Journal of the Korea Convergence Society (한국융합학회논문지)

Korea Convergence Society (한국융합학회)
권호 표지
DOI QR코드

DOI QR Code

Analysis of the effects of Information Security Awareness, Response Efficacy, and Compliance Behavioral Intention on Information Security Behavior: Focursing on Availability and Culture

정보보안 의식과 대처 효능감, 준수의향이 정보보안 행동에 미치는 영향분석: 가용성 차원과 문화 차원을 중심으로

  • Hu, Sung-ho (Department of Psychology, Chung-Ang University) ;
  • Hwang, In-ho (Department of General Education, Kookmin University)
  • Received : 2020.11.04
  • Accepted : 2021.01.20
  • Published : 2021.01.28
Download PDF
⟨ Previous Next ⟩

Abstract

This study is composed of a convergence research design plan as the necessity of information security field dealing with human factors are raised. The purpose of this study is to analyze the effectiveness of the aspect of information security on the cognitive process related to security policy. The research method consisted of the cross-design of the availability dimension and the culture dimension, and the information security process was measured with information security awareness, response efficacy, compliance behavioral intention, and information security behavior. As a result of the study, the dimension of availability had a significant effect on response efficacy, and it was found that the influence of the case-based condition was greater than that of the statistics-based condition. The cultural dimension had a significant effect on information security awareness, response efficacy, compliance behavioral intention, and information security behavior, and the influence of the homogeneity condition was found to be greater than that of the diversity condition. The proposed research model was verified as a multiple mediation model reconstructed with measurement variables. In addition, the discussion describes the necessity of an information security strategy in consideration of individual factors and organizational characteristics.

본 연구는 정보보안의 연구 중 인간 요소를 다루는 분야의 필요성이 제기되어 융합연구 설계방안을 구성하였다. 본 연구의 목적은 정보보안의 측면이 보안 정책과 연관되는 인지과정에 미치는 효과성을 검정하는 것이다. 연구 방법은 가용성 차원과 문화 차원의 교차설계로 구성되었고, 정보보안 과정은 정보보안 의식, 대처 효능감, 준수의향, 정보보안 행동의 네 가지 변인으로 측정되었다. 연구 결과, 가용성 차원은 대처 효능감에 유의미한 영향을 미치고 있었으며, 사례 중심 조건의 영향력이 통계중심 조건보다 더 큰 것으로 나타났다. 문화 차원은 정보보안 의식, 대처 효능감, 준수의향, 정보보안 행동에 유의미한 영향을 미치고 있었으며, 동질성 조건의 영향력이 다양성 조건보다 더 큰 것으로 나타났다. 결과적으로 제시한 연구 모형은 측정변인으로 재구성된 다원적 매개모형으로 검증되었다. 아울러, 논의는 개인 요소와 조직 특성을 고려한 정보보안 전략의 필요성에 대하여 기술하고 있다.

