The Journal of the Korea institute of electronic communication sciences (한국전자통신학회논문지)

Korea Institute of Electronic Communication Science (한국전자통신학회)
권호 표지
DOI QR코드

DOI QR Code

The Mitigation of Information Security Role Stress: The Role of Information Security Policy Goal Setting and Regulatory Focus

정보보안 업무 스트레스의 완화: 정보보안 정책 목표 설정 및 조절초점의 역할

  • In-Ho Hwang (College of General Education, Kookmin University)
  • Received : 2023.08.29
  • Accepted : 2023.12.27
  • Published : 2023.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

Socially, organizations are required to maintain strict management of their information resources and invest in the adoption of information security (IS) technologies and policies. However, the ongoing threat of information exposure by employees persists within the organization. This study aims to identify the role stress that employees may experience due to strict IS policies and propose methods for reducing its negative impact. Specifically, our study suggests a mechanism for mitigating role stress by incorporating factors related to IS policy goal setting and work regulatory focus. We conducted a survey among workers in the financial industry, where IS policies are rigorously enforced, and tested our research hypotheses using a sample of 309 participants. The results indicate that increasing the difficulty and specificity of IS policy goals reduces role stress (conflict and ambiguity) and positively influences employees' intention to comply with IS policies. Furthermore, individual work promotion focus moderated the relationship between role stress and IS compliance intention. These findings have important implications for organizations seeking to strengthen their IS compliance among employees and inform the development of effective IS strategies.

사회적으로, 조직들은 보유한 정보 자원의 엄격한 관리를 요구받고 있으며, 정보보안을 위한 기술과 정책에 투자를 높이고 있다. 반면, 조직원에 의한 정보 노출 위협은 지속해서 발생하고 있다. 연구의 목적은 보안정책에 의해 발생할 수 있는 업무 스트레스의 부정적 영향을 감소하는 방안을 제시하는 것이다. 세부적으로, 연구는 조직 환경(보안정책 목표 설정), 개인의 업무 지향성(조절초점) 요소를 반영하여, 업무 스트레스 완화 메커니즘을 제시하고자 하였다. 연구는 정보보안을 엄격하게 활용하고 있는 금융업 근로자에게 설문하였으며, 확보된 309건의 표본을 적용하여 가설을 검정하였다. 분석 결과, 연구는 보안정책 목표 관련 난이도와 구체성이 업무 스트레스(갈등, 모호성)를 감소시키고, 준수 의도에 영향을 주는 것을 확인하였다. 또한, 개인의 업무 향상 초점이 업무 스트레스와 상호작용 효과를 가져, 준수 의도에 미치는 부정적 영향을 축소할 수 있음을 확인하였다. 연구의 결과는 조직원의 보안 준수 강화를 위한 조직의 보안 전략 수립에 의미를 제공한다.

