• Asia pacific journal of information systems
• /
• 제22권1호
• /
• pp.53-77
• /
• 2012

Financial firms, especially large scaled firms such as KB bank, NH bank, Samsung Card, Hana SK Card, Hyundai Capital, Shinhan Card, etc. should be securely dealing with the personal financial information. Indeed, people have tended to believe that those big financial companies are relatively safer in terms of information security than typical small and medium sized firms in other industries. However, the recent incidents of personal information privacy invasion showed that this may not be true. Financial firms have increased the investment of information protection and security, and they are trying to prevent the information privacy invasion accidents by doing all the necessary efforts. This paper studies how effectively a financial firm will be able to avoid personal financial information privacy invasion that may be deliberately caused by internal staffs. Although there are several literatures relating to information security, to our knowledge, this is the first study to focus on the behavior of internal staffs. The big financial firms are doing variety of information security activities to protect personal information. This study is to confirm what types of such activities actually work well. The primary research model of this paper is based on Theory of Planned Behavior (TPB) that describes the rational choice of human behavior. Also, a variety of activities to protect the personal information of financial firms, especially credit card companies with the most customer information, were modeled by the four-step process Security Action Cycle (SAC) that Straub and Welke (1998) claimed. Through this proposed conceptual research model, we study whether information security activities of each step could suppress personal information abuse. Also, by measuring the morality of internal staffs, we checked whether the act of information privacy invasion caused by internal staff is in fact a serious criminal behavior or just a kind of unethical behavior. In addition, we also checked whether there was the cognition difference of the moral level between internal staffs and the customers. Research subjects were customer call center operators in one of the big credit card company. We have used multiple regression analysis. Our results showed that the punishment of the remedy activities, among the firm's information security activities, had the most obvious effects of preventing the information abuse (or privacy invasion) by internal staff. Somewhat effective tools were the prevention activities that limited the physical accessibility of non-authorities to the system of customers' personal information database. Some examples of the prevention activities are to make the procedure of access rights complex and to enhance security instrument. We also found that 'the unnecessary information searches out of work' as the behavior of information abuse occurred frequently by internal staffs. They perceived these behaviors somewhat minor criminal or just unethical action rather than a serious criminal behavior. Also, there existed the big cognition difference of the moral level between internal staffs and the public (customers). Based on the findings of our research, we should expect that this paper help practically to prevent privacy invasion and to protect personal information properly by raising the effectiveness of information security activities of finance firms. Also, we expect that our suggestions can be utilized to effectively improve personnel management and to cope with internal security threats in the overall information security management system.

• 품질경영학회지
• /
• 제39권3호
• /
• pp.432-443
• /
• 2011

The purpose of this research is to understand users' information protection behavior on personal information security from health psychology theory perspectives. Empirical results indicate that users' information protection behavior on personal information is predicted by perceived threat and perceived responsiveness. Perceived threat is determined by perceived susceptibility and perceived severity. Perceived responsiveness is determined by response efficacy and self-efficacy, but response cost is not significant. These findings provide an enriched understanding about users' information protection behavior on personal information security.

• 한국정보시스템학회지:정보시스템연구
• /
• 제21권4호
• /
• pp.1-29
• /
• 2012

The purpose of this study was to find about personal information security of internet and social networks by focusing on end users. User competence and subjective criterion, which are the antecedents, are affecting security behaviors For these security behaviors, the study examined the relationship between security behavior intention on internet use and security behavior intention about social network that is actively achieved in many fields. Behaviors of internet and social network were classified into an action of executing security and an action of using a security technology. In addition, this study investigated a theory about motivational factors of personal intention on a certain behavior based on theory of reasoned action in order to achieve the purpose of this study. A survey was conducted on 224 general individual users through online and offline, and the collected data was analyzed with SPSS 12.0 and SmartPLS 2.0 to verify demographic characteristics of respondents, exploratory factor analysis, and suitability of a study model. Interesting results were shown that security behavior intention of social network is not significant in all security behavior execution, which is security performance behavior, and security technology use. Internet security behavior is significant to security technology use but it does not have an effect on behavior execution.

