• Convergence Security Journal
• /
• v.16 no.7
• /
• pp.51-59
• /
• 2016

An internal and external threat against an information system has increased, and to reduce it, organization has spent a great deal of money and manpower. However, in spite of such investment, security threat and trouble have happened continuously. Organization has conducted information security activity through various policies. The study classified such activities into prevention-oriented activity and control-oriented activity, and researched how information security activity of organization affects members of an organization and obeys information security policy by using health belief model. As a result of the study, prevention-oriented activity has a meaningful impact on seriousness, and this seriousness affects compliance intention for information security. Control-oriented activity has a meaningful impact on benefits, and the benefits have an effect on compliance intention. When an organization conducts prior activities such as education, PR, and monitoring, this organization should emphasize negative results that can happened because of deviation. In addition, in case of exposure and punishment through post activities such as inspection and punishment, if the organization emphasizes the positive effects of exposure and punishment rather than emphasis of negative parts, information security activity will be more effective.

• Journal of Korea Fair Competition Federation
• /
• no.160
• /
• pp.74-89
• /
• 2012

• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.113-120
• /
• 2022

Despite the limitations of existing security policies due to technological development, companies are unable to actively respond to changes by maintaining a closed security policy. This study classified information security policy into three types: regulatory type policy, advisory type policy, and informative type policy. For each classified policy type, the effect on the information security policy compliance behavior of organizational members was investigated by applying the extended theory of planned behavior, and the moderating effect of information security stress was investigated. SmartPLS 2.0 and SPSS 21.0, which are structural equation modeling techniques, were used to analyze the relationship affecting each factor. As a result of the study, regulatory type, advisory type, and informative type security policies affected organizational members' information security policy compliance behavior, and security stress had an effect on information security compliance attitudes and subjective norms on information security, which are prerequisites for planned behavior theory. gave. This study suggests that various types of corporate information security policies can be applied and that security stress can affect information security behaviors of members.

• Journal of Digital Convergence
• /
• v.11 no.10
• /
• pp.153-168
• /
• 2013

Information security has been a major concern in organizations. The longstanding question of how to improve employees security behaviors and reduce human errors remains unanswered and requires further exploration in the information security domain. To do this, we propose a risk compensation theory-based model and examine the model. Research results shows that the relationships between information security countermeasures and information security compliance intention of employees are moderated by system vulnerability. However, the finding is contrary to the previously held risk compensation assumption and deserve further study. In addition, system quality does not play a moderator role in the relationship. Conclusions and implications are discussed.

• 한국정책학회보
• /
• v.21 no.3
• /
• pp.241-264
• /
• 2012

인간에 대한 신고전파 경제학의 가정을 확장할 경우, 인간은 사회적 선호를 가지고 있고 규범을 사용하며 전통과 관습으로부터 자유롭지 못한 존재라고 볼 수 있다. 이 논문에서는 특히 사회적 규범을 따르는 개인의 행위를 명시적으로 고려하여 내면화된 사회적 규범을 따르는 경우에 얻는 심리적 만족감과 따르지 않을 경우 치러야 하는 심리적 비용을 δ 요인이라고 개념화하였다. 그리고 나서 이러한 δ 요인이 집단행동의 딜레마상황을 해결하는데 어떤 순기능을 발휘하는지, 낮은 행정비용으로 정책의 효과성을 제고하는데 어떻게 기여하는지를 살펴보았다. 또한 이러한 #x03B4; 요인이 정책관련 변수와 상호작용하여 어떻게 정책의 목표를 달성하는데 방해가 될 수 있는지도 들여다 보았다. 이를 위해 다양한 (가상적) 정책사례들을 살펴본 후 정책이 δ 요인과 상호보완적으로 작용하여 정책집행의 성공에 도움이 되는 공통된 조건이 무엇인지를 도출하였다. 사회적 규범을 따르는 개인들의 비율이 클수록, 정책대상이 되는 개인들의 행위에 대한 관측가능성의 정도가 높을수록, 사회규범의 준수가 개인의 이익과 연계될수록, 정책으로 실현하고자 하는 가치와 기존 규범과의 충돌이 최소화될수록, 합리적 이기주의자에 대한 통제가 충분히 이루어질수록 δ 요인은 정책과 보완적 관계가 형성되어 정책집행의 성공가능성을 높이는 것으로 분석되었다.