Keywords

References

  1. F. Kitsios, E. Chatzidimitriou, and M. Kamariotou, "The ISO/IEC 27001 information security management standard: How to extract value from data in the IT sector," Sustainability, vol. 15, no. 7, 2023, pp. 5828.
  2. Fortune Business Insights, "The global cyber security market size is projected to grow from $172.32$172.32 billion in 2023 to $424.97 billion in 2030, at a CAGR of 13.8%," Report, Apr. 2023.
  3. Verizon, "2021 data breach investigations report," Report, Dec. 2021.
  4. K. D. Loch, H. H. Carr, and M. E. Warkentin, "Threats to information systems: Today's reality, yesterday's understanding," MIS Quarterly, vol. 16, no. 2, 1992, pp. 173-186. https://doi.org/10.2307/249574
  5. Y. Chen, K. Ramamurthy, and K. W. Wen, "Organizations' information security policy compliance: Stick or carrot approach?," J. of Management Information Systems, vol. 29, no. 3, 2012, pp. 157-188. https://doi.org/10.2753/MIS0742-1222290305
  6. A. Vance, M. Siponen, and S. Pahnila, "Motivating IS security compliance: Insights from habit and protection motivation theory," Information & Management, vol. 49, no. 3, 2012, pp. 190-198. https://doi.org/10.1016/j.im.2012.04.002
  7. H. Liang, Y. Xue, and L. Wu, "Ensuring employees' IT compliance: Carrot or stick?," Information Systems Research, vol. 24, no. 2, 2013, pp. 279-294. https://doi.org/10.1287/isre.1120.0427
  8. P. Ifinedo, "Exploring personal and environmental factors that can reduce nonmalicious information security violations," Information Systems Management, vol. 40, no. 4 2023, pp. 1-21. https://doi.org/10.1080/10580530.2022.2131944
  9. A. Tziner, E. Rabenu, R. Radomski, and A. Belkin, "Work stress and turnover intentions among hospital physicians: The mediating role of burnout and work satisfaction," J. of Work and Organizational Psychology, vol. 31, no. 3, 2015, pp. 207-213. https://doi.org/10.1016/j.rpto.2015.05.001
  10. M. Tarafdar, Q. Tu, B. S. Ragu-Nathan, and T. S. Ragu-Nathan, "The impact of technostress on role stress and productivity," J. of Management Information Systems, vol. 24, no. 1, 2007, pp. 301-328. https://doi.org/10.2753/MIS0742-1222240109
  11. I. Hwang, S. Kim, and C. Rebman, "Impact of regulatory focus on security technostress and organizational outcomes: The moderating effect of security technostress inhibitors," Information Technology & People, vol. 35, no. 7, 2022, pp. 2043-2074. https://doi.org/10.1108/ITP-05-2019-0239
  12. S. Trang and I. Nastjuk, "Examining the role of stress and information security policy design in information security compliance behavior: An experimental study of in-task behavior," Computers & Security, vol. 104, 2021, pp. 102222.
  13. E. A. Locke and G. P. Latham, "Building a practically useful theory of goal setting and task motivation: A 35-year odyssey," American Psychologist, vol. 57, no. 9, 2002, pp. 705-717. https://doi.org/10.1037//0003-066X.57.9.705
  14. E. T. Higgins, "Beyond pleasure and pain," American Psychologist, vol. 52, 1997, pp. 1280-1300. https://doi.org/10.1037//0003-066X.52.12.1280
  15. M. J. Neubert, K. M. Kacmar, D. S. Carlson, L. B. Chonko, and J. A. Roberts, "Regulatory focus as a mediator of the influence of initiating structure and servant leadership on employee behavior" J. of Applied Psychology, vol. 93, no. 6, 2008, pp. 1220-1233. https://doi.org/10.1037/a0012695
  16. Securityworld, "2023 security market report," Report, Dec. 2022.
  17. Ministry of Science and ICT, "Survey for information security industry in Korea: Year 2021," Report, Dec. 2021.
  18. I. Hwang, "The impact of IS policy and sanction perceptions on compliance intention through justice: The role of justice sensitivity," J. of the Korea Institute of Electronic Communication Sciences, vol. 18, no. 2, 2023, pp. 337-348.
  19. R. Ayyagari, V. Grover, and R. Purvis, "Technostress: Technological antecedents and implications," MIS Quarterly, vol. 35, no. 4, 2011, 831-858. https://doi.org/10.2307/41409963
