디지털융복합연구 (Journal of Digital Convergence)

  • 제19권11호
  • /
  • Pages.327-339
  • /
  • 2021
  • /
  • 2713-6434(pISSN)
  • /
  • 2713-6442(eISSN)
한국디지털정책학회 (The Society of Digital Policy and Management)
권호 표지
DOI QR코드

DOI QR Code

보안 정책 준수 동기에 관한 연구:기술 위협 회피 관점에서

Security Policy Compliance Motivation: From Technology Threat Avoidance Perspective

  • 투고 : 2021.08.27
  • 심사 : 2021.11.20
  • 발행 : 2021.11.28
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

본 연구는 TTAT를 기반으로 정보보안 정책의 관점에서 보안 정책의 특성(정책의 취약성, 정책의 효과성, 정책 준수 비용, 정책 준수 효능감, 사회적 영향력)이 조직의 정보보안 정책 준수 동기에 미치는 영향을 살펴보기 위해 수행되었다. 분석 결과는 다음과 같다. 첫째, 보안 정책의 위협은 정책 준수 동기에 유의한 영향을 미치는 것으로 나타났다. 둘째, 정책의 효과성은 준수 동기에 통계적으로 유의한 영향을 미치지 못하는 것으로 나타났다. 셋째, 정책 준수 비용은 정책 준수 동기에 유의한 영향을 미치는 것으로 나타났다. 넷째, 정책 준수 효능감은 회피 동기에 유의한 영향을 미치지 못하는 것으로 나타났다. 마지막으로, 사회적 영향력은 준수 동기에 유의한 영향을 미치는 것으로 나타났다.

The ultimate aim of this study is to examine the effect of security policy characteristics (policy threat, policy effectiveness, policy compliance cost, policy compliance self-efficacy, social influence) on organizational information security policy compliance motivation based on TTAT (Technology Threat Avoidance Theory). We found the following results. First, the security policy threat has a significant positive effect on policy compliance motivation. Second, it was found that the policy effectiveness has a statistically significant effect on the compliance motivation. Third, the policy compliance cost has an influence on the policy compliance motivation. Fourth, the policy compliance self-efficacy does not have an effect on compliance motivation. Finally, social influence has a significant effect on compliance motivation.

