2020.12.24
  • Published : 2020.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

"I think security is only trying to make it uncomfortable." "10% of my work is entering IDs and passwords, such as boot passwords, mobile phone authentication numbers, etc." As reflected in the complaint above, stress caused by information security among organizations' members is increasing. In order to strengthen information security, practical solutions to reduce stress are needed because the motivation of the members is needed in order for organizations to function properly. Therefore, this study attempts to suggest key factors that can enhance security while reducing information security stress among members of organizations. To this end, based on the theory of protection motivation, trust and security stress from information security policies are set as mediating factors to explain changes in security reinforcement behavior. Furthermore, risk, efficacy, and reaction costs of cyberattacks are considered as prerequisites. Our study suggests a solution to the security reinforcement problem by analyzing the factors that influence the behavior of members of organizations. In turn, this can raise protection motivation among members.

Keywords

References

  1. 김상현, 송영미, "조직구성원들의 정보보안 정책 준수 동기요인에 관한 연구", e-비즈니스연구, 제12권, 제3호, 2011, 327-349.
  2. 김종기, 김상희, "온라인 환경에서 프라이버시 행동의도에 미치는 영향-보호동기이론을 중심으로", 정보화정책, 제20권, 제3호, 2013, 63-85.
  3. 박철주, 임명성, "보안 대책이 지속적 보안 정책 준수에 미치는 영향", 디지털융복합연구, 제10권, 제4호, 2012, 23-35. https://doi.org/10.14400/JDPM.2012.10.4.023
  4. 오진욱, 백승익, "정보보호 정책의 전유과정이 정보보호 준수의도에 미치는 영향에 대한 탐색적 연구 : 콜센터와 병원 종사자들을 중심으로", 한국IT서비스학회지, 제19권, 제5호, 2020, 15-31. https://doi.org/10.9716/KITS.2020.19.5.015
  5. 우형진, "지각된 사이버 보안 위험이 개인정보보호 증진을 위한 기술채택 및 지속이용 행위의도에 미치는 영향에 관한 연구 : 관여도, 보호동기, 비용지불의사를 중심으로", 언론과학연구, 제14권, 제2호, 2014, 220-257.
  6. 임광수, 권헌영, "통제수용자에 의해 인지된 정보보안정책 특성요인이 보안스트레스와 보안준수 의도에 미치는 영향에 대한 연구", 한국인터넷방송통신학회 논문지, 제16권, 제6호, 2016, 243-253.
  7. 황성민, "보안관제에서의 보호동기요인이 자기효능감과 보안신뢰를 통해 정보보안성과에 미치는 영향", 건국대학교 정보통신대학원 석사학위논문, 2018.
  8. 황인호, 김승욱, "조직원의 정보보안 관련 업무 스트레스에 대한 억제 및 업무대처에 대한 연구", e-비즈니스연구, 제18권, 제3호, 2017, 147-164. https://doi.org/10.15719/GEBA.18.3.201706.147
  9. Bulgurcu, B., H. Cavusoglu, and I. Benbasat, "Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness", MIS Quarterly, Vol.34, No.3, 2010, 523-555. https://doi.org/10.2307/25750690
  10. CCTV뉴스, "개인 직무효율성 떨어뜨리는 정보보안테크노스트레스", 2019, https://www.cctvnews..co.kr/news/articleView.html?idxno=108330
  11. Efron, B. and R. Tibshirani, "Improvements on Cross-Validation : The .632+ Bootstrap Method", Journal of the American Statistical Association, Vol.92, No.438, 1997, 548-560. https://doi.org/10.2307/2965703
  12. Huigang, L. and X. Yajiong, "Understanding Security Behaviors in Personal Computer Usage : A Threat Avoidance Perspective", Journal of the Association for Information Systems, Vol.11, No.7, 2010, 394-414. https://doi.org/10.17705/1jais.00232
  13. Ifinedo, P., "Understanding Information Systems Security Policy Compliance : An Integration of the Theory of Planned Behavior and the Protection Motivation Theory", Computers and Security, Vol.31, No.1, 2012, 83-95. https://doi.org/10.1016/j.cose.2011.10.007
  14. James, C.A. and W.G. David, "Structural Equation Modeling in Practice : A Review and Recommended Two-Step Approach", Psychological Bulletin, Vol.103, No.3, 1988, 411-412. https://doi.org/10.1037//0033-2909.103.3.411
  15. Johnston, A.C. and M. Warkentin, "Fear Appeals and Information Security Behaviors : An Empirical Study", MIS Quarterly, Vol.34, No.3, 2010, 549-570. https://doi.org/10.2307/25750691
  16. Kim, J. and S. Kim, "Privacy Behavioral Intention in Online Environment : Based on Protection Motivation Theory", Informatization Policy, Vol.20, No.3, 2013, 63-85.
  17. Mayer, R.C., J.H. Davis, and F.D. Schoorman, "An Integrative Model of Organizational Trust", Academy of Management Review, Vol.20, No.3, 1995, 709-734. https://doi.org/10.5465/AMR.1995.9508080335
  18. Nunally, J.C., Psychometric Theory, 2nd ed, New York, NY : McGraw-Hill, 1978.
  19. Ramachandran, S. and S. Rao, "Security Cultures in Organizations : A Theoretical Model", AMCIS 2006 Proceedings, 2006.
  20. Rogers, R.W., "A Protection Motivation Theory of Fear Appeals and Attitude Change", Journal of Psychology, Vol.91, No.1, 1975, 93-114. https://doi.org/10.1080/00223980.1975.9915803
  21. Siponen, M., S. Pahnila, and A. Mahmood, "Factors Influencing Protection Motivation and Is Security Policy Compliance", Proceedings of 2006 Innovations in Information Technology, 2006.
  22. Siponen, M. and A. Vance, "Neutralization : New Insights into the Problem of Employee Information Systems Security Policy Violations", MIS Quarterly, Vol.34, No.3, 2010, 487-502. https://doi.org/10.2307/25750688
  23. Safa, S.N., R. Von Solms, and S. Furnell, "Information Security Policy Compliance Model in Organizations", Computers and Security, Vol.56, 2016, 70-82. https://doi.org/10.1016/j.cose.2015.10.006
  24. Stanton, J.M., K.R. Stam, P. Mastrangelo, and J. Jolton, "Analysis of End User Security Behaviors", Computers and Security, Vol.24, No.2, 2005, 124-133. https://doi.org/10.1016/j.cose.2004.07.001
  25. Tarafdar, M., Q. Tu, S. Ragu-Nathan Bhanu, and T.S. Ragu-Nathan, "The Impact of Technostress on Role Stress and Productivity", Journal of Management Information Systems, Vol.4, No.1, 2007, 301-328.
  26. Woon, I., G.-W. Tan, and R. Low, "A Protection Motivation Theory Approach to Home Wireless Security", ICIS 2005 Proceedings, 2005.