Browse > Article

A Study on the Influence of the Components Related to Information Security Governance on the Perception and Behavior of Employees  

Kim, Young-Gon (Department of E-Business, Kyungnam University)
Publication Information
Journal of Advanced Navigation Technology / v.14, no.6, 2010 , pp. 935-950 More about this Journal
Abstract
The purpose of this study is to try to find out the relationship between the perception and behavior of employees and the Information Security Governance (ISG) which consists of leadership and governance, security management and organization, security policies, security program management, user security management, and technology protection and operations. Some effective suggestions from the verification of research hypotheses and the analysis of the most appropriate model were drawn out.
Keywords
IT Governance; Information Security Governance; Information Security Culture;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 김정덕, 홍기향, "정보보호 거버넌스 이슈 및 연구 과제," 정보보호학회지, 제17권 제4호, pp. 18-25, 2007.   과학기술학회마을
2 최훈, 김진우, "불확실성 회피성향이 수용 후 행동에 미치는 영향: 모바일 인터넷 서비스를 중심으로," 경영정보학연구, 제6권 제3호, pp. 95-116, 2006.
3 Baggett, W.O., "Creating a culture of security", The Infernal Auditor, Vol. 60, No.3, pp. 37-41, 2001
4 Chau, P.Y.K. and Hu, P.J.H,; "Information Technology Acceptance by Individual Professionals: A Model Comparison Approach," Decision Sciences, Vol. 32, No. 4, pp. 699-719, 2001.   DOI   ScienceOn
5 COBIT security baseline- An information security survival kit. (2004). Rolling Meadows, USA: IT Governance Institute.
6 Da Veiga, A. and Eloff J. H. P., "An Information Security Governance framework," Information Systems Management, Vol. 24, pp. 361-372, 2007.   DOI   ScienceOn
7 Da Veiga, A., Martins, N., and Eloff J. H. P., "Information security culture-validation of an assessment instrument," Southern African Business Review, Vol. 11, No. 1, pp. 147-66, 2007.
8 Davis, F.D., "Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology," MIS Quarterly. Vol. 13. No.3, pp. 319-340, 1989.   DOI   ScienceOn
9 Davis, F.D., Bagoui. R.P., and Warshaw, P.R., "Extrinsic and Intrinsic Motivation to Use Computers in the Workplace," Journal of Applied Social Psychology. Vol. 11, No. 14, pp. 1111-1132, 1992.
10 Deci, E.L, Intrinsic Motivation, Plenum Press, New York. 1975.
11 Donaldson, W. H., U.S. capital markets in the post-Sarbanes-Oxley world: Why our markets should matter to foreign issuers. U.S. Securities and Exchange Commission. London School of Economics and Political Science, 2005.
12 Duffy, J., IT Governance and business value part I: IT Governance- An issue of critical importance. IDC document #27291, 2002.
13 Fishbein M. and Ajzen, I., Belief, Altitude, Intentions and Behavior: An Introduction to Theory and Research. Addison-Wesley. 1975.
14 Guldentops, E., IT Governance: Pan and parcel of corporate governance, CIO Summit. European Financial Management & Marketing(EFMA) Conference, Brussels, 2003.
15 Hellriegel, D., Slocum, J. W. (Jr), & Woodman, R. W., Organizational Behavior, (8th ed.). Cincinnati, OH: South-Western College. 1998.
16 ISO/IEC 17799 (BS 7799-1), Information technology. Security techniques. Code of practice for information security management. Britain. 2005.
17 IT Governance Institute, Board briefing on IT Governance (www.itgi.org). 2001.
18 IT Governance Institute, CobiT Mapping: Overview of Internationanal Guidance. 2004.
19 Johnston, Allen C. and Hale, Ron, "Improved Security through Information Security Governance," Communications of the ACM, Vol. 51 Issue 1, pp. 126-129, Jan. 2009.
20 King Report. (2001). The King Report of corporate governance for South Africa, 2001 (Retrieved 12 January 2006 from http://www.iodsaco.za/downloads/King_Report_CORom_Brochure.pdf)
21 Lee, I., Kim, J.S., and Kim, J.W., "Use Contexts for the Mobile Data: A Longitudinal Study Monitoring Actual Use of Mobile Data Services," International Journal of Human Computer Interaction, Vol. 18, No.3, pp. 269-292, 2005.   DOI   ScienceOn
22 Mathieson, K., "Predicting User Intention: Comparing the Technology Acceptance Model with Theory, of Planned Behavior," Information Systems Research, Vol. 1, No.3, pp. 173-191, 1991.   DOI
23 Lufiman, J. and T. Brier, "Achieving and Sustaining Busiess - IT Alignment," California Management Review. Vol. 42, No. 1, pp. 109-122, 1999.   DOI
24 Martins, N., "A model for managing trust," International Journal of Manpower. Vol. 23, No.8, pp. 754-69, 2002.   DOI   ScienceOn
25 Mantins, A. & Eloff, J. H. P., Information Security Culture. In Security in the information society, IFIP/SEC2002. Boston: Kluwer Academic Publishers, 2002.
