Journal of Digital Convergence (디지털융복합연구)

The Society of Digital Policy and Management (한국디지털정책학회)
권호 표지
DOI QR코드

DOI QR Code

Investigating of Psychological Factors Affecting Information Security Compliance Intention: Convergent Approach to Information Security and Organizational Citizenship Behavior

정보보안 준수의도에 대한 사회심리적 요인 분석: 정보보안과 조직시민행동이론 융합

  • Han, Jin-Young (College of ICT Engineering, Chung-Ang University) ;
  • Kim, Yoo-Jung (Dept. of Business Adminstration, Hoseo University)
  • 한진영 (중앙대학교 창의ICT공과대학) ;
  • 김유정 (호서대학교 경영학부 디지털기술경영)
  • Received : 2015.06.13
  • Accepted : 2015.08.20
  • Published : 2015.08.28
Download PDF
⟨ Previous Next ⟩

Abstract

In digital convergence environment, information security management plays crucial role in maintaining firms' competitiveness. Organizational citizenship behavior(OCB) enables informations security countermeasures to be more effectively worked by helping employees to have much knowledge of information security policy, by facilitating employees to participate in information security education/training. Thus, the purpose of this study is to investigate the mediating effect of OCB on the relationships between information security countermeasures and compliance intention. Questionary was designed based on prior information security research, and survey was conducted among companies' employees across the industry. Results showed that information security policy and information security education/training were found to be key predictors of compliance intention. In addition, OCB was proven to mediate the relationships between information security countermeasures and compliance intention.

융 복합 시대 도래로 인한 옴니 채널 환경에서 기술적 및 관리적 정보보안대책 확충과 더불어 기업구성원의 자발적 참여를 통해 정보보안대책이 효과적으로 실행되는 것이 매우 중요하다. 이러한 맥락에서 기업구성원이 정보보안대책 인식 이후 자발적으로 조직시민행동을 전개하면 정보보안 대책에 대한 준수의도가 형성될 것으로 본다. 따라서 본 연구에서는 기업의 정보보안대책(정보보안정책, 정보보안 교육훈련)이 조직시민행동을 매개로 정보보안 준수의도에 미치는 영향을 실증연구를 통해 검증하고자 한다. 이를 위해 문헌연구를 기반으로 설문문항을 작성하였으며 다양한 업종의 기업을 대상으로 설문조사를 실시하였다. 수집된 설문자료를 분석한 결과, 정보보안정책과 정보보안 교육훈련이 정보보안 준수의도에 영향을 주는 것으로 나타났다. 또한 정보보안정책과 정보보안 교육훈련 모두 조직시민행동(참여 활동)을 매개로 정보보안 준수의도에 영향을 주는 것으로 나타났다.

