한국융합학회논문지 (Journal of the Korea Convergence Society)

  • 제13권1호
  • /
  • Pages.283-295
  • /
  • 2022
  • /
  • 2233-4890(pISSN)
  • /
  • 2713-6353(eISSN)
한국융합학회 (Korea Convergence Society)
권호 표지
DOI QR코드

DOI QR Code

정보보안 중요성 인식에 관한 연구: 예방동기이론 관점에서

Information Security Importance Perception: Protection Motivation Theory Perpectives

  • 투고 : 2021.09.26
  • 심사 : 2022.01.20
  • 발행 : 2022.01.28
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

본 연구는 조직 구성원들의 정보보안 중요성 인식에 영향을 미치는 요인을 탐색하고자 한다. 이를 위해 예방 동기 이론을 근간으로 인지된 처벌 확신성, 인지된 대응 비용, 묵인이 인지된 정보보안 중요성 인식에 미치는 영향을 살펴보았다. 분석 결과는 다음과 같다. 첫째, 인지된 처벌 확신성은 정보보안 중요성 인식에 유의한 영향을 미치는 것으로 나타났다. 또한, 인지된 처벌 확신성은 묵인에 부정적 영향을 미치는 것으로 나타났다. 둘째, 대응 비용은 정보보안 중요성 인식에 긍정적 영향을 미치는 것으로 나타났다. 또한, 대응 비용은 묵인에 긍정적 영향을 미치는 것으로 나타났다. 마지막으로 묵인은 정보보안 인식 중요성에 부정적 영향을 미치는 것으로 나타났다. 따라서, 구성원들의 정보보안 중요성 인식을 위해서 보안 위반 행위에 확실한 처벌이 뒤따를 수 있다는 것을 인식시킬 필요가 있다. 동시에, 조직은 구성원들이 보안 행동을 수행하는 데 있어서 장해가 되는 요소들을 제거하는 시도도 해야 한다. 마지막으로, 조직의 보안에 관한 열린 소통이 가능하도록 해야 한다.

This study attempts to explore factors that influence the perception of importance of information security. Three possible exogenous variables including perceived certainty of punishment, perceived response cost, and acquiescense are suggested that are based on the protectiom motivation theory. As a result, we found followings. First, The perceived punishment certainty has a significant effect on the perceived importance of information security. Also, it influences a negative effect on acquiescence. Second, the response cost has a negative effect on the perceived importance of information security. In addition, the response cost positively effects on acquiescence. Finally, acquiescence negatively influences on the perceived importance of information security. The results show that, in order to increase the perceived importance of information security among employees, it is necessary to make them aware that a security violation can result in certain punishment. At the same time, organizations should also attempt to remove major obstacles accompanying security behaviors of employees. Finally, organizations encourage open communication relating to information security among employees.

