• Title/Summary/Keyword: security compliance behavior intention

Search Result 27, Processing Time 0.027 seconds

The Effect of Organizational Information Security Environment on the Compliance Intention of Employee (조직의 정보보안 환경이 조직구성원의 보안 준수의도에 미치는 영향)

  • Hwang, Inho;Kim, Daejin
    • The Journal of Information Systems
    • /
    • v.25 no.2
    • /
    • pp.51-77
    • /
    • 2016
  • Purpose Organizations invest significant portions of their budgets in fortifying information security. Nevertheless, the security threats by employees are still at large. We discuss methods to reduce security threats that are posed by employees in organization. This study finds antecedent factors that increases or decreases employee's compliance intention. Also, the study suggests organizations' security environmental factors which influences the antecedent factors of compliance intention. Design/methodology/approach The structural equation model is then applied in order to verify this research model and hypothesis. Data were collected on 415 employees working in organizations with an implemented information security policy in South Korea. We analyzed the fitness and validity of the research model via confirmatory factor analysis in order to verify the research hypothesis, then we analyzed structural model, and derived the result. Findings The result shows that organizational commitment and peer behavior increase security compliance intention of employees, while security system anxiety decreases compliance intention. And, organization's physical security system and security communication both have influence on antecedent factors for information security compliance of employees. Our findings help organizations to establish information security strategies that enhance employee security compliance intention.

A Study on the Effects of Influencing Factors in the Security Environment of Military Organizational Members on Information Security Stress and Security Compliance Behavior Intention (군(軍) 조직구성원의 보안환경 영향요인이 보안 스트레스와 보안준수행동에 미치는 영향 연구)

  • Park, Eui Cheon;Jeon, Ki Seok
    • Convergence Security Journal
    • /
    • v.21 no.3
    • /
    • pp.93-104
    • /
    • 2021
  • Today, due to the development of the 4th industrial revolution such as artificial intelligence, the security threat of the military organization is increasing. A study that can contribute to complying with military security is needed by studying the effects of influence factors occurring in this changing or newly emerging security environment on information security stress and security compliance behavior intention. In previous studies, task overload, task complexity, task uncertainty, and task conflict were extracted among environmental influencing factors that cause security stress. We empirically analyzed how these influencing factors affect security stress and whether they play a mediating role in security stress. As a result of the analysis, it was analyzed that the security stress was affected in the order of task overload, task conflict, and task uncertainty. Information security stress did not significantly affect security compliance behavior intention, but it was found to mediate the effect of task overload on security compliance behavior intention. This causes information security stress due to heavy security work in the military organization, which ultimately leads to lower security compliance behavior. Therefore, the security policy to manage this situation should be promoted first.

A Study on the Information Security Measures Influencing Information Security Policy Compliance Intentions of IT Personnel of Banks (은행 IT 인력의 정보보호 정책 준수에 영향을 미치는 정보보호 대책에 관한 연구)

  • Shim, Joonbo;Hwang, K.T.
    • Journal of Information Technology Applications and Management
    • /
    • v.22 no.2
    • /
    • pp.171-199
    • /
    • 2015
  • This study proposes the practical information security measures that help IT personnel of banks comply the information security policy. The research model of the study is composed of independent variables (clarity and comprehensiveness of policy, penalty, dedicated security organization, audit, training and education program, and top management support), a dependent variable (information security policy compliance intention), and moderating variables (age and gender). Analyses results show that the information security measures except 'clarity of policy' and 'training and education program' are proven to affect the 'information security policy compliance intention.' In case of moderating variables, age moderated the relationship between top management support and compliance intention, but gender does not show any moderating effect at all. This study analyzes information security measures based solely on the perception of the respondents. Future study may introduce more objective measurement methods such as systematically analyzing the contents of the information security measures instead of asking the respondents' perception. In addition, this study analyzes intention of employees rather than the actual behavior. Future research may analyze the relationship between intention and actual behavior and the factors affecting the relationship.

