• Title/Summary/Keyword: Compliance of Information Security Policy

Search Result 71, Processing Time 0.021 seconds

An Understanding of Impact of Security Countermeasures on Persistent Policy Compliance (보안 대책이 지속적 보안 정책 준수에 미치는 영향)

  • Park, Chul-Ju;Yim, Myung-Seong
    • Journal of Digital Convergence
    • /
    • v.10 no.4
    • /
    • pp.23-35
    • /
    • 2012
  • The goal of this study is to identify factors that influence on the persistent information security compliance intention of employees. Antecedents suggested in research model are security awareness training and perceived effectiveness of information security policy. Research results show that security awareness training has a positive effect on persistent information security compliance intention as well as effectiveness of information security policy. While policy breadth, which is one of the effectiveness of information security policy, influences on persistent information security compliance attitude and intention, policy brevity does not effect on persistent information security compliance intention. Conclusions and implications are discussed.

Security Policy Compliance Motivation: From Technology Threat Avoidance Perspective (보안 정책 준수 동기에 관한 연구:기술 위협 회피 관점에서)

  • Yim, Myung-Seong
    • Journal of Digital Convergence
    • /
    • v.19 no.11
    • /
    • pp.327-339
    • /
    • 2021
  • The ultimate aim of this study is to examine the effect of security policy characteristics (policy threat, policy effectiveness, policy compliance cost, policy compliance self-efficacy, social influence) on organizational information security policy compliance motivation based on TTAT (Technology Threat Avoidance Theory). We found the following results. First, the security policy threat has a significant positive effect on policy compliance motivation. Second, it was found that the policy effectiveness has a statistically significant effect on the compliance motivation. Third, the policy compliance cost has an influence on the policy compliance motivation. Fourth, the policy compliance self-efficacy does not have an effect on compliance motivation. Finally, social influence has a significant effect on compliance motivation.

A Study on Employee's Compliance Behavior towards Information Security Policy : A Modified Triandis Model (조직 구성원의 정보보안정책 준수행동에 대한 연구 : 수정된 Triandis 모델의 적용)

  • Kim, Dae-Jin;Hwang, In-Ho;Kim, Jin-Soo
    • Journal of Digital Convergence
    • /
    • v.14 no.4
    • /
    • pp.209-220
    • /
    • 2016
  • Although organizations are providing information security policy, education and support to guide their employees in security policy compliance, accidents by non-compliance is still a never ending problem to organizations. This study investigates the factors that influence employees' information security policy compliance behavior using elements of Triandis model. We analyzed the relationships among Triandis model's factors using PLS(Partial Least Squares). The result of the hypothesis tests shows that organization can induce individual's information security policy compliance intention and behavior by information security policy and facilitating conditions that support it, and proves the importance of members' expected value, habit and affect about information security compliance. This study is significant in a way that it applies Triandis model in the field of information security, and presents direction for members' information security behavior, and will be able to provide measures to establish organization's information security policy and increase members' compliance behavior.

A Study on the Information Security Measures Influencing Information Security Policy Compliance Intentions of IT Personnel of Banks (은행 IT 인력의 정보보호 정책 준수에 영향을 미치는 정보보호 대책에 관한 연구)

  • Shim, Joonbo;Hwang, K.T.
    • Journal of Information Technology Applications and Management
    • /
    • v.22 no.2
    • /
    • pp.171-199
    • /
    • 2015
  • This study proposes the practical information security measures that help IT personnel of banks comply the information security policy. The research model of the study is composed of independent variables (clarity and comprehensiveness of policy, penalty, dedicated security organization, audit, training and education program, and top management support), a dependent variable (information security policy compliance intention), and moderating variables (age and gender). Analyses results show that the information security measures except 'clarity of policy' and 'training and education program' are proven to affect the 'information security policy compliance intention.' In case of moderating variables, age moderated the relationship between top management support and compliance intention, but gender does not show any moderating effect at all. This study analyzes information security measures based solely on the perception of the respondents. Future study may introduce more objective measurement methods such as systematically analyzing the contents of the information security measures instead of asking the respondents' perception. In addition, this study analyzes intention of employees rather than the actual behavior. Future research may analyze the relationship between intention and actual behavior and the factors affecting the relationship.

An Exploratory Research on Factors Influence Perceived Compliance Cost and Information Security Awareness in Small and Medium Enterprise (보안정책 준수 비용과 정보보안 중요성 인식 수준에 미치는 요인에 관한 연구: 중소기업을 중심으로)

  • Yim, Myung-Seong
    • Journal of the Korea Convergence Society
    • /
    • v.9 no.9
    • /
    • pp.69-81
    • /
    • 2018
  • The ultimate intention of this research is to identify the factors that have a significant effect on the perceived importance of information security as the antecedent of intention to information security policy compliance. We found that the effectiveness of information security training program did not have statistically significant effect on the perceived cost of policy compliance. Second, the effectiveness of information security policy has significant influence on the perceived cost of policy compliance. Third, perceived vulnerability has a significant effect on the perceived cost of policy compliance. Fourth, perceived cost of policy compliance has a significant effect on perceived importance of information security. Fifth, supervisor's attitude toward information security silence has a significant effect on employee silent behavior towards information security. Sixth, communication opportunities towards information security has a significant influence on employee silent behavior towards information security. Finally, it was shown that employee silent behavior towards information security had a significant influence on the perceived importance of information security.

