• Journal of Digital Convergence
• /
• v.11 no.1
• /
• pp.27-38
• /
• 2013

There are two elements of security policy that can have a bearing on its effectiveness: content and form. While the content of the security policy has been investigated extensively in the most of the previous studies, there is very little literature on the form of the security policy. Since the form of the policy influences its success, it is important to understand how to articulate the form of a security policy. Thus, the aim of this study is to investigate the relationship between security form and policy compliance of employees. Research results find that dimensions of security form have effect on attitude towards security compliance, subjective norm, perceived behavioral control, and perceived response costs, and besides attitude towards security compliance and subjective norm have an effect on persistent security compliance intention. The conclusions and implications are discussed.

• The Journal of Korean Association of Computer Education
• /
• v.23 no.1
• /
• pp.63-75
• /
• 2020

From the perspective of compliance with security policies by members of the organization, which is a major cause of security incidents, this study presented biased thinking as factors that affect compliance with security policies and verified the following: First, the impact of biased thinking on security policies on compliance with security policies is verified. Second, the participation of management, perceived risk, education and punishment of management will verify the adjustment effect of increasing or decreasing biased thinking. Finally, we have verified that compliance attitudes have a significant impact on compliance behavior. To this end, 157 people were surveyed, statistical analysis of research models and structural equations, and conformity analysis were conducted. Studies have shown that biased thinking has a negative effect on the attitude of compliance with information security. In addition, it was analyzed that the attitude of compliance with information security policy increases policy compliance behavior. On the other hand, the higher the perceived risk of information security, the lower the bias was the adjustment effect, but management's participation, education and punishment were found to have no adjustment effect.

• Journal of Digital Convergence
• /
• v.16 no.2
• /
• pp.117-126
• /
• 2018

The threat to information security is growing globally. To this, organizations are increasing the weight of adapting and operating the more specialized information security policy and system. Information security requires participation from the employees who execute the security system and policy, and to increase the level of organization's internal security, requires organization's systematic support to improve employees' information security compliance intention. This research finds the mechanism for improving employee's information security compliance intention by applying justice theory and goal setting theory in information security. We use structural equation modeling to verify the research hypothesis, and conducted a survey on the employees of organization with information security policy. In other words, this research performs verification of the research model based hypothesis which claims that security policy goal setting has positive influence on employee's level of security related justice recognition, and claims that justice has positive influence on compliance intention. The object of study is the employees of the organization that adapts information security policy, and 383 valid samples were collected via survey. Structural equation modeling was performed to verify the research hypothesis. The result shows that security policy goal factor (goal difficulty, goal specificity) improves employee's security related justice recognition, and that security related justice (distribution, process, and information justice) has positive influence on compliance intention. The result suggests the strategic approach directions for improving employees' compliance intention on organization's security policy.

• Journal of Convergence for Information Technology
• /
• v.10 no.12
• /
• pp.91-99
• /
• 2020

The aim of this study to assess the effect of information security policy awareness, information security involvement, compliance behavioral intention on information security behavior The research method is composed of a cross-sectional design of reward and fairness. This paper focuses on the process of organizational policy on the information security compliance intention in the individual decision-making process. As a result, the reward had a significant effect on compliance behavioral intention, and it was found that influence of the psychological reward-based condition was greater than the material reward-based condition. The fairness had a significant effect on information security policy awareness, information security involvement, information security behavior, and it was found that influence of the equity-based condition was greater than the equality-based condition. The exploration model was verified as a multiple mediation model. In addition, the discussion presented the necessary research direction from the perspective of synergy by the cultural environment of individuals and organizations.

