Korean Security Journal (시큐리티연구)

  • Issue 56
  • /
  • Pages.145-163
  • /
  • 2018
  • /
  • 2671-4299(pISSN)
  • /
  • 2714-0644(eISSN)
Korean Security Science Association (한국경호경비학회)
권호 표지

Influence on Information Security Behavior of Members of Organizations: Based on Integration of Theory of Planned Behavior (TPB) and Theory of Protection Motivation (TPM)

조직구성원들의 정보보안행동에 미치는 영향: 보호동기이론(PMT)과 계획된 행동이론(TPB) 통합을 중심으로

  • 정혜인 (한국IT서비스산업협회) ;
  • 김성준 (남서울대학교대학원 빅데이터산업보안학과)
  • Received : 2018.07.23
  • Accepted : 2018.08.22
  • Published : 2018.09.30
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, security behavior of members of organizations has been recognized as a critical part of information security at the corporate level. Leakage of customers' information brings more attention to information security behavior of organizations and the importance of a task force. Research on information breach and information security is actively conducted of personal behavior toward security threats or members of organizations who use security technology. This study aims to identify factors of influence on information security behavior of members of organizations and to empirically find out how these factors affect information security behavior through behavior toward attitude, subjective norm and perceived behavior control. On the basis of the research, this study will present effective and efficient ways to foster information security activities of members of organizations. To this end, the study presented a research model that applied significant variables based on integration of Theory of Planned Behavior (TPB) and Theory of Protection Motivation (TPM). To empirically verify this research model, the study conducted a survey of members of organizations who had security-related work experience at companies. So, it is critical for members of organizations to encourage positive word of mouth (WOM) about information security behavior. Results show that based on the integration of TPM and TPB, perceived vulnerability, perceived severity, perceived efficiency and perceived barriers of information security behavior of members of organizations had significant influences on mediating variables such as behavior toward attitude, subjective norm, perceived behavior control and intention. They also had significant influences on organization information security behavior which is a dependent variable. This study indicates companies should introduce various security solutions so that members of the organizations can prevent and respond to potential internal and external security risks. In addition, they will have to take actions to inspect vulnerability of information system and to meet security requirements such as security patches.

최근 조직 구성원의 보안행동은 기업 차원의 정보보안에 중요한 부분으로 인식되고 있다. 정보유출 및 정보보안에 대한 연구는 보안 위협에 대한 개인행동이나 보안 기술을 사용하는 조직 구성원을 대상으로 연구가 활발히 진행되고 있다. 본 연구의 목적은 조직구성원들이 정보보안 활동을 촉진할 수 있는 효과적이고 효율적인 발전방안을 제시하고자 한다. 이를 위해 계획된 행동이론과 보호동기이론의 통합을 중심으로 주요 변수들을 적용한 연구모형을 제시하였다. 본 연구모형을 실증적으로 검증하기 위해 기업에서 보안 경험이 있는 조직원들을 대상으로 설문조사를 실시하였다. 이를 통해 조직구성원들이 정보보안 행동에 대해 긍정적인 구전을 유도하는 것이 중요하다. 이를 통해 기업에서는 조직구성원들이 정보보안 사고에 대해서 내 외부에서 발생 가능한 보안위험을 예방 및 대응하고 관리하기 위해 다양한 보안 솔루션 도입해야하며, 정보시스템에 대한 취약점 점검과 보인 패치 등의 보안 사항을 만족시키기 위한 행동을 실시해야 할 것이다.

Keywords

References

  1. Bae, J. K., & Kwon, D. S. (2011). Self-crystalline factors impact on the degree of acceptance microblogging service research. Vol. 24, No. 5 (XIV No. 88).
  2. Gang, Y. B., Hwang, H. U., Kim, K. B., Son, G. U., & No, B. N. (2014). Physical memory analysis technology for detecting malware. Privacy Journal, 24(1), 39-44.
  3. Gim, G. Y., & Nag, W. S. (2000). According to the indicators quantify information security vulnerability assessment: Information weighted assets law. The Korea Institute of Information Security Engineering, 10(1), 51-62.
  4. Kim, H. D., Kim, K. H., & Ha, J. C. (2013). GOOSE protocol development environment Snort-based intrusion detection system in the. Privacy Journal, 23(6), 1181-1190.
  5. Kim, H. S., & Jeong, H. C. (2000). Relationship with the organization's information security organization, information security awareness and the level of research. Journal of Information Technology and Database, 7(2), 117-134.
  6. Kim, I. H., Lee, G. H., & Park, J. H. (2010). Corporate information security issues and direction. Information Security Association, 20(1), 13-18.
  7. Kim, J. G. (2013). Also impact on privacy in the online environment act. the information policy. Article 20, No. 3.
  8. Kim, Y. H., Moon, J. W., Hwang, S. H., & Jang, H. B. (2014). Study on the ICT outsourcing security management environment. Information Security Engineering, 24(1), 23-31.
  9. Park, C. W. (2014). A Study on the Privacy act on the Internet - Focusing on the protection motivation theory. Journal of Internet Computing and Services, 15(2), 59-71. https://doi.org/10.7472/jksii.2014.15.2.59
  10. Park, H. I. (2009). Research Information Security Survey Results Analysis for increased security. Journal of Integrated Conference, 1-7.
  11. Park, J. H. (2009). Research on Private Security for the Psychological Stability of a Client. Journal-German Korean Security Guidelines, 18, 55-72.