Browse > Article

Factors Influencing on the Compliance of Information Security Policy of Workers of Shipping and Port Organization  

Kang, Da-Yeon (한국해양대학교 해운경영학부)
Chang, Myung-Hee (한국해양대학교 해운경영학부)
Publication Information
Journal of Korea Port Economic Association / v.28, no.1, 2012 , pp. 1-23 More about this Journal
Abstract
Advances in information technology has brought many benefits to businesses, but at the same time, businesses are facing serious problems caused by its use such as information leakage. In order to cope with problems, companies have established information security policies, demanding workers of a company to be compliant with the policies. This study proposes a research model that includes information security awareness, information security attitude, self-efficacy, standard belief and social influences as factors that affect the compliance of information security policy among the workers of shipping and port organization. The results of this study showed that there was a positive relationship not only between the information security awareness and the information security attitude, but also between the information security attitude and the information security policy among the workers of shipping and port organization. It was also found that there was a positive relationship between the self-efficacy and the compliance of information security policy, and between the social influence and the compliance of information security policy. However, there was no meaningful relationship between the standard belief and the compliance of information security policy. This study examined to what extent the workers of shipping and port organization that have a high possibility of the information leakage were compliant with the information security policy. The findings will contribute to organizations of shipping and port who attempt to establish strategies related to information security.
Keywords
Shipping and Port Organization; Information Security Awareness; Information Security Attitude; Compliance of Information Security Policy;
Citations & Related Records
연도 인용수 순위
  • Reference
1 노민선.이삼열, "중소기업의 산업보안 역랑에 대한 영향요인 평가", 한국행정학보, 제44권 제3호, 2010, 239-259.
2 노순동, "기업체의 효율적인 보안관리 모델",산업보안논총, 창간호, 2004, 79-101.
3 디지털데일리, "2011년은 데이터 유출의 해, 트렌드마이크로 연간보고서 발표", 2012. 1. 26.
4 박준경.김범수.조성우, "기업 정보보호 활동을 위한 조직 구성원들의 태도와 주요 영향 요인", 경영학연구, 제40권 제4호, 2011, 955-985.
5 부산일보, "부산신항 배후단지 물류 정보 한 손에", 2010. 8. 11.
6 유혜원.김태성.전효정, "정보보호분야 지식 및 기술수요", 정보보호학회지, 제19권 1호, 2009, 23-28.
7 임채호, "효과적인 정보보호인식 제고방안", 정보보호학회지, 제16권 제2호, 2006, 30-36.
8 장명희, "해운․항만기업 정보시스템 리스크요인에 대한 발생가능성, 영향력 분석과 상대적 중요도 평가", 해운물류연구, 제25권 제1호, 2009, 57-82.
9 전자신문, "내부정보 유출 막아라, 기업들 비상, 해결책은?", 2011. 9. 7.
10 정보통신부, 국가정보보호백서, 2010.
11 Ajzen, I. and Fishbein, M., "Attitude-Behavior Relation: A Theoretical Analysis and Review of Empirical Research," Psychological Bulletin, Vol.84, No.5, 1997, 888-918.
12 Amitava, D. and McCrohan, K., "Management's Role in Information Security in a Cyber Economy," California Management Review, Vol.45, 2001, 67-87.
13 Bandura, A., "Self-Efficacy: Toward a Unifying Theory of Behavioral Change," Psychological Review, Vol.84, 1977, 191-215.
14 Bulgurcu B. Cavusoglu, H. and Benbasat, I., "Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness," MIS Quarterly, Vol.34, No.3, 2010, 523-548.
15 Carrie M. and Rebecca, T. F., "You are the Key to Security: Establishing a Successful Security Awareness Program," ACM SIGUCCS Conference , Vol.32, 2004, 346-349.
16 Choi, N., Kim, D. and Whitmore A., "Knowing is Doing," Information Management & Computer Security, Vol.16, No.5, 2008, 484-501.
17 Davis, F., "Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology," MIS Quarterly, Vol.13, No.3, 1989, 319-340.
18 Eagly, A. H. and Chaiken, S., The Psychology of Attitudes, Harcourt Brace Javanovich College Publishers, 2006.
19 Gist, M. E., "Self-efficacy: Implications for Organizational Behavior and Human Resource Management," Academy of Management Review, Vol.12, No.3, 1987, 472-485.
20 Goodhue, D. L. and Straub, D.,W., "Security Concerns of System Users: A Study of Perceptions of the Adequacy of Security Measures," Information & Management, Vol.20, 1991, 13-27.
21 Halibozek, E. and Kovacich, G, L,. Mergers and Acquisitions Security, Corporate Restructuring and Security Management, Butterworth-Heinemann, 2005.
22 Jeffrey, M. S., Kathryn. R. S., and Paul M., "Analysis of End User Security Behavior," Computers & Security, Vol.24, 2005, 124-133.
23 Johnston, A. C. and Warkentin, M., "Fear Appeals and Information Security Behaviors: An Empirical Study," MIS Quarterly, Vol.34, No.3, 2010. 549-566.
24 Knapp, M., Chisholm, D., Leese, M., Amaddeo, F. and Tansella, M., "Comparing Patterns and Costs of Schizophrenia Care in Five European Countries: the EPSILON Study. European Psychiatric Services: Inputs Linked to Outcome Domains and Needs," Acta Psychiatr Scand, Vol.105, 2002, 42-54.
25 Rice, R E. Gr., Schmitz, A. E. and Torobin, J., "Individual and Network Influences on the Adoption and Perceived Outcomes of Electronic Messaging," Social Networks, Vol.12, No.1, 1990, 27-55.
26 Rundmo, T. and Sjoberg, L., "Risk Perception by Offshore Oil Personnel During Bad Weather Conditions," Risk Analysis, Vol.18, No.1, 1998, 111-118.
27 Russell, D. and Gangemi, G., Computer Security Basics, O'Reilly & Associated, 1991.
28 Straub, D. W. and Welke, R. J., "Coping With Systems Risk: Security Planning Models for Management Decision Making," MIS Quarterly, Vol.22, 1998, 441-469.
29 Siponen, M., "Critical Analysis of Different Approaches to Minimizing User-Related Faults in Information Systems Security: Implications for Research and Practice," Information Management and Computer Security, Vol.8, No.5, 2000, 197-209.
30 Stanton, J. M., Stam, K. R., Mastrangelo, P. and Jolton, J., "An Analysis of End User Security Behaviors," Computers and Security, Vol.24, 2005, 124-133.
31 Thomas, K. and Velthouse, B., "Cognitive Elements of Empowerment: An "Interpretive" Model of Intrinsic Task Motivation," Academy of Management Review, Vol.15, 1990, 666-681.
32 Venkatesh, V., Morris, M. G., Davis, G. B. and Davis, F. D., "User Acceptance of Information Technology: Toward a Unified View," MIS Quarterly, Vol.27, No.3, 2003, 425-478.