Browse > Article
http://dx.doi.org/10.21289/KSIC.2021.24.4.421

A Study on Improving Information Security Compliance of Organization Insider  

Hwang, In-Ho (Collage of General Education)
Publication Information
Journal of the Korean Society of Industry Convergence / v.24, no.4_2, 2021 , pp. 421-434 More about this Journal
Abstract
The expansion of information sharing activities using online can increase the threat of information exposure by increasing the diversity of approaches to information within an organization. The purpose of this study is to present conditions for improving the information security compliance intention of insiders to improve the level of information security within the organization. In detail, the study applies the theory of planned behavior that clearly explains the cause of an individual's behavior and proposes a way to increase the compliance intention by integrating the social control theory and goal-setting theory. The study presented research models and hypotheses based on previous studies, collected samples by applying a questionnaire technique, and tested hypotheses through structural equation modeling. As a result, information security attitude, subjective norms, and self-efficacy had a positive influence on the intention to comply. Also, attachment, commitment, and involvement, which are the factors of social control theory, formed a positive attitude toward information security. Goal difficulty and goal specificity, which are the factors of goal setting theory, formed a positive self-efficacy. The study presents academic and practical implications in terms of suggesting a method of improving the information security compliance intention of employees.
Keywords
Compliance Intention; Theory of Planned Behavior; Social Control Theory; Goal-Setting Theory;
Citations & Related Records
연도 인용수 순위
  • Reference
1 B. Bulgurcu, H. Cavusoglu, and I. Benbasat, "Information security policy compliance: An empirical study of rationality based beliefs and information security awareness," MIS Quarterly, vol. 34, no. 3, pp. 523-548, (2010).   DOI
2 H. L. Chou, and C. Chou, "An analysis of multiple factors relating to teachers' problematic information security behavior," Computers in Human Behavior, vol. 65, pp. 334-345, (2016).   DOI
3 C. Posey, T. L. Roberts, and P. B. Lowry, "The impact of organizational commitment on insiders' motivation to protect organizational information assets," Journal of Management Information Systems, vol. 32, no. 4, pp. 179-214, (2015).   DOI
4 J. Cox, "Information systems user security: A structured model of the knowing-doing gap," Computers in Human Behavior, vol. 28, no. 5, pp. 1849-1858, (2012).   DOI
5 W. R. Flores, and M. Ekstedt, "Shaping intention to resist social engineering through transformational leadership, information security culture and awareness," Computers & Security, vol. 59, pp. 26-44, (2016).   DOI
6 G. B. Magklaras, and S. M. Furnell, "A preliminary model of end user sophistication for insider threat prediction in IT systems," Computers & Security, vol. 24, no. 5, pp. 371-380. (2005).   DOI
7 Verizon, 2020 data breach investigations report, (2020).
8 M. Siponen, S. Pahnila, and M. A. Mahmood, "Compliance with information security policies: An empirical investigation," Computer, vol. 43, no. 2, pp. 64-71, (2010).   DOI
9 N. S. Safa, C. Maple, T. Watson, and R. Von Solms, "Motivation and opportunity based model to reduce information security insider threats in organisations," Journal of Information Security and Applications, vol. 40, pp. 247-257, (2018).   DOI
10 T. Sommestad, H. Karlzen, and J. Hallberg, "The sufficiency of the theory of planned behavior for explaining information security policy compliance," Information & Computer Security, vol. 23, no. 2, pp. 200-217, (2015).   DOI
11 T. Hirschi, Causes of delinquency, University of California Press, (1969).
12 N. S. Safa, and R. Von Solms, "An information security knowledge sharing model in organizations," Computers in Human Behavior, vol. 57, pp. 442-451, (2016).   DOI
13 I. Ajzen, "The theory of planned behavior," Organizational Behavior and Human Decision Processes, vol. 50, no. 2, pp. 179-211, (1991).   DOI
14 I. Hwang, and S. Hu, "A study on the influence of information security compliance intention of employee: Theory of planned behavior, justice theory, and motivation theory applied," Journal of Digital Convergence, vol. 16, no. 3, pp. 225-236, (2018).   DOI
15 R. Vollmeyer, B. D. Burns, and K. J. Holyoak, "The impact of goal specificity on strategy use and the acquisition of problem structure," Cognitive Science, vol. 20, no. 1, pp. 75-100, (1996).   DOI
16 L. Cheng, Y. Li, W. Li, E. Holm, and Q. Zhai, "Understanding the violation of IS security policy in organizations: An integrated model based on social control and deterrence theory," Computers & Security, vol. 39, pp. 447-459, (2013).   DOI
17 S. M. Lee, S. G. Lee, and S. Yoo, "An integrative model of computer abuse based on social control and general deterrence theories," Information & Management, vol. 41, no. 6, pp. 707-718, (2004).   DOI
18 E. A. Locke, and G. P. Latham, "New directions in goal setting theory," Current Directions in Psychological Science, vol. 15, no. 5, pp. 265-268, (2006).   DOI
19 G. S. Mesch, "Social bonds and Internet pornographic exposure among adolescents," Journal of Adolescence, vol. 32, no. 3, pp. 601-618, (2009).   DOI
20 B. E. Wright, "The role of work context in work motivation: A public sector application of goal and social cognitive theories," Journal of Public Administration Research and Theory, vol. 14, no. 1, pp. 59-78, (2004).   DOI
21 P. B. Lowry, C. Posey, R. B. J. Bennett, and T. L. Roberts, "Leveraging fairness and reactance theories to deter reactive computer abuse following enhanced organisational information security policies: An empirical study of the influence of counterfactual reasoning and organisational trust," Information Systems Journal, vol. 25, no. 3, pp. 193-273, (2015).   DOI
22 A. C. Johnston, and M. Warkentin, "Fear appeals and information security behaviors: An empirical study," MIS Quarterly, vol. 34, no. 3, pp. 549-566, (2010).   DOI
23 J. C. Nunnally, Psychometric theory (2nd ed.). New York: McGraw-Hill, (1978).
24 C. Fornell, and D. F. Larcker, "Evaluating structural equation models with unobservable variables and measurement error," Journal of Marketing Research, vol. 18, no. 1, pp. 39-50, (1981).   DOI
25 김성민, 정혜선, 이용우, "프레임워크 기반 스마트시티 사이버 보안 메트릭스," 한국산업융합학회 논문집, 제23권, 제2호, pp. 333-341, (2020).   DOI
26 E. A. Locke, and G. P. Latham, "Work motivation and satisfaction: Light at the end of the tunnel," Psychological Science, vol. 1, no. 4, pp. 240-246, (1990).   DOI
27 B. H. Wixom, and H. J. Watson, "An empirical investigation of the factors affecting data warehousing success," MIS Quarterly, vol. 25, no. 1, pp. 17-41, (2001).   DOI
28 J. Y. Son, "Out of fear or desire? Toward a better understanding of employees' motivation to follow IS security policies," Information & Management, vol. 48, no. 7, pp. 296-302, (2011).   DOI
29 J. Zhang, B. J. Reithel, and H. Li, "Impact of perceived technical protection on security behaviors," Information Management & Computer Security, vol. 17, no. 4, pp. 330-340, (2009).   DOI
30 Verizon, Analyzing the COVID-19 data breach landscape, (2020).
31 K. D. Loch, H. H. Carr, and M. E. Warkentin, "Threats to information systems: Today's reality, yesterday's understanding," MIS Quarterly, vol. 16, no. 2, pp. 173-186, (1992).   DOI