• Journal of Information Technology Applications and Management
• /
• 제26권2호
• /
• pp.27-40
• /
• 2019

As reliance on information and communication becomes widespread, a variety of information dysfunctions such as hacking, viruses, and the infringement of personal information are also occurring. Korean adolescents are especially exposed to an environment in which they are experiencing information dysfunction. In addition, youth cybercrimes are steadily occurring. To prevent cybercrime and the damage caused by information dysfunction, information security practices are essential. Accordingly, the purpose of this study is to discuss the factors affecting the information security practices of Korean youths, considering information security education, perceived severity, and perceived vulnerability as leading factors of the theory of planned behavior. A questionnaire survey was administered to 118 middle and high school students. Results of the hypothesis test show that information security education affects perceived behavior control, and perceived severity affects attitude. Subjective norms, information security attitudes, and perceived behavioral control were found to influence adolescents' practices of information security. However, perceived vulnerabilities did not affect youths' information security attitudes. This study confirms that information security education can help youths to practice information security. In other words, information security education is important, and it is a necessary element in the information curriculum of contemporary youth. However, perceived vulnerability to youth information security threats did not affect information security attitudes. Consequently, we suggest that it is necessary to strengthen the contents of the information security education for Korean youths.

• Journal of Information Technology Applications and Management
• /
• 제22권4호
• /
• pp.225-251
• /
• 2015

This paper analyzed factors for employees to violate information security policy in financial companies based on the theory of reasoned action (TRA), general deterrence theory (GDT), and information security awareness and moderating effects of perceived sensitivity of customer information. Using the 376 samples that were collected through both online and offline surveys, statistical tests were performed. We found that the perceived severity of sanction and information security policy support to information policy violation attitude and subjective norm but the perceived certainty of sanction and general information security awareness support to only subjective norm. Also, the moderating effects of perceived sensitivity of customer information against information policy violation attitude and subjective norm were supported. Academic implications of this study are expected to be the basis for future research on information security policy violations of financial companies; Employees' perceived sanctions and information security policy awareness have an impact on the subjective norm significantly. Practical implications are that it can provide a guide to establish information security management strategies for information security compliance; when implementing information security awareness training for employees to deter violations by emphasizing the sensitivity of customer information, a company should make their employees recognize that the customer information is very sensitive data.

• 한국융합학회논문지
• /
• 제9권9호
• /
• pp.69-81
• /
• 2018

본 연구의 목적은 정보보안 정책 준수 의도의 선행변수인 정보보안에 대한 인지된 중요성에 유의한 영향을 미치는 요인을 규명하는 것이다. 이를 위해 구조방정식 모형을 기반으로 제안 모형을 분석했다. 분석결과, 첫째, 정보보안 교육의 효과성은 정책 준수에 따른 인지된 비용에 통계적으로 유의한 영향을 미치지 못하는 것으로 나타났다. 둘째, 정보보안 정책의 효과성은 정책 준수에 따른 인지된 비용에 유의한 영향을 미치는 것으로 나타났다. 셋째, 인지된 취약성은 정책 준수에 따른 인지된 비용에 유의한 영향을 미치는 것으로 나타났다. 넷째, 정책 준수에 따른 인지된 비용은 정보보안에 대한 인지된 중요성에 유의한 영향을 미치는 것으로 나타났다. 다섯째, 정보보안 침묵에 대한 경영진의 태도는 구성원들의 보안 침묵 행위에 유의한 영향을 미치는 것으로 나타났다. 여섯째, 정보보안에 대한 의사소통 기회는 구성원들의 보안 침묵 행위에 유의한 영향을 미치는 것으로 나타났다. 마지막으로 구성원들의 보안 침묵 행위는 정보보안에 대한 인지된 중요성에 유의한 영향을 미치는 것으로 나타났다.

