Browse > Article
http://dx.doi.org/10.15207/JKCS.2018.9.9.069

An Exploratory Research on Factors Influence Perceived Compliance Cost and Information Security Awareness in Small and Medium Enterprise  

Yim, Myung-Seong (Department of Business Administration, Sahmyook University)
Publication Information
Journal of the Korea Convergence Society / v.9, no.9, 2018 , pp. 69-81 More about this Journal
Abstract
The ultimate intention of this research is to identify the factors that have a significant effect on the perceived importance of information security as the antecedent of intention to information security policy compliance. We found that the effectiveness of information security training program did not have statistically significant effect on the perceived cost of policy compliance. Second, the effectiveness of information security policy has significant influence on the perceived cost of policy compliance. Third, perceived vulnerability has a significant effect on the perceived cost of policy compliance. Fourth, perceived cost of policy compliance has a significant effect on perceived importance of information security. Fifth, supervisor's attitude toward information security silence has a significant effect on employee silent behavior towards information security. Sixth, communication opportunities towards information security has a significant influence on employee silent behavior towards information security. Finally, it was shown that employee silent behavior towards information security had a significant influence on the perceived importance of information security.
Keywords
information security; organizational silence; risk compensation theory; security policy; education and training;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Goel, S., & Chengalur-Smith, I., (2010), Metrics for Characterizing the Form of Security Policies, Journal of Strategic Information Systems, 19(4), 281-295.   DOI
2 Safa, N. S., Von Solms, R., & Furnell, S. (2016), Information Security Policy Compliance Model in Organizations, Computers & Security, 56, 1-13.   DOI
3 Bulgurcu, B., Cavusoglu, H., & Banbasat, I. (2010), Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness, MIS Quarterly, 34(3), 523-548.   DOI
4 Van Dyne, L., Ang, S., & Botero, I. C. (2003), Conceptualizing Employee Silence and Employee Voice as Multidimensional Constructs, Journal of Management Studies, 40(6), 1359-1392.   DOI
5 Pinder, C. C., & Harlos, K. P. 2001, Employee Silence: Quiescence and Acquiescence as Responses to Perceived Injustice. In Rowland, K. M., & Rerris, G. R. (eds), Research in Personnel and Human Resources Management, 20, New York: JAI Press, 331-369.
6 Morrison, E. W., & Milliken, F. J. (2000), Organizational Silence: A Barrier to Change and Development in a Pluralistic World, Academy of Management Review, 25, 706-725.   DOI
7 Soomro, Z. A., Shah, M. H., & Ahmed, J. 2016, Information Security Management Needs More Holistic Approach: A Literature Review, International Journal of Information Management, Vol. 36, pp. 215-225.   DOI
8 Knapp, K. J., & Ferrante, C. J. (2012), Policy Awareness, Enforcement and Maintenance: Critical to Information Security Effectiveness in Organizations, Journal of Management Policy and Practice, 13(5), 66-80.
9 Stanton, J. M., Stam, K. R., Mastrangelo, P., & Jolton, J. (2005), Analysis of End User Security Behaviors, Computers & Security, 24(2), 124-133.   DOI
10 Churchill, G. A. (1979), A Paradigm for Developing Better Measures of Marketing Constructs, Journal of Marketing, 9(4), 168-178.
11 Moore, G. C., & Benbasat, I. (1991), Development of an Instrument to Measure the Perceptions of Adopting an Information Technology Innovation, Information Systems Research, 2(3), 192-222.   DOI
12 Workman, M., Bommer, W. H., & Straub, D. (2008), Security Lapses and the Omission of Information Security Measures: A Threat Control Model and Empirical Test, Computers in Human Behavior, 24(6), 2799-2816.   DOI
13 Barclay, D., Higgins, C., & Thompson, R. (1995), The Partial Least Squares (PLS) Approach to Causal Modeling: Personal Computer Adoption and Use as an Illustration, Technology Studies, 2(2), 285-309.
14 Gefen, D., & Straub, D. (2005), A Practical Guide to Factorial Validity Using PLS-graph: Tutorial and Annotated Example, Communications of the AIS, 16(5), 91-109.
15 Chin, W. W., & Sambamurthy, V. (1994), The Effects of Group Attitudes toward Alternative GDSS Designs on the Decision-Making Performance of Computer- Supported Groups, Decision Sciences, 25(2), 215-241.   DOI
16 Hair, J. F., Black, B., Babin, B., & Anderson, R. E. (2010), Multivariate Data Analysis, 7th eds., Upper Saddle River, NJ, PrenticeHall.
