Browse > Article
http://dx.doi.org/10.5859/KAIS.2014.23.3.99

A Study for Influencing Factors of Organizational Performance: The Perspective of the Mediating Effect of Information Security Maturity Level  

Park, Jeong Kuk (동국대학교-서울캠퍼스 대학원 경영정보학과)
Kim, Injai (동국대학교-서울캠퍼스 경영대학 경영학부)
Publication Information
The Journal of Information Systems / v.23, no.3, 2014 , pp. 99-125 More about this Journal
Abstract
Internet environment and innovative ICT(information and communication technology) have brought about big changes to our lifestyle and industrial structure. In spite of the convenience of Internet, various cyber incidents such as malicious code infection, personal information leakage, smishing(sms + phishing), and pharming have frequently occurred. Information security must be recognized as a key and compulsory element for surviving in a global economy. Strategic roles of information security have recently been increasing, but effective implementation of information security is still a major challenge to organizations. Our study examines the influencing factors of information security and investigates the causal relationship between information security maturity level and organizational performance through an empirical survey. According to the results of our study, personal, organizational, technical, and social factors affect organizations's information security maturity level altogether. This result suggests that when dealing with security issues, the holistic and multi-disciplinary approaches should be required. In addition, there is a causal relationship between information security maturity level and organizational performance, and organizations aim to establish the efficient and effective ways to enhance information security maturity level on the basis of the results of this study.
Keywords
Information Security; Security Policy; Information Security Maturity Level; Organizational Performance; Mediating Effect;
Citations & Related Records
Times Cited By KSCI : 7  (Citation Analysis)
연도 인용수 순위
1 금융보안연구원, "금융IT 보안컴플라이언스," 2011.
2 금융위원회, "금융회사 정보기술 보호업무 모범규준," 2012.
3 김경규, 신호경, 박성식, 김범수, "정보자산보호 성과가 조직성과에 미치는 영향에 관한 연구 : 관리활동과 통제활동을 중심으로," 정보관리연구, 제40권, 제3호, 2009, pp.61-77.
4 김상현, 박현선, "위치기반서비스 사용에 영향을 미치는 프라이버시 염려감소 선행요인, 신뢰 그리고 개인혁신성의 조절효과," 한국정보시스템학회지, 제21권 제2호, 2012, pp.73-96.
5 김인재, 설경환, "조직성과에 미치는 SPI 영향 요인에 관한 연구," 정보시스템연구, 제19권, 제2호, 2010, pp.97-118.
6 백민정, 손승희, "중소규모 조직구성원의 정보 보안인식과 행동이 정보보안성과에 미치는 영향에 관한 연구," 중소기업연구, 제33권, 제2호, 2011, pp. 113-132.
7 배병렬, "구조방정식모델 이해와 활용," 도서출판 대경, 2011.
8 송정석, 전민준, 최명길, "공공기관 정보보호 거버넌스 수준에 영향을 미치는 요인에 관한 연구," 한국전자거래학회지, 제16 권 제1호, 2011, pp.133-151.   과학기술학회마을   DOI
9 윤재욱, 김인재(2006), "소프트웨어 프로세스 개선활동이 조직성과에 미치는 영향," 한국경영과학회지, 제31권, 제1호, 2006, pp.37-53.   과학기술학회마을
10 임채호, "효과적인 정보보호인식제고 방안," 정보보호학회지, 제16권, 제2호, 2006, pp.30-36.   과학기술학회마을
11 전자금융거래법 시행령 제 11조의2, 2012.
12 최명길, 황원주, 김명수, "정보보호정책의 성숙도에 영향을 미치는 요인에 관한 연구," 한국정보보호학회지, 제18권, 제3호, 2008, pp.132-142.   과학기술학회마을
13 한국정보보호진흥원, "인터넷 침해사고 피해액 산출모형 개발에 관한 연구," 2006.
14 Agarwal, R. and Prasad, J., "A Conceptual and Operational Definition of Personal Innovativeness in the Domain of Information Technology," Information Systems Research, vol.9 No.2, 1998, pp.204-215.
15 Alder, M. P., "A unified approach to information security compliance," EDUCASE Review, Vol.41, No.5, 2006, pp.46-48.
16 Alshawaf, A.H., Ali, J.M.H. and Hasan, M.H., "A benchmarking framework for information systems management issues in Kuwait," Benchmarking: An International Journal, Vol.12 No.1, 2005, pp.30-44.   DOI
17 Bulgurcu,B.H. and Cavusoglu,H., "Roles of Information Security Awareness and Perceived Fairness in Information Security Policy Compliance," AMCIS 2009, pp.419.
18 Bassellier, G., Reich, B.H. and Benbasat, I., "Information Technology Competence of Business Managers: A Definition and Research Model," Journal of Management Information Systems, Vol.17, No.4, 2001, pp.159-182.   DOI
19 Beznosov, K. and Beznosova, O., "On the imbalance of the security problem space and its expected consequences," Information Management & Computer Security, Vol.15, No.5, 2007, pp. 420-431.   DOI
20 Bostrom, R.P., & Heinen,J.S.. "A socio-technical perspective. Part I :The causes," MIS Quarterly, Vol.1, No.3, 1977, pp.17-32.   DOI   ScienceOn
21 Chang, S.E. and Ho, C. B., "Organizational factors to the effectiveness of implementing information security management," Industrial Management & Data Systems, Vol.106, No.3, 2006, pp.345-361.   DOI   ScienceOn
22 Choi, N. and D. Kim, "Knowing is doing," Information Management and Computer Security, Vol.16, No.5, 2008, pp.484-501.   DOI   ScienceOn
23 COBIT(Control Objectives for Information and Related Technology) 5, ISACA, 2012.
24 Dzazali, S. and Zolait, A. H., "Assessment of information security maturity: An exploration study of Malaysian public service organizations," Journal of Systems and Information Technology, Vol.14 No.1, 2012, pp.23-57.   DOI
25 Dzazali, S., "Social Factors Influencing the Information Security Maturity of Malaysian Public Service Organisation: An Empirical Analysis," ACIS 2006 Proceedings, 2006, pp.103.
