Browse > Article
http://dx.doi.org/10.21219/jitam.2019.26.2.027

Effects of Information Security Education on the Practice of Information Security for the Youth  

Kang, Min-Seong (Korea Standards Association Media)
Kim, Tae-Sung (Chungbuk National University)
Kim, Taek-Young (Department of Management Information System, Chungbuk National University)
Publication Information
Journal of Information Technology Applications and Management / v.26, no.2, 2019 , pp. 27-40 More about this Journal
Abstract
As reliance on information and communication becomes widespread, a variety of information dysfunctions such as hacking, viruses, and the infringement of personal information are also occurring. Korean adolescents are especially exposed to an environment in which they are experiencing information dysfunction. In addition, youth cybercrimes are steadily occurring. To prevent cybercrime and the damage caused by information dysfunction, information security practices are essential. Accordingly, the purpose of this study is to discuss the factors affecting the information security practices of Korean youths, considering information security education, perceived severity, and perceived vulnerability as leading factors of the theory of planned behavior. A questionnaire survey was administered to 118 middle and high school students. Results of the hypothesis test show that information security education affects perceived behavior control, and perceived severity affects attitude. Subjective norms, information security attitudes, and perceived behavioral control were found to influence adolescents' practices of information security. However, perceived vulnerabilities did not affect youths' information security attitudes. This study confirms that information security education can help youths to practice information security. In other words, information security education is important, and it is a necessary element in the information curriculum of contemporary youth. However, perceived vulnerability to youth information security threats did not affect information security attitudes. Consequently, we suggest that it is necessary to strengthen the contents of the information security education for Korean youths.
Keywords
Information Security Practice; Theory of Planned Behavior; Information Security Education; Information Curriculum;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 Ministry of Education, Ministry of Education Notification Notice No. 1992-11 Middle School Curriculum, 1992a.
2 Ministry of Education, Ministry of Education Notification No. 1992-19 High School Curriculum, 1992b.
3 Ministry of Education, Ministry of Education Notice No. 1997-15 [Separate 3] Middle School Curriculum, 1997a.
4 Ministry of Education, Ministry of Education Notice No. 1997-15 [Separate 4] High School Curriculum, 1997b.
5 Ministry of Education, Ministry of Education notification 2015-74 [Separate 4] High school education course. 2015b.
6 Ministry of Science and ICT, 2017 Survey on the Internet Usage, 2018.
7 Ng, B. Y., Kankanhalli, A., and Xu, Y. C., "Studying users' computer security behavior : A health belief perspective", Decision Support Systems, Vol. 46, No. 4, 2009, pp. 815-825.   DOI
8 Park, C. O. and Lee, S. W., "A study of the User Privacy Protection Behavior in Online Environment : Based on Protection Motivation Theory", Journal of Internet Computing and Services, Vol. 15, No. 2, 2014, pp. 59-71.   DOI
9 Police Cyber Bureau, Cyber Crime Statistics, 2018.
10 Rhee, H. S., Kim, C., and Ryu, Y. U., "Selfefficacy in information security : Its influence on end users' information security practice behavior", Computers and Security, Vol. 28, No. 8, 2009, pp. 816-826.   DOI
11 Safa, N. S., Von Solms, R., and Furnell, S., "Information security policy compliance model in organization", Computers and Security, Vol. 56, No. 5, 2016, pp. 70-82.   DOI
12 Shropshire, J., Warkentin, M., and Sharma, S., "Personality, attitudes, and intentions : Predicting initial adoption of information security behavior", Computers and Security, Vol. 49, No. 12, 2015, pp. 177-191.   DOI
13 Siponen, M. T., "A conceptual foundation for organizational information security awareness", Information Management and Computer Security, Vol. 8, No. 1, 2000, pp. 31-41.   DOI
14 Ministry of Education, Ministry of Education Notice No. 2015-74 [Separate 3] Middle School Curriculum, 2015a.
15 Sung, E. S. and Na, S. I., "The Effects of the Integrated STEM Education on Science and Technology Subject Self-efficacy and Attitude toward Engineering in High School Students", Korean Technology Education Association, Vol. 12, No. 1, 2012, pp. 255-274.
16 Tenenhaus, M., Vinzi, V. E., Chatelin, Y. M., and Lauro, C., "PLS path modeling", Computational Statistics & Data Analysis, Vol. 48, No. 1, 2005, pp. 159-205.   DOI
17 Thompson, C. B., "Apoptosis in the pathogenesis and treatment of disease", Science, Vol. 267, No. 5203, 1995, pp. 1456-1462.   DOI
18 Vance, A., Siponen, M., and Pahnila, S., "Motivating IS security compliance : insights from habit and protection motivation theory", Information and Management, Vol. 49, No. 3-4, 2012, pp. 190-198.   DOI
19 Wang, P. A., "Information security knowledge and behavior : An adapted model of technology acceptance", In Education Technology and Computer (ICETC), 2010 2nd International Conference on (Vol. 2, pp. V2-364). IEEE, 2010.
