• Information Systems Review
• /
• v.22 no.3
• /
• pp.31-58
• /
• 2020

Based on the social control theory, this study intends to find out the influential factors of organizational members' information security policy compliance (ISPC). Survey data from 195 military officers were analyzed to examine the effect of ethical disposition (morality, responsibility, the perceived value of ethical education) and perceived work environment (relationships with supervisors, overwork, and pay satisfaction) on ISPC attitude, ISPC intention, and turnover intention. The results of partial least squares structural equation modeling (PLS-SEM) show that ethical dispositions affect ISPC attitude and that work environments (except for pay satisfaction) affect turnover intention. In addition, ISPC attitude significantly mediates relations between ethical disposition and ISPC intention, between relationships with supervisors and ISPC intention, and between turnover intention and ISPC intention. These findings suggest that ethical disposition factors can predict an individual's security awareness level, and the ISPC attitude is a significant variable in the organizational security context.

• The Journal of the Korea Contents Association
• /
• v.21 no.4
• /
• pp.153-165
• /
• 2021

The purpose of this study is to find precedent factors that positively and negatively affect the information security compliance intention. In detail, the study finds precedent factors to reduce anxiety that negatively affects compliance intentions, and confirms that feedback moderates the negative relationship between anxiety and compliance intention. The questionnaire was targeted at office workers working in organizations with information security policies, and research hypothesis verification was conducted through structural equation modeling to analyze main effects and moderation effects. As a result of the study, anxiety had a negative effect on the compliance intention, and the organizational culture that was raised through management support reduced anxiety of employees. In addition, feedback mitigated the negative impact relationship between anxiety and compliance intention. The implications of this study were to suggest a direction to mitigate the anxiety of the employees of the organization through the introduction and operation of information security technology.

• Journal of the Korea Convergence Society
• /
• v.11 no.9
• /
• pp.229-242
• /
• 2020

The purpose of this study is to present the environmental factors of positive and negative aspects that affect the information security compliance intention, and reveals the relationship of the individual's the security compliance intention. The subjects of this study are employees of organizations that apply information security policies and technologies, and effective samples were obtained through surveys. In the process of analysis, the study model was verified through structural equation modeling. The measurement variables consisted of security policy, security system, technical support, work impediment, security non-visibility, compliance intention and organizational commitment and used for analysis. The results confirmed that security compliance factors such as policy, system, technical support, and non-compliance factors, work impediment, respectively, had an impact on organizational commitment, leading to compliance intention. The verification result of the research model suggests the direction of establishing a security compliance strategy for employees to improve the level of information security compliance of the organization.

• Journal of Digital Convergence
• /
• v.13 no.8
• /
• pp.133-144
• /
• 2015

In digital convergence environment, information security management plays crucial role in maintaining firms' competitiveness. Organizational citizenship behavior(OCB) enables informations security countermeasures to be more effectively worked by helping employees to have much knowledge of information security policy, by facilitating employees to participate in information security education/training. Thus, the purpose of this study is to investigate the mediating effect of OCB on the relationships between information security countermeasures and compliance intention. Questionary was designed based on prior information security research, and survey was conducted among companies' employees across the industry. Results showed that information security policy and information security education/training were found to be key predictors of compliance intention. In addition, OCB was proven to mediate the relationships between information security countermeasures and compliance intention.

• Journal of Convergence Society for SMB
• /
• v.4 no.3
• /
• pp.7-13
• /
• 2014

In recent years, according to the increasing of information security compliance, information security management system's requirements is not a matter of choice but an essential problem. In this respect, this research have an invention to survey what it will affect employees in compliance with the privacy policy antecedents and how to apply this information for the future, and to suggest ways to improve the employees' information security policy compliance intentions. In this paper, To investigate the factors affecting the degree of information security policy compliance using the structural equation of least squares (PLS Partial Least Square) in the confumatory level (confirmatory), the factor analysis of the primary factor analysis and secondary last. The results is that almost of influencing factors affect to the compliance with information security policies directly, but not affect self-efficacy.