• 정보보호뉴스
• /
• s.131
• /
• pp.27-29
• /
• 2008

회사의 정보보호 활동 기준을 제시하기 위해 '정보보호 정책규정집' 제작이라는 쉽지 않은 일을 해낸 김 대리. 그는 프로젝트를 마친 후에도 알림 게시판 공지, 포스터 제작, 자체 정보보호 교육 등을 통해 사내 구성원들이 회사의 보안 정책지침을 잘 이해하고 따를 수 있도록 별도의 정보보호 정책홍보를 시행했다. 두 달 뒤, 김 대리는 사내 구성원들이 '환상기업'의 보안정책을 얼마나 잘 준수하고 있는지 궁금해 하지 않을 수 없었다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.4 no.2
• /
• pp.71-88
• /
• 1994

메세지 전달시스템을 이용한 원거리 정보전달이 일반화되고 있다. X.400 메세지처리시스템 및 OSI 보안구조는 보안기능 및 서비스에 대한 표준을 개념적으로 정의하고 있으나, 메세지 전달시스템이 제공하는 보안서비스에 의존하여 중요정보를 송,수신하는 유저는 자신의 보안정책이 준수되기를 원한다. 이를 위해, 메세지 전달시스템과 유저의 독립적 또는 중첩된 2개의 다중 보안정책이 메세지 서버에서 준수되어야 한다. 메세지의 전송 및 프로세싱은 주체와 객체가 지닌 보안레이블이 강제적, 임의적, 마킹, 특권제어의 다중 보안정책에 부합될 때 액세스가 허용된다. 제안된 알고리즘이 메세지 서버에서 보안메카니즘으로 동작될 때, OSI 보안구조와 유저가 요구하는 보안요구조건이 만족됨으로서, 유저의 메세지가 안전하게 전송될 수 있다.

• Information Systems Review
• /
• v.17 no.3
• /
• pp.65-76
• /
• 2015

This paper examines the influence of neutralization techniques and voluntary actions on intention to comply information security policy. Data were collected through an online survey and hypothesis results were all hypotheses were supported. The results of this study improve understanding on the voluntary nature of employee behavior for participating in the organization's policies and the rationalization of the employees trying weakening the organization's policy intentions. The organization shoud implement specific education and training in order to suppress the rationalization of employees and develop a plan to have a kinship with the employees of the organization.

• Journal of Digital Convergence
• /
• v.16 no.3
• /
• pp.225-236
• /
• 2018

Organizations continue to invest in the security of information technology as a means to be more competitive than others in their industry do. However, there is a relatively lack of interest in the information security compliance of employees who implement information security technologies and policies of organization. This study finds mechanisms for enhancing security compliance by applying theory of planned behavior, justice theory, and motivation theory in information security field. We use structural equation modeling to verify the research hypotheses, and conducted a survey on the employees of organization with information security policy. The results showed that organizational justice, sanction, and organizational identification affect the factors of the planned behavior theory and affect the employee's compliance intention. As a result, this research suggested directions for strategic approach for enhancing employee's compliance intention on organization's security policy.

• Journal of Digital Convergence
• /
• v.14 no.7
• /
• pp.155-166
• /
• 2016

In accordance with the increase of the importance of information security, organizations are making continuous investments to develop policies and adapt technology for information security. Organization should provide systemized support to enhance employees' security compliance intention in order to increase the degree of organization's internal security. This research suggests security policy goal setting and sanction enforcement as a method to improve employees' security compliance in planning and enforcing organization's security policy, and verifies the influencing relationship of Theory of Planned Behavior which explains employee's security compliance intention. We use structural equation modeling to verify the research hypotheses, and conducted a survey on the employees of organization with information security policy. We verified the hypotheses based on 346 responses. The result shows that the degree of goal setting and sanction enforcement has positive influence on self-efficacy and coping efficacy which are antecedents that influence employees' compliance intention. As a result, this research suggested directions for strategic approach for enhancing employee's compliance intention on organization's security policy.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.18 no.2
• /
• pp.337-348
• /
• 2023

As protecting organizations' information assets affects their substantiality, they are increasing their investments in policies, regulations, and technologies for systematic information asset management and protection. This study confirms the impact on information security(IS) compliance from the perspective of employees who apply IS policies to actual work. In particular, this study identifies mechanisms linked to IS policy awareness, sanction, justice, and IS compliance from the perspective of expanding deterrence theory. We applied 316 samples obtained from workers of organizations that applied IS policies and regulations to work and verified the relationship between mechanisms by using AMOS and SPSS packages. As a result of the verification, IS policy awareness had a positive effect on organization justice and compliance intention through the severity and clarity of sanctions. Individual justice sensitivity had a moderating effect on the cause and outcome of justice. The sanction-related mechanism presented in this study provides strategic implications for organizations that require active IS activities by insiders.