• Journal of Information Technology Applications and Management
• /
• 제22권4호
• /
• pp.225-251
• /
• 2015

This paper analyzed factors for employees to violate information security policy in financial companies based on the theory of reasoned action (TRA), general deterrence theory (GDT), and information security awareness and moderating effects of perceived sensitivity of customer information. Using the 376 samples that were collected through both online and offline surveys, statistical tests were performed. We found that the perceived severity of sanction and information security policy support to information policy violation attitude and subjective norm but the perceived certainty of sanction and general information security awareness support to only subjective norm. Also, the moderating effects of perceived sensitivity of customer information against information policy violation attitude and subjective norm were supported. Academic implications of this study are expected to be the basis for future research on information security policy violations of financial companies; Employees' perceived sanctions and information security policy awareness have an impact on the subjective norm significantly. Practical implications are that it can provide a guide to establish information security management strategies for information security compliance; when implementing information security awareness training for employees to deter violations by emphasizing the sensitivity of customer information, a company should make their employees recognize that the customer information is very sensitive data.

• 디지털융복합연구
• /
• 제11권2호
• /
• pp.19-32
• /
• 2013

본 연구의 목적은 왜 조직 구성원들이 정보보안 정책을 위배하는지에 대해 알아보기 위해 도덕적 해방이론을 기반으로 수행되었다. 분석 결과 도덕적 신념과 처벌에 대한 인지는 보안 정책 위배에 유의한 영향을 미치는 것으로 나타났다. 반면 도덕적 해당이 존재할 경우 처벌에 대한 인지는 유의하지 않은 것으로 나타났다. 마지막으로 정보보안 인식교육과 도덕적 신념, 그리고 처벌에 대한 인지는 도덕적 해방에 유의한 영향을 미치는 것으로 나타났으며, 도덕적 해방은 정보보안 정책 위배에 유의한 영향을 미치는 것으로 나타났다.

• 정보보호학회논문지
• /
• 제22권1호
• /
• pp.107-115
• /
• 2012

우리나라의 정보화 수준과 비교하여 정보보호 수준은 상대적으로 낮다. 정보보호 예산 수준 역시 전체 정보화 예산대비 5%대로 미미하며 기업들의 사후대응 중심의 정보보호 조치는 반복적인 피해비용을 야기한다. 정보보호 침해사고에 대한 대응은 사후대응 체계에서 예방과 사전탐지 중심으로 바뀌어야한다. 정보사회에서의 침해사고 대응은 개인의 책임보다는 국가와 기업이 공동으로 대처해야할 영역이라는 인식 전환이 필요하다. 2004년 정보보호조치 및 안전진단 관련 지침이 고시되면서 우리나라도 침해사고 예방을 위한 제도적 기반을 마련하였다. 하지만 제도적으로 시행되고 있는 관리적, 기술적, 물리적 보호조치가 실제 침해사고 대응에 완벽한 예방책이 되지는 못한다. 본 연구에서는 현행 제도적 보호조치의 예방 효과에 대해 살펴보고 제도적 한계와 개선점을 도출하여 기업들이 실질적인 목표 보안수준을 유지하기 위해 필요한 효과적인 침해 예방 대응책으로써의 선행위협 관리 모델을 제안한다.

• 한국IT서비스학회지
• /
• 제11권2호
• /
• pp.93-106
• /
• 2012

Recently, a Game Shut-down policy, partially limiting the time for the use of online game service, has been implemented in order to protect the youth from the excessive use of games by limiting their access to games in the late hours, based on the serious side effects of online games on the youth. However, the effectiveness of a Game Shut-down policy becomes a social issue. Thus, this study aims to investigate the alternative policies through the levels of the communications suggested by the theory of excellence, for the successful implementation of the policy. As a result of the study, the government and students, the recipient of those policies, need to strengthen their two-way communication in respect of the Game Shut-down policy, breaking from the existing views on the perception. The problem is that the current government's way of the communication for the Game Shut-down policy is one-way and it is aiming at achieving the objectives only. Thus, the communication in this manner will cause the side effect. 'the opportunistic violation of the system in the future', even if the students seemingly accept the system. Two-way communication will enhance the motivation for the voluntary acceptance of the system and lower the motivation for the opportunistic violation of the system. Thus, the government needs to strengthen two-way communication in the future.

• Asia pacific journal of information systems
• /
• 제33권4호
• /
• pp.863-898
• /
• 2023