26 Dhillon, G. and Backhouse, J., "Current direction in IS security research: toward socio-technical perspectives," Information System, Vol.11, No.2, 2001, pp. 127-53.   DOI   ScienceOn
27 Goldsmith, R. E., and Hofacker, C. F., "Measuring Consumer Innovativeness," Journal of the Academy of Marketing Science, Vol.19, No.3, 1991, pp.209-221.   DOI   ScienceOn
28 Doddrell, G.R., "Information security and the internet," Internet Research, Vol.6, No.1, 1996, pp.5-9.
29 Eloff, J.H.P., "Information security policy—what do international information security standards say?," Computers & Security, Vol.21, No.5, 2002, pp.402-409.   DOI   ScienceOn
30 Fornell, C. and D. Larcker, "Evaluating structural equation models with unobservable variables and measurement error," Journal of Marketing Research, Vol.18, 1981, pp.39-50.   DOI   ScienceOn
31 Hagen, J.M., Albrechtsen, E. and Hovden, J., "Implementation and effectiveness of organizational information security measures," Information Management & Computer Security, Vol.16, No.4, 2008, pp.377-397.   DOI   ScienceOn
32 Hall, J. H., Sarkani, S. and Mazzuchi, T.A., "Impacts of organizational capabilities in information security," Information Management & Computer Security, Vol.19, No.3, 2011, pp.155-176.   DOI
33 Kankanhalli, A., Teo, H., Bernard, C.Y. and Tan, K. W., "An integrative study of information systems security effectiveness", International Journal of Information Management Vol.23, 2003, pp.139-154.   DOI   ScienceOn
34 Knapp, K.J., Marshall, T.E., Rainer, R.K. and Ford, F.N., "Information security: management's effect on culture and policy," Information Management & Computer Security, Vol.14, No.1, 2006, pp.24-36.   DOI
35 Koufteros, X., and G. Marcoulides., "Product development Practices and performan ce: A structural equation modeling-based multi-group analysis," International Journal of Production Economics, Vol.103, No.1, 2006, pp.286-307.   DOI
36 NIST SP 800-33, "Underlying Technical Models for Information Technology Security," 2001.
37 Kowalski, S., "IT Insecurity: A Multi-disciplinary Inquiry. Diss. The Royal Institute of Technology," Department of Computer and Systems Science Stockholm Univ. Report series No 94-040, 1994.
38 Midgley, D. and Dowling, G. R., "Innovativeness: The Concept and Its Measurement," Journal of Consumer Research, Vol.4, No.4, 1978, pp.229-242.   DOI   ScienceOn
39 NIST SP 800-30, "Guide for Conducting Risk Assessment," 2012.
40 NIST SP 800-61, "Computer Security Incident Handling Guide," 2007.
41 NIST SP 800-100, "Information Security Handbook: A Guide for Managers," 2007.
42 Peltier, T.R., "Information Security Risk Analysis," Auerbach Publications, New York, 2001.
43 Rogers, E. M., "Diffusion of Innovation," The Free Press, New York, 2003.
44 Schneier, B., "Secret and Lies -Digital Security in a Networked World," Wiley Computer Publishing, New York, 2002.
45 Smith, S., Stephen, G., and Malampy, W., "A financial Management Approach for Selecting Optimal, Cost-Effective Safeguards Upgrades for Computer and Information Security Risk Management," Computer and Security, Vol.14, No.1, 1995, pp.28-29.
46 Solms, R., "Driving safely on the information superhighway," Information Management & Computer Security, Vol.5, No.1, 1997, pp.20-22.   DOI
47 Stanton, J.M., Stam, K.R., Mastrangelo, P. and Jolton, J., "Analysis of end user security behaviors," Computers & Security, Vol.24, No.2, 2005, pp.124-33.   DOI
48 Thomson, K. and Solms, R., "Information security obedience: a definition," Computers & Security, Vol.24, 2005, pp.69-75.   DOI
49 Steven J. Ross, Risk Masters and ISACA, "Creating a culture of Security," 2011.
50 Tashi, I., "Regulatory Compliance and Information Security Assurance," 2009 International Conference on Availability, Reliability and Security, 2009, pp.670-674.
51 Trist, E., "The evolution of socio-technical systems," Vol.2, Wiley, 1981.
52 Werlinger, R., Hawkey, K. and Beznosov, K., "An integrated view of human, organizational and technological challenges of IT security management," Information Management & Computer Security, Vol.17 No.1, 2009, pp.4-19.   DOI
53 Young, R.F, "Defining the Information Security Posture : An Empirical Examination of Structure and Managerial Effectiveness," University of North Texas, 2008.
54 Yngstrom, L., "A Systemic- Holistic Approach to Academic Programmes in IT Security," Ph.D Thesis, Department of Computer and Systems Science, University of Stockholm and the Royal Institute of Technology, 1996, Stockholm.
55 ISO27001, "ISO/IEC 27001-2005(E): Information Technology-Security Techniques- Information Security Management Systems-Requirements," International Organisation for Standardization, Geneva, 2005.