Journal of the Korea Academia-Industrial cooperation Society (한국산학기술학회논문지)

The Korea Academia-Industrial cooperation Society (한국산학기술학회)
권호 표지
DOI QR코드

DOI QR Code

Analysis of The Effects of Information Security Policy Sanction, Perceived Threat, and Perception of Information Security Climate on Compliance Behavioral Intention: Focursing on Prospect and Goal Orientation

정보 보안 제재성과 위협 인식, 분위기 인식이 준수 행동 의도성에 미치는 영향 분석: 전망 관점과 목표 지향 관점을 중심으로

  • Hu, Sung Ho (Department of Psychology, Chung-Ang University) ;
  • Hwang, In-Ho (Department of General Education, Kookmin University)
  • Received : 2020.11.05
  • Accepted : 2021.01.08
  • Published : 2021.01.31
Download PDF
⟨ Previous Next ⟩

Abstract

This study evaluates the impact of an information security policy sanction, a perceived threat, and the perception of the information security climate on a compliance behavioral intention. The research method was structured with a cross-sectional study design for the prospect and goal orientation. The variables used in the analysis are information security policy sanction, perceived threat, perception of information security climate, and compliance behavioral intention. Progress in this research consists of measuring the prospect and goal orientation, and then measuring the four variables. As a result, the prospect had a significant effect on the perception of the information security climate, and it was found that the influence of the gain-based condition was greater than the loss-based condition. Goal orientation had a significant effect on the information security policy sanction, the perceived threat, and the compliance behavioral intention, and the influence of the development-based condition was greater than the stability-based condition. Both prospect and goal orientation had an interactive effect on the compliance behavioral intention. The exploration model was verified as a mediation model. In addition, the discussion includes the appropriate implications for information security based on these research results.

본 연구의 목적은 정보 보안 제재성, 위협 인식, 분위기 인식이 준수 행동 의도성에 미치는 효과를 이해하는 것이다. 연구 방법은 전망 관점과 목표 지향 관점의 교차설계로 구조화되었고, 정보 보안 과정은 정보 보안 제재성, 위협 인식, 분위기 인식, 준수 행동 의도성의 네 가지 변수로 측정되었다. 연구 진행은 전망 관점과 목표 지향 관점을 측정 후, 네 가지 변인을 측정하는 과정으로 구성되어 있다. 연구 결과, 전망 관점은 분위기 인식에 유의미한 영향을 미치고 있었으며, 이득 조건의 영향력이 손해 조건보다 더 큰 것으로 나타났다. 목표 지향 관점은 정보 보안 제재성, 위협 인식, 준수 행동 의도성에 유의미한 영향을 미치고 있었으며, 성장 조건의 영향력이 안정 조건보다 더 큰 것으로 나타났다. 전망 관점과 목표 지향 관점은 준수 행동 의도성에 대하여 상호작용 효과가 발생하였다. 결과적으로 도출한 연구 모형은 측정변인으로 구조화된 복합 매개모형으로 탐색되었다. 아울러, 논의점은 이러한 결과를 기반으로 정보 보안에 적합한 시사점을 포함하고 있다.

Keywords

References

  1. L. Tredinnick, Digital information culture: the individual and society in the digital age, p.205, Amsterdam : Elsevier, 2008, pp.57-79.
  2. A. AlHogail, "Design and validation of information security culture framework", Computers in human behavior, Vol.49, pp.567-7575, Aug. 2015. DOI : https://doi.org/10.1016/j.chb.2015.03.054
  3. B. Khan, K. S. Alghathbar, S. I. Nabi & M. K. Khan, "Effectiveness of information security awareness methods based on psychological theories", African Journal of Business Management, Vol.5, No.26, pp.10862-10868, 2011.
  4. S. H. Hu, "Analysis of the impact of military organization's safety culture on safety behavior: Focusing on the mediating effect of safety leadership", Journal of Advances in Military Studies, Vol.3, No.2, pp.63-81, 2020. DOI : https://doi.org/10.37944/jams.v3i2.70
  5. R. W. Lee, I. H. Hwang & S. H. Hu, "Exploratory research of information security strategy focused on human factors", The Journal of General Education, Vol.6, No.2, pp.103-124, 2017. https://doi.org/10.24173/jge.2017.12.6.4
  6. M. L. Foulds, "Changes in locus of internal-external control: A growth group experience", Comparative Group Studies, Vol.2, No.3, pp.293-300, 1971. DOI : https://doi.org/10.1177/104649647100200303
  7. S. A. Stumpf & M. London, "Management promotions: Individual and organizational factors influencing the decision process", Academy of Management Review, Vol.6, No.4, pp.539-549, 1981. https://doi.org/10.5465/AMR.1981.4285668
  8. D. Kahneman & A. Tversky, Prospect theory: An analysis of decision under risk, Handbook, World Scientific, Singapore, pp.99-127.
  9. H. Shefrin & M. Statman, "The contributions of Daniel kahneman and Amos tversky", The Journal of Behavioral Finance, Vol.4, No.2, pp.54-58, 2003. DOI : https://doi.org/10.1207/S15427579JPFM0402_01
  10. D. VandeWalle, "Development and validation of a work domain goal orientation instrument", Educational and psychological measurement, Vol.57, No.6, pp.995-1015, 1997. DOI : https://doi.org/10.1177/0013164497057006009
  11. R. R. Blake & J. S. Mouton, "Management by Grid® principles or situationalism: Which?", Group and Organization Studies, Vol.6, No.4, pp.439-455, 1981. https://doi.org/10.1177/105960118100600404
  12. B. Bulgurcu, H. Cavusoglu & I. Benbasat, "Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness", MIS quarterly, Vol.34, No.3, pp.523-548, 2010. https://doi.org/10.2307/25750690
  13. M. Chan, I. Woon & A. Kankanhalli, "Perceptions of information security in the workplace: linking information security climate to compliant behavior", Journal of information privacy and security, Vol.1, No.3, pp.18-41, 2005. https://doi.org/10.1080/15536548.2005.10855772
  14. M. Siponen, M. A. Mahmood & S. Pahnila, "Employees' adherence to information security policies: An exploratory field study", Information and Management, 51, No.2, pp.217-224, 2014. DOI : https://doi.org/10.1016/j.im.2013.08.006
  15. P. Ifinedo, "Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition", Information and Management, Vol.51, No.1, pp.69-79, 2014. DOI : https://doi.org/10.1016/j.im.2013.10.001
  16. P. Ifinedo, "Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory", Computers and Security, Vol.31, No.1, pp.83-95, 2012. DOI : https://doi.org/10.1016/j.cose.2011.10.007
  17. Y. Zhao & M. Zhao, "WeChat Users' Information Protection Behavior Based on Prospect Theory", International Journal of Information and Education Technology, Vol.9, No.6, pp.390-395, 2019. DOI : https://doi.org/10.18178/ijiet.2019.9.6.1233
  18. T. Sommestad, H. Karlzen & J. Hallberg, "The theory of planned behavior and information security policy compliance", Journal of Computer Information Systems, Vol.59, No.4, pp.344-353, 2019. DOI : https://doi.org/10.1080/08874417.2017.1368421