Keywords

References

  1. H. B. Kim, D. S. Lee, & S. Ham, Impact of hotel information security on system reliability, International Journal of Hospitality Management, Vol. 35, pp. 369-379, 2013. https://doi.org/10.1016/j.ijhm.2012.06.002
  2. Y. H. Kim, An Implementation of Audit System Applying Forensic Analysis Technology Over Network Node, Journal of Society for e-Business Studies, Vol. 4, No. 1, pp. 169-181, 2009.
  3. S. H. Kim & G. N. Kim, Firm's Environmental Determinants Impacting the Information Security Management and the Moderating Effects of Regulatory Influence, Journal of the Korean Operations Research and Management Science Society, Vol. 37, No. 3, pp. 79-94, 2012. https://doi.org/10.7737/JKORMS.2012.37.3.079
  4. J. M. Do & J. Kim, A Study on Critical Success Factors for Enterprise Security Collaboration, Journal of Digital Convergence, Vol. 12, No. 10, pp. 235-242, 2014. https://doi.org/10.14400/JDC.2014.12.10.235
  5. B. Bulgurcu, H. Cavusoglu, & I. Benbasat, Roles of Information Security Awareness and Perceived Fairness in Information Security Policy Compliance. AMCIS 2009 Proceedings, 419, 2009.
  6. J. H. Ahn, J. H. Park, G. M. Sung, & J. H. Lee, Impacts of Punishment and Ethics Training on Information Security Compliance: Focus on the Moderating Role of Organizational Type. Information Systems Review, Vol. 12, pp. 23-42, 2010.
  7. S. H. Kim & S. Y. Park, Influencing Factors for Compliance Intention of Information Security Policy, Journal of Society for e-Business Studies, Vol. 16, No. 4, pp. 34-51, 2011.
  8. M. S. Yim, A Path Way to Increase the Intention to Comply with Information Security Policy of Employees, Journal of Digital Convergence, Vol. 10, No. 10, pp. 119-128, 2012. https://doi.org/10.14400/JDPM.2012.10.10.119
  9. M. S. Yim & K. H. Han, An Investigation of the Factors that Influence the Compliance to Information Security Policy : From Risk Compensation Theory, Journal of Digital Convergence, Vol. 11, No. 10, pp. 153-168, 2013. https://doi.org/10.14400/JDPM.2013.11.10.153
  10. M. J. Baek & S. H. Sohn, A Study on the Effect of Information Ethics on the Information Security Awareness and Behavior in Organization, Koreanische Zeitschrift fur Wirtschaftswissenschaften, Vol. 28 No. 4, pp. 119-145, December 2010.
  11. T. S. Jung, M. S. Yim, & J. B. Lee, A Development of Comprehensive Framework for Continuous Information Security, Journal of Digital Convergence, Vol. 10, No.2, pp. 479-498, 2012.
  12. D. W. Organ, Organizational Citizenship Behavior: The Good Soldier Syndrome: Lexington books, 1988.
  13. D. W Organ, P. M. Podsakoff, & S. B. MacKenzie, Organizational Citizenship Behavior: Its Nature, Antecedents, and Consequences: Sage Publications, Inc., 2006.
  14. T. Y. Chou, S. C. T. Chou, J. J. Jiang, & G. Klein, The organizational citizenship behavior of IS personnel: Does organizational justice matter?, Information & Management, Vol. 50, pp. 105-111, 2013. https://doi.org/10.1016/j.im.2013.02.002
  15. J. Shropshire, M. Warkentin, & S. Sha, Personality, attitudes, and intentions: Predicting initial adoption of information security behavior, Computers & Security, Vol. 49, pp. 177-191, 2015. https://doi.org/10.1016/j.cose.2015.01.002
  16. R. E. Crossler, A. C. Johnston, P. B. Lowry, Q. Hu, M. Warkentin, & R. Baskerville, Future directions for behavioral information security research. Computers & Security, Vol. 32, pp. 90-101, 2013. https://doi.org/10.1016/j.cose.2012.09.010
  17. P. Ifinedo, Information systems security policy compliance: An empirical study of the effects of socialization, influence, and cognition. Information & Management, Vol. 51, No. 1, pp. 69-79, 2014. https://doi.org/10.1016/j.im.2013.10.001
  18. S. G. Lee & M. S. Chae, An Study on the Factors that Motivate The Compliance of the Organizational Security Policy. Korean Journal of Business Administration, Vol. 27, No. 6, pp. 927-953, 2014.
  19. M. S. Yim, The Effect of Characteristics of Information Security Policy on Security Policy Compliance Intention of Employees in Financial Firms, Journal of the Korea Service Management Society, Vol. 14, No. 1, pp. 143-171, 2013. https://doi.org/10.15706/jksms.2013.14.1.007
  20. A. Hovav & J. D'Arcy, Applying an extended model of deterrence across cultures: An investigation of information systems misuse in the US and South Korea. Information & Management, Vol. 49, No. 2, pp. 99-110, 2012. https://doi.org/10.1016/j.im.2011.12.005
  21. C. L Anderson & R. Agarwal, Practicing safe computing: a multimedia empirical examination of home computer user security behavioral intentions. MIS quarterly, Vol. 34, No. 3, pp. 613-643. 2010. https://doi.org/10.2307/25750694
  22. B. Bulgurcu, H. Cavusoglu, & I. Benbasat, Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness, MIS quarterly, Vol. 34, No. 3, pp. 523-548, 2010. https://doi.org/10.2307/25750690
  23. T. Bateman & D. Organ, Job Satisfaction and the Good Soldier: The Relationship between Affect and Employee Citizenship. Academy of Management Journal, Vol. 26, No. 4, pp. 587-595, 1983. https://doi.org/10.2307/255908
