DOI QR코드

DOI QR Code

The Influence of Information Security Techno-stress and Organizational Justice on Compliance Intention: Focusing on the Theory of Planned Behavior

정보보안 기술 스트레스와 조직 공정성이 준수 의도에 미치는 영향: 계획된 행동이론을 중심으로

  • In-Ho Hwang (College of General Education, Kookmin University)
  • Received : 2024.06.18
  • Accepted : 2024.07.25
  • Published : 2024.08.31

Abstract

Organizations amplify their information security (IS) technical investments as the demand for IS escalates. This research suggests conditions for enhancing insider compliance with IS, focusing on the potential for behavior modification through techno-stress and organizational justice, based on the theory of planned behavior. To test the proposed hypothesis, this study utilized a survey methodology on 383 employees from companies with implemented IS. The test results showed that IS techno-stress (overload and uncertainty) caused by reduced attitudes of employees, and organizational justice increased subjective norms, influencing IS compliance intentions along with self-efficacy. Additionally, organizational justice has been found to alleviate the adverse effects of IS overload and uncertainty on attitudes. The findings are expected to help clarify measures for achieving IS performance within the organization by proposing organizational justice conditions to improve the negative IS environment of the organization.

사회적으로, 정보보안에 대한 필요성이 증가하면서, 조직들은 정보보안을 위한 기술적 투자를 강화하고 있다. 본 연구는 상대적으로 관심이 부족한 내부자의 정보보안 준수 체계 강화를 위한 방안을 제시하였다. 특히, 조직에서 개인의 행동 원인을 설명하는 계획된 행동이론을 반영하여 기술 스트레스와 조직 공정성을 통해 행동이 변화할 수 있음을 밝히고자 하였다. 연구는 정보보안 도입 기업에 근무하는 조직원에 설문 조사를 하였으며, 383건의 표본을 활용하여 가설 검정을 하였다. 검정 결과, 정보보안 기술에 의한 스트레스(과부하와 불확실성)가 조직원의 태도를 감소시키고, 조직 공정성이 주관적 규범을 높였으며, 자기 효능감과 함께 준수 의도에 영향을 주었다. 더불어, 조직 공정성이 과부하 및 불확실성의 태도에 미치는 부정적 영향을 완화하는 것을 확인하였다. 연구 결과는 조직의 부정적 보안 환경을 개선하기 위한 조직 공정성 조건을 제시하여, 조직 내부의 보안 성과 달성을 위한 방안 마련에 도움을 줄 것으로 기대한다.

