Browse > Article
http://dx.doi.org/10.13089/JKIISC.2008.18.4.123

The Effects of Security Policies, Security Awareness and Individual Characteristics on Password Security Effectiveness  

Kim, Jong-Ki (Pusan National University)
Kang, Da-Yeon (Pusan National University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.18, no.4, 2008 , pp. 123-133 More about this Journal
Abstract
Information securiry is considered important due to the side effect generated from the expansion of information system and rapid increase of the use of internet. Nevertheless, we are getting unconscious of the importance of information security. The purpose of this research is to empirically analyze that the effects of security policies, security awareness and individual characteristics on password security effectiveness. Based on the analysis of research model using structural equation modeling technique, security policies were influencing individual characteristics and improving user's security awareness. Also individual characteristics and security awareness had positive impact on security effectiveness.
Keywords
Security Policy; Individual Characteristics; Security Awareness; Security Effectiveness;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 http://www.boannews.com/media/view.asp?page=1&gpage=1&idx=7386&search=&find=&kind=0
2 Juang, W., 'Efficient Password Authenticated Key Agreement Using Smart Cards,' Computers & Security, Vol. 23, pp. 167-173, 2004   DOI   ScienceOn
3 정보통신부, 2006 국가정보보호백서, 정보통신부, 2006
4 Ronald, C., C. Curtis, and J. Aaron, 'Phishing for User Security Awareness,' Computers & Security, Vol. 26, pp. 73-80, 2007   DOI   ScienceOn
5 ISO/IEC, Guidelines for the Management of IT Security (GMITS), International Organization for Standardization/International Electrotechnical Commission, 2005
6 Fornell, C. and F. L. Bookstein, 'Two Structural Equation Models: LISREL and PLS Applied to Consumer Exit-Voice Theory,' Journal of Marketing Research, Vol. 19, No. 4, pp. 440-452, 1982   DOI   ScienceOn
7 Goodhue, D. and D. Straub, 'Security Concerns of System Users: A Study of Perception of the Adequacy of Security,' Information & Management, Vol. 20, No. 1, pp. 13-27, 1991   DOI   ScienceOn
8 O'Gorman, L., A. Bagga, and J. Bentley, 'Query-directed passwords,' Computers & Security, Vol. 24, pp. 546-560, 2005   DOI   ScienceOn
9 정해철, 김현수, '조직구성원의 정보보안 의식과 조직의 정보보안 수준과의 관계 연구,' 정보기수과 데이터베이스저널, 7(2), pp.117-134, 2000
10 Baldwin, N. S. and R. E. Rice, 'Information-Seeking Behavior of Securities Analysis: Individual Institutional Influences, Information Sources and Channels, and Outcomes,' Journal of The American Society for Information Science, Vol. 48, No. 8, pp. 674-693, 1997   DOI   ScienceOn
11 권영옥, 김병도, '정보보안 사고와 사고방지 관련 투자가 기업가치에 미치는 영향,' Information Systems Review, 9(1), pp. 105-120, 2007   과학기술학회마을
12 Stanton, J. M., K. R. Stam, P. Mastrangelo and J. Jolton, 'Analysis of End User Security Behaviors,' Computers & Security, Vol. 24, pp. 124-133, 2005   DOI   ScienceOn
13 Wiant, T. L., 'Information Security Policy's Impact on Reporting Security Incidents,' Computers & Security, Vol. 24, pp. 448-459, 2005   DOI   ScienceOn
14 Leach, J., 'Improving User Security Behavior,' Computers & Security, Vol. 22, No. 8, pp. 685-692, 2003   DOI   ScienceOn
15 김종기, 전진화, '컴퓨터 바이러스 통제를 위한 보안행위의도 모형,' 정보화정책, 13(3), pp. 174-186, 2006
16 김종기, '정보시스템 보안의 효과성 모형에 관한 실증적 연구,' 정보시스템연구, 7(2), pp. 91-108, 1998
17 임채호, '효과적인 정보보호인식제고 방안,' 정보보호학회지, 16(2), pp. 30-36, 2006   과학기술학회마을
18 Drevin, L., H. A. Kruger, and T. Steyn, 'Value-Focused Assessment of IGT Security Awareness in an Academic Environment,' Computers & Security, Vol. 26, pp. 36-43, 2007   DOI   ScienceOn
19 박승배, 박설배, 강문설, '타인의 관찰에 의한 패스워드 노출로부터 안전한 패스워드 시스템,' 정보처리학회논문지, 10C(2), pp. 141-144, 2003
20 Albrechtsen, E., 'A Qualitative Study of Users' View on Information Security,' Computers & Security, Vol. 26, pp. 276-289, 2007   DOI   ScienceOn
21 강병서, 조철호, SPSS와 AMOS 활용 연구조사방법론, 무역경영사, 2005
22 Frank, J., B. Shamir, and W. Briggs, 'Security-related Behavior of PC Users in Organizations,' Information & Management, Vol. 21, No. 3, pp. 127-135, 1991   DOI   ScienceOn
23 KISA, '2006년 정보보호 실태조사 당신의 정보보호 수준은?,' 정보보호뉴스, 2월호, pp. 12-17, 2007
24 Lee, S. M., Y. R. Kim, and J. Lee, 'An Empirical Study of the Relationships among End-User Information Systems Acceptance, Training, and Effectiveness,' Journal of Management Information Systems, Vol. 12, No. 2, pp. 189-202, 1995   DOI
25 정보통신부, 패스워드 선택 및 이용가이드, 정보통신부, 2008
26 King, R. C. and W. Xia, 'Media Appropriateness : Effects of Experience on Communication Media Choice,' Decision Sciences, Vol. 28, No. 4, pp. 877-910, 1997   DOI   ScienceOn
27 Post, G. V. and A. Kagan, 'Evaluating Information Security Tradeoffs: Restricting Access Can Interfere With User Tasks,' Computers & Security, Vol. 26, pp. 229-237, 2007   DOI   ScienceOn
28 Roger, A. G., 'Top 14 Security Tactics' Infoworld.com, pp. 16, 2006
29 Karyda, M., E. Kiountouzis, and S. KoKolakis, 'Information System Security Policies: A Contextual Perspective,' Computers & Security, Vol. 24, pp. 246-260, 2005   DOI   ScienceOn
30 Doherty, N. F. and H. Fulford, 'Aligning the Information Security Policy with the Strategic Information Systems Plan,' Computers & Security, Vol. 25, pp. 55-63, 2006   DOI   ScienceOn
31 Zviran, M. and W. Haga, 'Password Security: An Empirical Study,' Journal of Management Information Systems, Vol. 15, No. 4, pp. 161-185, 1999   DOI
32 Anderson, J. and D. Gerbing, 'Structural Equation Modeling in Practice: A Review and Recommended Two-Step Approach,' Psychological Bulletin, Vol. 103, No. 4, pp. 411-423, 1988   DOI