DOI QR코드

DOI QR Code

정보보안 기술 및 커뮤니케이션 불확실성이 제언 행동에 미치는 영향: 개인의 정보 영향 민감성의 역할

The Influence of IS Technology and Communication Uncertainty on IS Voice Behavior: The Role of Susceptibility to Informational Influence of Employee

  • In-Ho Hwang (College of General Education, Kookmin University)
  • 투고 : 2022.11.23
  • 심사 : 2023.02.17
  • 발행 : 2023.02.28

초록

조직 내부의 정보 노출 위협에 대한 관리가 조직 전체의 정보보안 목표 달성에 기여할 수 있음이 밝혀지면서, 조직들은 내부자에 적용되는 정보보안 정책을 엄격하게 구축하고, 보안 시스템에 대한 투자를 높이고 있다. 하지만, 정보보안 사고는 한 명의 고의적인 정보 노출에 의해서도 조직에 피해를 주므로, 심리적 측면에서 내부자의 정보보안 준수 행동 강화를 위한 노력을 하는 것이 요구된다. 본 연구는 정보보안에 대한 불확실한 조직환경이 어떻게 개인의 정보보안 관련 행동에 영향을 주는지를 확인하는 것을 목적으로 한다. 연구는 정보보안 정책 구축 및 활용하는 조직의 내부자를 대상으로 설문하였으며, 440개의 표본을 활용하여 가설을 검증하였다. 검증 결과, 정보보안 기술 및 커뮤니케이션 불확실성이 정보보안 예상 불안을 통해 정보보안 제언 행동을 감소시켰으며, 개인의 정보 영향 민감성이 정보보안 기술, 커뮤니케이션, 그리고 예상 불안에 의해 변화되는 제언행동을 조절하였다. 연구의 결과는 실무적으로 불확실한 정보보안 환경의 보완 필요성과 개선 방향을 제시한다.

As the reduction of information exposure threats by organization insiders contributes to achieving information security(IS) goals, organizations are establishing strict IS policies applicable to insiders and increasing investment in IS systems. However, since IS incidents cause damage to an organization even by malicious information exposure by one person, psychological support for strengthening IS compliance behavior by insiders. This study aims to confirm how the uncertain organizational environment related to IS affects individual IS-related behavior. We surveyed insiders of organizations operating IS policies and tested the hypothesis using 440 samples. As a result, IS technology and communication uncertainty reduced IS voice behavior through IS prospective anxiety, and individuals' susceptibility to information influence moderated the relationship between IS technology, communication, and prospective anxiety and IS voice behavior. Our results suggest the necessity and direction of supplementing the uncertain IS environment in practice.