Keywords

References

  1. Ministry of Science and ICT, Korea Information Security Industry Association, "2023 survey on information security," Report, Feb. 2024. 
  2. Nettgov, "Biden administration releases draft zero-trust guidance," Report, Sept. 2021. 
  3. I. Hwang, "The Influence of IS technology and communication uncertainty on IS voice behavior: The role of susceptibility to informational influence of employee," J. of the Korea Institute of Electronic Communication Sciences, vol. 18, no. 1, 2023, pp. 165-176. http://dx.doi.org/10.13067/JKIECS.2023.18.1.165 
  4. Verizon, "2022 data breach investigations report," Report, Des. 2022. 
  5. B. Bulgurcu, H. Cavusoglu, and I. Benbasat, "Information security policy compliance: An empirical study of rationality based beliefs and information security awareness," MIS Quarterly, vol. 34, no. 3, 2010, pp. 523-548. https://doi.org/10.2307/25750690 
  6. P. Ifinedo, "Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory," Computers & Security, vol. 31, no. 1, 2012, pp. 83-95. https://doi.org/10.1016/j.cose.2011.10.007 
  7. C. Lee, C. Lee, and S. Kim, "Understanding information security stress: Focusing on the type of information security compliance activity," Computers & Security, vol. 59, 2016, pp. 60-70. https://doi.org/10.1016/j.cose.2016.02.004 
  8. I. Hwang and O. Cha, "Examining technostress creators and role stress as potential threats to employees' information security compliance," Computers in Human Behavior, vol. 81, 2018, pp. 282-293. https://doi.org/10.1016/j.chb.2017.12.022 
  9. A. C. Johnston and M. Warkentin, "Fear appeals and information security behaviors: An empirical study," MIS Quarterly, vol. 34, no. 3, 2010, pp. 549-566. https://doi.org/10.2307/25750691 
  10. I. Ajzen, "The theory of planned behavior," Organizational Behavior and Human Decision Processes, vol. 50, no. 2, 1991, pp. 179-211. https://doi.org/10.1016/0749-5978(91)90020-T 
  11. J. Cox, "Information systems user security: A structured model of the knowing-doing gap," Computers in Human Behavior, vol. 28, no. 5, 2012, pp. 1849-1858. https://doi.org/10.1016/j.chb.2012.05.003 
  12. T. Sommestad, H. Karlzen, and J. Hallberg, "The sufficiency of the theory of planned behavior for explaining information security policy compliance," Information & Computer Security, vol. 23, no. 2, 2015, pp. 200-217. https://doi.org/10.1108/ICS-04-2014-0025 
  13. M. Vakola and I. Nikolaou, "Attitudes towards organizational change: What is the role of employees' stress and commitment?," Employee Relations, vol. 27, no. 2, 2005, pp. 160-174. https://doi.org/10.1108/01425450510572685 
  14. I. Hwang, "The effect on the IS role stress on the IS compliance intention through IS self-determination: Focusing on the moderation of person-organization fit," J. of the Korea Institute of Electronic Communication Sciences, vol. 17, no. 2, 2022, pp. 375-386. http://dx.doi.org/10.13067/JKIECS.2022.17.2.375 
  15. Y. Chen, K. Ramamurthy, and K. W. Wen, "Organizations' information security policy compliance: Stick or carrot approach?," J. of Management Information Systems, vol. 29, no. 3, 2012, pp. 157-188. https://doi.org/10.2753/MIS0742-1222290305 
  16. N. S. Safa and R. Von Solms, "An information security knowledge sharing model in organizations," Computers in Human Behavior, vol. 57, 2016, pp. 442-451. https://doi.org/10.1016/j.chb.2015.12.037 
  17. W. R. Flores and M. Ekstedt, "Shaping intention to resist social engineering through transformational leadership, information security culture and awareness," Computers & security, vol. 59, 2016, pp. 26-44. https://doi.org/10.1016/j.cose.2016.01.004 
  18. R. K. Jena, "Technostress in ICT enabled collaborative learning environment: An empirical study among Indian academician," Computers in Human Behavior, vol. 51, 2015, pp. 1116-1123. https://doi.org/10.1016/j.chb.2015.03.020 
  19. M. Tarafdar, Q. Tu, B. S. Ragu-Nathan, and T. S. Ragu-Nathan, "The impact of technostress on role stress and productivity," J. of Management Information Systems, vol. 24, no. 1, 2007, pp. 301-328. https://doi.org/10.2753/MIS0742-1222240109 
  20. M. Tarafdar, E. B. Pullins, and T. S. Ragu Nathan, "Technostress: Negative effect on performance and possible mitigations," Information Systems J., vol. 25, no. 2, 2015, pp. 103-132. https://doi.org/10.1111/isj.12042 
  21. C. Yoon, "Theory of planned behavior and ethics theory in digital piracy: An integrated model," J. of business ethics, vol. 100, 2011, pp. 405-417. https://doi.org/10.1007/s10551-010-0687-7 
  22. M. A. Alam, "Techno-stress and productivity: Survey evidence from the aviation industry," J. of Air Transport Management, vol. 50, 2016, pp. 62-70. https://doi.org/10.1016/j.jairtraman.2015.10.003 
  23. T. A. Judge and J. A. Colquitt, "Organizational justice and stress: The mediating role of work-family conflict," J. of Applied Psychology, vol. 89, no. 3, 2004, pp. 395-404. https://doi.org/10.1037/0021-9010.89.3.395 
  24. J. Son and J. Park, "Procedural justice to enhance compliance with non-work-related computing (NWRC) rules: Its determinants and interaction with privacy concerns," Int. J. of Information Management, vol. 36, no. 3, 2016, pp. 309-321. https://doi.org/10.1016/j.ijinfomgt.2015.12.005 
  25. G. Jacobs, F. D. Belschak, D. N. Den Hartog, "(Un) ethical behavior and performance appraisal: The role of affect, support, and organizational justice," J. of business ethics, vol. 121, 2014, pp. 63-76. https://doi.org/10.1007/s10551-013-1687-1 
  26. M. L. Ambrose and M. Schminke, "The role of overall justice judgments in organizational justice research: A test of mediation," J. of Applied Psychology, vol. 94, no. 2, 2009, pp. 491-500. https://doi.org/10.1037/a0013203 
  27. Y. Xue, H. Liang, and L. Wu, "Punishment, justice, and compliance in mandatory IT settings," Information Systems Research, vol. 22, no. 2, 2011, pp. 400-414. https://doi.org/10.1287/isre.1090.0266 
  28. I. Hwang, "The impact of IS policy and sanction perceptions on compliance intention through justice: The role of justice sensitivity," J. of the Korea Institute of Electronic Communication Sciences, vol. 18, no. 2, 2023, pp. 337-348. http://dx.doi.org/10.13067/JKIECS.2023.18.2.337 
  29. J. C. Nunnally, Psychometric theory (2nd ed.). New York: McGraw-Hill, 1978. 
  30. C. Fornell and D. F. Larcker, "Evaluating structural equation models with unobservable variables and measurement error," J. of Marketing Research, vol. 18, no. 1, 1981, pp. 39-50. https://doi.org/10.1177/002224378101800104 
  31. A. F. Hayes, Introduction to mediation, moderation, and conditional process analysis: A regression-based approach. New York: Guilford Publications, 2017.