Browse > Article
http://dx.doi.org/10.32431/kace.2020.23.1.006

Effects of Biased Awareness of Security Policies on Security Compliance Behavior  

Heo, Jun (성균관대학교 교과교육학과 컴퓨터교육 전공)
Ahn, Seongjin (성균관대학교 컴퓨터교육학과)
Publication Information
The Journal of Korean Association of Computer Education / v.23, no.1, 2020 , pp. 63-75 More about this Journal
Abstract
From the perspective of compliance with security policies by members of the organization, which is a major cause of security incidents, this study presented biased thinking as factors that affect compliance with security policies and verified the following: First, the impact of biased thinking on security policies on compliance with security policies is verified. Second, the participation of management, perceived risk, education and punishment of management will verify the adjustment effect of increasing or decreasing biased thinking. Finally, we have verified that compliance attitudes have a significant impact on compliance behavior. To this end, 157 people were surveyed, statistical analysis of research models and structural equations, and conformity analysis were conducted. Studies have shown that biased thinking has a negative effect on the attitude of compliance with information security. In addition, it was analyzed that the attitude of compliance with information security policy increases policy compliance behavior. On the other hand, the higher the perceived risk of information security, the lower the bias was the adjustment effect, but management's participation, education and punishment were found to have no adjustment effect.
Keywords
Biased thinking; Security policy; CEO; Security education; Punishment;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Kaspersky Lab(2017), Foolproof Employee Security Checklist
2 Verizon(2019), Data Breach Investigations Report
3 D'Arcy, J., Herath, T., & Shoss, M. K. (2014), "Understanding Employee Responses to Stressful Information Security Requirements: A Coping Perspective", Journal of Management Information Systems, 31(2), 285-318.   DOI
4 황인호.김승욱(2017), 조직원의 정보보안 관련 업무 스트레스에 대한 억제 및 업무 대처에 관한 연구-금융비즈니스를 중심으로
5 Tversky, A., & Kahneman, D.(1986). Rational choice and the framing of decisions. Journl of Business, S251-s258.
6 이남석.이정모(2013), 누구나 빠지는 생각의 함정 인지편향사전
7 신혁(2018), 계획행동 요인을 매개로 경영진 역할과 보호동기가 정보보안정책 준수에 미치는 영향.
8 Rogers, R. W. (1975). A protection Motivation Theory of fear appeals and attitude change 1. The Journal of Psychology, 91(1), 93-114.   DOI
9 이정모(2012), 인지과학
10 Ifinedo, P., (2012). Understanding information sustems security policy compliance:An integration of the theory of planned theory and protection motivation theory. Computers and Security. 31, 83-95.   DOI
11 Ajzen, I. & Fishbein, M. (1997). Attitude-Behavior Relation: A Theoretical Analysis and Review of Empirical Research. Psychological Bulletin, 84(5), 888-918.   DOI
12 Ajzen, I., and Fishbein, M. (1977). Attitude-Behavior Relations: A theoritical analysis and review of empirical research. Psychological Bulletin, 84(5), 888-918.   DOI
13 강다연.장명희. (2012). 해운항만조직 구성원들의 정보보안정책 준수에 영향을 미치는 요인. 한국항만경제학회지 28(1), 2012, 1-23.
14 Puhakainen, P., and Siponen, M. (2010). Improving employees' colpliance through information systems security training: An action research study. MIS Quarterly, 34(1), 757-778.   DOI
15 Liang, H., Saraf, H., Hu, Q., and Xue, Y. (2007). Assimilation of enterprise systems: The effect of institutional pressures and the mediating role of top management. MIS Quarterly, 31(1), 59-87.   DOI
16 Ajzen, I. (2002). Constructing a TpB questionnaire: Conceptual and Methodological considerations, au.edu.tw, 17, 1-14.
17 Siponen, P. (2000), A concepyual foundation for organizational information security awareness, Information Management & Computer Security, 8(1), 31-41.   DOI
18 Straub, D. W. (1990). Effective IS security: An empirical study. Information Systems Research, 1(3). 255-276.   DOI
19 Siponen, M., Pahnila, S., and Mahmood, A. (2007). Employees' adherence to information security policies: An empirical study. IFIP International Federation for Information Processing. 232, 133-144.   DOI
20 Ajzen, I. (1991). The theory of planned behavior, Organizational Behavior and Human Decision Processes, 50, pp.179-211.   DOI
21 West, R. (2008). The Psychology of Security. Communications of the ACM, 51(4), 34-40.   DOI