Journal of Digital Contents Society (디지털콘텐츠학회 논문지)

Digital Contents Society (한국디지털콘텐츠학회)
권호 표지
DOI QR코드

DOI QR Code

The Effects of User's Security Awareness on Password Security Behavior

정보보안의식이 패스워드 보안행동에 미치는 영향에 관한 연구

  • 하상원 (고려대학교 정보보호대학원) ;
  • 김형중 (고려대학교 정보보호대학원)
  • Received : 2013.05.13
  • Accepted : 2013.06.16
  • Published : 2013.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

With the rapid development of information technology in 21st century, networks are being used with various devices. Most human actions are processed through cyber space, and it is no longer separate from daily life; it has changed into one of the most important aspects of human life. Unfortunately, in cyber space, certification method has not only technical problems, but also ethological problems. Many users seemed to use the same password throughout several sites. And for a long period they refused to change it or made a small change from the earlier password. This research aims to discuss general factors of choosing and using passwords within information security through statistical analysis.

21세기가 되면서 컴퓨터 및 인터넷 등을 포함한 정보통신기술의 발전으로 다양한 기기에서 네트워크를 이용한 컴퓨팅 환경이 제공되어 지고 있다. 사이버 공간에서 사용자 인증방식은 텍스트 기반의 패스워드 인증방식을 사용하고 있다. 정보시스템의 비인가된 접근과 노출은 사용자, 공급자 모두에게 큰 피해를 입힐 수 있다. 이러한 인증방식은 기술적인 문제뿐만 아니라 사람들의 행동학적인 문제를 가지고 있다. 연구결과에 따르면 사용자들 대부분이 다양한 사이트를 이용하지만 사용하는 비밀번호개수는 그보다 훨씬 적었다. 또한 오랜 기간 한 가지 비밀번호를 사용하는 사용자가 많았으며 변경 시에도 기존의 비밀번호를 이용하여 최소한의 변경을 원하였다. 이에 정보보안의 차원에서 사람들의 전반적인 비밀번호 선택과 사용에 있어서 영향을 미치는 요인을 통계분석을 통해 알아보고자 한다.

