DOI QR코드

DOI QR Code

The Influence of Individual's Coping Style and Organizational Culture on Information Security of Employee

개인의 대처 유형과 조직문화가 조직원의 정보보안에 미치는 영향

  • Received : 2020.12.04
  • Accepted : 2021.03.16
  • Published : 2021.04.30

Abstract

The purpose of this study is to prove the relationship of the influence of individual behavior style and organizational culture structure on the information security cognitive factors of employees. The study conducts cross-design by dividing individual characteristics into task coping and emotion coping, and organizational culture into collectivism and individualism. Information security factors consisted of information security awareness, perceived vulnerability, response efficacy, and compliance behavior. As a result of the study, it was confirmed that both personal coping style and organizational culture had an influence on the all cognitive factors of information security. In addition, information security awareness was found to influence compliance behavior through perceived vulnerability and response efficacy. The implications of the study were to confirm the difference in the impact on the compliance behavior according to the individual coping style and organizational culture, and to present the precedent factors for improving the compliance behavior. In other words, the research suggests the information security strategy direction for each individual-organizational dimension.

연구 목적은 개인의 행동 유형과 조직문화 구조에 따라 조직원의 정보보안 행동에 미치는 영향 관계를 검증하는 것이다. 연구는 개인적 특성을 업무중심 대처와 정서중심 대처로, 조직문화를 집단주의와 개인주의로 구분하여 교차설계를 실시한다. 정보보안 요인은 정보보안 인식, 인지된 취약성, 대처 효능감, 그리고 준수 행동으로 제시하였다. 연구 결과, 대처와 조직문화는 모두 정보보안 인지 요인에 영향을 미치는 것을 확인하였다. 특히, 정서중심 대처가 업무중심 대처보다 인지 평균이 높은 것으로 나타났으며, 집단주의가 개인주의보다 인지 평균이 높은 것으로 나타났다. 또한, 정보보안 인식은 인지된 취약성, 대처 효능감을 매개로 하여 준수 행동에 영향을 주는 것으로 나타났다. 연구의 시사점은 개인 대처유형과 조직문화에 따라 정보보안 행동에 미치는 영향의 차이를 확인하였고, 준수 행동 향상을 위한 선행 요인을 제시하였다. 즉, 연구는 개인-조직 차원별 조직의 정보보안 전략 방향을 제시한다.

Keywords

Acknowledgement

이 논문은 2020년 대한민국 교육부와 한국연구재단의 지원을 받아 수행된 연구임(NRF-2020S1A5A8040463)