• 한국항해항만학회지
• /
• 제36권3호
• /
• pp.261-271
• /
• 2012

본 연구의 목적은 항만기업 종사자들의 정보보안인식정도와 지각된 정보보안위험 정도에 영향을 미치는 요인들이 어떤 것들이 있는지를 실증 분석하는 것이다. 특히, 지각된 정보보안위험에 영향을 미치는 요인을 파악하기 위하여 위험분석방법론을 토대로 자산, 위협, 취약성과의 관계를 분석하였다. 252개의 유효설문을 대상으로 AMOS를 이용한 구조방정식 모형 분석을 하였다. 연구결과를 보면, 첫째, 항만기업 종사자의 경우 정보자산은 지각된 정보보안위험에 유의하지 않은 결과로 분석되었다. 둘째, 위협, 취약성은 지각된 정보보안위험에 유의한 영향을 미치는 것으로 나타났다. 마지막으로, 정보보안인식과 정보보안교육, 정보보안인식과 정보보안의도와의 관계는 유의하게 분석되었다. 그러나 정보보안관심도는 정보보안인식에 유의하지 않은 것으로 분석되었다.

• Asia pacific journal of information systems
• /
• 제33권4호
• /
• pp.863-898
• /
• 2023

Previous studies have shown that insiders pose risks to the security of organisations' secret information. Information security policy (ISP) intentional violation can jeopardise organisations. For years, ISP violations persist despite organisations' best attempts to tackle the problem through security, education, training and awareness (SETA) programs and technology solutions. Stopping hacking attempts e.g., phishing relies on personnel's behaviour. Therefore, it is crucial to consider employee behaviour when designing strategies to protect sensitive data. In this case, organisations should also focus on improving employee behaviour on security and creating positive security perceptions. This paper investigates the role of psychological capital (PsyCap), punishment and organisational security resources in influencing employee behaviour and ultimately reducing ISP violations. The model of the proposed study has been modified to investigate the connection between self-efficacy, resilience, optimism, hope, perceived sanction severity, perceived sanction certainty, security response effectiveness, security competence and ISP violation. The sample of the study includes 364 bank employees in Jordan who participated in a survey using a self-administered questionnaire. The findings show that the proposed approach acquired an acceptable fit with the data and 17 of 25 hypotheses were confirmed to be correct. Furthermore, the variables self-efficacy, resilience, security response efficacy, and protection motivation directly influence ISP violations, while perceived sanction severity and optimism indirectly influence ISP violations through protection motivation. Additionally, hope, perceived sanction certainty, and security skills have no effect on ISP infractions that are statistically significant. Finally, self-efficacy, resiliency, optimism, hope, perceived severity of sanctions, perceived certainty of sanctions, perceived effectiveness of security responses, and security competence have a substantial influence on protection motivation.

• 한국융합학회논문지
• /
• 제13권1호
• /
• pp.283-295
• /
• 2022

본 연구는 조직 구성원들의 정보보안 중요성 인식에 영향을 미치는 요인을 탐색하고자 한다. 이를 위해 예방 동기 이론을 근간으로 인지된 처벌 확신성, 인지된 대응 비용, 묵인이 인지된 정보보안 중요성 인식에 미치는 영향을 살펴보았다. 분석 결과는 다음과 같다. 첫째, 인지된 처벌 확신성은 정보보안 중요성 인식에 유의한 영향을 미치는 것으로 나타났다. 또한, 인지된 처벌 확신성은 묵인에 부정적 영향을 미치는 것으로 나타났다. 둘째, 대응 비용은 정보보안 중요성 인식에 긍정적 영향을 미치는 것으로 나타났다. 또한, 대응 비용은 묵인에 긍정적 영향을 미치는 것으로 나타났다. 마지막으로 묵인은 정보보안 인식 중요성에 부정적 영향을 미치는 것으로 나타났다. 따라서, 구성원들의 정보보안 중요성 인식을 위해서 보안 위반 행위에 확실한 처벌이 뒤따를 수 있다는 것을 인식시킬 필요가 있다. 동시에, 조직은 구성원들이 보안 행동을 수행하는 데 있어서 장해가 되는 요소들을 제거하는 시도도 해야 한다. 마지막으로, 조직의 보안에 관한 열린 소통이 가능하도록 해야 한다.