26 McCarthy, M. P. & Campbell, S., Security Transformation, McGraw-Hill: New York, 2001.
27 Peterson, R. R., Information stratgeies and tactics for Information Technology governance, Hershey. PA: Idea Group Publishing, 2003.
28 Posthumus, S. & von Solms, R., "A framework for the governance of information security," Computers and Security, Vol. 13, pp. 638-646, 2004.
29 Posthumus, S. & Von Solms, R., "IT Governance," Computer Fraud and Security, Vol. 6, pp. 11-17, 2005.
30 Price WaterhouseCoopers. Information Security Breaches Survey, 2004. (Retrieved 12 March 2005 from http://www.dti.gov.uk/industry_files/pdf/isbs_2004v3.pdf)
31 Richards, N., "The critical importance of information security to financial institutions," Business Credit, Vol. 104. NO.9. pp. 35-36. 2002.
32 Robbins. S., Organizational Behaviour, (9th ed.), New, Jersey: Prentice Hall, 2001.
33 Ross. B., "New directives beef lip trust in e-commerce," Computer Weekly News. Vol. 172, 2000.
34 Ryan R.M. and Deci, E.L., "Intrinsic and Extrinsic Motivations: Classic Definitions and New Directions." Contemporary Educational Psychology, Vol. 25, pp. 54-67, 2000.   DOI   ScienceOn
35 Tudor, J. K., Information Security Architecture-An integrated approach to security in an organization. Boca Raton. FL: Auerbach, 2000.
36 Sambamurthy, V. and R.W. Zmud, "Arrangements for Information Technology Governance: A Theory of Multiple Contingencies," MIS Quarterly. Vol. 23, No.2, pp. 261-290, 1999.   DOI   ScienceOn
37 Taylor. S. and Todd, P., "Understanding Information Technology Use: A Test of Competing Models," Information System Research, Vol. 6, NO. 2, pp. 144-176, 1995.   DOI   ScienceOn
38 Trelic, S., "Can you keep a secret?" Intelligent Enterprise. Vol. 4, No. 1. Jan. 2001.
39 Van Grembergen, W., "Introduction to the Minitrack: IT governance and the mechanisms," Proceedings of the 35th Hawaii International Conference on System Sciences (HICSS). IEEE., 2002.
40 Venkatesh, V. and Brown, S.A., "A Longitudinal Investigation of Personal Computers in Homes: Adoption Determinants and Emerging Challenges," MIS Quarterly, Vol. 25, No. 1, pp. 71-102, 2001.   DOI   ScienceOn
41 Venkatesh, V. and Davis, F.D., "A Theoretical Extension of the Technology Acceptance Model: Four Longitudinal Field Studies," Management Science, Vol. 46, No.2. pp. 186-204, 2000.   DOI   ScienceOn
42 Venkatesh, V. Moms, M.G., Davis, G.B, and Davis, F.D., "'User Acceptance of Information Technology toward a Unified View," MIS Quarterly, Vol. 27, No. 3, pp. 425-478, 2003.   DOI
43 Von Solms, B., "Information security"'1he third wave?'" Computers and Security, Vol. 19, No.7, pp. 615-620, Nov. 2000.   DOI   ScienceOn
44 Von Solms, S. H.. "Information Security Governance-compliance management vs. operational Management." Computers and Security, Vol. 24, No.6, pp. 443-447, 2005.   DOI   ScienceOn
45 Vroom, C., & Von Solms, R., "Towards information security behavioural compliance." Computers and Security, Vol. 23, No. 33, pp. 191-198, 2004.   DOI
46 Witty, R.J. & Hallawell, A., Client issues for security policies and architecture. Gartner. ID number: K-20-7780, 2003.
47 Weill, P. and M. Vitale, "What IT infrastructure capabilities arc needed to implement e-business models." MIS Quarterly Executive, Vol. 1, No. 1, pp. 17-34, 2002.