키워드

참고문헌

  1. Nettgov, "Biden administration releases draft zero-trust guidance," Report, Sept. 2021.
  2. Verizon, "2021 data breach investigations report," Report, Des. 2021.
  3. R. West, "The psychology of security," Communications of the ACM, vol. 51, no. 4, 2008, pp. 34-40. https://doi.org/10.1145/1330311.1330320
  4. G. Solomon and I. Brown, "The influence of organisational culture and information security culture on employee compliance behaviour," J. of Enterprise Information Management, vol. 34, no. 4, 2021, pp. 1203-1228. https://doi.org/10.1108/JEIM-08-2019-0217
  5. Z. Tang, A. S. Miller, Z. Zhou, and M. Warkentin, "Does government social media promote users' information security behavior towards COVID-19 scams? Cultivation effects and protective motivations," Government Information Quarterly, vol. 38, no. 2, 2021, pp. 101572.
  6. A. Vedadi, M. Warkentin, and A. Dennis, "Herd behavior in information security decision-making," Information & Management, vol. 58, no. 8, 2021, pp. 103526.
  7. J. D'Arcy, T. Herath, and M. K. Shoss, "Understanding employee responses to stressful information security requirements: A coping perspective," J. of Management Information Systems, vol. 31, no. 2, 2014, pp. 285-318. https://doi.org/10.2753/MIS0742-1222310210
  8. J. D'Arcy and P. L. Teh, "Predicting employee information security policy compliance on a daily basis: The interplay of security-related stress, emotions, and neutralization," Information & Management, vol. 56, no. 7, 2019, pp. 103151.
  9. I. Hwang and O. Cha, "Examining technostress creators and role stress as potential threats to employees' information security compliance," Computers in Human Behavior, vol. 81, 2018, pp. 282-293. https://doi.org/10.1016/j.chb.2017.12.022
  10. Korea Information Security Industry Association, "2021 survey on information security," Report, Jan. 2022.
  11. W. Lee and I. Hwang, "Sustainable information security behavior management: An empirical approach for the causes of employees' voice behavior," Sustainability, vol. 13, no. 11, 2021, pp. 6077.
  12. M. Svendsen and T. S. Joensson, "Transformational leadership and change-related voice behavior," Leadership & Organization Development J., vol. 37, no. 3, 2016, pp. 357-368. https://doi.org/10.1108/LODJ-07-2014-0124
  13. L. Van Dyne and J. A. LePine, "Helping and voice extra-role behaviors: Evidence of construct and predictive validity," Academy of Management J., vol. 41, no. 1, 1998, pp. 108-119. https://doi.org/10.5465/256902
  14. I. Hwang, "Reinforcement of IS voice behavior within the organization: A perspective on mitigating role stress through organization justice and individual social-identity," J. of the Korea Institute of Electronic Communication Sciences, vol. 17, no. 4, 2022, pp. 649-662.
  15. V. Greco and D. Roger, "Coping with uncertainty: The construction and validation of a new measure," Personality & Individual Differences, vol. 31, 2001, pp. 519-534. https://doi.org/10.1016/S0191-8869(00)00156-2
  16. V. Venkatesh, M. G. Morris, G. B. Davis, and F. D. Davis, "User acceptance of information technology: Toward a unified view," MIS Quarterly, vol. 27, no. 3, 2003, pp. 425-478. https://doi.org/10.2307/30036540
  17. R. N. Carleton, M. P. J. Norton, and G. J. Asmundson, "Fearing the unknown: A short version of the intolerance of uncertainty scale," J. of Anxiety Disorders, vol. 21, no. 1, 2007, pp. 105-117. https://doi.org/10.1016/j.janxdis.2006.03.014
  18. I. Hwang, D. Kim, T. Kim, and S. Kim, "Why not comply with information security? An empirical approach for the causes of non-compliance," Online Information Review, vol. 41, no. 1, 2017, pp. 2-18. https://doi.org/10.1108/OIR-11-2015-0358
  19. M. Siponen and A. Vance, "Neutralization: New insights into the problem of employee information systems security policy violations," MIS Quarterly, vol. 34, no. 3, 2010, pp. 487-502. https://doi.org/10.2307/25750688
  20. M. Tarafdar, Q. Tu, B. S. Ragu-Nathan, and T. S. Ragu-Nathan, "The impact of technostress on role stress and productivity," J. of Management Information Systems, vol. 24, no. 1, 2007, pp. 301-328. https://doi.org/10.2753/MIS0742-1222240109
  21. Z. Yan, X. Guo, M. Lee, and D. R. Vogel, "A conceptual model of technology features and technostress in telemedicine communication," Information Technology & People, vol. 26, no. 3, 2013, pp. 283-297. https://doi.org/10.1108/ITP-04-2013-0071
  22. I. Hwang, "The influence on the information security techno-stress on security policy resistance through strain: Focusing on the moderation of task technology fit," J. of the Korea Institute of Electronic Communication Sciences, vol. 16, no. 5, 2021, pp. 931-939.
  23. R. K. Jena, "Technostress in ICT enabled collaborative learning environment: An empirical study among Indian academician," Computers in Human Behavior, vol. 51, 2015, pp. 1116-1123. https://doi.org/10.1016/j.chb.2015.03.020
  24. K. Ruck and M. Welch, "Valuing internal communication; Management and employee perspectives," Public Relations Review, vol. 38, no. 2, 2012, pp. 294-302. https://doi.org/10.1016/j.pubrev.2011.12.016
  25. M. Welch and P. R. Jackson, "Rethinking internal communication: A stakeholder approach," Corporate Communications: An Int. J., vol. 12, no. 2, 2007, pp. 177-198. https://doi.org/10.1108/13563280710744847
  26. D. Jimenez-Castillo and M. Sanchez-Perez, "Nurturing employee market knowledge absorptive capacity through unified internal communication and integrated information technology," Information & Management, vol. 50, no. 2, 2013, pp. 76-86. https://doi.org/10.1016/j.im.2013.01.001
  27. J. B. Barlow, M. Warkentin, D. Ormond, and A. Dennis, "Don't even think about it! The effects of antineutralization, informational, and normative communication on information security compliance," J. of the Association for Information Systems, vol. 19, no. 8, 2018, pp. 689-715. https://doi.org/10.17705/1jais.00506
  28. I. Jo and J. Jo, "Differentiation of uncertainty and ambiguity in communication within the organization: On Antecedent Variables and Influences of Uncertainty and Ambiguity," J. of Communication Research, vol. 49, no. 1, 2012, pp. 220-258. https://doi.org/10.22174/jcr.2012.49.1.220
  29. A. Yazdanmehr, J. Wang, and Z. Yang, "Peers matter: The moderating role of social influence on information security policy compliance," Information Systems J., vol. 30, no. 5, 2020, pp. 791-844. https://doi.org/10.1111/isj.12271
  30. E. Bonabeau, "The perils of the imitation age," Harvard Business Review, vol. 82, no. 6, 2004, pp. 45-54.
  31. J. Wang, Z. Yang, and S. Bhattacharjee, "Same coin, different sides: Differential impact of social learning on two facets of music piracy," J. of Management Information Systems, vol. 28, no. 3, 2011, pp. 343-384. https://doi.org/10.2753/MIS0742-1222280310
  32. J. C. Nunnally, Psychometric theory (2nd ed.). New York: McGraw-Hill, 1978.
  33. C. Fornell and D. F. Larcker, "Evaluating structural equation models with unobservable variables and measurement error," J. of Marketing Research, vol. 18, no. 1, 1981, pp. 39-50. https://doi.org/10.1177/002224378101800104
  34. P. M. Podsakoff, S. B. MacKenzie, J. Lee, and N. P. Podsakoff, "Common method biases in behavioral research: A critical review of the literature and recommended remedies," J. of Applied Psychology, vol. 88, no. 5, 2003, pp. 879-903. https://doi.org/10.1037/0021-9010.88.5.879
  35. A. F. Hayes, Introduction to mediation, moderation, and conditional process analysis: A regression-based approach. New York: Guilford Publications, 2017.