17 Stewart, A. (2004), On Risk: Perception and Direction, Computers & Security, 23, 362-370.   DOI
18 Liang, H., & Xue, Y. (2010), Understanding Security Behaviors in Personal Computer Usage: A Threat Avoidance Perspective, Journal of the Association for Information Systems, 11(7), 394-413.   DOI
19 Puhakainen, P., & Siponen, M. (2010), Improving Employees' Compliance through Information Systems Security Training: An Action Research Study, MIS Quarterly, 34(4), 757-778.   DOI
20 Mishra, S., & Chasalow, L. (2011), Information Security Effectiveness: A Research Framework, Issues in Information Systems, 12(1), 246-255.
21 Foltz, C. B. (2000), The Impact of Deterrent Countermeasures upon Individual Intent to Commit Misuse: A Behavioral Approach, Unpublished Doctoral Dissertation, University of Arkansas, Fayetteville.
22 Cronbach, L. J. (1951), Coefficient Alpha and the Internal Structure of Tests, Psychometrika, 16, 297-334.   DOI
23 Fornell, C., & Larker, D. F. (1981), Evaluating Structural Equation Models with Unobservable Variables and Measurement Error, Journal of Marketing Research, 18(1), 39-50.   DOI
24 Nunnally, J. C. 1978, Psychometric Theory, New York, NY: McGraw-Hill.
25 Gopal, R. D., & Sanders, G. L. (1997), Preventative and Deterrent Controls for Software Piracy, Journal of Management Information Systems, 13(4), 29-47.   DOI
26 Wiant, T. L. (2003), Policy and its Impact on Medical Record Security, Unpublished Doctoral Dissertation, University of Kentucky, Lexington.
27 Harrington, S. J. (1996), The Effect of Codes of Ethics and Personal Denial of Responsibility on Computer Abuse Judgments and Intentions, MIS Quarterly, 20(3), 257-278.   DOI
28 Lee, S. M., Lee, S. -G., & Yoo, S. (2004), An Integrative Model of Computer Abuse Based on Social Control and General Deterrence Theories, Information and Management, 41(6), 707-718.   DOI
29 Grant, R. A. (1989), Building and Testing a Causal Model of an Information Technology's Impact, Proceedings of the Ten International Conference on Information Systems, December 4-6, Boston, MA, 173-184.
30 Cook, T. D., & Campbell, D. T. (1979), Quasi-Experimentation: Design and Analysis Issues for Field Setting, Boston, MA: Houghton Mifflin.
31 Fornell, C. (1982), A Second Generation of Multivariate Analysis: Methods, 1, New York, NY: Praeger.
32 Chin, W. W. (1998), Issues and Opinion on Structural Equation Modeling, MIS Quarterly, 22(1), vii-xvi.
33 Gefen, D., Straub, D. W., & Boudreau, M. C. (2000), Structural Equation Modeling and Regression: Guidelines for Research Practice, Communications of the AIS, 4, 1-77.
34 Vakola, M., & Bouradas, D., (2005), Antecedents and Consequences of Organisational Silence: An Empirical Investigation, Employee Relations, 27(5), 441-458.   DOI
35 Knapp, K. J., Marshall, T. E., Rainer, Jr., R. K., & Ford, F. N. (2007), Information Security Effectiveness: Conceptualization and Validation of a Theory, International Journal of Information Security and Privacy, 1(2), 37-60.   DOI
36 Chan, M., Woon, I., & Kankanhalli, A. (2005), Perceptions of Information Security in the Workplace: Linking Information Security Climate to Compliant Behavior, Journal of Information Privacy and Security, 1(3).
37 Siponen, M. T. (2000), A Conceptual Foundation for Organizational Information Security Awareness, Information Management & Computer Security, 8(1), 31-41.   DOI
38 Zhang, J., Reithel, B. J., & Li, H. (2009), Impact of Perceived Technical Protection on Security Behaviors, Information Management & Computer Security, 17(4), 330-340.   DOI
39 D'Arcy, J., & Hovav, A. (2007), Deterring Internal Information Systems Misuse, Communications of the ACM, 50(10), 113-117.   DOI
40 Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R. (2013), Future Directions for Behavioral Information Security Research, Computers & Security, 32, 90-101.   DOI
41 Ifinedo, P. (2012), Understanding Information Systems Security Policy Compliance: An Integration of the Theory of Planned Behavior and the Protection Motivation Theory, Computers & Security, 31, 83-95.   DOI
42 Leonard, L. N. K., Cronan, T. P., & Kreie, J. (2004), What Influences IT Ethical Behavior Intentions- Planned Behavior, Reasoned Action, Perceived Importance, or Individual Characteristics?, Information & Management, 42, 143-158.   DOI
43 Vroom, C., & von Solms, R. (2004), Towards Information Security Behavioural Compliance, Computer & Security, 23, 191-198.   DOI
44 Kankanhalli, H., Teo, H. -H., Tan, B. C. Y., & Wei, K. -K. (2003), An Integrative Study of Information Systems Security Effectiveness, International Journal of Information Management, 23(2), 139-154.   DOI