• 디지털산업정보학회논문지
• /
• 제13권1호
• /
• pp.159-171
• /
• 2017

The purpose of this study is to investigate the effects of e - commerce technology characteristics and personal values on purchasing behavior by information security importance. The results of the empirical study that examined the university students in 2006 and 2016 are as follows. First, personal value is centered on personal values, such as self - esteem and self - esteem in 2006. In 2016, however, personal values such as self - fulfillment and personal relationship with others are important. Transactional ease and product service serve as the main value of the fun and pleasure of life, but the sense of accomplishment as the core value of information protection. Second, the technical characteristics of e-commerce are as follows. In terms of ease of transaction and product service, technology characteristics are simplified and directly effected over time. On the other hand, information protection works very closely with individual value, There was a strong tendency to enjoy benefits. Especially in 2006, if you want to enjoy transactional convenience through transaction information security or benefit from product service, it has been changed to recognize the importance of information security through payment in 2016.

• 한국정보시스템학회지:정보시스템연구
• /
• 제29권1호
• /
• pp.51-74
• /
• 2020

Purpose Since the number of personal information breach incidents increased, many people have perceived the importance of personal information protection, in the recent. Especially, the number of personal information breach targeting middle-aged and elderly people rapidly increases. Therefore, the purpose of this study is to identify the factors which influence to fail of online information security behaviors among the elderly. Design/methodology/approach This study made a research model by adopting the factors deducted from the protection motivation theory. To analyze the research model, we conducted an online survey targeted on the elderly and middle ages users who have nations of Korean and Chinese respectively. Findings According to the empirical analysis result, we identified that only perceived severity and perceived vulnerability affected information security awareness. On contrast, it was also discovered that perceived barriers, self-efficacy, and response efficacy did not affect information security awareness. Additionally, the awareness of information security also did not affect information security behaviors. Middle-aged and elderly people with personal information protection education did more information security behaviors than people those who no education experiences. Korean middle-aged and elderly people with education significantly did more information protection behaviors than the people without the education.

• 한국전자거래학회지
• /
• 제18권1호
• /
• pp.147-164
• /
• 2013

지속적인 정보보호 거버넌스를 위해서는 단순히 접근통제, 문서보안 등 기술적인 측면이 아닌 개인의 보안 행위, 문화, 규범, 개인적 가치 등 비공식적인 정보보호 행위를 관리하는데 초점을 맞추어야 한다. 그러나 많은 연구들이 정보보호 규정과 같은 공식적인 수준의 거버넌스나 기술과 같은 수단에 집중하고 있는 실정이며, 개인의 정보보호 위반 행위와 개인적 신념, 규범, 문화, 개인적 가치 등 비공식적인 수준에 대한 연구는 거의 이루어지지 않고 있다. 이에 본 연구는 정보보호 문화, 규범적 신념, 행위, 가치가 정보보호 규정 위반 행위에 어떠한 영향을 미치는 지에 대해 실증하였다. 또한 본 연구에서는 사회조직적 관점의 아노미 개념을 이용하여 조직 내에서 정보보호 규정의 중요성에 대한 인식 결핍과 정보보호 규정의 가치 결여를 '정보보호 아노미 현상'으로 정의하고, 이를 바탕으로 정보보호 문화, 규범, 행위, 가치가 정보보호 규정 위반 행위에 미치는 영향에 있어 정보보호 아노미 현상이 어떠한 역할을 하는지에 대해 실증분석을 수행하였다.

• 한국산업정보학회논문지
• /
• 제24권4호
• /
• pp.79-98
• /
• 2019

본 논문은 인터넷을 사용하면서 심각해지는 개인정보위험에 대해 청소년들의 개인정보와 관련된 태도와 보안행동을 합리적 행동이론과 보호동기이론을 바탕으로 실증적인 데이터를 이용하여 알아보았다. 인터넷 등을 사용하면서 개인정보위험에 대한 개인의 보안행동을 알아보기 위해 사회적 영향요인으로 주관적 규범과 개인적인 특성인 자기 효능감과 보안 태도, 보안의도, 개인혁신성이 보안 행동에 어떠한 영향을 주는지 청소년을 대상으로 확인하였다. 통계 패키지인 엑셀, SPSS 21.0과 SmartPLS2.0.M3를 통해 실증연구를 진행하였다. 연구결과는 정보기기와 인터넷을 사용하는 청소년들의 보안태도와 행동이 밀접하게 관련되어 있고, 청소년에게 영향을 미치는 사회적 영향인 주관적 규범과 개인적 성향인 자기효능감, 보안태도는 보안행동에 큰 영향을 미치고 있음을 연구결과를 통해 알 수 있었다. 청소년들이 새로운 기술을 사용하고 접하는 과정에서 보안의 중요성을 알고 보안행동으로 연결될 수 있도록 지속적인 교육을 통해 안전하게 개인정보를 지켜나갈 수 있도록 해야 할 것이다.