키워드

참고문헌

  1. R. van Bravel, N. Rodriguez-Priego, J. Vila & P. Briggs. (2019). Using Protection Motivation Theory in the Design of Nudges to Improve Online Security Behavior. International Journal of Human-Computer Studies, 123, 29-39. DOI : 10.1016/j.ijhcs.2018.11.003
  2. M. Workman, W. H. Bommer & D. Straub (2008). Security Lapses and the Omission of Information Security Measures: A Threat Control Model and Empirical Test. Computers in Human Behavior, 24, 2799-2816. DOI : 10.1016/j.chb.2008.04.005
  3. V. Cho & W. H. Ip (2018). A Study of BYOD Adoption from the Lens of Threat and Coping Appraisal of Its Security Policy. Enterprise Information Systems, 12(6), 659-673. DOI : 10.1080/17517575.2017.1404132
  4. T. Sommestad, H. Karlzen & J. Hallberg (2015). A Meta-Analysis of Studies on Protection Motivation Theory and Information Security Behaviour. International Journal of Information Security and Privacy, 9(1), 26-46. DOI : 10.4018/IJISP.2015010102
  5. J. Kim, K. Yang, J. Min & B. White (2021). Hope, Fear, and Consumer Behavioral Change amid COVID-19: Application of Protection Motivation Theory. International Journal of Consumer Studies, Early View, 1-17. DOI : 10.1111/ijcs.12700
  6. N. Thompson, T. J. McGill & X. Wang (2017). "Security Begins at Home": Determinants of Home Computer and Mobile Device Security Behavior. Computers & Security, 70, 376-391. DOI : 10.1016/j.cose.2017.07.003
  7. I. M. Y. Woon, G. W. Tan & R. T. Low (2005). A Protection Motivation Theory Approach to Home Wireless Security. 26th International Conference on Information Systems, 367-380.
  8. K. Marett, A. L. McNab & R. B. Harris (2011). Social Networking Websites and Posting Personal Information: An Evaluation of Protection Motivation Theory. AIS Transactions on Human-Computer Interaction, 3(3), 170-188. https://doi.org/10.17705/1thci.00032
  9. D. Arthur & P. Quester (2004). Who's Afraid of That Ad? Applying Segmentation to the Protection Motivation Model. Psychology & Marketing, 21(9), 671-696. DOI : 10.1002/mar.20024
  10. R. Crossler & F. Belanger (2014). An Extended Perspective on Individual Security Behaviors: Protection Motivation Theory and a Unified Security Practices (USP) Instrument. DATABASE for Advances in Information Systems, 45(4), 51-71. DOI : 10.1145/2691517.2691521
  11. R. W. Rogers (1975). A Protection Motivation Theory of Fear Appeals and Attitude Change. Journal of Psychology, 91, 31-114. DOI : 10.1080/00223980.1975.9915803
  12. M. Cismaru, R. Cismaru, T. Ono & K. Nelson. (2011). "Act on Climate Change": An Application of Protection Motivation Theory. Social Marketing Quarterly, 17(3), 61-84. DOI : 10.1080/15245004.2011.595539
  13. R. W. Rogers. (1983). Cognitive and Psysicological Processes in Fear Appreals and Attitude Change: A Revised Theory of Protection Motivation. In B. L. Cacioppo & L. L. Pretty (eds.), Social Psychophysiology: A Sourcebook, London, UK:Guilford.
  14. S. Milne, P. Sheeran & S. Orbell (2000). Prediction and Intervention in Health-Related Behavior: A Meta-Analytic Review of Protection Motivation Theory. Journal of Applied Social Psychology, 30(1), 106-143. DOI : 10.1111/j.1559-1816.2000.tb02308.x
  15. K. Witte. (1992). Putting the Fear Back into Fear Appeals: The Extended Parallel Process Model. Communication Monographs, 59(4), 329-349. DOI : 10.1080/03637759209376276
  16. J. E. Maddux & R. W. Rogers. (1983). Protection Motivation and Self-Efficacy: A Revised Theory of Fear Appeals and Attitude Change. Journal of Experimental Social Psychology, 19(5), 469-479. DOI: 10.1016/0022-1031(83)90023-9
  17. A. Vance, M. Siponen & S. Pahnila. (2012). Motivating IS Security Compliance: Insights from Habit and Protection Motivation Theory. Information & Management, 40, 190-198. DOI : 10.1016/j.im.2012.04.002