A Study on the Influence of Organizational Information Security Goal Setting and Justice on Security Policy Compliance Intention (조직의 정보보안 목표 설정과 공정성이 보안정책 준수의도에 미치는 영향)

  • Hwang, In-Ho;Kim, Seung-Wook
    • Journal of Digital Convergence
    • /
    • v.16 no.2
    • /
    • pp.117-126
    • /
    • 2018
  • The threat to information security is growing globally. To this, organizations are increasing the weight of adapting and operating the more specialized information security policy and system. Information security requires participation from the employees who execute the security system and policy, and to increase the level of organization's internal security, requires organization's systematic support to improve employees' information security compliance intention. This research finds the mechanism for improving employee's information security compliance intention by applying justice theory and goal setting theory in information security. We use structural equation modeling to verify the research hypothesis, and conducted a survey on the employees of organization with information security policy. In other words, this research performs verification of the research model based hypothesis which claims that security policy goal setting has positive influence on employee's level of security related justice recognition, and claims that justice has positive influence on compliance intention. The object of study is the employees of the organization that adapts information security policy, and 383 valid samples were collected via survey. Structural equation modeling was performed to verify the research hypothesis. The result shows that security policy goal factor (goal difficulty, goal specificity) improves employee's security related justice recognition, and that security related justice (distribution, process, and information justice) has positive influence on compliance intention. The result suggests the strategic approach directions for improving employees' compliance intention on organization's security policy.

A Path Way to Increase the Intention to Comply with Information Security Policy of Employees (조직 구성원들의 정보보안 정책 준수행위 의도에 관한 연구)

  • Yim, Myung-Seong
    • Journal of Digital Convergence
    • /
    • v.10 no.10
    • /
    • pp.119-128
    • /
    • 2012
  • This study is to identify the factors that influence an intention to information security policy compliance of employees. To do this, this study is based on three theoretical backgrounds because of the lack of holistic perspective. Research results show that detection certainty and individual attachment have a positive effect on information security policy compliance intention. Detection certainty is influenced by security awareness education and training. Finally, response cost has a negative effect on information security policy compliance intention.

An Analysis of Compliance with Information Security Policy Effects on Information Security Ability and Behavior : Focused on Workers of Shipping and Port Organization (정보보안정책 준수가 정보보안능력 및 행동에 미치는 영향 분석 : 해운항만조직 구성원을 대상으로)

  • Kang, Dayeon;Chang, Myunghee
    • Journal of Korea Port Economic Association
    • /
    • v.30 no.1
    • /
    • pp.97-118
    • /
    • 2014
  • Recent accidents of customer information leakage increase the necessity of information security for organization and the importance of information security team for it. To strengthen information security, organizations make information security policy and ask the members to comply with it. In this regard, maritime organization also needs to structure information security policy and examine its ability and behavior. The purpose of this study is to analyze the effects of compliance with information security policy on the ability and behavior of workers in shipping and port organization. The results of investigation show that information security education and norm affect compliance with information security of the workers. On the contrary, the punishment of information security is insignificant. It is shown that the degree of compliance with information security significantly affects its ability and behavior of the workers in shipping and port organization.

Analysis of the Effects of Information Security Policy Awareness, Information Security Involvement, and Compliance Behavioral Intention on Information Security behavior : Focursing on Reward and Fairness (정보보안 정책 인식과 정보보안 관여성, 준수 의도성이 정보보안 행동에 미치는 영향 분석: 보상 차원과 공정성 차원을 중심으로)

  • Hu, Sung-ho;Hwang, In-ho
    • Journal of Convergence for Information Technology
    • /
    • v.10 no.12
    • /
    • pp.91-99
    • /
    • 2020
  • The aim of this study to assess the effect of information security policy awareness, information security involvement, compliance behavioral intention on information security behavior The research method is composed of a cross-sectional design of reward and fairness. This paper focuses on the process of organizational policy on the information security compliance intention in the individual decision-making process. As a result, the reward had a significant effect on compliance behavioral intention, and it was found that influence of the psychological reward-based condition was greater than the material reward-based condition. The fairness had a significant effect on information security policy awareness, information security involvement, information security behavior, and it was found that influence of the equity-based condition was greater than the equality-based condition. The exploration model was verified as a multiple mediation model. In addition, the discussion presented the necessary research direction from the perspective of synergy by the cultural environment of individuals and organizations.

A study on the information security compliance and non-compliance causes of organization employees (조직구성원의 정보보안 준수 및 미준수 원인에 대한 연구)

  • Hwang, In-Ho;Hu, Sung-Ho
    • Journal of the Korea Convergence Society
    • /
    • v.11 no.9
    • /
    • pp.229-242
    • /
    • 2020
  • The purpose of this study is to present the environmental factors of positive and negative aspects that affect the information security compliance intention, and reveals the relationship of the individual's the security compliance intention. The subjects of this study are employees of organizations that apply information security policies and technologies, and effective samples were obtained through surveys. In the process of analysis, the study model was verified through structural equation modeling. The measurement variables consisted of security policy, security system, technical support, work impediment, security non-visibility, compliance intention and organizational commitment and used for analysis. The results confirmed that security compliance factors such as policy, system, technical support, and non-compliance factors, work impediment, respectively, had an impact on organizational commitment, leading to compliance intention. The verification result of the research model suggests the direction of establishing a security compliance strategy for employees to improve the level of information security compliance of the organization.