• Title/Summary/Keyword: 정보보안정책준수

Search Result 84, Processing Time 0.027 seconds

Security Policy Compliance Motivation: From Technology Threat Avoidance Perspective (보안 정책 준수 동기에 관한 연구:기술 위협 회피 관점에서)

  • Yim, Myung-Seong
    • Journal of Digital Convergence
    • /
    • v.19 no.11
    • /
    • pp.327-339
    • /
    • 2021
  • The ultimate aim of this study is to examine the effect of security policy characteristics (policy threat, policy effectiveness, policy compliance cost, policy compliance self-efficacy, social influence) on organizational information security policy compliance motivation based on TTAT (Technology Threat Avoidance Theory). We found the following results. First, the security policy threat has a significant positive effect on policy compliance motivation. Second, it was found that the policy effectiveness has a statistically significant effect on the compliance motivation. Third, the policy compliance cost has an influence on the policy compliance motivation. Fourth, the policy compliance self-efficacy does not have an effect on compliance motivation. Finally, social influence has a significant effect on compliance motivation.

An Analysis of Compliance with Information Security Policy Effects on Information Security Ability and Behavior : Focused on Workers of Shipping and Port Organization (정보보안정책 준수가 정보보안능력 및 행동에 미치는 영향 분석 : 해운항만조직 구성원을 대상으로)

  • Kang, Dayeon;Chang, Myunghee
    • Journal of Korea Port Economic Association
    • /
    • v.30 no.1
    • /
    • pp.97-118
    • /
    • 2014
  • Recent accidents of customer information leakage increase the necessity of information security for organization and the importance of information security team for it. To strengthen information security, organizations make information security policy and ask the members to comply with it. In this regard, maritime organization also needs to structure information security policy and examine its ability and behavior. The purpose of this study is to analyze the effects of compliance with information security policy on the ability and behavior of workers in shipping and port organization. The results of investigation show that information security education and norm affect compliance with information security of the workers. On the contrary, the punishment of information security is insignificant. It is shown that the degree of compliance with information security significantly affects its ability and behavior of the workers in shipping and port organization.

A Path Way to Increase the Intention to Comply with Information Security Policy of Employees (조직 구성원들의 정보보안 정책 준수행위 의도에 관한 연구)

  • Yim, Myung-Seong
    • Journal of Digital Convergence
    • /
    • v.10 no.10
    • /
    • pp.119-128
    • /
    • 2012
  • This study is to identify the factors that influence an intention to information security policy compliance of employees. To do this, this study is based on three theoretical backgrounds because of the lack of holistic perspective. Research results show that detection certainty and individual attachment have a positive effect on information security policy compliance intention. Detection certainty is influenced by security awareness education and training. Finally, response cost has a negative effect on information security policy compliance intention.

Effect of Military Officer's Ethical Disposition and Perceived Work Environment on Organizational Security Policy Compliance (군장교의 윤리적 성향과 업무환경 지각이 조직의 보안정책준수에 미치는 영향)

  • Bora Kim;Kisoo Seong;Beomsoo Kim
    • Information Systems Review
    • /
    • v.22 no.3
    • /
    • pp.31-58
    • /
    • 2020
  • Based on the social control theory, this study intends to find out the influential factors of organizational members' information security policy compliance (ISPC). Survey data from 195 military officers were analyzed to examine the effect of ethical disposition (morality, responsibility, the perceived value of ethical education) and perceived work environment (relationships with supervisors, overwork, and pay satisfaction) on ISPC attitude, ISPC intention, and turnover intention. The results of partial least squares structural equation modeling (PLS-SEM) show that ethical dispositions affect ISPC attitude and that work environments (except for pay satisfaction) affect turnover intention. In addition, ISPC attitude significantly mediates relations between ethical disposition and ISPC intention, between relationships with supervisors and ISPC intention, and between turnover intention and ISPC intention. These findings suggest that ethical disposition factors can predict an individual's security awareness level, and the ISPC attitude is a significant variable in the organizational security context.

A Study on Employee's Compliance Behavior towards Information Security Policy : A Modified Triandis Model (조직 구성원의 정보보안정책 준수행동에 대한 연구 : 수정된 Triandis 모델의 적용)

  • Kim, Dae-Jin;Hwang, In-Ho;Kim, Jin-Soo
    • Journal of Digital Convergence
    • /
    • v.14 no.4
    • /
    • pp.209-220
    • /
    • 2016
  • Although organizations are providing information security policy, education and support to guide their employees in security policy compliance, accidents by non-compliance is still a never ending problem to organizations. This study investigates the factors that influence employees' information security policy compliance behavior using elements of Triandis model. We analyzed the relationships among Triandis model's factors using PLS(Partial Least Squares). The result of the hypothesis tests shows that organization can induce individual's information security policy compliance intention and behavior by information security policy and facilitating conditions that support it, and proves the importance of members' expected value, habit and affect about information security compliance. This study is significant in a way that it applies Triandis model in the field of information security, and presents direction for members' information security behavior, and will be able to provide measures to establish organization's information security policy and increase members' compliance behavior.