Keywords

References

  1. J. D-Arcy & P. L. Teh. (2019). Predicting employee information security policy compliance on a daily basis: The interplay of security-related stress, emotions, and neutralization. Information & Management, 56(7), 103151. DOI : 10.1016/j.im.2019.02.006.
  2. I. Hwang, R. Wakefield, S. Kim & T. Kim. (2019). Security awareness: The first step in information security compliance behavior. Journal of Computer Information Systems, 1-12. DOI: 10.1080/08874417.2019.1650676
  3. H. Lee & J. Kim. (2018). A convergence study on the structural relationships among emotional labor and work performance of information security professionals. Journal of the Korea Convergence Society, 9(1), 67-74. DOI : 10.15207/JKCS.2018.9.1.067.
  4. Verizon. (2020). 2020 data breach investigations report.
  5. Grandviewresearch. (2019). Cyber security market size, share & trends analysis report by component, by security type, by solution, by service, by deployment, by organization, by application, and segment Forecasts, 2019 - 2025. https://www.globenewswire.com.
  6. L. Tredinnick. (2008). Digital information culture: the individual and society in the digital age, Amsterdam : Elsevier.
  7. A. AlHogail. (2015). Design and validation of information security culture framework. Computers in human behavior, 49, 567-575. DOI : 10.1016/j.chb.2015.03.054
  8. B. Khan, K. S. Alghathbar, S. I. Nabi & M. K. Khan. (2011). Effectiveness of information security awareness methods based on psychological theories. African Journal of Business Management, 5(26), 10862-10868. DOI : 10.5897/AJBM11.067
  9. M. L. Foulds. (1971). Changes in locus of internal-external control: A growth group experience. Comparative Group Studies, 2(3), 293-300. DOI : 10.1177/104649647100200303
  10. S. A. Stumpf & M. London. (1981). Management promotions: Individual and organizational factors influencing the decision process. Academy of Management Review, 6(4), 539-549. https://doi.org/10.5465/AMR.1981.4285668
  11. A. Tversky & D. Kahneman. (1973). Availability: A heuristic for judging frequency and probability. Cognitive psychology, 5(2), 207-232. https://doi.org/10.1016/0010-0285(73)90033-9
  12. W. E. Watson, K. Kumar & L. K. Michaelsen. (1993). Cultural diversity's impact on interaction process and performance: Comparing homogeneous and diverse task groups. Academy of management journal, 36(3) 590-602. https://doi.org/10.2307/256593
  13. B. Bulgurcu, H. Cavusoglu & I. Benbasat. (2010). Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS quarterly, 34(3), 523-548. https://doi.org/10.2307/25750690
  14. M. Siponen, S. Pahnila & M. A. Mahmood. (2010). Compliance with information security policies: An empirical investigation. Computer, 43(2), 64-71. DOI : 10.1109/MC.2010.35
  15. M. Workman, W. H. Bommer & D. Straub. (2008). Security lapses and the omission of information security measures: A threat control model and empirical test. Computers in human behavior, 24(6), 2799-2816. DOI : 10.1016/j.chb.2008.04.005
  16. P. Ifinedo. (2014). Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition. Information & Management, 51(1), 69-79. DOI : 10.1016/j.im.2013.10.001
  17. A. E. Howe, I. Ray, M. Roberts, M. Urbanska & Z. Byrne, (2012). The psychology of security for the home computer user. IEEE.
  18. P. Ifinedo. (2012). Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory. Computers & Security, 31(1), 83-95. DOI : 10.1016/j.cose.2011.10.007
  19. S. Z. ul Abdin, O. Farooq, N. Sultana & M. Farooq. (2017). The impact of heuristics on investment decision and performance: Exploring multiple mediation mechanisms. Research in International Business and Finance, 42, 674-688. DOI : 10.1016/j.ribaf.2017.07.010
  20. I. H. Hwang & S. H. Hu. (2018). A Study on the Influence of Information Security Compliance Intention of Employee: Theory of Planned Behavior, Justice Theory, and Motivation Theory Applied. Journal of Digital Convergence, 16(3), 225-236. DOI : 10.14400/JDC.2018.16.3.225
  21. I. H. Hwang & S. H. Hu. (2020). A study on the information security compliance and non-compliance causes of organization employees. Journal of the Korea Convergence Society, 11(9), 229-242. DOI : 10.15207/JKCS.2020.11.9.229
  22. S. H. Hu. (2020). Analysis of the impact of military organization's safety culture on safety behavior: Focusing on the mediating effect of safety leadership. Journal of Advances in Military Studies, 3(2), 63-81. DOI : 10.37944/jams.v3i2.70
  23. R. W. Lee, I. H. Hwang & S. H. Hu. (2017). Exploratory research of information security strategy focused on human factors. The Journal of General Education, 6, 103-124. https://doi.org/10.24173/jge.2017.12.6.4