A Study on Improving Information Security Compliance of Organization Insider (조직 내부자의 정보보안 준수 향상에 대한 연구)

  • Hwang, In-Ho
    • Journal of the Korean Society of Industry Convergence
    • /
    • v.24 no.4_2
    • /
    • pp.421-434
    • /
    • 2021
  • The expansion of information sharing activities using online can increase the threat of information exposure by increasing the diversity of approaches to information within an organization. The purpose of this study is to present conditions for improving the information security compliance intention of insiders to improve the level of information security within the organization. In detail, the study applies the theory of planned behavior that clearly explains the cause of an individual's behavior and proposes a way to increase the compliance intention by integrating the social control theory and goal-setting theory. The study presented research models and hypotheses based on previous studies, collected samples by applying a questionnaire technique, and tested hypotheses through structural equation modeling. As a result, information security attitude, subjective norms, and self-efficacy had a positive influence on the intention to comply. Also, attachment, commitment, and involvement, which are the factors of social control theory, formed a positive attitude toward information security. Goal difficulty and goal specificity, which are the factors of goal setting theory, formed a positive self-efficacy. The study presents academic and practical implications in terms of suggesting a method of improving the information security compliance intention of employees.

Analysis of the Effects of Information Security Policy Awareness, Information Security Involvement, and Compliance Behavioral Intention on Information Security behavior : Focursing on Reward and Fairness (정보보안 정책 인식과 정보보안 관여성, 준수 의도성이 정보보안 행동에 미치는 영향 분석: 보상 차원과 공정성 차원을 중심으로)

  • Hu, Sung-ho;Hwang, In-ho
    • Journal of Convergence for Information Technology
    • /
    • v.10 no.12
    • /
    • pp.91-99
    • /
    • 2020
  • The aim of this study to assess the effect of information security policy awareness, information security involvement, compliance behavioral intention on information security behavior The research method is composed of a cross-sectional design of reward and fairness. This paper focuses on the process of organizational policy on the information security compliance intention in the individual decision-making process. As a result, the reward had a significant effect on compliance behavioral intention, and it was found that influence of the psychological reward-based condition was greater than the material reward-based condition. The fairness had a significant effect on information security policy awareness, information security involvement, information security behavior, and it was found that influence of the equity-based condition was greater than the equality-based condition. The exploration model was verified as a multiple mediation model. In addition, the discussion presented the necessary research direction from the perspective of synergy by the cultural environment of individuals and organizations.

Role of Management and Protection Motivation's influence on the Intention of Compliance with Information Security Policies: Based on the Theory of Planned Behavior (경영진 역할과 보호동기 요인이 정보보안정책 준수 의지에 미치는 영향: 계획행동이론을 기반으로)

  • Shin, Hyuk;Kang, Min Hyung;Lee, Cheol Gyu
    • Convergence Security Journal
    • /
    • v.18 no.1
    • /
    • pp.69-84
    • /
    • 2018
  • This study examines antecedents of the intention of compliance with information security policies based on Ajzen's Theory of Planned Behavior. The study conducted the following: Verification of casual relations between role of management and protection motivation and the antecedents of planned behavior as parameters to determine the effect on the intention of compliance with information security policy, and comparative analysis between the research model and a competition model. The result of the study disclosed that, in the research model, attitude and subjective norm took an intermediary role on management beliefs, response efficacy, response cost, self-efficacy, and compliance intention, and perceived behavior control on management beliefs, self-efficacy and compliance intention.

