Browse > Article
http://dx.doi.org/10.5392/JKCA.2021.21.04.153

A Study on the Mitigation of Anxiety that Negatively Affect Information Security Compliance  

Hwang, Inho (국민대학교 교양대학)
Publication Information
The Journal of the Korea Contents Association / v.21, no.4, 2021 , pp. 153-165 More about this Journal
Abstract
The purpose of this study is to find precedent factors that positively and negatively affect the information security compliance intention. In detail, the study finds precedent factors to reduce anxiety that negatively affects compliance intentions, and confirms that feedback moderates the negative relationship between anxiety and compliance intention. The questionnaire was targeted at office workers working in organizations with information security policies, and research hypothesis verification was conducted through structural equation modeling to analyze main effects and moderation effects. As a result of the study, anxiety had a negative effect on the compliance intention, and the organizational culture that was raised through management support reduced anxiety of employees. In addition, feedback mitigated the negative impact relationship between anxiety and compliance intention. The implications of this study were to suggest a direction to mitigate the anxiety of the employees of the organization through the introduction and operation of information security technology.
Keywords
Compliance Intention; Anxiety; Top Management Support; Organizational Culture; Feedback;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 J. D'Arcy, A. Hovav, and D. Galletta, "User Awareness of Security Countermeasures and its Impact on Information Systems Misuse: A Deterrence Approach," Information Systems Research, Vol.20, No.1, pp.79-98, 2009. DOI : 10.1287/isre.1070.0160.   DOI
2 A. R. Said, H. Abdullah, J. Uli, and Z. A. Mohamed, "Relationship between Organizational Characteristics and Information Security Knowledge Management Implementation," Procedia-Social and Behavioral Sciences, Vol.123, No.20, pp.433-443, 2014. DOI : 10.1016/j.sbspro.2014.01.1442   DOI
3 J. C. Nunnally, Psychometric Theory (2nd ed.), New York: McGraw-Hill. 1978.
4 T. Kim, "Situation Analysis and Education Plan of Security Ethics for Training College Students Majoring in Information Security," Journal of the Korea Contents Association, Vol.17, No.4, pp.596-605, 2017. DOI : 10.5392/JKCA.2017.17.04.596.   DOI
5 B. H. Wixom and H. J. Watson, "An Empirical Investigation of the Factors Affecting Data Warehousing Success," MIS Quarterly, Vol.25, No.1, pp.17-41, 2001. DOI : 10.2307/3250957.   DOI
6 C. Fornell and D. F. Larcker, "Evaluating Structural Equation Models with Unobservable Variables and Measurement Error," Journal of Marketing Research, Vol.18, No.1, pp.39-50, 1981. DOI: 10.2307/3151312.   DOI
7 K. H. Guo, Y. Yuan, N. P. Archer, and C. E. Connelly, "Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior Model," Journal of Management Information Systems, Vol.28, No.2, pp.203-236, 2011. DOI : 10.2753/MIS0742-1222280208.   DOI
8 M. C. Andrews and K. M. Kacmar, "Confirmation and Extension of the Sources of Feedback Scale in Service-based Organizations," The Journal of Business Communication, Vol.38, No.2, pp.206-226, 2001. DOI : 10.1177/002194360103800204   DOI
9 V. L. Mitchell, "Knowledge Integration and Information Technology Project Performance," MIS Quarterly, Vol.30, No.4, pp.919-939, 2006. DOI : 10.2307/25148759   DOI
10 I. Hwang, D. Kim, T. Kim, and S. Kim, "Why not Comply with Information Security? An Empirical Approach for the Causes of Non-compliance," Online Information Review, Vol.41, No.1, pp.1-17, 2017. DOI : 10.1108/OIR-11-2015-0358.   DOI
11 I. Hwang, R. Wakefield, S. Kim, and T. Kim, "Security Awareness: The First Step in Information Security Compliance Behavior," Journal of Computer Information Systems, pp.1-12. 2019. DOI: 10.1080/08874417.2019.1650676.   DOI
12 N. J. Adler and M. Jelinek, "Is "Organization Culture" Culture Bound?," Human Resource Management, Vol.25, No.1, pp.73-90, 1986,   DOI
13 S. Ernest Chang and C. S. Lin, "Exploring Organizational Culture for Information Security Management," Industrial Management & Data Systems, Vol.107, No.3, pp.438-458, 2007. DOI: 10.1108/02635570710734316.   DOI
14 K. J. Knapp, R. F. Morris, T. E. Marshall, and T. A. Byrd, "Information Security Policy: An Organizational-level Process Model," Computers & Security, Vol.28, No.7, pp.493-508, 2009. DOI : 10.1016/j.cose.2009.07.001.   DOI
15 M. R. Simonson, M. Maurer, M. Montag-Torardi, and M. Whitaker, "Development of a Standardized Test of Computer Literacy and a Computer Anxiety Index," Journal of Educational Computing Research, Vol.3, No.2, pp.231-247, 1987.   DOI
16 I. Hwang, "A Study on Mitigation of Information Security Related Work Stress," Journal of Convergence for Information Technology, Vol.10, No.9, pp.123-135, 2020.   DOI
17 B. McAfee, V. Quarstein, and A. Ardalan, "The Effect of Discretion, Outcome Feedback, and Process Feedback on Employee Job Satisfaction," Industrial Management & Data Systems, Vol.95, No.5, pp.7-12, 1995. DOI : 10.1108/02635579510088128.   DOI
18 P. M. Podsakoff, S. B. MacKenzie, J. Y. Lee, and N. P. Podsakoff, "Common Method Biases in Behavioral Research: A Critical Review of the Literature and Recommended Remedies," Journal of Applied Psychology, Vol.88, No.5, pp.879-903, 2003. DOI : 10.1037/0021-9010.88.5.879.   DOI
19 G. C. Lin, Z. Wen, H. W. Marsh, and H. S. Lin, "Structural Equation Models of Latent Interactions: Clarification of Orthogonalizing and Double-mean-centering Strategies," Structural Equation Modeling, Vol.17, No.3, pp. 374-391, 2010. DOI : 10.1080/10705511.2010.488999.   DOI
20 Grand View Research,.Cyber Security Market Size, Share & Trends Analysis Report By Component, By Security Type, By Solution, By Service, By Deployment, By Organization, By Application, By Region, And Segment Forecasts, 2020 - 2027, 2020.
