Browse > Article

A Study on the influence of firm's Information Security Activities on the Information Security Compliance Intention of Employees  

Jung, Jaewon (연세대학교 일반대학원 기술경영협동과정)
Lee, Jung-hoon (연세대학교 정보대학원)
Kim, Chae-ri (연세대학교 정보대학원)
Publication Information
Abstract
An internal and external threat against an information system has increased, and to reduce it, organization has spent a great deal of money and manpower. However, in spite of such investment, security threat and trouble have happened continuously. Organization has conducted information security activity through various policies. The study classified such activities into prevention-oriented activity and control-oriented activity, and researched how information security activity of organization affects members of an organization and obeys information security policy by using health belief model. As a result of the study, prevention-oriented activity has a meaningful impact on seriousness, and this seriousness affects compliance intention for information security. Control-oriented activity has a meaningful impact on benefits, and the benefits have an effect on compliance intention. When an organization conducts prior activities such as education, PR, and monitoring, this organization should emphasize negative results that can happened because of deviation. In addition, in case of exposure and punishment through post activities such as inspection and punishment, if the organization emphasizes the positive effects of exposure and punishment rather than emphasis of negative parts, information security activity will be more effective.
Keywords
information security activity; information security policy; health belief model; compliance intention for information security;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Fossi, M., Turner, D., Johnson, E., Mack, T., Adams, T., Blackbird, J., Entwisle, S., Graveland, B., McKinney, D., and Mulcahy, J., "Symantec global internet security threat report," White Paper, Symantec Enterprise Security (1), 2009.
2 Power, R. 2002 CSI/FBI computer crime and security survey, Computer Security Institute, 2002.
3 Thompson, H. H., Whittaker, J. A., and Andrews, M. "Intrusion detection: Perspectives on the insider threat," Computer Fraud & Security:1), pp 13-15, 2004.
4 박종원, "Impact of information security strategy on information security compliance intention,"공주대학교, 2013.
5 Straub, D. W., and Welke, R. J., "Coping with Systems Risk: Security Planning Models for Management Decision Making," MIS Quarterly, Vol.22, No.4, pp. 441-469, 1998.   DOI
6 Boss, S., and Kirsch, L, "The last line of defense: motivating employees to follow corporate security guidelines," Proceedings of the 28th International Conference on Information Systems), pp 9-12, 2007.
7 Bulgurcu, B., Cavusoglu, H., and Benbasat, I. "Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness," MIS quarterly, Vol. 34, No. 3, pp. 523-548, 2010.   DOI
8 D'Arcy, J., D'Arcy, A., Hovav, D., and Galletta, "User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach," Information Systems Research, Vol. 20, No. 1, pp. 79-98, 2009.   DOI
9 Straub Jr, D. W., "Effective IS security: An empirical study," Information Systems Research, Vol. 1, No. 3, pp. 255-276, 1990.   DOI
10 Piccoli, G., Ahmad, R., and Ives, B., "Web-based virtual learning environments: A research framework and a preliminary assessment of effectiveness in basic IT skills training," MIS quarterly, Vol. 25, No. 4, pp. 401-426, 2001.   DOI
11 Siponen, M., and Vance, A., "NEUTRALIZATION: NEW INSIGHTS INTO THE PROBLEM OF EMPLOYEE INFORMATION SYSTEMS SECURITY POLICY VIOLATIONS," MIS Quarterly, Vol. 34, No. 3, pp. 487-502, 2010.   DOI
12 김정덕, "정보보호관리 패러다임 변화에 따른 주요 이슈와 미래 전략," 정보보호학회지, 제23권, 제5호, pp. 5-8. 2013.
13 Workman, M., and Gathegi, J., "Punishment and ethics deterrents: A study of insider security contravention," Journal of the American Society for Information Science & Technology, Vol.58, No. 2, pp. 212-222, 2007.   DOI
14 Cornish, D. B., and Clarke, R. V., "Opportunities, precipitators and criminal decisions: A reply to Wortley's critique of situational crime prevention," Crime prevention studies, Vol.16, pp. 41-96, 2003.
15 Lebow, R. N., and Stein, J. G., "Deterrence: The elusive dependent variable," World Politics, Vol. 42, No. 3, pp. 336-369, 1990.   DOI
16 Scholz, J. T., "Enforcement Policy and Corporate Misconduct: The Changing Perspective of Deterrence Theory," Law and Contemporary Problems, Vol. 60, No. 3, pp. 253-268, 1997.   DOI
17 Becker, M. H., "The health belief model and personal health behavior," Slack, Vol. 2, No. 4, 1974.
18 Ng, B.-Y., Kankanhalli, A., and Xu, Y. C., "Studying users' computer security behavior: A health belief perspective," Decision Support Systems, Vol. 46, No.4, pp. 815-825, 2009.   DOI
19 임채호, "효과적인 정보보호인식제고 방안," 정보보호학회지, 제16권, 제2호, pp. 30-36, 2006.
20 임명성, "조직 구성원들의 정보보안 정책 준수행위 의도에 관한 연구," 디지털융복합연구, 제10권, 제10호, pp. 119-128, 2012.   DOI
21 김상현, 송영미, "조직 구성원들의 정보보안 정책준수 동기요인에 관한 연구," e-비즈니스연구, 제12권, 제3호, pp. 327-349, 2011.
22 Hair, J. F., Multivariate data analysis, 2009.
23 Fornell, C., and Larcker, D., "Evaluating Structural Equation Models with Unobservable Variables and Measurement Error," Journal of Marketing Research, pp. 39-50, 1981.
24 NUNNALLY, Jum. C.(1978). Psychometric theory. 1978.