  • PDF

A Study on the Influence of Information Security Compliance Intention of Employee: Theory of Planned Behavior, Justice Theory, and Motivation Theory Applied (조직원의 정보보안 정책 준수의도에 미치는 영향 연구: 계획된 행동이론, 공정성이론, 동기이론의 적용)

  • Hwang, In-Ho;Hu, Sung-Ho
    • Journal of Digital Convergence
    • /
    • v.16 no.3
    • /
    • pp.225-236
    • /
    • 2018
  • Organizations continue to invest in the security of information technology as a means to be more competitive than others in their industry do. However, there is a relatively lack of interest in the information security compliance of employees who implement information security technologies and policies of organization. This study finds mechanisms for enhancing security compliance by applying theory of planned behavior, justice theory, and motivation theory in information security field. We use structural equation modeling to verify the research hypotheses, and conducted a survey on the employees of organization with information security policy. The results showed that organizational justice, sanction, and organizational identification affect the factors of the planned behavior theory and affect the employee's compliance intention. As a result, this research suggested directions for strategic approach for enhancing employee's compliance intention on organization's security policy.

A Study on Employee's Compliance Behavior towards Information Security Policy : A Modified Triandis Model (조직 구성원의 정보보안정책 준수행동에 대한 연구 : 수정된 Triandis 모델의 적용)

  • Kim, Dae-Jin;Hwang, In-Ho;Kim, Jin-Soo
    • Journal of Digital Convergence
    • /
    • v.14 no.4
    • /
    • pp.209-220
    • /
    • 2016
  • Although organizations are providing information security policy, education and support to guide their employees in security policy compliance, accidents by non-compliance is still a never ending problem to organizations. This study investigates the factors that influence employees' information security policy compliance behavior using elements of Triandis model. We analyzed the relationships among Triandis model's factors using PLS(Partial Least Squares). The result of the hypothesis tests shows that organization can induce individual's information security policy compliance intention and behavior by information security policy and facilitating conditions that support it, and proves the importance of members' expected value, habit and affect about information security compliance. This study is significant in a way that it applies Triandis model in the field of information security, and presents direction for members' information security behavior, and will be able to provide measures to establish organization's information security policy and increase members' compliance behavior.

Investigating of Psychological Factors Affecting Information Security Compliance Intention: Convergent Approach to Information Security and Organizational Citizenship Behavior (정보보안 준수의도에 대한 사회심리적 요인 분석: 정보보안과 조직시민행동이론 융합)

  • Han, Jin-Young;Kim, Yoo-Jung
    • Journal of Digital Convergence
    • /
    • v.13 no.8
    • /
    • pp.133-144
    • /
    • 2015
  • In digital convergence environment, information security management plays crucial role in maintaining firms' competitiveness. Organizational citizenship behavior(OCB) enables informations security countermeasures to be more effectively worked by helping employees to have much knowledge of information security policy, by facilitating employees to participate in information security education/training. Thus, the purpose of this study is to investigate the mediating effect of OCB on the relationships between information security countermeasures and compliance intention. Questionary was designed based on prior information security research, and survey was conducted among companies' employees across the industry. Results showed that information security policy and information security education/training were found to be key predictors of compliance intention. In addition, OCB was proven to mediate the relationships between information security countermeasures and compliance intention.

The Employee's Information Security Policy Compliance Intention : Theory of Planned Behavior, Goal Setting Theory, and Deterrence Theory Applied (조직구성원의 정보보안 정책 준수의도: 계획된 행동이론, 목표설정이론, 억제이론의 적용)

  • Hwang, In-Ho;Lee, Hye-Young
    • Journal of Digital Convergence
    • /
    • v.14 no.7
    • /
    • pp.155-166
    • /
    • 2016
  • In accordance with the increase of the importance of information security, organizations are making continuous investments to develop policies and adapt technology for information security. Organization should provide systemized support to enhance employees' security compliance intention in order to increase the degree of organization's internal security. This research suggests security policy goal setting and sanction enforcement as a method to improve employees' security compliance in planning and enforcing organization's security policy, and verifies the influencing relationship of Theory of Planned Behavior which explains employee's security compliance intention. We use structural equation modeling to verify the research hypotheses, and conducted a survey on the employees of organization with information security policy. We verified the hypotheses based on 346 responses. The result shows that the degree of goal setting and sanction enforcement has positive influence on self-efficacy and coping efficacy which are antecedents that influence employees' compliance intention. As a result, this research suggested directions for strategic approach for enhancing employee's compliance intention on organization's security policy.