References

  1. Ahmad, Z., Ong, T. S., Liew, T. H. and Norhashim, M. (2019). Security Monitoring and Information Security Assurance Behaviour among Employees, Information & Computer Security. 27(2), 165-188. DOI : 10.1108/ICS-10-2017-0073
  2. Boss, S., Galletta, D., Lowry, P. B., Moody, G. D. and Polak, P. (2015). What Do Systems Users have to Fear? Using Fear Appeals to Engender Threats and Fear that Motivate Protective Security Behaviors, MIS Quarterly, 39(4), 837-864. https://doi.org/10.25300/MISQ/2015/39.4.5
  3. Bulgurcu, B., Cavusoglu, H. and Benbasat, I. (2010). Information Security Policy Compliance: An Empirical Study of Rationality-based Beliefs and Information Security Awareness, MIS Quarterly, 34(3), 523-548. https://doi.org/10.2307/25750690
  4. Chou, H. L. and Chou, C. (2016). An Analysis of Multiple Factors Relating to Teachers' Problematic Information Security Behavior, Computers in Human Behavior, 65, 334-345. DOI : 10.1016/j.chb.2016.08.034.
  5. Da Veiga, A. and Martins, N. (2017). Defining and Identifying Dominant Information Security Cultures and Subcultures, Computers & Security, 70, 72-94. DOI : 10.1016/j.cose.2017.05.002.
  6. Endler, N. S. and Parker, J. D. (1994). Assessment of Multidimensional Coping: Task, Emotion, and Avoidance Strategies, Psychological Assessment, 6(1), 50-60. https://doi.org/10.1037//1040-3590.6.1.50
  7. Flores, W. R. and Ekstedt, M. (2016). Shaping Intention to Resist Social Engineering through Transformational Leadership, Information Security Culture and Awareness, Computers & Security, 59, 26-44. DOI :10.1016/j.cose.2016.01.004.
  8. Folkman, S. and Lazarus, R. S. (1985). If It Changes It Must Be a Process: Study of Emotion and Coping during Three Stages of a College Examination, Journal of Personality and Social Psychology, 48(1), 150-170. https://doi.org/10.1037/0022-3514.48.1.150
  9. Galluch, P. S., Grover, V. and Thatcher, J. B. (2015). Interrupting the Workplace: Examining Stressors in an Information Technology Context, Journal of the Association for Information Systems, 16(1), 1-47. DOI : 10.17705/1jais.00387.
  10. Grand View Research. (2020). Cyber Security Market Size, Share & Trends Analysis Report By Component, By Security Type, By Solution, By Service, By Deployment, By Organization, By Application, By Region, And Segment Forecasts, 2020 - 2027.
  11. Guo, K. H., Yuan, Y., Archer, N. P. and Connelly, C. E. (2011). Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior Model, Journal of Management Information Systems, 28(2), 203-236. DOI : 10.2753/MIS0742-1222280208.
  12. Higgins, J. E. and Endler, N. S. (1995). Coping, Life Stress, and Psychological and Somatic Distress, European Journal of Personality, 9(4), 253-270. https://doi.org/10.1002/per.2410090403
  13. Hu, Q., Dinev, T., Hart, P. and Cooke, D. (2012). Managing Employee Compliance with Information Security Policies: The Critical Role of Top Management and Organizational Culture, Decision Sciences, 43(4), 615-660. DOI : 10.1111/j.1540-5915.2012.00361.x.
  14. Ifinedo, P. (2012). Understanding Information Systems Security Policy Compliance: An Integration of the Theory of Planned Behavior and the Protection Motivation Theory, Computers & Security, 31(1), 83-95. DOI : 10.1016/j.cose.2011.10.007.
  15. Jung, H. S. and Yoon, H. H. (2015). Understanding Regulatory Focuses: The Role of Employees' Regulatory Focus in Stress Coping Styles, and Turnover Intent to a Five-star Hotel, International Journal of Contemporary Hospitality Management, 27(2), 283-307. DOI : 10.1108/IJCHM-07-2013-0288.
  16. Kim, J., Kim. K. and Park, H. (2018). The Impact of Family-Friendly Corporate Culture on Employees' Behavior, Journal of the Korea Industrial Information Systems Research. 23(2), 75-92. DOI : 10.9723/jksiis.2018.23.2.075.
  17. Kim, S. S. and Kim, Y. J. (2017). The Effect of Compliance Knowledge and Compliance Support Systems on Information Security Compliance Behavior, Journal of Knowledge Management. 21(4), 986-1010. DOI : 10.1108/JKM-08-2016-0353.