• 한국컴퓨터정보학회논문지
• /
• 제23권9호
• /
• pp.141-156
• /
• 2018

The purpose of this study is how personal information violation risks affect the intention to use domestic cryptocurrency services. VAM(Value based Adoption Model) model is validated as a theoretical background, selecting perceived ease of use, perceived usefulness and perceived security as a benefit factors, and considers perceived cost, technical complexity, and risk of personal information violation risks as sacrifice factors. The method of this study used questionnaire survey to collect 150 data on user's perception on cryptocurrency services, and also performed a structural equation modeling method using by AMOS 23. The result of this paper shows that all hypotheses are accepted statistically significant except 2 hypothesis. This research is concluded that perceived value is affected on statistically positive impact on perceived ease of use, perceived usefulness and perceived security, and negative impact on risk of personal information violation risk, not statistically perceived fee and technical complexity.

• 한국정보시스템학회지:정보시스템연구
• /
• 제29권1호
• /
• pp.51-74
• /
• 2020

Purpose Since the number of personal information breach incidents increased, many people have perceived the importance of personal information protection, in the recent. Especially, the number of personal information breach targeting middle-aged and elderly people rapidly increases. Therefore, the purpose of this study is to identify the factors which influence to fail of online information security behaviors among the elderly. Design/methodology/approach This study made a research model by adopting the factors deducted from the protection motivation theory. To analyze the research model, we conducted an online survey targeted on the elderly and middle ages users who have nations of Korean and Chinese respectively. Findings According to the empirical analysis result, we identified that only perceived severity and perceived vulnerability affected information security awareness. On contrast, it was also discovered that perceived barriers, self-efficacy, and response efficacy did not affect information security awareness. Additionally, the awareness of information security also did not affect information security behaviors. Middle-aged and elderly people with personal information protection education did more information security behaviors than people those who no education experiences. Korean middle-aged and elderly people with education significantly did more information protection behaviors than the people without the education.

• The Journal of Asian Finance, Economics and Business
• /
• 제7권9호
• /
• pp.537-547
• /
• 2020

This study aimed to analyze evidence of the effect of perceived ease-of-use, perceived usefulness, and perceived security on the citizen's intention to use e-Filing with information technology readiness as an intervening variable. This study used primary data collected from Civil Servants Taxpayers, Indonesian National Armed Forces, and State Police of the Republic of Indonesia in Semarang City. One hundred fifty questionnaires were distributed, and 126 were processed and analyzed. The multiple linear regression and path analysis were employed to test the hypotheses. The results indicated that perceived ease-of-use and perceived security had a positive effect on the use of e-Filing, while perceived usefulness has no effect on the use of e-Filing. In addition, readiness of information technology did not mediate the relationships among the perceived ease-of-use, perceived usefulness, and perceived security on the use of e-Filing. This study implies that Directorate General of Taxes, as a provider of e-Filing services, may improve the quality of e-Filing, especially in terms of ease and security. It is because, based on the results of this study, both aspects have been empirically proven to be able to increase intention to use e-Filing in reporting the annual notification letter.

• 시큐리티연구
• /
• 제56호
• /
• pp.145-163
• /
• 2018

최근 조직 구성원의 보안행동은 기업 차원의 정보보안에 중요한 부분으로 인식되고 있다. 정보유출 및 정보보안에 대한 연구는 보안 위협에 대한 개인행동이나 보안 기술을 사용하는 조직 구성원을 대상으로 연구가 활발히 진행되고 있다. 본 연구의 목적은 조직구성원들이 정보보안 활동을 촉진할 수 있는 효과적이고 효율적인 발전방안을 제시하고자 한다. 이를 위해 계획된 행동이론과 보호동기이론의 통합을 중심으로 주요 변수들을 적용한 연구모형을 제시하였다. 본 연구모형을 실증적으로 검증하기 위해 기업에서 보안 경험이 있는 조직원들을 대상으로 설문조사를 실시하였다. 이를 통해 조직구성원들이 정보보안 행동에 대해 긍정적인 구전을 유도하는 것이 중요하다. 이를 통해 기업에서는 조직구성원들이 정보보안 사고에 대해서 내 외부에서 발생 가능한 보안위험을 예방 및 대응하고 관리하기 위해 다양한 보안 솔루션 도입해야하며, 정보시스템에 대한 취약점 점검과 보인 패치 등의 보안 사항을 만족시키기 위한 행동을 실시해야 할 것이다.