  20. D. Behrman and W. D. Perreault, "A role stress model of the performance and satisfaction of industrial salespersons," J. of Marketing, vol. 48, no. 4, 1984, pp. 9-21. https://doi.org/10.1177/002224298404800402
  21. I. Hwang, "The effect on the IS role stress on the IS compliance intention through IS self-determination: Focusing on the moderation of person-organization fit," J. of the Korea Institute of Electronic Communication Sciences, vol. 17, no. 2, 2022, pp. 375-386.
  22. P. S. Galluch, V. Grover, and J. B. Thatcher, "Interrupting the workplace: Examining stressors in an information technology context," J. of the Association for Information Systems, vol. 16, no. 1, 2015, pp. 1-47. https://doi.org/10.17705/1jais.00387
  23. I. Hwang and O. Cha, "Examining technostress creators and role stress as potential threats to employees' information security compliance," Computers in Human Behavior, vol. 81, 2018, pp. 282-293. https://doi.org/10.1016/j.chb.2017.12.022
  24. Z. Yan, X. Guo, M. Lee, and D. R. Vogel, "A conceptual model of technology features and technostress in telemedicine communication," Information Technology & People, vol. 26, no. 3, 2013, pp. 283-297. https://doi.org/10.1108/ITP-04-2013-0071
  25. J. D'Arcy and P. L. Teh, "Predicting employee information security policy compliance on a daily basis: The interplay of security-related stress, emotions, and neutralization," Information & Management, vol. 56, no. 7, 2019, pp. 103151.
  26. E. A. Locke and G. P. Latham, "New directions in goal setting theory," Current Directions in Psychological Science, vol. 15, no. 5, 2006, pp. 265-268. https://doi.org/10.1111/j.1467-8721.2006.00449.x
  27. I. Koskosas, "Goal setting and trust in a security management context," Information Security J.: A Global Perspective, vol. 17, no. 3, 2008, pp. 151-161. https://doi.org/10.1080/19393550802290337
  28. B. E. Wright, "The role of work context in work motivation: A public sector application of goal and social cognitive theories," J. of Public Administration Research and Theory, vol. 14, no. 1, 2004, pp. 59-78. https://doi.org/10.1093/jopart/muh004
  29. C. C. Durham, D. Knight, and E. A. Locke, "Effects of leader role, team-set goal difficulty, efficacy, and tactics on team effectiveness," Organizational Behavior and Human Decision Processes, vol. 72, no. 2, 1997, pp. 203-231. https://doi.org/10.1006/obhd.1997.2739
  30. J. C. Quick, "Dyadic goal setting and role stress: A field study," Academy of Management J., vol. 22, no. 2, 1979, pp. 241-252. https://doi.org/10.5465/255587
  31. X. Tang and X. Li, "Role stress, burnout, and workplace support among newly recruited social workers," Research on Social Work Practice, vol. 31, no. 5, 2021, pp. 529-540. https://doi.org/10.1177/1049731520984534
  32. S. Glazer and C. Liu, Work, stress, coping, and stress management. In O. Braddick (Ed.), Oxford Research Encyclopedia of Psychology, 2017.
  33. A. Steidle, C. Gockel, and L. Werth, "Growth or security? Regulatory focus determines work priorities," Management Research Review, vol. 36, no. 2, 2013, pp. 173-182. https://doi.org/10.1108/01409171311292261
  34. J. A. Gabisch and G. R. Milne, "Self disclosure on the web: Rewards, safety cues, and the moderating role of regulatory focus," J. of Research in Interactive Marketing, vol. 7, no. 2, 2013. pp. 140-158. https://doi.org/10.1108/JRIM-11-2012-0051
  35. V. Brenninkmeijer, E. Demerouti, P. M. le Blanc, and I. J. Hetty van Emmerik, "Regulatory focus at work: The moderating role of regulatory focus in the job demands resources model," Career Development Int., vol. 15, no. 7, 2010, pp. 708-728. https://doi.org/10.1108/13620431011094096
  36. J. C. Nunnally, Psychometric theory (2nd ed.). New York: McGraw-Hill, 1978.
  37. C. Fornell and D. F. Larcker, "Evaluating structural equation models with unobservable variables and measurement error," J. of Marketing Research, vol. 18, no. 1, 1981, pp. 39-50. https://doi.org/10.1177/002224378101800104
  38. A. F. Hayes, Introduction to mediation, moderation, and conditional process analysis: A regression-based approach. New York: Guilford Publications, 2017.