Browse > Article
http://dx.doi.org/10.7838/jsebs.2011.16.4.033

Influencing Factors for Compliance Intention of Information Security Policy  

Kim, Sang-Hoon (광운대학교 경영학부)
Park, Sun-Young (광운대학교 경영정보학과)
Publication Information
The Journal of Society for e-Business Studies / v.16, no.4, 2011 , pp. 33-51 More about this Journal
Abstract
This research derived the influencing factors for employees' compliance with the information security policy in organizations on the basis of Neutralization Theory, Theory of Planned Behavior and Protection Motivation Theory. To empirically analyze the research model and the hypotheses, data were collected by conducting web survey, 194 of 207 questionnaires were available. The test of causal model was conducted by PLS. Reliability, validity and model fit were found to be statistically significant. the results of hypotheses tests showed that seven ones of eight hypotheses could be accepted. The theoretical implications of this study are as follows : 1) this study is expected to play a role of baseline for future research about employee compliance with the information security policy, 2) this study attempted interdisciplinary approach through combining psychology and information system security research, and 3) it suggested concrete operational definitions of influencing factors for information security policy compliance through comprehensive theoretical review. Also, this study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for implement of information system security policies in organizations. Second, it is proved that the need for conducting education and training program suppressing employees. neutralization psychology to violate information security policy should be emphasized in the organizations.
Keywords
Information Security Policy; Compliance Intention; Theory of Planned Behavior; Neutralization Theory; Protection Motivation Theory;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 Tyler, T. R. and Blader, S. L., "Can Businesses Effectively Regulate Employee Conduct? The Antecedents of Rule Following in Work Settings," Academy of Management Journal, Vol. 48, No. 6, pp. 1143-1158, 2005.   DOI   ScienceOn
2 Robinson, S. L. and Kraatz, M. S., Constructing the reality of normative behavior : the use of neutralization strategies by organizational deviants. In R. Griffin, A. O'Leary-Kelly, and J. Collins (Eds.), Dysfunctional behavior in organizations : Violent and deviant behavior. Part A. Stamford, CT : JAI Press, 1998.
3 Rogers, J. W. and Buffalo, M. D., "Neutralization Techniques : Toward a Simplified Measurement Scale," Pacific Sociological Review, Vol. 17, No. 3, pp. 313-331, 1974.   DOI   ScienceOn
4 Rogers, R. W., "A Protection Motivation Theory of Fear Appeals and Attitude Change," Journal of Psychology, Vol. 91, pp. 93-114, 1975.   DOI   ScienceOn
5 Rogers, R. W., Cognitive and psychological process in fear appeals and attitude change : A revised theory of protection motivation. In J. Cacioppo and R. Petty (Eds.), Social Psychology, NY : Guilford, 1983.
6 Scholtz, J. T., "Enforcement policy and corporate misconduct : The changing perspective of deterrence theory," Law and Contemporary Problems, Vol.60, pp. 253-268, 1997.   DOI   ScienceOn
7 Siponen, M. T., Pahnila, S., and Mah mood, A., "Employees'Adherence to Information Security Policies : An Empirical Study," in New Approaches for Security, Privacy and Trust in Complex Environments, H. Venter, M. Eloff, L. Labuschagne, J. Eloff, and R. von Solms, Boston : Springer, 2007.
8 Siponen, Mikko Vance and Anthony, "Neutralization : New Insights into the Problem of Employee Information Systems Security Policy Violations," MIS Quarterly, Vol. 34, No. 3, pp. 487-A12, 2010.   DOI
9 Srite, M. and Karahanna, E., "The Role of Espoused National Cultural Values in Technology Acceptance," MIS Quarterly, Vol. 30, No. 3, pp. 679-704, 2006.   DOI
10 Straub, D. W. and Nance, W. D., "Discovering and disciplining computer abuse in organizations : A field study," MIS Quarterly, Vol. 14, pp. 45-60, 1990.   DOI   ScienceOn
11 Sykes, G. and Matza, D., "Techniques of Neutralization : A Theory of Delinquency," American Sociological Review, Vol. 22, No. 6. pp. 664-670, 1957.   DOI   ScienceOn
12 Tenenhaus, M., Vinzi, V. E., Chatelin, Y. M., and Lauro, C., "PLS path modeling," Computational statistics and Data analysis, Vol. 48, No. 1. pp. 159-205, 2005.   DOI   ScienceOn
13 Theoharidou, M., Kokolakis, S., Karyda, M., and Kiountouzis, E., "The insider threat of information systems and the effectiveness of ISO17799," Computers and Security, Vol. 24, pp. 472-484, 2005.   DOI   ScienceOn
14 Greenberg, J., The cognitive geometry of employee theft : negotiating 'the line' between taking and stealing. In R. Griffin, A. O'Leary-Kelly, and J. Collins (Eds.), Dysfunctional behavior in organizations : Nonviolent behaviors in organizations. Part B. Stamford, CT : JAI Press, 1998.
