The Journal of the Korea institute of electronic communication sciences (한국전자통신학회논문지)

Korea Institute of Electronic Communication Science (한국전자통신학회)
권호 표지
DOI QR코드

DOI QR Code

The Influence of Information Security Related Work Stress on Information Security Policy Resistance through Job Burnout

정보보안 관련 업무 스트레스가 직무 소진을 통해 정보보안 정책 저항에 미치는 영향

  • In-Ho Hwang (College of General Education, Kookmin University)
  • Received : 2024.02.29
  • Accepted : 2024.04.12
  • Published : 2024.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, the importance of information security (IS) has been socially recognized, leading organizations to adopt IS policies, secure specialized personnel, and demand IS compliance from employees. However, the implementation of these policies can disrupt existing work processes, causing resistance among employees. This study aims to elucidate the mechanism linking work stress, caused by IS policies that do not consider the work system, to individual job burnout and IS policy resistance. We established a research model and hypotheses based on previous studies and utilized structural equation modeling with data collected from organization members of companies that have implemented IS policies. The results of the structural equation modeling confirmed that work ambiguity and work impediment are linked to IS policy resistance through job burnout, characterized by emotional exhaustion and disengagement. Our findings suggest that the swift implementation of IS policies can provoke a backlash from employees, with stress being the primary cause. This paradoxically indicates the need for the development of organization-specific IS policies.

최근, 정보보안이 사회적으로 중요하게 인식되면서 조직들은 정보보안 정책 도입 및 전문 인력을 확보하고, 조직원들에게는 정보보안 준수를 요구하고 있다. 하지만, 기존 업무 체계를 변화시킨 정보보안 정책의 도입은 조직원들의 업무적 저항을 발생시킬 수 있다. 본 연구는 업무 체계를 반영하지 못한 보안 정책이 업무 스트레스를 발현시킬 수 있음을 고려하여, 보안에 의한 업무 스트레스가 개인의 직무 소진 및 조직의 정보보안 정책 저항으로 연계되는 메커니즘을 설명하고자 하였다. 선행연구를 반영하여 연구 모델 및 가설을 설정하고, 정보보안 정책을 도입한 기업의 조직원들로부터 확보한 데이터를 활용하여 구조방정식모델링을 하였다. 검정 결과, 업무 모호성과 업무 장애가 직무 소진(감정 소진 및 심리적 이탈)을 통해 정보보안 정책 저항으로 연계되는 것을 확인하였다. 본 연구는 급격한 정보보안 정책의 적용이 조직원의 반발을 일으킬 수 있으며 원인이 스트레스에 있음을 제시하여, 역설적으로 조직 맞춤형 보안 정책의 도입 필요성을 제언한다.