  18. Loch, K. D., Carr, H. H. and Warkentin, M. E. (1992). Threats to Information Systems: Today's Reality, Yesterday's Understanding, MIS Quarterly, 16(2), 173-186. DOI : 10.2307/249574.
  19. Mamonov, S. and Benbunan-Fich, R. (2018). The Impact of Information Security Threat Awareness on Privacy-Protective Behaviors, Computers in Human Behavior, 83, 32-44. DOI : 10.1016/j.chb.2018.01.028.
  20. Mannix, E. A., Neale, M. A. and Northcraft, G. B. (1995). Equity, Equality, or Need? The Effects of Organizational Culture on the Allocation of Benefits and Burdens, Organizational Behavior and Human Decision Processes, 63(3), 276-286. DOI : 10.1006/obhd.1995.1079.
  21. Markus, H. R. and Kitayama, S. (1991). Culture and the Self: Implications for Cognition, Emotion, and Motivation, Psychological Review, 98(2), 224-253. DOI : 10.1037/0033-295X.98.2.224.
  22. Medvene, L. J., Teal, C. R. and Slavich, S. (2000). Including the Other in Self: Implications for Judgments of Equity and Satisfaction in Close Relationships, Journal of Social and Clinical Psychology, 19(3), 396-419. DOI : 10.1521/jscp.2000.19.3.396.
  23. Merhi, M. I. and Ahluwalia, P. (2019). Examining the Impact of Deterrence Factors and Norms on Resistance to Information Systems Security, Computers in Human Behavior, 92, 37-46. DOI : 10.1016/j.chb.2018.10.031.
  24. Nunnally. J. C. (1978). Psychometric Theory (2nd ed.). New York: McGraw-Hill.
  25. Park, E. H., Kim, J. and Park, Y. S. (2017). The Role of Information Security Learning and Individual Factors in Disclosing Patients' Health Information, Computers & Security, 65, 64-76. DOI :10.1016/j.cose.2016.10.011.
  26. Park, K. (2019). A Study on the Influence of the Perception of Personal Information Security of Youth on Security Attitude and Security Behavior, Journal of the Korea Industrial Information Systems Research, 24(4), 79-98. DOI : 10.9723/jksiis.2019.24.4.079.
  27. Posey, C., Roberts, T. L. and Lowry, P. B. (2015). The Impact of Organizational Commitment on Insiders' Motivation to Protect Organizational Information Assets. Journal of Management Information Systems, 32(4), 179-214. DOI : 10.1080/07421222.2015.1138374
  28. Safa, N. S., Maple, C., Furnell, S., Azad, M. A., Perera, C., Dabbagh, M., & Sookhak, M. (2019). Deterrence and Prevention-based Model to Mitigate Information Security Insider Threats in Organisations, Future Generation Computer Systems, 97, 587-597. DOI : 10.1016/j.future.2019.03.024.
  29. Siponen, M., Mahmood, M. A. and Pahnila, S. (2014). Employees' Adherence to Information Security Policies: An Exploratory Field Study, Information & Management, 51(2), 217-224. DOI : 10.1016/j.im.2013.08.006.
  30. Soh, H. and Kim, J. (2017). Influence of Information Security Activities of Financial Companies on Information Security Awareness and Information Security Self Confidence : Focusing on the Mediating Effect of Information Security Awareness, Journal of the Korea Industrial Information Systems Research, 22(4), 45-64. DOI : 10.9723/jksiis.2017.22.4.045
  31. Sommestad, T., Karlzen, H. and Hallberg, J. (2015). The Sufficiency of the Theory of Planned Behavior for Explaining Information Security Policy Compliance, Information & Computer Security. 23(2), 200-217. DOI : 10.1108/ICS-04-2014-0025.
  32. Triandis, H. C. (1995). Individualism and Collectivism, Boulder, CO: Westview Press.
  33. Vance, A., Siponen, M. and Pahnila, S. (2012). Motivating IS Security compliance: Insights from Habit and Protection Motivation Theory, Information & Management, 49(3-4), 190-198. DOI : 10.1016/j.im.2012.04.002.
  34. Verizon. (2020). Data Breach Investigations Report.
  35. West, R. (2008). The Psychology of Security, Communications of the ACM, 51(4), 34-40. DOI : 10.1145/1330311.1330320.
  36. Yazdanmehr, A. and Wang, J. (2016). Employees' Information Security Policy Compliance: A Norm Activation Perspective, Decision Support Systems, 92, 36-46. DOI : 10.1016/j.dss.2016.09.009.