Journal of Korea Port Economic Association (한국항만경제학회지)

The Korea Port Economic Association (한국항만경제학회)
권호 표지

Factors Influencing on the Compliance of Information Security Policy of Workers of Shipping and Port Organization

해운항만조직 구성원들의 정보보안정책 준수에 영향을 미치는 요인

  • 강다연 (한국해양대학교 해운경영학부) ;
  • 장명희 (한국해양대학교 해운경영학부)
  • Received : 2012.01.30
  • Accepted : 2012.03.28
  • Published : 2012.05.31
Download PDF
⟨ Previous Next ⟩

Abstract

Advances in information technology has brought many benefits to businesses, but at the same time, businesses are facing serious problems caused by its use such as information leakage. In order to cope with problems, companies have established information security policies, demanding workers of a company to be compliant with the policies. This study proposes a research model that includes information security awareness, information security attitude, self-efficacy, standard belief and social influences as factors that affect the compliance of information security policy among the workers of shipping and port organization. The results of this study showed that there was a positive relationship not only between the information security awareness and the information security attitude, but also between the information security attitude and the information security policy among the workers of shipping and port organization. It was also found that there was a positive relationship between the self-efficacy and the compliance of information security policy, and between the social influence and the compliance of information security policy. However, there was no meaningful relationship between the standard belief and the compliance of information security policy. This study examined to what extent the workers of shipping and port organization that have a high possibility of the information leakage were compliant with the information security policy. The findings will contribute to organizations of shipping and port who attempt to establish strategies related to information security.

정보기술의 발전은 기업에게 많은 이익을 가져다주었지만, 정보유출이라는 심각한 문제를 야기하고 있다. 이에 따라 기업들은 정보보안을 위해 정보보안정책을 수립하고 조직구성원들이 정보보안정책을 준수할 것을 요구하고 있다. 본 연구에서는 해운항만조직 구성원들의 정보보안정책 준수에 영향을 미치는 요인들을 실증분석 하기 위해 정보보안인식, 정보보안태도, 자기효능감, 규범신념, 사회적 영향들을 영향요인으로 선정하였다. 분석결과에 따르면, 해운항만조직 구성원들의 정보보안인식과 정보보안태도와의 관계는 긍정적으로 나타났으며, 정보보안태도와 정보보안정책 준수와의 관계도 긍정적으로 나타났다. 그리고 자기효능감과 정보보안정책 준수와의 관계, 사회적 영향과 정보보안정책 준수의 관계도 긍정적으로 나타났다. 하지만 규범신념과 정보보안정책 준수와의 관계는 유의하지 않은 것으로 분석되었다. 본 연구의 결과는 정보유출문제가 발생할 가능성이 큰 해운항만조직의 구성원들이 정보보안정책의 준수사항을 어느 정도로 받아들이는 지를 확인함으로써 해운항만조직에서 정보보안과 관련된 정책을 수립하는데 기반을 제공할 것으로 기대한다.