21 Y. Kim and M. Jung, "Interrelationship between leadership, Organizational Culture and Organizational Commitment," Journal of the Korea Contents Association, Vol.12, No.12, pp. 201-211, 2012. DOI : 10.5392/JKCA.2012.12.12.201.   DOI
22 A. Kankanhalli, H. H. Teo, B. C. Tan, and K. Wei, "An Integrative Study of Information Systems Security Effectiveness," International Journal of Information Management, Vol.23, No.2, pp.139-154, 2003. DOI: 10.1016/S0268-4012(02)00105-6.   DOI
23 H. Lansisalmi, J. M. Peiro, and M. Kivimaki IV, "Collective Stress and Coping in the Context of Organizational Culture," European Journal of Work and Organizational Psychology, Vol.9, No.4, pp.527-559, 2000. DOI : 10.1080/13594320050203120.   DOI
24 S. E. Chang and C. S. Lin, "Exploring Organizational Culture for Information Security Management," Industrial Management & Data System, Vol.106, No.3, pp.438-458, 2007. DOI : 10.1108/02635570710734316.   DOI
25 W. S. Brown, "Ontological Security, Existential Anxiety and Workplace Privacy," Journal of Business Ethics, Vol.23, No.1, pp.61-65, 2000. DOI: 10.1023/A:1006223027879.   DOI
26 B. Bulgurcu, H. Cavusoglu, and I. Benbasat, "Information Security Policy Compliance: An Empirical Study of Rationality-based Beliefs and Information Security Awareness," MIS Quarterly, Vol.34, No.3, pp.523-548, 2010.   DOI
27 M. Noh, "The Relationship Analysis of Online Security, Social Network Service, and Smartphone Expenses," Journal of the Korea Contents Association, Vol.19, No.1, pp.648-659, 2018. DOI : 10.5392/JKCA.2019.19.01.648.   DOI
28 Verizon, 2020 Data Breach Investigations Report, 2020.
29 R. West, "The Psychology of Security," Communications of the ACM, Vol.51, No.4, pp.34-40, 2008. DOI : 10.1145/1330311.1330320.   DOI
30 Y. Chen, K. Ramamurthy, and K. W. Wen, "Organizations' Information Security Policy Compliance: Stick or Carrot Approach?," Journal of Management Information Systems, Vol.29, No.3, pp.157-188, 2010.   DOI
31 T. Sommestad, H. Karlzen, and J. Hallberg, "The Sufficiency of the Theory of Planned Behavior for Explaining Information Security Policy Compliance," Information & Computer Security, Vol.23, No.2, pp.200-217, 2015. DOI : 10.1108/ICS-04-2014-0025.   DOI
32 J. D'Arcy and P. L. The, "Predicting Employee Information Security Policy Compliance on a Daily Basis: The Interplay of Security-related Stress, Emotions, and Neutralization," Information & Management, Vol.56, No.7, pp.103151, 2019. DOI : 10.1016/j.im.2019.02.006.   DOI
33 I. Hwang and O. Cha, "Examining Technostress Creators and Role Stress as Potential Threats to Employees' Information Security Compliance," Computers in Human Behavior, Vol.81, pp.282-293, 2018. DOI : 10.1016/j.chb.2017.12.022.   DOI
34 E. S. Williams, L. B. Manwell, T. R. Konrad, and M. Linzer, "The Relationship of Organizational Culture, Stress, Satisfaction, and Burnout with Physician-reported Error and Suboptimal Patient Care: Results from the MEMO Study," Health Care Management Review, Vol.32, No.3, pp.203-212, 2007. DOI: 10.1097/01.HMR.0000281626.28363.59.   DOI
35 I. Hwang, D. Kim, T. Kim, and J. Kim, "The Study about Security Compliance Intention and Knowledge of Employee based on Security Culture of Organization," Information Systems Review, Vol.18, No.1, pp.1-23, 2016. DOI : 10.14329/isr.2016.18.1.001.   DOI
36 V. Venkatesh, M. G. Morris, G. B. Davis, and F. D. Davis, "User Acceptance of Information Technology: Toward a Unified View," MIS Quarterly, Vol.27, No.3, pp.425-478, 2003.   DOI
37 B. E. Wright, "The Role of Work Context in Work Motivation: A Public Sector Application of Goal and Social Cognitive Theories," Journal of Public Administration Research and Theory, Vol.14, No.1, pp.59-78, 2004. DOI : 10.1093/jopart/muh004.   DOI