• Journal of Korea Society of Industrial Information Systems
• /
• v.26 no.3
• /
• pp.23-39
• /
• 2021

Investment of organization in information security is increasing, but information security threats within the organization are not decreasing. The purpose of this study is to suggest a direction to increase the information security compliance intention of employees. In detail, the study presents the positive effects of security motivation and organization trust on the information security compliance intention, and presents the moderating effect of work promotion focus. Research model and hypothesis verification are confirmed through structural equation modeling and the study conducted a questionnaire technique to the employees of the organization applying the information security policy for quantitative verification. As a result, information security punishment and value congruence had a positive affect on the compliance intention by mediating organization trust. In addition, work promotion focus had a moderating effect on the positive relationship between the precedent factors on the compliance intention. The research has academic and practical implications from the viewpoint of presenting the factors of the organization's efforts to improve the level of information security compliance by insiders.

• The Journal of the Korea Contents Association
• /
• v.21 no.4
• /
• pp.153-165
• /
• 2021

The purpose of this study is to find precedent factors that positively and negatively affect the information security compliance intention. In detail, the study finds precedent factors to reduce anxiety that negatively affects compliance intentions, and confirms that feedback moderates the negative relationship between anxiety and compliance intention. The questionnaire was targeted at office workers working in organizations with information security policies, and research hypothesis verification was conducted through structural equation modeling to analyze main effects and moderation effects. As a result of the study, anxiety had a negative effect on the compliance intention, and the organizational culture that was raised through management support reduced anxiety of employees. In addition, feedback mitigated the negative impact relationship between anxiety and compliance intention. The implications of this study were to suggest a direction to mitigate the anxiety of the employees of the organization through the introduction and operation of information security technology.

• Journal of Korean Society of Transportation
• /
• v.29 no.3
• /
• pp.21-29
• /
• 2011

The purpose of this study is to analyze the deterrence effect of traffic safety education on DWI(Driving While Intoxicated) offenders which is proposed as a incentive policy measure. For the analysis, 3512 drivers whose licenses were suspended due to DWI offence within the jurisdiction of Seongnam city in 2003, and whose driving behavior were traced for 5 years are collected. MOEs used in the study are the number of repeated DWI offence and DWI abidance duration. The statistics of analysis of covariance are used to compare the deterrence effectiveness of traffic safety education by adjusted means between groups. The results show that compared to uneducated group, educated group reveals to make less number of repeated DWI offence with longer DWI abidance period The resulting statistic also shows that active participation in the discussion during the class is more effective than just giving lecture. The former way for education can further reduce the repeated DWI by 12% and increase DWI abidance duration by 5.7% than the latter.

• Proceedings of the Korean Society for Information Management Conference
• /
• 2000.08a
• /
• pp.197-200
• /
• 2000

현재 데이터베이스업체들은 이용자들에게 과도한 정보를 요구하고 있으며, 개인정보보호지침을 준수하고 있지 않다는 지적을 받고 있다. 실제로 업계의 실태를 조사한 결과, 많은 업체들이 과도한 개인정보를 요구하고 있었으며, 대부분 개인정보보호정책을 마련해 놓고 있지 않았다. 업체들이 갖추어야하는 개인정보보호정책에는 개인정보 수집목적, 수집항목, 정보의 열람 및 정정, 어린이 개인정보 등에 관한 내용이 포함되어야 한다.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.17 no.5
• /
• pp.913-926
• /
• 2022

As information is recognized as a core competency of organizations, organizations are increasingly investing in policies and technologies for information security(IS). Recently, as information exposure accidents by people have occurred continuously, interest in IS behaviors of organization insiders is increasing. This study aims to confirm the effect of the IS environment and support structure established by the organization on the intention of individuals to comply with IS. We conducted a survey of employees in organizations with IS policies and tested the hypothesis using the structural equation of AMOS 22.0 and Process 3.1 using 421 samples. As a result of the analysis, authentic leadership and justice climate, which are factors that build an IS environment, and communication and feedback, which are factors supporting IS compliance, have a positive effect on employees' compliance intention. In addition, authentic leadership, punishment, communication, and feedback were found to reinforce the positive impact of IS justice climate. As the study suggested the overall structural design direction to be pursued to reinforce insider's IS behavior, and the results help to achieve the IS goal.