Keywords

References

  1. 노민선.이삼열, "중소기업의 산업보안 역랑에 대한 영향요인 평가", 한국행정학보, 제44권 제3호, 2010, 239-259.
  2. 노순동, "기업체의 효율적인 보안관리 모델",산업보안논총, 창간호, 2004, 79-101.
  3. 디지털데일리, "2011년은 데이터 유출의 해, 트렌드마이크로 연간보고서 발표", 2012. 1. 26.
  4. 박준경.김범수.조성우, "기업 정보보호 활동을 위한 조직 구성원들의 태도와 주요 영향 요인", 경영학연구, 제40권 제4호, 2011, 955-985.
  5. 부산일보, "부산신항 배후단지 물류 정보 한 손에", 2010. 8. 11.
  6. 유혜원.김태성.전효정, "정보보호분야 지식 및 기술수요", 정보보호학회지, 제19권 1호, 2009, 23-28.
  7. 임채호, "효과적인 정보보호인식 제고방안", 정보보호학회지, 제16권 제2호, 2006, 30-36.
  8. 장명희, "해운․항만기업 정보시스템 리스크요인에 대한 발생가능성, 영향력 분석과 상대적 중요도 평가", 해운물류연구, 제25권 제1호, 2009, 57-82.
  9. 전자신문, "내부정보 유출 막아라, 기업들 비상, 해결책은?", 2011. 9. 7.
  10. 정보통신부, 국가정보보호백서, 2010.
  11. Ajzen, I. and Fishbein, M., "Attitude-Behavior Relation: A Theoretical Analysis and Review of Empirical Research," Psychological Bulletin, Vol.84, No.5, 1997, 888-918.
  12. Amitava, D. and McCrohan, K., "Management's Role in Information Security in a Cyber Economy," California Management Review, Vol.45, 2001, 67-87.
  13. Bandura, A., "Self-Efficacy: Toward a Unifying Theory of Behavioral Change," Psychological Review, Vol.84, 1977, 191-215.
  14. Bulgurcu B. Cavusoglu, H. and Benbasat, I., "Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness," MIS Quarterly, Vol.34, No.3, 2010, 523-548.
  15. Carrie M. and Rebecca, T. F., "You are the Key to Security: Establishing a Successful Security Awareness Program," ACM SIGUCCS Conference , Vol.32, 2004, 346-349.
  16. Choi, N., Kim, D. and Whitmore A., "Knowing is Doing," Information Management & Computer Security, Vol.16, No.5, 2008, 484-501.
  17. Davis, F., "Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology," MIS Quarterly, Vol.13, No.3, 1989, 319-340.
  18. Eagly, A. H. and Chaiken, S., The Psychology of Attitudes, Harcourt Brace Javanovich College Publishers, 2006.
  19. Gist, M. E., "Self-efficacy: Implications for Organizational Behavior and Human Resource Management," Academy of Management Review, Vol.12, No.3, 1987, 472-485.
  20. Goodhue, D. L. and Straub, D.,W., "Security Concerns of System Users: A Study of Perceptions of the Adequacy of Security Measures," Information & Management, Vol.20, 1991, 13-27.
  21. Halibozek, E. and Kovacich, G, L,. Mergers and Acquisitions Security, Corporate Restructuring and Security Management, Butterworth-Heinemann, 2005.
  22. Jeffrey, M. S., Kathryn. R. S., and Paul M., "Analysis of End User Security Behavior," Computers & Security, Vol.24, 2005, 124-133.
  23. Johnston, A. C. and Warkentin, M., "Fear Appeals and Information Security Behaviors: An Empirical Study," MIS Quarterly, Vol.34, No.3, 2010. 549-566.
  24. Knapp, M., Chisholm, D., Leese, M., Amaddeo, F. and Tansella, M., "Comparing Patterns and Costs of Schizophrenia Care in Five European Countries: the EPSILON Study. European Psychiatric Services: Inputs Linked to Outcome Domains and Needs," Acta Psychiatr Scand, Vol.105, 2002, 42-54.
  25. Rice, R E. Gr., Schmitz, A. E. and Torobin, J., "Individual and Network Influences on the Adoption and Perceived Outcomes of Electronic Messaging," Social Networks, Vol.12, No.1, 1990, 27-55.
  26. Rundmo, T. and Sjoberg, L., "Risk Perception by Offshore Oil Personnel During Bad Weather Conditions," Risk Analysis, Vol.18, No.1, 1998, 111-118.
  27. Russell, D. and Gangemi, G., Computer Security Basics, O'Reilly & Associated, 1991.
  28. Siponen, M., "Critical Analysis of Different Approaches to Minimizing User-Related Faults in Information Systems Security: Implications for Research and Practice," Information Management and Computer Security, Vol.8, No.5, 2000, 197-209.
  29. Stanton, J. M., Stam, K. R., Mastrangelo, P. and Jolton, J., "An Analysis of End User Security Behaviors," Computers and Security, Vol.24, 2005, 124-133.
  30. Straub, D. W. and Welke, R. J., "Coping With Systems Risk: Security Planning Models for Management Decision Making," MIS Quarterly, Vol.22, 1998, 441-469.
  31. Thomas, K. and Velthouse, B., "Cognitive Elements of Empowerment: An "Interpretive" Model of Intrinsic Task Motivation," Academy of Management Review, Vol.15, 1990, 666-681.
  32. Venkatesh, V., Morris, M. G., Davis, G. B. and Davis, F. D., "User Acceptance of Information Technology: Toward a Unified View," MIS Quarterly, Vol.27, No.3, 2003, 425-478.