15 Durgin, M., "Understanding the Importance of and Implementing Internal Security Measures," SANS Institute Reading Room, 2007.
16 Fishbein, M. and Ajen, I., Belief, Attitude, Intention, and Behavior : An Introduciton to Theory and Research, Reading, Addison-Wesley, 1975.
17 Gefen, D. and Straub, D. W., "A Practical Guide to Factorial Validity Using PLSGraph : Tutorial and Annotated Example," Communications of the Association for Information Systems, Vol. 16, No. 5, pp. 91-109, 2005.
18 Hoffer, J. A. and Straub, D. W., "The 9 to 5 underground : Are you policing computer crimes?," Sloan Management Review, Vol. 30, pp. 35-43, 1989.
19 Johnston, Allen C. Warkentin and Merrill, "Fear Appeals and Information Security Behaviors : An Empirical Study," MIS Quarterly, Vol. 34, No. 3, pp. 549-A4, 2010.   DOI
20 Johnston, K. L. and White, K. M., "Bingedrinking : A test of the roll of group norms in the roy of planned behavior," psychology and Health, Vol. 18, No. 1, pp. 63-77, 1995.
21 Klockars, C. B., "The Professional Fence," New York, FreePress, 1974.
22 Minor, W. W., "Techniques of Neutralization : A Reconceptualization and Empirical Examination," Journal of Research in Crime and Delinquency, Vol. 18, No. 2, pp. 295-318, 1981.   DOI
23 Petter, S., Straub, D. and Rai, A., "Specifying Formative Constructs in IS Research," MIS Quarterly, Vol. 31, No. 4, pp. 623- 656, 2007.   DOI
24 Piquero, N. L., Tibbetts, S. G., and Blankenship, M. B., "Examining the Role of Differential Association and Techniques of Neutralization in Explaining Corporate Crime," Deviant Behavior, Vol. 26, No. 2, pp. 159-188, 2005.   DOI   ScienceOn
25 Price waterhouse Coopers., "Employee Behavior Key to Improving Information Security, New Survey Finds," 2008.
26 이철, "순응자 일탈에 대한 중화기술의 영향에 관한 연구", 형사정책연구, pp. 243-278, 2008.
27 김윤호, "네트워크 노드에 대한 포렌식분석기법을 적용한 감사시스템의 구현", 한국전자거래학회지, 제14권 ,제3호, pp. 169- 181, 2009.
28 안중호, 최규철, 성기문, 이재홍, "보안위험 수준이 지식관리시스템의 성공에 미치는 영향 : '신뢰'를 매개변인으로", 한국전자거래학회지, 제15권, 제4호, pp. 143- 163, 2010.
29 이선중, 이미정, "정보보호 문화의 평가지표에 관한 탐색적 연구", 정보화정책, 제15권, 제3호, pp. 100-119, 2008.
30 정익재, "정보사회 위험관리로서 정보보안의 정책 논리", 한국행정학회 2005년도 추계학술대회, pp. 19-34, 2005.
31 Ajzen, I., "The Theory of Planned Behavior," Organizational Behavior and Human Decision, Vol. 50, pp. 179-211, 1991.   DOI
32 Boss, S. R., Kirsch, L. J., Angermeier, I., Shingler, R. A., and Boss, R. W. "If Someone Is Watching, I'll Do What I'm Asked : Mandatoriness, Control, and Information Security," European Journal of Information Systems, Vol. 18, No. 2, pp. 151-164, 2009.
33 Bulgurcu, Burcu Cavusoglu, Hasan Benbasat and Izak, "Information Security Policy Compliance : An Empirical Study of Rationality-Based Beliefs and Information Security Awareness," MIS Quarterly, Vol. 34, No. 3, pp. 523-A7, 2010.   DOI
34 Chen, C., Medlin, B., and Shaw, R., "A cross-cultural investigation of situational information security awareness programs," Information Management and Computer Security, Vol. 16, No. 4, pp. 360-376, 2008.   DOI   ScienceOn
35 Chin, W., "Issues and opinion on structural equation modeling," MIS Quarterly, Vol. 22, No. 1, pp. 7-16, 1998.
36 Cohen, J., Statistical Power Analysis for the Behavioral Sciences(2nd ed.), Lawrence Erlbaum, 1988.
37 Coleman, James, W., "Toward an Integrated Theory of Whitte-Collar Crime," American Journal of Sociology, Vol. 93, pp. 406-439, 1987.   DOI   ScienceOn
38 Cressey, Donald R., "Other People's Money : A study in the Social Psychology of Embezzlement," Glencoe, IL : Free Press, 1953.