• The Journal of Information Systems
• /
• v.29 no.1
• /
• pp.23-50
• /
• 2020

Purpose As information management grows in importance around the world, organizations are investing in information security technology. However, the higher the level of information security technology in an organization, the higher the techno-stress of employees. The purpose of this study is to suggest stress factors related to information security technology that affect the reduction of employees' intention to comply with information security and to suggest ways to alleviate stress. Design/methodology/approach The research presented a model for mitigating technical stress related to information security based on technical stress theory and person-organization fit theory. 346 questionnaire data were analyzed from the members of the organization who applied the information security technology, and the research hypothesis was verified through the structural equation modeling. Findings The hypothesis test confirms that security-related techno-stress reduces the information security compliance intention of employees, organizational technical support mitigates technical stress, and person-organization fitness mitigates the negative relationship between techno-stress and compliance intention. The results of the study contribute to the organization's strategy for minimizing the reduction of the information security compliance intention of employees, and are meaningful in that the theoretical basis for mitigating techno-stress is provided in the field of information security.

• Convergence Security Journal
• /
• v.21 no.3
• /
• pp.93-104
• /
• 2021

Today, due to the development of the 4th industrial revolution such as artificial intelligence, the security threat of the military organization is increasing. A study that can contribute to complying with military security is needed by studying the effects of influence factors occurring in this changing or newly emerging security environment on information security stress and security compliance behavior intention. In previous studies, task overload, task complexity, task uncertainty, and task conflict were extracted among environmental influencing factors that cause security stress. We empirically analyzed how these influencing factors affect security stress and whether they play a mediating role in security stress. As a result of the analysis, it was analyzed that the security stress was affected in the order of task overload, task conflict, and task uncertainty. Information security stress did not significantly affect security compliance behavior intention, but it was found to mediate the effect of task overload on security compliance behavior intention. This causes information security stress due to heavy security work in the military organization, which ultimately leads to lower security compliance behavior. Therefore, the security policy to manage this situation should be promoted first.

• Journal of the Korea Convergence Society
• /
• v.12 no.2
• /
• pp.247-258
• /
• 2021

Recently, organizations are demanding strict information security behavior from their employees. Strict information security policies and techniques can cause information security related stress. The purpose of this study is to present the negative effects of information security related techno stress and role stress that reduce knowledge sharing behavior and person-organization fit. The survey was conducted to people working in organizations with information security policies and system, and the research hypothesis was verified by structural equation modeling using 309 samples. As a result of the study, person-organization fit had a positive effect on knowledge sharing behavior, but role stress had a negative effect. And, techno-stress negatively affected the person-organization fit. Additionally, role ambiguity had a moderating effect between person-organization fit and knowledge sharing behavior. The implications of the study were to confirm the negative effects of information security related techno stress and role stress, and to suggest directions for minimizing negative behavior of insiders.

• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.113-120
• /
• 2022

Despite the limitations of existing security policies due to technological development, companies are unable to actively respond to changes by maintaining a closed security policy. This study classified information security policy into three types: regulatory type policy, advisory type policy, and informative type policy. For each classified policy type, the effect on the information security policy compliance behavior of organizational members was investigated by applying the extended theory of planned behavior, and the moderating effect of information security stress was investigated. SmartPLS 2.0 and SPSS 21.0, which are structural equation modeling techniques, were used to analyze the relationship affecting each factor. As a result of the study, regulatory type, advisory type, and informative type security policies affected organizational members' information security policy compliance behavior, and security stress had an effect on information security compliance attitudes and subjective norms on information security, which are prerequisites for planned behavior theory. gave. This study suggests that various types of corporate information security policies can be applied and that security stress can affect information security behaviors of members.

• Journal of Information Technology Services
• /
• v.19 no.6
• /
• pp.83-95
• /
• 2020

"I think security is only trying to make it uncomfortable." "10% of my work is entering IDs and passwords, such as boot passwords, mobile phone authentication numbers, etc." As reflected in the complaint above, stress caused by information security among organizations' members is increasing. In order to strengthen information security, practical solutions to reduce stress are needed because the motivation of the members is needed in order for organizations to function properly. Therefore, this study attempts to suggest key factors that can enhance security while reducing information security stress among members of organizations. To this end, based on the theory of protection motivation, trust and security stress from information security policies are set as mediating factors to explain changes in security reinforcement behavior. Furthermore, risk, efficacy, and reaction costs of cyberattacks are considered as prerequisites. Our study suggests a solution to the security reinforcement problem by analyzing the factors that influence the behavior of members of organizations. In turn, this can raise protection motivation among members.

