• Information Systems Review
• /
• v.18 no.1
• /
• pp.1-23
• /
• 2016

This study proposes an alternative to minimize insider-caused security threats that are relatively difficult to control and cause high uncertainty in information security management. Therefore, we investigate the relationship between organizational effort and the security understanding of employees to eventually enhance security compliance intention among employees. We develop a research model and formulate hypotheses on the basis of past findings. Accomplished questionnaires are collected from 526 employees working in organizations where information security policy is being implemented. In addition, we prove the hypotheses using a structural model. After reviewing the structural model, the security knowledge of employees and information security culture are determined to positively influence the security compliance intention of employees. Moreover, top management support, security policy, security visibility, and security education programs are proven to be antecedent factors in establishing a security culture in organizations. The findings of this study could guide organizations in formulating information security strategies to enhance the security compliance intention of employees.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.17 no.5
• /
• pp.913-926
• /
• 2022

As information is recognized as a core competency of organizations, organizations are increasingly investing in policies and technologies for information security(IS). Recently, as information exposure accidents by people have occurred continuously, interest in IS behaviors of organization insiders is increasing. This study aims to confirm the effect of the IS environment and support structure established by the organization on the intention of individuals to comply with IS. We conducted a survey of employees in organizations with IS policies and tested the hypothesis using the structural equation of AMOS 22.0 and Process 3.1 using 421 samples. As a result of the analysis, authentic leadership and justice climate, which are factors that build an IS environment, and communication and feedback, which are factors supporting IS compliance, have a positive effect on employees' compliance intention. In addition, authentic leadership, punishment, communication, and feedback were found to reinforce the positive impact of IS justice climate. As the study suggested the overall structural design direction to be pursued to reinforce insider's IS behavior, and the results help to achieve the IS goal.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.19 no.1
• /
• pp.241-248
• /
• 2024

Socially, organizations are required to effectively manage their information resources, both in terms of acquiring information from external sources and safeguarding against potential breaches by insiders. While information security policies and technologies implemented by organizations contribute to achieving internal security, an overly complex or disorganized security structure can create uncertainty among employees. In this study, we identify factors of structural information security (IS)-related uncertainty within organizations and propose that they contribute to non-compliance. We develop a research model and hypotheses based on previous studies on the information security environment and test these hypotheses using structural equation modeling. Our findings indicate that uncertainties related to IS policy, technology, and communication decrease employees' IS role identity and their intention to comply with IS measures. By addressing these uncertainties, organizations can improve their IS environment and work towards achieving there IS goals.

• Information Systems Review
• /
• v.18 no.3
• /
• pp.137-153
• /
• 2016

Organizations depend on smart working environments, such as mobile networks. This development motivates companies to focus on information security. Information leakage negatively affects companies. To address this issue, management and information security researchers focus on compliance of employees with information security policies. Countermeasures in information security are known antecedents of intention to comply information security policies. Despite the importance of this topic, research on the antecedents of information security countermeasures is scarce. The present study proposes information security intelligence as an antecedent of information security countermeasures. Information security intelligence adapted the concept of safety intelligence provided by Kirwan (2008). Information security intelligence consists of problem solving skills, social skills, and information security knowledge related to information security. Results show that problem solving skills and information security knowledge have positive effects on the awareness of employees of information security countermeasures.

• Journal of Digital Convergence
• /
• v.19 no.8
• /
• pp.49-57
• /
• 2021

This paper aims to confirm the effect of self-control and organization-control on information security attitude. The research method is composed of a cross-design of locus of control and tightness culture. The measurement variables used in the assessment are information security actual attitude, compliace behavioral attitude, and information security efficacy. As a result, the locus of control had a significant effect on information security actual attitude, information security efficacy, information security efficacy, and it was found that influence of the internal-based condition was greater than the external-based condition. The tightness culture had a significant effect on compliace behavioral attitude, information security efficacy, and it was found that influence of the tight culture-based condition was greater than the loose culture-based condition. In addition, the discussion contatins the implications of information security direction that reflect these research results.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.4
• /
• pp.123-133
• /
• 2008

Information securiry is considered important due to the side effect generated from the expansion of information system and rapid increase of the use of internet. Nevertheless, we are getting unconscious of the importance of information security. The purpose of this research is to empirically analyze that the effects of security policies, security awareness and individual characteristics on password security effectiveness. Based on the analysis of research model using structural equation modeling technique, security policies were influencing individual characteristics and improving user's security awareness. Also individual characteristics and security awareness had positive impact on security effectiveness.

• The Journal of the Korea Contents Association
• /
• v.17 no.4
• /
• pp.461-467
• /
• 2017

Privacy laws are widely enforced throughout the general public and private sector, and the Ministry of Government Administration and Home Affairs is stepping up its annual level of protection and management levels annually. However, in actual field, it has limits to follow the laws that are amended to comply with the privacy laws of the public sector. Therefore, this study should examine the trends of privacy protection and examine items that require adherence to privacy practices in public institutions. In addition, it is hoped to draw implications for the problems arising from the task itself, as well as providing implications for the issues that are closely related to the public in the privacy of the privacy policies.

• The Journal of the Korea Contents Association
• /
• v.21 no.4
• /
• pp.153-165
• /
• 2021

The purpose of this study is to find precedent factors that positively and negatively affect the information security compliance intention. In detail, the study finds precedent factors to reduce anxiety that negatively affects compliance intentions, and confirms that feedback moderates the negative relationship between anxiety and compliance intention. The questionnaire was targeted at office workers working in organizations with information security policies, and research hypothesis verification was conducted through structural equation modeling to analyze main effects and moderation effects. As a result of the study, anxiety had a negative effect on the compliance intention, and the organizational culture that was raised through management support reduced anxiety of employees. In addition, feedback mitigated the negative impact relationship between anxiety and compliance intention. The implications of this study were to suggest a direction to mitigate the anxiety of the employees of the organization through the introduction and operation of information security technology.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.19 no.2
• /
• pp.427-436
• /
• 2024

Recently, the importance of information security (IS) has been socially recognized, leading organizations to adopt IS policies, secure specialized personnel, and demand IS compliance from employees. However, the implementation of these policies can disrupt existing work processes, causing resistance among employees. This study aims to elucidate the mechanism linking work stress, caused by IS policies that do not consider the work system, to individual job burnout and IS policy resistance. We established a research model and hypotheses based on previous studies and utilized structural equation modeling with data collected from organization members of companies that have implemented IS policies. The results of the structural equation modeling confirmed that work ambiguity and work impediment are linked to IS policy resistance through job burnout, characterized by emotional exhaustion and disengagement. Our findings suggest that the swift implementation of IS policies can provoke a backlash from employees, with stress being the primary cause. This paradoxically indicates the need for the development of organization-specific IS policies.

• Journal of Digital Convergence
• /
• v.11 no.2
• /
• pp.19-32
• /
• 2013

The purpose of this paper is to find an answer why employees in organization violate the organizational information security policy. To do this, this study is rooted in the moral disengagment theory. This study found that moral belief and perceived sanction have an effect on security policy violation. However, if moral disengagement is involved in the research model, perceived sanction is not significant. Finally, SETA, moral belief, and perceived sanction have a negative effect on moral disengagement, which in turn moral disengagement influences positively the security policy violation. The conclusions and implications are discussed.