• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.355-370
• /
• 2022

This research investigates the impacts of information security (IS) culture and management leadership styles on employee's security behaviors (IS policies compliance, IS participation) in financial institutions. This study use the survey data collected from 236 employees of financial institutions. This research shows that IS culture has a positive effect on both behavioral intentions to comply with IS policies and the intentions to actively participate in information security activities. Transactional leadership has a positive impact on the IS policies compliance intentions and to participate in information security activities. In contrast, transformational leadership has a positive impact on the intentions to participate in information security activities, but not on the IS policies compliance intentions.

• Convergence Security Journal
• /
• v.18 no.1
• /
• pp.69-84
• /
• 2018

This study examines antecedents of the intention of compliance with information security policies based on Ajzen's Theory of Planned Behavior. The study conducted the following: Verification of casual relations between role of management and protection motivation and the antecedents of planned behavior as parameters to determine the effect on the intention of compliance with information security policy, and comparative analysis between the research model and a competition model. The result of the study disclosed that, in the research model, attitude and subjective norm took an intermediary role on management beliefs, response efficacy, response cost, self-efficacy, and compliance intention, and perceived behavior control on management beliefs, self-efficacy and compliance intention.

• Journal of Digital Convergence
• /
• v.10 no.5
• /
• pp.37-51
• /
• 2012

The purpose of this study is to approach information security from a more comprehensive perspective. Particularly, information countermeasures includes a technological tool for end users, thereby increasing the end users' technological stresses. Based on the technostress framework, we investigate a effect of security awareness training on technostress, and also examine a effect of technostress on the persistent security compliance. Results showed that security awareness training influenced on techno-overload and techno-uncertainty. We also found that techno-overload and techno-uncertainty have a significant effect on the persistent security compliance. Conclusion and implications are discussed.

• Journal of Navigation and Port Research
• /
• v.37 no.6
• /
• pp.709-718
• /
• 2013

In this study, AHP analysis was conducted through a survey that was organized by 9 job categories. The results show that sustainable operation risks have the highest priority level among all criteria with management interest having the highest priority level within sustainable operation risks related attributes. The most important risk attributes among stakeholder risks appeared to be asset security and cargo and conveyance security, with education and training being the most important among regulatory risks. Effective management and response to the risks from export controls on strategic trade require an understanding of supply chain security and compliance programs, effective training programs, investments for development of security systems that meet international standards. In addition, the government needs to focus on developing professionals and providing support for companies with compliance programs, working closely with businesses.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.22 no.1
• /
• pp.595-602
• /
• 2021

This study evaluates the impact of an information security policy sanction, a perceived threat, and the perception of the information security climate on a compliance behavioral intention. The research method was structured with a cross-sectional study design for the prospect and goal orientation. The variables used in the analysis are information security policy sanction, perceived threat, perception of information security climate, and compliance behavioral intention. Progress in this research consists of measuring the prospect and goal orientation, and then measuring the four variables. As a result, the prospect had a significant effect on the perception of the information security climate, and it was found that the influence of the gain-based condition was greater than the loss-based condition. Goal orientation had a significant effect on the information security policy sanction, the perceived threat, and the compliance behavioral intention, and the influence of the development-based condition was greater than the stability-based condition. Both prospect and goal orientation had an interactive effect on the compliance behavioral intention. The exploration model was verified as a mediation model. In addition, the discussion includes the appropriate implications for information security based on these research results.

• The Journal of the Korea Contents Association
• /
• v.21 no.4
• /
• pp.153-165
• /
• 2021

The purpose of this study is to find precedent factors that positively and negatively affect the information security compliance intention. In detail, the study finds precedent factors to reduce anxiety that negatively affects compliance intentions, and confirms that feedback moderates the negative relationship between anxiety and compliance intention. The questionnaire was targeted at office workers working in organizations with information security policies, and research hypothesis verification was conducted through structural equation modeling to analyze main effects and moderation effects. As a result of the study, anxiety had a negative effect on the compliance intention, and the organizational culture that was raised through management support reduced anxiety of employees. In addition, feedback mitigated the negative impact relationship between anxiety and compliance intention. The implications of this study were to suggest a direction to mitigate the anxiety of the employees of the organization through the introduction and operation of information security technology.

• Convergence Security Journal
• /
• v.22 no.3
• /
• pp.57-68
• /
• 2022

As the importance and awareness of security have recently expanded, companies and governments are making continuous efforts and investments for security management. However, there are still many security threats in the organization, especially security incidents caused by internal staff. Therefore, it is very important for members to comply with security policies for organizational security management. Therefore, this study classified industrial security management into technical security, physical security, and managerial security, and applied the theory of planned behavior to investigate the impact relationship on the intention to comply with security policies. SPSS 25 and AMOS 25 were used for statistical analysis, and the study found that technical security had a positive(+) effect on subjective norms, physical security had a positive(+) effect on perceived behavior control, and attitude and perceived behavior control had a positive(+) effect on security policy compliance intention.

• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.113-120
• /
• 2022

Despite the limitations of existing security policies due to technological development, companies are unable to actively respond to changes by maintaining a closed security policy. This study classified information security policy into three types: regulatory type policy, advisory type policy, and informative type policy. For each classified policy type, the effect on the information security policy compliance behavior of organizational members was investigated by applying the extended theory of planned behavior, and the moderating effect of information security stress was investigated. SmartPLS 2.0 and SPSS 21.0, which are structural equation modeling techniques, were used to analyze the relationship affecting each factor. As a result of the study, regulatory type, advisory type, and informative type security policies affected organizational members' information security policy compliance behavior, and security stress had an effect on information security compliance attitudes and subjective norms on information security, which are prerequisites for planned behavior theory. gave. This study suggests that various types of corporate information security policies can be applied and that security stress can affect information security behaviors of members.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.16 no.6
• /
• pp.1101-1112
• /
• 2021

Organizations continue to increase investment in information security(IS) policies and technologies to prevent external intrusion and internal exposure to information assets. However, as the organization's regulations and behavioral requirements for strict IS policy increase, employees may induce negative behaviors through IS-related stress. The purpose of this study is to suggest the effects of challenge and hindrance stressors on IS compliance intentions and to confirm how authentic leadership moderates the positive and negative effects of stressors. We reflected employees of the organization who are applying IS policy to their work as a study target and applied a survey to obtain a sample for research hypothesis verification. As a result of analysis through structural equation modeling, challenge and hindrance stressors affected IS compliance intentions, and authentic leadership moderated the effects of stressors on compliance intention. Our research helps to establish insiders support strategies to achieve internal IS goals, because the results suggested stressor conditions and leaders' behavioral directions that influence employees IS compliance behavior.

• Journal of Digital Convergence
• /
• v.10 no.10
• /
• pp.31-46
• /
• 2012

Drawing upon Griffin and Neal's safety climate and performance model, this study developed an information security climate model. Research model is composed of three research variables that include information security climate, information security compliance attitude, and opportunistic security behavior. Results of the study strongly support the fundamental proposition that the organizational security climate has significant positive influence on the individual's opportunistic security behavior. However, the study also reveals that the organizational climate may not directly associate with the reduction of opportunistic security behavior. Rather the organizational security climate nurtures the favorable attitude of the employee towards the compliance of information security, which in turn discourages opportunistic security behavior.