Keywords

References

  1. T. Jung, "Cyber Attack & Security Technology, HONGRUNG PUBLISHING COMPANY, 2009
  2. S. Kim, M. S, "The Effects of the Perception of an Online Risk and Prior Knowledge on Public's Communication Behavior", KOREAN ASSOCIATION FOR ADVERTISING AND PUBLIC RELATIONS, Vo l. 13, pp. 528-568, 2011
  3. G. Moon, J. Kim, M. Hong, "A Graphical Passowrd Scheme Resistant to Shoulder Surfing Attack in Mo bile Environments", Journal of computing science and engineering, Vol. 18, pp. 90-94, 2012
  4. Y. Bang, et al, "Improving information security management: An analysis of ID-password usage and a new login vulnerability measure", International Journal of Information Management, Vol. 32, pp. 409-418, 2012 https://doi.org/10.1016/j.ijinfomgt.2012.01.001
  5. D. Kang, "The Influence of Password Selection on the Security Effectiveness", Pusan National University, 2008
  6. G. Post, A. Kagan, "Evaluating information security tradeoffs: Restricting access can interfere with user tasks", Computers&Security, Vol. 26, pp. 229-237, 2007
  7. C. McCoy, R. Fowler, "You are the key to security: establishing a successful security awareness program", SIGUCCS'04 Proceedings of the 32nd annual ACM SIGUCCS fall conference, pp. 346-349, 2004
  8. M. Chang, D. Kang, "Factors Affecting the Informati on Security Awareness and Perceived Information Security Risk of Employees of Port Companies", Journal of Navigation and Port Research, Vol. 36, pp. 261-271, 2012 https://doi.org/10.5394/KINPR.2012.36.3.261
  9. Ministry of Information and Communication, "A white paper of Protect the National information Security ",2006
  10. ISO/IEC, Guidelines for the Management of IT Security (GMITS), International Organization for Standardization/International Electrotechnical Commission, 2005
  11. Y. Lee, "A Study on Factors Influencing the Preventive Efforts toward Personal Information Privacy", Sungkyunkwan University, 2009
  12. G. Lee, Y. Dong, "Measure for the risk of leakage of personal information about the methods and pract ices of private companies", Korea Institute of Inform ation Security & Cryptology. Vol. 18, pp. 92-100, 2008
  13. L. Drevin, H.A. Kruger, T. Steyn, "Value-focused assessment of ICT security awareness in an academic environment", Computers & Security, Vol. 26, pp. 445-451, 2007 https://doi.org/10.1016/j.cose.2007.09.001
  14. J. Kim, D. Kang, "The Effects of Security Policies, Security Awareness and Individual Characteristics on Password Security Effectiveness", Korea Institute of Information Security & Cryptology, Vol. 18, pp. 123-133, 2008
  15. V. Mitchell, "Consumer perceived risk: conceptualisations and models", European Journal of Marketing, Vol. 33, pp. 163-195, 1999 https://doi.org/10.1108/03090569910249229
  16. I. Jang, "Exploring the Relationship between Prevention Behavior of Privacy Leakage and Perceived Risk, Efficacy Beliefs of Internet User: Use RPA(Risk Perception Attitude) Framework, Kookmin University, 2010
  17. W. Lee, "The Influence of Security and Risk Perception on the Reuse of Internet Banking", Asia Pacific Journal of Information Systems, Vol. 17, pp. 77-93, 2007
  18. Cohen. J, "Statistical power analysis for the behavio ral sciences(2nd ed.)", Hillsdale, NJ:Erlbaum, 1988
  19. R. Baron, D. Kenny, "The Moderator-Mediator Variable Distinction in Social Psychological Research: Conceptual, Strategic, and Statistical Considerations", Journal of Personality and Social Psychology, Vo l. 51, pp1173-1182, 1986 https://doi.org/10.1037/0022-3514.51.6.1173
  20. M. Kumar, et. al, "Reducing shoulder-surfing by using gaze-based password entry", SOUPS' 07, pp. 13-19, 2007
  21. D. Carstens, P. McCauley-Bell, "Evaluation of the Human Impact of Password Authentication practices on Information Security", Informing Science Journal, Vol. 7, pp. 67-85, 2004
  22. J. Choi, "Using weak passwords is same as open the front door to the thief", http://www.coconut.co.kr/04news/secu/0712/htm/seculetter02.html
  23. B. Ives, K. Walsh, H. Schneider, "The domino effect of password reuse". Communications of the ACM - Human-computer etiquette, Vol. 47, pp. 75-78, 2004
  24. C. Kim, S. Lee, E. O, "The Impact of Interaction Factors of Digital Contents on Flow and Use Intention", Digital Contents Society, Vol. 11, pp.212-224, 2011

Cited by

  1. Analysis of a Security Survey for Smartphones vol.11, pp.3, 2015, https://doi.org/10.5392/IJoC.2015.11.3.014
  2. The Causal Relationship between Information Security Countermeasures and Information System Misuse vol.14, pp.4, 2015, https://doi.org/10.9716/KITS.2015.14.4.081
  3. 해운항만조직의 정보보안이행이 정보보안성과에 미치는 영향 vol.40, pp.4, 2013, https://doi.org/10.5394/kinpr.2016.40.4.213
  4. 온라인 사용자의 비밀번호 보호행위 : 공포 소구와 메시지 프레이밍 효과, 그리고 비밀번호 보호행위의 동기요인 vol.16, pp.3, 2013, https://doi.org/10.9716/kits.2017.16.3.147
  5. The Effect of Information Security Delivery Activities and Feedback on Work Impediment and Compliance Intention vol.21, pp.9, 2020, https://doi.org/10.9728/dcs.2020.21.1.1653
  6. The Influence of Organizational Goal Orientation and Structure on Information Security Compliance Intention vol.21, pp.12, 2013, https://doi.org/10.9728/dcs.2020.21.12.2179
  7. Analysis of the Effects of Information Security Sanction and Role Ambiguity on Compliance Intention: Focusing on Moderation Effects of Technical Support and Task Coping vol.22, pp.2, 2021, https://doi.org/10.9728/dcs.2021.22.2.271
  8. The Effects of Information Security Organizational Injustice on Information Security Anxiety and Avoidance Behavior: Focusing on Moderation Effects of Victim Justice Sensitivity vol.22, pp.5, 2013, https://doi.org/10.9728/dcs.2021.22.5.855