• The Journal of Society for e-Business Studies
• /
• v.24 no.3
• /
• pp.143-161
• /
• 2019

The purpose of this study is to empirically verify the relationship of how job stress and job satisfaction of information security professionals affect turnover intention, a precursor of actual turnover. The moderation effect of organizational justice is also explored within these causal relationships. This empirical analysis used 150 responses from information security professionals within 4 different industries. The analysis result from survey responses shows that job stress increases turnover intention, and job satisfaction decreases turnover intention, and that interactional justice, a subordinate concept of organizational justice, has a negative moderating effect at the relationship between job stress and turnover intention. The moderating effect of interactional justice, which can reduce turnover intention with warm words from managers or colleagues even when information security professionals who respond to emergencies such massive incidents are with high job stress, is a piece of important knowledge for information security managers. To reduce voluntary turnover of information security professionals from the organizational perspective, making efforts to lower job stress and raise job satisfaction and interactional justice is necessary.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.11
• /
• pp.87-98
• /
• 2019

In recent years, many organizations protect their information resources by investing in information security technology. However, information security threats from insiders have not been reduced. This study proposes a method for reducing information security threats within an organization by mitigating negative information security behaviors of employees. Specifically, the study finds a relationship between information security related role stress and negative behavior and suggests whether organizational justice mitigates role stress. That is, the purpose of the study is to suggest a mechanism between organizational justice, information security related role stress, and negative behavior. Negative behavior consist of avoidance behavior and deviant behavior, and security related role stress consist of role conflict and role ambiguity. Organizational justice consist of distributional justice, procedural justice, and informational justice. The research model is verified through structural equation modeling. After establishing a research model and hypothesis, we develop a survey questionnaire and collect data from 383 employees whose organizations have already implemented security policies. The findings appear that security related role stress increases negative behavior and that organizational justice mitigates role stress. The results of the analysis suggest the direction of organizational strategy for minimizing insider's security-related negative behaviors.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.6
• /
• pp.243-253
• /
• 2016

Company strengthen various information security policy and activity in order to protect important information assets that the company has been dealing with and prevents information security accidents such as personal information spill. However, some study said these policy and activity increase employee's information security stress and still information security accidents by employees have happened so far. Therefore, this study will review preceding theories and studies used in many various fields including Information Security areas needed to explain human's behavioral intention and determinants and summarize characteristic factors that have influence on control of human's behavioral intention in the results of the above theories and studies. Secondly, this study will implement exploratory analysis on characteristic factors perceived by employees that has been stemmed from various company's information security policy and activity in order to increase employee/'s information security compliance intention under the its surrounding security circumstance. Thirdly, this study will fulfil multiple-regression analysis in order to identify cause-effect relationship between employee's perceived information security stress and employee's perceived characteristic factor. Finally, this study will explain casual relationship with same analysis methods between information security stress and information security compliance intention based on results of the survey conducted on the financial firm's employees with same analysis methods.

• The Journal of Information Systems
• /
• v.31 no.1
• /
• pp.1-24
• /
• 2022

Purpose The purpose of this study is to investigate the factors that affect the user satisfaction and continuous use intention of the improved ATCIS in the Korean Army. Design/methodology/approach Based on the various theories in relation to IT continuance, user satisfaction was identified as the main factor with regard to the continuous use intention of the improved ATCIS. In addition, computer self-efficacy, education-training, and system quality were hypothesized as antecedent variables to user satisfaction, and information security stress was set as a moderating variable for these relationships. Findings Survey results show that computer self-efficacy, education and training, and system quality had a positive effect on user satisfaction, and information security stress was found to moderate these relationships. The effects of computer self-efficacy and education-training on user satisfaction were higher in the group with low information security stress. However, the relationship between system quality and user satisfaction was higher in the group with high information security stress. User satisfaction is found to have a positive effect on the continuous use intention even with habit considered as a control variable.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.17 no.1
• /
• pp.1-12
• /
• 2022

An insider's information security incidents continue to occur, there is a growing demand for strengthening information security within the organization. However, when strict information security policies and rules are applied to employees of the organization, it can result as an information security stress and resistance behavior. The purpose of this study is to suggest the causes of insiders' negative information security behavior and factors that mitigate the cause. In particular, the study identifies how the mutual influence of individual (psychological empowerment) and organizational (justice climate) factors mitigates negative behavior. In this study, a sample was obtained by surveying workers of organizations that reflect information security policies to insiders, and hypothesis testing was performed by structural equation modeling. As a result of the analysis, role stress had a partial mediating effect on the effect of psychological empowerment on security policy resistance, and the justice climate strengthened the effect of psychological empowerment. Our results suggest a direction for reducing insider information security policy resistance, so it helps to establish a strategy for achieving internal information security goals.