Previous studies have shown that insiders pose risks to the security of organisations' secret information. Information security policy (ISP) intentional violation can jeopardise organisations. For years, ISP violations persist despite organisations' best attempts to tackle the problem through security, education, training and awareness (SETA) programs and technology solutions. Stopping hacking attempts e.g., phishing relies on personnel's behaviour. Therefore, it is crucial to consider employee behaviour when designing strategies to protect sensitive data. In this case, organisations should also focus on improving employee behaviour on security and creating positive security perceptions. This paper investigates the role of psychological capital (PsyCap), punishment and organisational security resources in influencing employee behaviour and ultimately reducing ISP violations. The model of the proposed study has been modified to investigate the connection between self-efficacy, resilience, optimism, hope, perceived sanction severity, perceived sanction certainty, security response effectiveness, security competence and ISP violation. The sample of the study includes 364 bank employees in Jordan who participated in a survey using a self-administered questionnaire. The findings show that the proposed approach acquired an acceptable fit with the data and 17 of 25 hypotheses were confirmed to be correct. Furthermore, the variables self-efficacy, resilience, security response efficacy, and protection motivation directly influence ISP violations, while perceived sanction severity and optimism indirectly influence ISP violations through protection motivation. Additionally, hope, perceived sanction certainty, and security skills have no effect on ISP infractions that are statistically significant. Finally, self-efficacy, resiliency, optimism, hope, perceived severity of sanctions, perceived certainty of sanctions, perceived effectiveness of security responses, and security competence have a substantial influence on protection motivation.

• Asia pacific journal of information systems
• /
• 제24권3호
• /
• pp.325-344
• /
• 2014

Technical support of Window XP ended in March, 8, 2014, and it makes OS(Operating System) users fall in a state of confusion. Sudden decision making of OS upgrade and replacement is not a simple problem. Firms need to change the long term capacity plan in enterprise IS management, but they are pressed for time and cost to complete it. Individuals can not help selecting the second best plan, because the following OSs of Window XP are below expectations in performances, new PC sales as the opportunities of OS upgrade decrease, and the potential risk of OS technical support ending had not announced to OS users at the point of purchase. Microsoft as the OS vendors had not presented precaution or remedy for this confusion. Rather, Microsoft announced that the technical support of the other following OSs of Wndow XP such as Window 7 would ended in two years. This conflict between OS vendor and OS users could not happen in one time, but could recur in recent future. Although studies on the ways of OS user protection policy would be needed to escape from this conflict, few prior studies had conducted this issue. This study had challenge to cautiously investigate in such OS user's reactions as the confirmation with OS user's expectation in the point of purchase, three types of justice perception on the treatment of OS vendor, psychological contract violation, satisfaction and the other betrayal behavioral intention in the case of Window XP technical support ending. By adopting the justice perception on this research, and by empirically validating the impact on OS user's reactions, I could suggest the direction of establishing OS user protection policy of OS vendor. Based on the expectation-confirmation theory, the theory of justice, literatures about psychological contract violation, and studies about consumer betrayal behaviors in the perspective of Herzberg(1968)'s dual factor theory, I developed the research model and hypothesis. Expectation-confirmation theory explain that consumers had expectation on the performance of product in the point of sale, and they could satisfied with their purchase behaviors, when the expectation could have confirmed in the point of consumption. The theory of justice in social exchange argues that treatee could be willing to accept the treatment by treater when the three types of justice as distributive, procedural, and interactional justice could be established in treatment. Literatures about psychological contract violation in human behaviors explains that contracter in a side could have the implied contract (also called 'psychological contract') which the contracter in the other side would sincerely execute the contract, and that they are willing to do vengeance behaviors when their contract had unfairly been broken. When the psychological contract of consumers had been broken, consumers feel distrust with the vendors and are willing to decrease such beneficial attitude and behavior as satisfaction, loyalty and repurchase intention. At the same time, consumers feel betrayal and are willing to increase such retributive attitude and behavior as negative word-of-mouth, complain to the vendors, complain to the third parties for consumer protection. We conducted a scenario survey in order to validate our research model at March, 2013, when is the point of news released firstly and when is the point of one year before the acture Window XP technical support ending. We collected the valid data from 238 voluntary participants who are the OS users but had not yet exposed the news of Window OSs technical support ending schedule. The subject had been allocated into two groups and one of two groups had been exposed this news. The data had been analyzed by the MANOVA and PLS. MANOVA results indicate that the OSs technical support ending could significantly decrease all three types of justice perception. PLS results indicated that it could significantly increase psychological contract violation and that this increased psychological contract violation could significantly reduce the trust and increase the perceived betrayal. Then, it could significantly reduce satisfaction, loyalty, and repurchase intention, and it also could significantly increase negative word-of-month intention, complain to the vendor intention, and complain to the third party intention. All hypothesis had been significantly approved. Consequently, OS users feel that the OSs technical support ending is not natural value added service ending, but the violation of the core OS purchase contract, that it could be the posteriori prohibition of OS user's OS usage right, and that it could induce the psychological contract violation of OS users. This study would contributions to introduce the psychological contract violation of the OS users from the OSs technical support ending in IS field, to introduce three types of justice as the antecedents of psychological contract violation, and to empirically validate the impact of psychological contract violation both on the beneficial and retributive behavioral intentions of OS users. For practice, the results of this study could contribute to make more comprehensive OS user protection policy and consumer relationship management practices of OS vendor.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제7권3호
• /
• pp.558-575
• /
• 2013