• International Journal of Computer Science & Network Security
• /
• 제21권6호
• /
• pp.312-318
• /
• 2021

Lack of knowledge and digital skills is a threat to the information security of the state and society, so the formation and development of organizational culture of information security is extremely important to manage this threat. The purpose of the article is to assess the state of information security of the state and society. The research methodology is based on a quantitative statistical analysis of the information security culture according to the EU-27 2019. The theoretical basis of the study is the theory of defense motivation (PMT), which involves predicting the individual negative consequences of certain events and the desire to minimize them, which determines the motive for protection. The results show the passive behavior of EU citizens in ensuring information security, which is confirmed by the low level of participation in trainings for the development of digital skills and mastery of basic or above basic overall digital skills 56% of the EU population with a deviation of 16%. High risks to information security in the context of damage to information assets, including software and databases, have been identified. Passive behavior of the population also involves the use of standard identification procedures when using the Internet (login, password, SMS). At the same time, 69% of EU citizens are aware of methods of tracking Internet activity and access control capabilities (denial of permission to use personal data, access to geographical location, profile or content on social networking sites or shared online storage, site security checks). Phishing and illegal acquisition of personal data are the biggest threats to EU citizens. It have been identified problems related to information security: restrictions on the purchase of products, Internet banking, provision of personal information, communication, etc. The practical value of this research is the possibility of applying the results in the development of programs of education, training and public awareness of security issues.

• Journal of Information Technology Applications and Management
• /
• 제26권2호
• /
• pp.27-40
• /
• 2019

As reliance on information and communication becomes widespread, a variety of information dysfunctions such as hacking, viruses, and the infringement of personal information are also occurring. Korean adolescents are especially exposed to an environment in which they are experiencing information dysfunction. In addition, youth cybercrimes are steadily occurring. To prevent cybercrime and the damage caused by information dysfunction, information security practices are essential. Accordingly, the purpose of this study is to discuss the factors affecting the information security practices of Korean youths, considering information security education, perceived severity, and perceived vulnerability as leading factors of the theory of planned behavior. A questionnaire survey was administered to 118 middle and high school students. Results of the hypothesis test show that information security education affects perceived behavior control, and perceived severity affects attitude. Subjective norms, information security attitudes, and perceived behavioral control were found to influence adolescents' practices of information security. However, perceived vulnerabilities did not affect youths' information security attitudes. This study confirms that information security education can help youths to practice information security. In other words, information security education is important, and it is a necessary element in the information curriculum of contemporary youth. However, perceived vulnerability to youth information security threats did not affect information security attitudes. Consequently, we suggest that it is necessary to strengthen the contents of the information security education for Korean youths.

• 정보보호학회논문지
• /
• 제26권3호
• /
• pp.735-744
• /
• 2016

최근 모바일 서비스 증가와 함께 다양한 개인정보 유출사고가 증가하고 있다. 개인정보 유출사고는 개인의 모바일 뱅킹 서비스 이용에 중요한 영향을 미친다. 이에 따라 본 연구에서는 다양한 개인정보 유출사고 인지가 모바일 뱅킹 이용자의 심리와 행동에 미치는 영향관계를 살펴보았다. 본 연구에서는 모바일 뱅킹 이용자의 심리와 행동 이해를 위해 인간의 심리와 행동을 설명해주는 대인행동이론과 외부 자극에 대한 반응 결과를 설명해주는 자극반응이론을 활용하였다. 본 연구자들은 모바일 뱅킹 이용자들을 대상으로 온라인을 통해 설문조사를 수행하였고, 구조방정식 모델을 통해 인과관계를 분석하였다. 본 연구결과는 모바일 뱅킹 서비스를 제공하는 금융기관에서 개인정보보호 관련 준수의도와 준수행동을 강화하는데 유용하게 활용될 것이다.