키워드

참고문헌

  1. H. Liang & Y. Xue (2009). Avoidance of Information Technology Threats: A Theoretical Perspective. MIS Quarterly, 33(1), 71-90. DOI: 10.2307/20650279
  2. H. Chen & W. Li (2017). Mobile Device Users' Privacy Security Assurance Behavior: A Technology Threat Avoidance Perspective. Information & Computer Security, 25(3), 330-344. DOI: 10.1108/ICS-04-2016-0027
  3. W. A. Cram, J. F. Proudfoot & J. D'Arcy (2017). Organizational Information Security Policies: A Review and Research Framework. European Journal of Information Systems, 26, 605-641. DOI: 10.1057/s41303-017-0059-9
  4. H. Liang & Y. Xue (2010). Understanding Security Behaviors in Personal Computer Usage: A Threat Avoidance Perspective. Journal of the Association for Information Systems, 11(7), 394-413. DOI: 10.17705/1jais.00232
  5. A. R. Gillam & W. T. Foster (2020). Factors Affecting Risky Cybersecurity Behaviors by U.S. Workers: An Exploratory Study. Computers in Human Behavior, 108, 106319. DOI: 10.1016/j.chb.2020.106319
  6. V. Cho & W. H. Ip (2018). A Study of BYOD Adoption from the Lens of Threat and Coping Appraisal of Its Security Policy. Enterprise Information Systems, 12(6), 659-673. DOI: 10.1080/17517575.2017.1404132
  7. J. D'Arcy & P. B. Lowry (2019). Cognitive-affective Drivers of Employees' Daily Compliance with Information Security Policies: A Multilevel, Longitudinal Study. Information Systems Journal, 29, 43-69. DOI: 10.1111/isj.12173
  8. M. S. Yim (2018). An Exploratory Research on Factors Influence Perceived Compliance Cost and Information Security Awareness in Small and Medium Enterprise. Journal of the Korea Convergence Society, 9(9), 69-81. DOI: 10.15207/JKCS.2018.9.9.069
  9. C. Liu, N. Wang & H. Liang (2020). Motivating Information Security Policy Compliance: The Critical Role of Supervisor-Surbordinate Guanxi and Organizational Commitment. International Journal of Information Management, 54, 102152. DOI: 10.1016/j.ijinfomgt.2020.102152
  10. J. D'Arcy, A. Hovav & D. Galletta (2009). User Awareness of Security Countermeasures and Its Impact on Information Systems Misue: A Deterrence Approach. Information Systems Research, 20(1), 79-98. DOI: 10.1287/isre.1070.0160
  11. D. Q. Chen & H. Liang (2019). Wishful Thnking and IT Threat Avoidance: An Extension to the Technology Threat Avoidance Theory. IEEE Transactions on Engineering Management, 66(4), 552-567. DOI: 10.1109/TEM.2018.2835461
  12. D. Young, D. Carpenter & A. McLeod (2016). Malware Avoidance Motivations and Behaviors: A Technology Threat Avoidance Replication. AIS Transactions on Replication Research, 2, 1-17. DOI: 10.17705/1atrr.00015
  13. N. A. G. Arachchilage & S. Love (2014). Security Awareness of Computer Users: A Phishing Threat Avoidance Perspective. Computers in Human Behavior, 38, 304-312. DOI: 10.1016/j.chb.2014.05.046
  14. E. Ikhalia, A. Serrano, D. Bell & P. Louvieris (2019). Online Social Netwokr Security Awareness: Mass Interpersonal Persuasion Using a Facebook App. Information Technology & People, 32(5), 1276-1300. DOI: 10.1108/ITP-06-2018-0278
  15. G. P. Z. Montesdioca & A. C. G. Macada (2015). Measuring User Satisfaction with Information Security Practices. Computers & Security, 48, 267-280. DOI: 10.1016/j.cose.2014.10.015
  16. S. Goel & I N. Chengalur-Smith (2010). Metrics for Characterizing the Form of Security Policies. Journal of Strategic Information Systems, 19, 281-295. DOI: 10.1016/j.jsis.2010.10.002
  17. M. S. Yim (2016). A Study on the Level of Perception about Information Security Countermeasures: Differences between Managers and Non-Managers. Korean Management Consulting Review, 16(4), 33-41.
  18. C. S. Carver & M. F. Scheier (1982). Control Theory: A Useful Conceptual Framework for Personality-Social, Clinical, and Health Psychology. Psychological Bulletin, 92(1), 111-135. DOI: 10.1037/0033-2909.92.1.111
  19. J. R. Edwards (1992). A Cybernetic Theory of Stress, Coping, and Well-being in Organizations. Academy of Management Review, 17(2), 238-273. DOI: 10.5465/amr.1992.4279536
  20. S. Boysen, B. Hewitt, D. Gibbs & A. McLeod (2019). Refining the Threat Calculus of Technology Threat Avoidance Theory. Communications of the Association for Information Systems, 45, 95-115. DOI: 10.17705/1CAIS.04505
  21. D. Carpenter, D. K. Young, P. Barrett & A. J. McLeod (2019). Refining Technology Threat Avoidance Theory. Communications of the Association for Information Sytems, 44, 380-407. DOI: 10.17705/1CAIS.04422
  22. A. Vance, B. B. Anderson, C. B. Kirwan & D. Earle (2014). Using Measures of Risk Perception to Predict Information Security Behavior: Insights from Electroencephalography (EEG). Journal of the Association for Information Systems, 15(10, 679-722. DOI: 10.17705/1jais.00375
  23. J. Jansen & P. van Schaik (2017). Comparing Three Models to Explain Precautionary Online Behavioural Intentions. Information & Computer Security, 25(2), 165-180. DOI: 10.1108/ICS-03-2017-0018
  24. A. R. Gillam & A. M. Waite (2021). Gender Differences in Predictors of Technology Threat Avoidance. Information & Computer Security, 29(3), 393-412. DOI: 10.1108/ICS-01-2020-0008
  25. M. Chan, I. Woon & A. Kankanhalli (2005). Perceptions of Information Security in the Workplace: Linking Information Security Climate to Compliant Behavior. Journal of Information Privacy & Security, 1(3), 18-41. DOI: 10.1080/15536548.2005.10855772
  26. T. Herath & H. R. Rao (2009). Protection Motivation and Deterrence: A Framework for Security Policy Compliance in Organisations. European Journal of Information Systems, 18, 106-125. DOI: 10.1057/ejis.2009.6
  27. A. C. Johnston, M. Warkentin & M. Siponen (2015). An Enhanced Fear Appeal Rhetorical Framework: Leveraging Threats to the Human Asset through Sanctioning Rhetoric. MIS Quarterly, 39(1), 113-134. DOI: 10.25300/MISQ/2015/39.1.06
  28. V. Venkatesh, M. G. Morris, G. B. Davis & F. D. Davis (2003). User Acceptance of Information Technology: Toward a Unified View. MIS Quarterly, 27(3), 425-278. DOI: 10.2307/30036540
  29. J. Nunnally (1978). Psychometric Theory, 2 nd eds. New York: McGraw-Hill.
  30. M. S. Yim (2018). Factor Analysis for Exploratory Research in the Distribution Science Field. Journal of Distribution Science, 13(9), 103-112. DOI: 10.15722/jds.13.9.201509.103
  31. M. S. Yim (2019). A Study on Factor Analytical Methods and Procedures for PLS-SEM (Partial Least Squares Structural Equation Modeling). Journal of Industrial Distribution & Business, 10(5), 7-20. DOI: 10.13106/ijidb.2019.vol10.no5.7.
  32. D. Harman (1976). A Single Factor Test of Common Method Variance. Journal of Psychology, 35, 359-379.
  33. C. M. Fuller, M. J. Simmering, G. Atinc, Y. Atinc & B. J. Babin (2016). Common Methods Variance Detection in Business Research. Journal of Business Research, 69, 3192-3198. DOI: 10.1016/j.jbusres.2015.12.008
  34. J. F. Hair, G. T. M. Hult, G. Ringle & M. Sarstedt (2016). A Primer on Partial Least Squares Structural Equation Modeling (PLS-SEM), 2 nd eds. Thousand Oaks: Sage.
  35. J. Cohen (1988). Statistical Power Analysis for the Behavioral Sciences, Hillside, NJ: Lawrence Erlbaum.