Keywords

References

  1. Korea Information Security Industry Association, "2021 survey on information security," Report, Jan. 2022.
  2. F. Kitsios, E. Chatzidimitriou, and M. Kamariotou, "The ISO/IEC 27001 information security management standard: How to extract value from data in the IT sector," Sustainability, vol. 15, no. 7, 2023, pp. 5828.
  3. Verizon, "2021 data breach investigations report," Report, Dec. 2021.
  4. B. Bulgurcu, H. Cavusoglu, and I. Benbasat, "Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness," MIS Quarterly, vol. 34, no. 3, 2010, pp. 523-548. https://doi.org/10.2307/25750690
  5. Y. Chen, K. Ramamurthy, and K. W. Wen, "Organizations' information security policy compliance: Stick or carrot approach?," J. of Management Information Systems, vol. 29, no. 3, 2012, pp. 157-188. https://doi.org/10.2753/MIS0742-1222290305
  6. M. J. Merhi and P. Ahluwalia, "Examining the impact of deterrence factors and norms on resistance to information systems security," Computers in Human Behavior, vol. 92, 2019, pp. 37-46. https://doi.org/10.1016/j.chb.2018.10.031
  7. I. Hwang and O. Cha, "Examining technostress creators and role stress as potential threats to employees' information security compliance," Computers in Human Behavior, vol. 81, 2018, pp. 282-293. https://doi.org/10.1016/j.chb.2017.12.022
  8. J. D'Arcy and P. L. Teh, "Predicting employee information security policy compliance on a daily basis: The interplay of security-related stress, emotions, and neutralization," Information & Management, vol. 56, no. 7, 2019, pp. 103151.
  9. E. Demerouti, A. B. Bakker, F. Nachreiner, and W. B. Schaufeli, "The job demands-resources model of burnout," J. of Applied Psychology, vol. 86, no. 3, 2001, pp. 499-512. https://doi.org/10.1037//0021-9010.86.3.499
  10. A. Tziner, E. Rabenu, R. Radomski, and A. Belkin, "Work stress and turnover intentions among hospital physicians: The mediating role of burnout and work satisfaction," Revista de Psicologia del Trabajo y de las Organizaciones, vol. 31, no. 3, 2015, pp. 207-213. https://doi.org/10.1016/j.rpto.2015.05.001
  11. S. Oreg, "Personality, context, and resistance to organizational change," European J. of Work and Organizational Psychology, vol. 15, no. 1, 2006, pp. 73-101. https://doi.org/10.1080/13594320500451247
  12. I. Hwang, "The effect on the IS psychological empowerment on the mitigation of IS policy resistance through IS role stress: Focusing on the moderation of IS justice climate" J. of the Korea Institute of Electronic Communication Sciences, vol. 17, no. 1, 2022, pp. 1-12.
  13. C. Maslach. and S. E. E. Jackson, Maslach Burnout Inventory Manual, 2nd edn. Consulting Palo Alto, California: Psychologists Press, 1986.
  14. Z. Yao, X. Zhang, J. Luo, and H. Huang, "Offense is the best defense: The impact of workplace bullying on knowledge hiding," J. of Knowledge Management, vol. 24, no. 3, 2020, pp. 675-695. https://doi.org/10.1108/JKM-12-2019-0755
  15. K. Y. Koay, "Workplace ostracism and cyberloafing: A moderated-mediation model," Internet Research, vol. 28, no. 4, 2018, pp. 1122-1141. https://doi.org/10.1108/IntR-07-2017-0268
  16. R. Ayyagari, V. Grover, and R. Purvis, "Technostress: Technological antecedents and implications," MIS Quarterly, vol. 35, no. 4, 2011, pp. 831-858. https://doi.org/10.2307/41409963
  17. I. Hwang, "The mitigation of information security role stress: The role of information security policy goal setting and regulatory focus," J. of the Korea Institute of Electronic Communication Sciences, vol. 18, no. 6, 2023, pp. 1177-1188.
  18. H. C. Pham, L. Brennan, and S. Furnell, "Information security burnout: Identification of sources and mitigating factors from security demands and resources," J. of Information Security and Applications, vol. 46, 2019, pp. 96-107. https://doi.org/10.1016/j.jisa.2019.03.012
  19. M. Y. Leung, Y. Shan Isabelle Chan, and C. Dongyu, "Structural linear relationships between job stress, burnout, physiological stress, and performance of construction project managers," Engineering, Construction and Architectural Management, vol. 18, no. 3, 2011, pp. 312-328. https://doi.org/10.1108/09699981111126205
  20. I. Hwang, "The effect on the IS role stress on the IS compliance intention through IS self-determination: Focusing on the moderation of person-organization fit," J. of the Korea Institute of Electronic Communication Sciences, vol. 17, no. 2, 2022, pp. 375-386.
  21. J. C. Nunnally, Psychometric theory (2nd ed.). New York: McGraw-Hill, 1978.
  22. C. Fornell and D. F. Larcker, "Evaluating structural equation models with unobservable variables and measurement error," J. of Marketing Research, vol. 18, no. 1, 1981, pp. 39-50.  https://doi.org/10.1177/002224378101800104