20 Wetzels, M., Odekerken-Schroder, G., and Van Oppen, C., "Using PLS path modeling for assessing hierarchical construct models : Guidelines and empirical illustration", MIS Quarterly, Vol. 33, No. 1, 2009, pp. 177-195.   DOI
21 Ajzen, I., "Perceived behavioral control, self-efficacy, locus of control, and the theory of planned behavior", Journal of Applied Social Psychology, Vol. 32, No. 4, 2002, pp. 665-683.   DOI
22 Albrechtsen, E., "A qualitative study of users' view on information security", Computers and Security, Vol. 26, No. 4, 2007, pp. 276-289.   DOI
23 Arachchilage, N. A. G. and Love, S., "Security awareness of computer users : A phishing threat avoidance perspective", Computers in Human Behavior, Vol. 38, 2014, pp. 304-312.   DOI
24 Ajzen, I., "The theory of planned behavior", Organizational Behavior and Human Decision Processes, Vol. 50, No. 2, 1991, pp. 179-211.   DOI
25 Bandura, A., "Self-efficacy : toward a unifying theory of behavioral change", Psychological Review, Vol. 84, No. 2, 1977, pp. 191-215.   DOI
26 Boannews, "Information security technology I've been teaching so well...?", 2016. 01. 22.
27 Chin, W. W., "The partial least squares approach to structural equation modeling", Modern Methods for Business Research, Vol. 295, No. 2, 1998, pp. 295-336.
28 Bulgurcu, B., Cavusoglu, H., and Benbasat, I., "Roles of information security awareness and perceived fairness in information security policy compliance", AMCIS 2009 Proceedings, Vol. 419, 2009.
29 Bulgurcu, B., Cavusoglu, H., and Benbasat, I., "Information security policy compliance : an empirical study of rationality-based beliefs and information security awareness", MIS Quarterly, Vol. 34, No. 3, 2010, pp. 523-548.   DOI
30 Chin, W. W. and Gopal, A., "Adoption intention in GSS : relative importance of beliefs", ACM SigMIS Database, Vol. 26, No. 2-3, 1995, pp. 42-64.   DOI
31 Falk, R. F. and Miller, N. B., A Primer for Soft Modeling. University of Akron Press, 1992.
32 Choi, S. J., Kim, H. Y., and Kim, T. Y., "Factors Affecting Information Security Practice of Elementary School Students", Journal of The Korea Institute of Information Security and Cryptology, Vol. 26, No. 2, 2016, pp. 449-461.   DOI
33 CSTA, CSTA K-12 Computer Science Standards, 2016.
34 Department for Education, The National Curriculum in England : Framework Document, 2014, England.
35 Fishbein, M. and Ajzen, I., Belief, Attitude, Intention and Behavior : An Introduction to Theory and Research, Addison-Wesley, Reading, MA, 1975.
36 Fornell, C. and Larcker, D. F., "Evaluating structural equation models with unobservable variables and measurement error", Journal of Marketing Research, Vol. 18, No. 1, 1981, pp. 39-50.   DOI
37 Jung, J. J. and Youn, S. C., "A Study on the Improvement Policy of the Deterrent Effect in Accordance with the Trend of the Juvenile Cyber-Crime", Journal of Police, Vol. 14, No. 1, 2014, pp. 53-80.
38 Herath, T. and Rao, H. R., "Encouraging information security behaviors in organizations : Role of penalties, pressures and perceived effectiveness", Decision Support Systems, Vol. 47, No. 2, 2009, pp. 154-165.   DOI
39 Ifinedo, P., "Understanding information systems security policy compliance : An integration of the theory of planned behavior and the protection motivation theory", Computers and Security, Vol. 31, No. 1, 2012, pp. 83-95.   DOI
40 Ifinedo, P., "Information systems security policy compliance : An empirical study of the effects of socialisation, influence, and cognition", Information and Management, Vol. 51, No. 1, 2014, pp. 69-79.   DOI
41 Korea Legislation Research Institute, Improvement of Personal Information Protection Law in the Era of the 4th Industrial Revolution 2017.
42 Kim, D. Y., "Verification of The prediction model on Participation behavior of Youth activity", Korea Youth Studies, Vol. 24, No. 1, 2017, pp. 307-333.   DOI
43 Korea Education and Research Information Service, Analysis of Information Dysfunction Prevention Trend and Study on Improvement of Information and Communication Education, 2014.
44 Korea Information Society Development Institute, 4th Industrial Revolution and Changes in the Industrial Structure, 2016.
45 Lee, J. C. and Park, M. J., "The Prediction of Career Information-Seeking Behavior of Adolescents : An Application of the Theory of Planned Behavior", The Korean Journal of Counseling and Psychotherapy, Vol. 20, No. 3, 2008, pp. 795-818.
46 Lee, Y. E. and Lee, H. N., "The effects of engineering design and science inquiry-based STEAM education program on middle school students' interest in science, mathematics, technology, self-efficacy and career choice", Journal of Research in Curriculum and Instruction, Vol. 18, 2014, pp. 513-540.   DOI
47 Liang, H. and Xue, Y., "Understanding security behaviors in personal computer usage : A threat avoidance perspective", Journal of the Association for Information Systems, Vol. 11, No. 7, 2010, pp. 394-413.   DOI