Factors Influencing on the Compliance of Information Security Policy of Workers of Shipping and Port Organization (해운항만조직 구성원들의 정보보안정책 준수에 영향을 미치는 요인)

  • Kang, Da-Yeon;Chang, Myung-Hee
    • Journal of Korea Port Economic Association
    • /
    • v.28 no.1
    • /
    • pp.1-23
    • /
    • 2012
  • Advances in information technology has brought many benefits to businesses, but at the same time, businesses are facing serious problems caused by its use such as information leakage. In order to cope with problems, companies have established information security policies, demanding workers of a company to be compliant with the policies. This study proposes a research model that includes information security awareness, information security attitude, self-efficacy, standard belief and social influences as factors that affect the compliance of information security policy among the workers of shipping and port organization. The results of this study showed that there was a positive relationship not only between the information security awareness and the information security attitude, but also between the information security attitude and the information security policy among the workers of shipping and port organization. It was also found that there was a positive relationship between the self-efficacy and the compliance of information security policy, and between the social influence and the compliance of information security policy. However, there was no meaningful relationship between the standard belief and the compliance of information security policy. This study examined to what extent the workers of shipping and port organization that have a high possibility of the information leakage were compliant with the information security policy. The findings will contribute to organizations of shipping and port who attempt to establish strategies related to information security.

An Understanding of Impact of Security Countermeasures on Persistent Policy Compliance (보안 대책이 지속적 보안 정책 준수에 미치는 영향)

  • Park, Chul-Ju;Yim, Myung-Seong
    • Journal of Digital Convergence
    • /
    • v.10 no.4
    • /
    • pp.23-35
    • /
    • 2012
  • The goal of this study is to identify factors that influence on the persistent information security compliance intention of employees. Antecedents suggested in research model are security awareness training and perceived effectiveness of information security policy. Research results show that security awareness training has a positive effect on persistent information security compliance intention as well as effectiveness of information security policy. While policy breadth, which is one of the effectiveness of information security policy, influences on persistent information security compliance attitude and intention, policy brevity does not effect on persistent information security compliance intention. Conclusions and implications are discussed.

Investigating of Psychological Factors Affecting Information Security Compliance Intention: Convergent Approach to Information Security and Organizational Citizenship Behavior (정보보안 준수의도에 대한 사회심리적 요인 분석: 정보보안과 조직시민행동이론 융합)

  • Han, Jin-Young;Kim, Yoo-Jung
    • Journal of Digital Convergence
    • /
    • v.13 no.8
    • /
    • pp.133-144
    • /
    • 2015
  • In digital convergence environment, information security management plays crucial role in maintaining firms' competitiveness. Organizational citizenship behavior(OCB) enables informations security countermeasures to be more effectively worked by helping employees to have much knowledge of information security policy, by facilitating employees to participate in information security education/training. Thus, the purpose of this study is to investigate the mediating effect of OCB on the relationships between information security countermeasures and compliance intention. Questionary was designed based on prior information security research, and survey was conducted among companies' employees across the industry. Results showed that information security policy and information security education/training were found to be key predictors of compliance intention. In addition, OCB was proven to mediate the relationships between information security countermeasures and compliance intention.

A study on the information security compliance and non-compliance causes of organization employees (조직구성원의 정보보안 준수 및 미준수 원인에 대한 연구)

  • Hwang, In-Ho;Hu, Sung-Ho
    • Journal of the Korea Convergence Society
    • /
    • v.11 no.9
    • /
    • pp.229-242
    • /
    • 2020
  • The purpose of this study is to present the environmental factors of positive and negative aspects that affect the information security compliance intention, and reveals the relationship of the individual's the security compliance intention. The subjects of this study are employees of organizations that apply information security policies and technologies, and effective samples were obtained through surveys. In the process of analysis, the study model was verified through structural equation modeling. The measurement variables consisted of security policy, security system, technical support, work impediment, security non-visibility, compliance intention and organizational commitment and used for analysis. The results confirmed that security compliance factors such as policy, system, technical support, and non-compliance factors, work impediment, respectively, had an impact on organizational commitment, leading to compliance intention. The verification result of the research model suggests the direction of establishing a security compliance strategy for employees to improve the level of information security compliance of the organization.

An Exploratory Research on Factors Influence Perceived Compliance Cost and Information Security Awareness in Small and Medium Enterprise (보안정책 준수 비용과 정보보안 중요성 인식 수준에 미치는 요인에 관한 연구: 중소기업을 중심으로)

  • Yim, Myung-Seong
    • Journal of the Korea Convergence Society
    • /
    • v.9 no.9
    • /
    • pp.69-81
    • /
    • 2018
  • The ultimate intention of this research is to identify the factors that have a significant effect on the perceived importance of information security as the antecedent of intention to information security policy compliance. We found that the effectiveness of information security training program did not have statistically significant effect on the perceived cost of policy compliance. Second, the effectiveness of information security policy has significant influence on the perceived cost of policy compliance. Third, perceived vulnerability has a significant effect on the perceived cost of policy compliance. Fourth, perceived cost of policy compliance has a significant effect on perceived importance of information security. Fifth, supervisor's attitude toward information security silence has a significant effect on employee silent behavior towards information security. Sixth, communication opportunities towards information security has a significant influence on employee silent behavior towards information security. Finally, it was shown that employee silent behavior towards information security had a significant influence on the perceived importance of information security.