  24. S. W. Lee, Y. E. Cho, & K. S. Lee Y. E., The Role of Justice and Organizational Citizenship Behaviour in the Relation between Measurement Diversity and Managerial Performance, Journal of Digital Convergence, Vol. 11, No. 11, pp. 219-231, 2013. https://doi.org/10.14400/JDPM.2013.11.11.219
  25. J. W. Graham & L. V. Dyne, Gathering information and exercising influence: Two forms of civic virtue organizational citizenship behavior. Employee Responsibilities and Rights Journal, Vol. 18, No. 2, pp. 89-109, 2006. https://doi.org/10.1007/s10672-006-9007-x
  26. D. W Organ, The Motivational Basis of Organizational Citizenship Behavior. Research in Organizational Behavior, Vol. 12, No. 1, pp. 43-72, 1990.
  27. D. J. Koys, The effects of employee satisfaction, organizational citizenship behavior, and turnover on organizational effectiveness: a unit-level, longitudinal study, Personnel Psychology, Vol. 54, No. 1, pp. 101-114, 2001. https://doi.org/10.1111/j.1744-6570.2001.tb00087.x
  28. P. M. Podsakoff & S. B. MacKenzie, Organizational citizenship behaviors and sales unit effectiveness, Journal of Marketing Research, Vol. 31, No. 3, pp. 351-363, 1994. https://doi.org/10.2307/3152222
  29. P. M. Podsakoff, M. Ahearne, & S. B. MacKenzie, Organizational citizenship behavior and the quantity and quality of work group performance, Journal of Applied Psychology, Vol. 82, No. 2, pp. 262-270, 1997. https://doi.org/10.1037/0021-9010.82.2.262
  30. H. J. R. Yen & B. P. Niehoff, Organizational citizenship behaviors and organizational effectiveness: examining relationships in Taiwanese banks, Journal of Applied Social Psychology, Vol. 34, No. 8, pp. 1617-1637, 2004. https://doi.org/10.1111/j.1559-1816.2004.tb02790.x
  31. S. C. Yang & C. K. Farn, Exploring tacit knowledge sharing intention and behavior within workgroup from the perspectives of social capital and behavioral control. PACIS 2007 Proceedings, 38, 2007.
  32. H. R. Yen, E. Y. Li, Brian, & P. Niehoff, Do organizational citizenship behaviors lead to information system success?: Testing the mediation effects of integration climate and project management, Information & Management, Vol. 45, No. 6, pp. 394-402, 2008. https://doi.org/10.1016/j.im.2008.04.004
  33. C. Yoon, The effects of organizational citizenship behaviors on ERP system success, Computers in Human Behavior, Vol. 25, No. 2, pp. 421-428, 2009. https://doi.org/10.1016/j.chb.2008.10.004
  34. K. L. Thomson, Rossouw von Solms, & Lynette Louw, Cultivating an organizational information security culture, Computer Fraud & Security, Vol. 10, pp. 7-11, 2006.
  35. S. Goel & I. N. Chengalur-Smith, Metrics for characterizing the form of security policies. The Journal of Strategic Information Systems, Vol. 19, No. 4, pp. 281-295, 2010. https://doi.org/10.1016/j.jsis.2010.10.002
  36. T. Dinev, J. Goo, Q. Hu, & K. Nam, User Behaviour towards Protective Information Technologies: The Role of National Cultural Differences. Information Systems Journal, Vol. 19, No. 4, pp. 391-412. 2009. https://doi.org/10.1111/j.1365-2575.2007.00289.x
  37. J. D'Arcy, A. Hovav, & D. Galletta, User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach. Information Systems Research, Vol. 20, No. 1, pp. 79-98, 2009. https://doi.org/10.1287/isre.1070.0160
  38. S. M. Lee, S. G. Lee, & S. Yoo, An integrative model of computer abuse based on social control and general deterrence theories. Information & Management, Vol. 41, No. 6, pp. 707-718, 2004. https://doi.org/10.1016/j.im.2003.08.008
  39. C. J. Park & M. S. Yim. An Understanding of Impact of Security Countermeasures on Persistent Policy Compliance. Journal of Digital Convergence, Vol. 10, No. 4, pp. 23-35, 2012. https://doi.org/10.14400/JDPM.2012.10.4.023
  40. T. Herath, & H. R. Rao, Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness. Decision Support Systems, Vol. 47, No. 2, pp. 154-165, 2009. https://doi.org/10.1016/j.dss.2009.02.005
  41. W. Chin, B. Marcolin, & P. Newsted, A partial least squares latent variable modeling approach for measuring interaction effects: Results from a Monte Carlo simulation study and an electronic-mail emotion/adoption study. Information Systems Research, Vol. 14, No. 2, pp. 189-217, 2003. https://doi.org/10.1287/isre.14.2.189.16018
  42. C. Fornell & D. Larcker, Evaluating structural equation models with unobservable variables and measurement error. Journal of marketing Research, Vol. 18, No. 1. pp. 39-50, 1981. https://doi.org/10.2307/3151312
  43. M. Wetzels, Using PLS path modeling for assessing hierachical construct models: Guidelines and empirical illustration, MIS Quarterly, Vol. 33, No. 1, pp. 177-195, 2009. https://doi.org/10.2307/20650284
  44. M. Sobel, Asymptotic confidence intervals for indirect effects in structural equation models. Sociological methodology, Vol. 13, pp. 290-312, 1982. https://doi.org/10.2307/270723
  45. R. M. Baron & D. A. Kenny, The moderator-mediator variable distinction in social psychological research: Conceptual, strategic, and statistical considerations. Journal of Personality and Social Psychology, Vol. 51, No. 6, pp. 1173-1182, 1986. https://doi.org/10.1037/0022-3514.51.6.1173