• Journal of Korea Society of Industrial Information Systems
• /
• v.26 no.3
• /
• pp.23-39
• /
• 2021

Investment of organization in information security is increasing, but information security threats within the organization are not decreasing. The purpose of this study is to suggest a direction to increase the information security compliance intention of employees. In detail, the study presents the positive effects of security motivation and organization trust on the information security compliance intention, and presents the moderating effect of work promotion focus. Research model and hypothesis verification are confirmed through structural equation modeling and the study conducted a questionnaire technique to the employees of the organization applying the information security policy for quantitative verification. As a result, information security punishment and value congruence had a positive affect on the compliance intention by mediating organization trust. In addition, work promotion focus had a moderating effect on the positive relationship between the precedent factors on the compliance intention. The research has academic and practical implications from the viewpoint of presenting the factors of the organization's efforts to improve the level of information security compliance by insiders.

• Journal of Digital Convergence
• /
• v.16 no.2
• /
• pp.117-126
• /
• 2018

The threat to information security is growing globally. To this, organizations are increasing the weight of adapting and operating the more specialized information security policy and system. Information security requires participation from the employees who execute the security system and policy, and to increase the level of organization's internal security, requires organization's systematic support to improve employees' information security compliance intention. This research finds the mechanism for improving employee's information security compliance intention by applying justice theory and goal setting theory in information security. We use structural equation modeling to verify the research hypothesis, and conducted a survey on the employees of organization with information security policy. In other words, this research performs verification of the research model based hypothesis which claims that security policy goal setting has positive influence on employee's level of security related justice recognition, and claims that justice has positive influence on compliance intention. The object of study is the employees of the organization that adapts information security policy, and 383 valid samples were collected via survey. Structural equation modeling was performed to verify the research hypothesis. The result shows that security policy goal factor (goal difficulty, goal specificity) improves employee's security related justice recognition, and that security related justice (distribution, process, and information justice) has positive influence on compliance intention. The result suggests the strategic approach directions for improving employees' compliance intention on organization's security policy.

• Journal of Digital Convergence
• /
• v.10 no.10
• /
• pp.119-128
• /
• 2012

This study is to identify the factors that influence an intention to information security policy compliance of employees. To do this, this study is based on three theoretical backgrounds because of the lack of holistic perspective. Research results show that detection certainty and individual attachment have a positive effect on information security policy compliance intention. Detection certainty is influenced by security awareness education and training. Finally, response cost has a negative effect on information security policy compliance intention.

• Journal of Digital Convergence
• /
• v.16 no.3
• /
• pp.225-236
• /
• 2018

Organizations continue to invest in the security of information technology as a means to be more competitive than others in their industry do. However, there is a relatively lack of interest in the information security compliance of employees who implement information security technologies and policies of organization. This study finds mechanisms for enhancing security compliance by applying theory of planned behavior, justice theory, and motivation theory in information security field. We use structural equation modeling to verify the research hypotheses, and conducted a survey on the employees of organization with information security policy. The results showed that organizational justice, sanction, and organizational identification affect the factors of the planned behavior theory and affect the employee's compliance intention. As a result, this research suggested directions for strategic approach for enhancing employee's compliance intention on organization's security policy.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.17 no.2
• /
• pp.375-386
• /
• 2022

As information asset protection is recognized as an important management factor for organizations, organizations are increasing their investments in information security(IS) policies and technologies. However, strict application of IS may cause non-compliance behavior through IS stress on employees of the organization. Accordingly, this study suggests a mechanism by which employee stress affects IS compliance intentions through self-determination, and a method to reinforce IS compliance intentions through person-organization fit. We conducted an online survey of employees working at companies that adopted IS policies and tested hypotheses using 475 samples. First, as a result of analyzing the main effects of applying the structural equation model, role stress affected IS compliance intention through self-determination. Second, as a result of analyzing the moderating effect of applying Process 3.1, personal organization fit strengthened the relationship between self-determination and IS compliance intention. The research suggests a direction for achieving internal IS goals by confirming the influence of IS stress and behavioral causes of employees.