Journal of Information Technology Applications and Management

Korea Data Strategy Society (한국데이터전략학회)
권호 표지
DOI QR코드

DOI QR Code

Internal and External Characteristics of Information Security Officers Affecting Organization's Information Security Performance

조직 정보보호성과에 영향을 미치는 정보보호담당임원의 내·외적 특성

  • Oh, Ha-Kyeong (Chungbuk Innovation Institute of Science & Technology) ;
  • Kim, Tae-Sung (Department of Management Information Systems, Chungbuk National University)
  • Received : 2020.07.18
  • Accepted : 2020.07.25
  • Published : 2020.08.31
Download PDF
⟨ Previous Next ⟩

Abstract

Infringement of information security has caused the corporate image to be damaged and share price to fall, and it is emerging as an organizational risk. The value of information assets in enterprises has led to a higher level of security than in the past. As a result, companies are aware of the need for officers to protect information and to oversee a security management system. However, despite the growing importance of information security officers, there is a lack of research on their roles and characteristics. This study validates the relationship between determinants that affect the performance of information security. And a structural equation model was presented and empirically analyzed to see the impact of the internal and external characteristics of the staff in charge of information security on the organization's information security performance.

Keywords

References

  1. Applegate, L. M. and Elam, J. J., "New information systems leaders : a changing role in a changing world", MIS Quarterly, Vol. 16, No. 4, 1992, pp. 469-490. https://doi.org/10.2307/249732
  2. Banker, R. D., Hu, N., Pavlou, P. A., and Luftman, J., "CIO reporting structure, strategic positioning, and firm performance," MIS Quarterly, Vol. 35, No. 2, 2011, pp. 487-504. https://doi.org/10.2307/23044053
  3. Barker, III V. L. and Mueller, G. C., "CEO characteristics and firm R&D spending," Management Science, Vol. 48, No. 6, pp. 782-801, 2002. https://doi.org/10.1287/mnsc.48.6.782.187
  4. Baron, R. M. and Kenny, D. A., "The moderator- mediator variable distinction in social psychological research : conceptual, strategic, and statistical considerations," Journal of Personality and Social Psychology, Vol. 51, No. 6, 1986, pp. 1173-1182. https://doi.org/10.1037/0022-3514.51.6.1173
  5. Bennett, S. C., "Do you need a chief privacy officer", Practical Lawyer-Philadelphia, Vol. 53, No. 1, 2007, pp. 17-20.
  6. Choi, H.-M. and Shin, D.-J., "An analysis of the effects of young children's personal characteristics and external variables on their self-esteem", Korean Journal of Early Childhood Education, Vol. 32, No. 1, 2012, pp. 133-158. https://doi.org/10.18023/kjece.2012.32.1.006
  7. Costa, P. T. and McCrae, R. R., "Professional manual : revised NEO personality inventory( NEO-PI-R) and NEO five-factor inventory(NEO-FFI)", Odessa, FL : Psychological Assessment Resources, 1992.
  8. Daft, R. L. and Lengel, R. H., "Organizational information requirements, media richness and structural design,"Management Science, Vol. 32, No. 5, 1986, pp. 554-571. https://doi.org/10.1287/mnsc.32.5.554
  9. Digman, J. M., "Personality structure : emergence of the five-factor model", Annual Review of Psychology, Vol. 41, No. 1, 1990, pp. 417-440. https://doi.org/10.1146/annurev.ps.41.020190.002221
  10. Doll, W. J. and Torkzadeh, G., "The measurement of end-user computing satisfaction", MIS Quarterly, Vol. 12, No. 2, 1988, pp. 259-274. https://doi.org/10.2307/248851
  11. Financial Services Commission, Electronic Financial Transactions Act, No. 14828, 2017. 04. 18.
  12. Hambrick, D. C. and Mason, P. A., "Upper echelons : the organization as a reflection of its top managers", Academy of Management Review, Vol. 9, No. 2, 1984, pp. 193-206. https://doi.org/10.5465/amr.1984.4277628
  13. Hart, S. L. and Quinn, R. E., "Roles executives play : CEOs, behavioral complexity, and firm performance", Human Relations, Vol. 46, No. 5, 1993, pp. 543-574. https://doi.org/10.1177/001872679304600501
  14. Hong, K.-H., "A study on the effect of information security controls and processes on the performance of information security", Ph.D. Dissertation, Kookmin University, Seoul, Korea, 2003.
  15. Jang, S.-S., Noh, B.-N., and Lee, S.-J., "The effects of the operation of an information security management system on the performance of information security", Journal of KIISE : Information Networking, Vol. 40, No. 1, 2013, pp. 58-69.
  16. Jones, M. C., Taylor, G. S., and Spencer, B.A., "The CEO/CIO relationship revisited : an empirical assessment of satisfaction with IS", Information & Management, Vol. 29, No. 3, 1995, pp. 123-130. https://doi.org/10.1016/0378-7206(95)00014-N
  17. Ju, Y.-J., "A study on the effects of personal characteristics on the organizational citizenship behavior", Master Thesis, Chonnam National University, Kwangju, Korea, 2000.