  18. H. S. Tsai, M. Jiang, S. Alhabash, R. LaRose, N. J. Rifon & S. R. Cotten. (2016). Understanding Online Safety Behaviors: A Protection Motivation Theory Perspective. Computers & Security, 59, 138-150. DOI : 10.1016/j.cose.2016.02.009
  19. G. W. Burruss, C. M. Jaynes, R. K. Moule Jr. & R. E. Fairchild. (2021). Modeling Individual Defiance of COVID-19 Pandemic Mitigation Strategies. Criminal Justice and Behavior, 48(9), 1317-1338. DOI : 10.1177/00938548211010315
  20. P. Ifinedo. (2012). Understanding Information Systems Security Policy Compliance: An Integration of the Theory of Planned Behavior and the Protection Motivation Theory. Computers & Security, 31(1), 83-95. DOI : 10.1016/j.cose.2011.10.007
  21. W. Rocha Flores, E. Antonsen & M. Ekstedt. (2014). Information Security Knowledge Sharing in Organizations: Investigating the Effect of Behavioral Information Security Governance and National Culture. Computers & Security, 43, 90-110. DOI : 10.1016/j.cose.2014.03.004
  22. E Dincelli & S. Goel (2017). Can Privacy and Security be Friends? A Cultural Fraemwork to Differentiate Security and Privacy Behaviors on Online Social Networks. Proceedings of the 50th Hawaii International Conference on System Sciences, 4011-4020.
  23. S. Chai, S. Bagchi-Sen, C. Morrel, H. R. Rao & S. Upadhyaya. (2006). Role of Perceived Importance of Information Security: An Exploratory Study of Middle School Children's Information Security Behavior. Issues in Informing Science and Information Technology, 3, 127-135. DOI : 10.28945/2956
  24. D. Dang-Pham, S. Pittayachawan & V. Bruno. (2015). Investigating the Formation of Information Security Climate Perceptions with Social Network Analysis: A Research Proposal. Pacific Asia Conference on Information Systems.
  25. T. Herath & H. R. Rao. (2009). Encouraging Information Security Behaviors in Organizations: Role of Penalties, Pressures and Perceived Effectiveness. Decision Support Systems, 47, 154-165. DOI : 10.1016/j.dss.2009.02.005
  26. T. Herath & H. Rao. (2009). Protection Motivation and Deterrence: A Framework for Security Policy Compliance in Organisations. European Journal of Information Systems, 18(2), 106-125. DOI : 10.1057/ejis.2009.6
  27. M. S. Yim. (2018). An Exploratory Research on Factors Influence Perceived Compliance Cost and Information Security Awareness in Small and Medium Enterprise. Journal of the Korea Convergence Society, 9(9), 69-81. DOI : 10.15207/JKCS.2018.9.9.069
  28. S. R. Boss, D. F. Galletta, F. B. Lowry, G. D. Moody & P. Polak. (2015). What Do Systems Users Have to Fear? Using Fear Appeals Engender Threats and Fear That Motivate Protective Security Behaviors. MIS Quarterly, 39(4), 837-864. DOI : 10.25300/MISQ/2015/39.4.5
  29. T. Chenoweth, R. Minch & T. Gattiker. (2009). Application of Protection Motivation Theory to Adoption of Protective Technologies. Proceedings of the 42nd Hawaii International Conference on System Sciences, 1-10.
  30. D. L. Floyd, S. Prentice-Dunn & R. W. Rogers (2000). A Meta-Analysis of Research on Protection Motivation Theory. Journal of Applied Social Psychology, 30(2), 407-429. DOI : 10.1111/j.1559-1816.2000.tb02323.x
  31. R. C. Hollinger & J. P. Clark. (1983). Deterrence in the Workplace: Perceived Certainty, Perceived Severity, and Employee Theft. Social Forces, 62(2), 398-418. DOI : 10.1093/sf/62.2.398
  32. M. Warr. (1987). Fear of Victimization and Sensitivity to Risk. Journal of Quantitative Criminology, 3(1), 29-46. DOI : 10.1007/bf01065199
  33. J. Jackson. (2011). Revisiting Risk Sensitivity in the Fear of Crime. Journal of Research in Crime and Delinquency, 48(4), 513-537. DOI : 10.1177/0022427810395146