The purpose of a data leakage prevention system is to protect corporate information assets. The system monitors the packet exchanges between internal systems and the Internet, filters packets according to the data security policy defined by each company, or discretionarily deletes important data included in packets in order to prevent leakage of corporate information. However, the problem arises that the system may monitor employees' personal information, thus allowing their privacy to be violated. Therefore, it is necessary to find not only a solution for detecting leakage of significant information, but also a way to minimize the leakage of internal users' personal information. In this paper, we propose two models for representing the level of personal information disclosure during data leakage detection. One model measures only the disclosure frequencies of keywords that are defined as personal data. These frequencies are used to indicate the privacy violation level. The other model represents the context of privacy violation using a private data matrix. Each row of the matrix represents the disclosure counts for personal data keywords in a given time period, and each column represents the disclosure count of a certain keyword during the entire observation interval. Using the suggested matrix model, we can represent an abstracted context of the privacy violation situation. Experiments on the privacy violation situation to demonstrate the usability of the suggested models are also presented.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권11호
• /
• pp.5357-5381
• /
• 2018

Cloud computing offers a wide range of on-demand resources over the internet. Utility-based resource allocation in cloud data centers significantly increases the number of cloud users. Heavy usage of cloud data center encounters many problems such as sacrificing system performance, increasing operational cost and high-energy consumption. Therefore, the result of the system damages the environment extremely due to heavy carbon (CO2) emission. However, dynamic allocation of energy-efficient resources in cloud data centers overcomes these problems. In this paper, we have proposed Energy and Service Level Agreement (SLA) Aware Resource Allocation Heuristic Algorithms. These algorithms are essential for reducing power consumption and SLA violation without diminishing the performance and Quality-of-Service (QoS) in cloud data centers. Our proposed model is organized as follows: a) SLA violation detection model is used to prevent Virtual Machines (VMs) from overloaded and underloaded host usage; b) for reducing power consumption of VMs, we have introduced Enhanced minPower and maxUtilization (EMPMU) VM migration policy; and c) efficient utilization of cloud resources and VM placement are achieved using SLA-aware Modified Best Fit Decreasing (MBFD) algorithm. We have validated our test results using CloudSim toolkit 3.0.3. Finally, experimental results have shown better resource utilization, reduced energy consumption and SLA violation in heterogeneous dynamic cloud environment.

• 대한교통학회지
• /
• 제28권4호
• /
• pp.61-73
• /
• 2010

본 연구는 승용차요일제에 참여한 운전자를 대상으로 승용차요일제를 준수하고 위반하는데 미치는 영향을 분석하고 그 중에서 인센티브 혜택을 받았던 운전자들을 대상으로 인센티브에 대한 만족도에 영향을 미치는 요인을 분석하였다. 그 결과 행정구역인 동단위통행 에너지 소비량이 높은 지역에 거주하고, 버스정류장당 잠재이용수요가 낮은 지역에 거주하며, 주택호수당 승용차통행발생량이 낮은 지역에 거주하는 운전자일수록 승용차요일제를 위반할 확률이 높으며, 교통정책 중에 버스노선조정과 확충을 최우선으로 추진해야한다고 판단하는 운전자일수록, 한 달 평균 차량운영비가 높은 운전자일수록, 유류비 증가분이 5~10% 인상되어도 적극적으로 참여하지 않겠다고 응답한 운전자일수록 위반할 확률이 높게 추정되었다. 인센티브 만족도 분석은 혼잡통행료 요금을 50% 감면하는 현제도에 대하여 분석하였는데, 주택호수당 승용차통행발생량이 높은 지역에 거주하고, 인구1인당 발생통행량이 낮은 지역에 거주하는 운전자일수록 만족도를 높게 평가하였으며, 승용차요일제에 운휴일에 이용하는 대체교통수단이 버스이고 승용차요일제 참가이유가 인센티브 혜택을 받기 위함이 아니었던 운전자일수록 만족도가 높게 추정되었다.

• Journal of Korea Trade
• /
• 제27권1호
• /
• pp.176-191
• /
• 2023

Purpose - When recovered through arbitration a contractual penalty that is disproportionately high can become grounds for challenging an arbitral award or an obstacle to its enforcement within Russian jurisdiction. This article investigates how violation of the principle of proportionality can affect the enforcement and challenging of arbitral awards in Russia. Based on the examination of the current legislation, along with the analysis of recent court cases on the subject, the ultimate object of this article is to discern practical recommendations for Korean practitioners who are looking to challenge and/or enforce arbitral awards in Russian courts. Design/methodology - The research process included the reviewing of current Russian legislation conducted in concurrence with academic literature review, searching and analyzing recent court cases where the relevant legal provisions and concepts were applied, and formulating practical implications of the research at its final stage. Findings - Through its relation to the principle of fairness/justice the authors establish the connection between the principle of proportionality and the public policy of Russia. Analysis of recent court cases showed two conflicting trends of whether a disproportionate penalty can be considered a public policy violation. The authors offer practical recommendations on how to substantiate a relevant claim regarding contractual penalty reduction by the court, depending on the desired outcome. Originality/value - The article contains an up-to-date summary of the legal provisions on the principle of proportionality of civil liability in Russia and identifies the most recent trends in court practice on the issue that is not covered by existing studies.