  18. Kim, J.-K. and Jeon, J.-H., "Comparison of users' perception of information security elements on computer virus between large and small-and-medium companies", Journal of the Korea Institute of Information Security and Cryptology, Vol. 16, No. 5, 2006, pp. 79-92.
  19. Kim, J.-S., Kim, J.-B., and Shin, Y.-T., "A study on the effect of CISO's recognition of the role to the information security performance", The Korean Society of Management Consulting, Vol. 12, No. 4, 2012, pp. 21-34.
  20. Kim, J.-Y. and Kim, T.-S., "Who cares more about security? : effects of personality traits on PC security intention", Information Systems Review, Vol. 20, No. 1, 2018, pp. 99-114. https://doi.org/10.14329/isr.2018.20.1.099
  21. Korea Communications Commission, Act on Promotion of Information and Communications Network Utilization and Information Protection, ETC., No. 15628, 2018. 06. 12.
  22. Korea Internet & Security Agency, 2012 Survey on the Information Security, 2012.
  23. Lee, I.-S., "An analysis of big 5 personality model and business ethics as factors for organizational effectiveness",Korean Management Review, Vol. 32, No. 6, 2003, pp. 1593-1621.
  24. Lee, J.-H. and Kim, J.-W., "Relationship of information technology user personality, security and control", The Journal of Information Systems, Vol. 19, No. 3, 2010, pp. 1-12. https://doi.org/10.5859/KAIS.2010.19.3.001
  25. Li, Y. and Tan, C. H., "Matching business strategy and CIO characteristics : the impact on organizational performance", Journal of Business Research, Vol. 66, No. 2, 2013, pp. 248-259. https://doi.org/10.1016/j.jbusres.2012.07.017
  26. Liang, H. and Xue, Y., "Understanding security behaviors in personal computer usage : a threat avoidance perspective", Journal of the Association for Information Systems, Vol. 11, No. 7, 2010, pp. 394-413. https://doi.org/10.17705/1jais.00232
  27. McBride, M., Carter, L., and Warkentin, M., "Exploring the role of individual employee characteristics and personality on employee compliance with cybersecurity policies", RTI International-Institute for Homeland Security Solutions, 2012.
  28. Ministry of Science and ICT, Act on the Protection of Information and Communications Infrastructure, No. 15376, 2018. 02. 21
  29. Ministry of Science and ICT, Framework Act on National Informatization, No. 15786, 2018. 10. 16.
  30. Ministry of the Interior and Safety, Personal Information Protection Act, No. 14839, 2017.07.26.
  31. Mintzberg, H., "Managerial work : analysis fromobservation",Management Science, Vol. 18, No. 2, 1971, pp. B-97. https://doi.org/10.1287/mnsc.18.2.B97
  32. Ng, B. Y., Kankanhalli, A., and Xu, Y. C., "Studying users' computer security behavior : a health belief perspective", Decision Support Systems, Vol. 46, No. 4, 2009, pp. 815-825. https://doi.org/10.1016/j.dss.2008.11.010
  33. Park, M.-J., Chai, S.-M., and Lee, M.-J., "A study on the establishment of Data Protection Officer(DPO) position under GDPR enactment", Journal of Korean Institute of Communications and Information Sciences, Vol. 43, No. 2, 2018, pp. 427-438. https://doi.org/10.7840/kics.2018.43.2.427
  34. Selznick, P., Leadership in Administration, New Yotk : Harper and Row, 1957.
  35. Shin, H.-C. and Yoon, S.-M., "The role of big-five personality traits as the individual difference variable affecting the effectiveness of happiness-enhancing intervention activities", Korean Journal of Counseling and Psychotherapy, Vol. 25, No. 2, 2013, pp. 275-308.
  36. Shropshire, J., Warkentin, M., and Sharma, S., "Personality, attitudes, and intentions : predicting initial adoption of information security behavior", Computers & Security, Vol. 49, 2015, pp. 177-191. https://doi.org/10.1016/j.cose.2015.01.002
  37. Song, J.-J., SPSS/AMOS statistical analysis method for writing papers, Oct. 2015.
  38. Sun, H.-G., "A study on the effect of information security policy and organization on the performance of information security", Proceedings of the Korea Society of Management information Systems, 2005, pp. 1087-1095.
  39. Veritas, Veritas Global Data Privacy Consumer Study, 2018.
  40. Watson, R. T., "Influences on the IS manager's perceptions of key issues : information scanning and the relationship with the CEO", MIS Quarterly, Vol. 14, No. 2, 1990, pp. 217-231. https://doi.org/10.2307/248780
  41. Wee, J.-W., Jang, J.-Y., and Kim, B.-S., "The impact of CPO characteristics on organizational privacy performance", Asia Pacific Journal of Information Systems, Vol. 24, No. 1, 2014, pp. 95-114. https://doi.org/10.14329/apjis.2014.24.1.095
  42. Wood, C. C., "Policies alone do not constitute a sufficient awareness effort",Computer Fraud & Security, No. 12, 1997, pp. 14-19.
  43. Yoo, J.-H., Jie, S.-H., and Lim, J.-I., "Estimating direct costs of enterprises by personal information security breaches", International Journal of Reliable Information and Assurance, Vol. 19, No. 4, 2009, pp. 63-75.
  44. Yoo, T.-Y. and Min, B. M., "Predictability of big-five personality model to performance in a variety of settings and its limitation : a meta-analysis", Korean Journal of Industrial and Organizational Psychology, Vol. 14, No. 2, 2001, pp. 115-134.