  34. A. Kankanhalli, H. -H. Teo, B. C. Y. Tan & K. -K. Wei. (2003). An Integrative Study of Information Systems Security Effectiveness. International Journal of Information Management, 23(2), 139-154. DOI : 10.1016/S0268-4012(02)00105-6
  35. S. P. Roche, T. Wilson & J. T. Pickett. (2020). Perceived Control, Severity, Certainty, and Emotional Fear: Testing an Expanded Model of Deterrence. Journal of Research in Crime and Delinquency, 57(4), 493-531. DOI : 10.1177/0022427819888249
  36. J. T. Pickett, S. P. Roche & G. Pogarsky. (2018). Toward a Bifurcated Theory of Emotional Deterrence. Criminology, 56(1), 27-58. DOI : 10.1111/1745-9125.12153
  37. M. Knoll & R. van Dick. (2013). Do I Hear the Whistle...? A First Attempt to Measure Four Forms of Employee Silence and Their Correlates. Journal of Business Ethics, 113(2), 349-362. DOI : 10.1007/s10551-012-1308-4
  38. F. Pajares & L. Graham. (1999). Self-efficacy, Motivation Constructs, and Mathematics Performance of Entering Middle School Students. Contemporary Educational Psychology, 24, 124-139. DOI : 10.1006/ceps.1998.0991
  39. M. S. Yim. (2015). Factor Analysis for Exploratory Research in the Distribution Science Field. Journal of Distribution Science, 13(9), 103-112. DOI : 10.15722/jds.13.9.201509.103
  40. D. Russo & K. -J. Stol. (2021). PLS-SEM for Software Engineering Research: An Introduction and Survey. ACM Computing Surveys, 54(4), Article #1. DOI : 10.1145/3447580
  41. S. -J. Chang, A. van Witteloostuijn & L. Eden (2010). From the Editors: Common Method Variance in International Business Research. Journal of International Business Studies, 41, 178-184. DOI : 10.1057/jibs.2009.88
  42. C. M. Fuller, M. J. Simmering, G. Atinc, Y. Atinc & B. J. Babin. (2016). Common Methods Variance Detection in Business Research. Journal of Business Research, 69(8), 3192-3198. DOI : 10.1016/j.jbusres.2015.12.008
  43. B. Nunnally & I. R. Bernstein. (1994). Psychometric Theory. New York: Oxford Univer Press.
  44. J. F. Hair, J. J. Risher, M. Sarstedt & C. M. Ringle. (2019). When to Use and How to Report the Results of PLS-SEM. European Business Review, 31(1), 2-24. DOI : 10.1108/EBR-11-2018-0203
  45. C. Fornell & D. F. Larcker. (1981). Evaluating Structural Equation Models with Unobservable Variables and Measurement Error. Journal of Marketing Research, 18(1), 39-50. DOI : 10.1177/002224378101800104
  46. R. B. Kline. (2005).. Principles and Practice of Structural Equation Modeling. Guilford Press.
  47. E. K. Pellegrini & T. A. Scandura. (2005). Construct Equivalence Across Groups: An Unexplored Issue in Mentoring Research. Educational and Psychological Measurement, 65(2), 323-335. DOI : 10.1177/0013164404268665
  48. M. S. Thiese, B. Ronna & U. Ott. (2016). P Value Interpretations and Considerations. Journal of Thoracic Disease, 8(9), 929-931. DOI : 10.21037/jtd.2016.08.16.
  49. E. Paoletti & N. E. Grulke. (2010). Ozone Exposure and Stomatal Sluggishness in Different Plant Physiognomic Classes. Environmental Pollution, 158, 2664-2671. DOI : 10.1016/j.envpol.2010.04.024
  50. D. D. Boos & L. A. Stefanski. (2011). P-Value Precision and Reproducibility. American Statistician, 65(4), 213-221. DOI : 10.1198/tas.2011.10129
  51. S. B. Bruns, I. Asanov, R. Bode, M. Dunger, C. Funk, S. M. Hassan, J. Hauschildt, D. Heinisch, K. Kempa, J. Konig, J. Lips, M. Verbeck, E. Wolkfschutz & G. Buenstorf. (2019). Reporting Errors and Biases in Published Empirical Findings: Evidence from Innovation Research. Research Policy, 48, 103796. DOI : 10.1016/j.respol.2019.05.005
  52. M. J. Bayarri, D. J. Benjamin, J. O. Berger & T. M. Sellke. (2016). Rejection Odds and Rejection Ratios: A Proposal for Statistical Practice in Testing Hypotheses. Journal of Mathematical Psychology. 72, 90-103. DOI : 10.1016/j.jmp.2015.12.007