The Journal of Information Systems (한국정보시스템학회지:정보시스템연구)

Korea Association of Information Systems (한국정보시스템학회)
권호 표지
DOI QR코드

DOI QR Code

The Mitigation of Information Security Related Technostress and Compliance Intention

조직 내 정보보안 기술스트레스 완화와 준수의도

  • Received : 2020.01.10
  • Accepted : 2020.02.01
  • Published : 2020.03.31
Download PDF
⟨ Previous Next ⟩

Abstract

Purpose As information management grows in importance around the world, organizations are investing in information security technology. However, the higher the level of information security technology in an organization, the higher the techno-stress of employees. The purpose of this study is to suggest stress factors related to information security technology that affect the reduction of employees' intention to comply with information security and to suggest ways to alleviate stress. Design/methodology/approach The research presented a model for mitigating technical stress related to information security based on technical stress theory and person-organization fit theory. 346 questionnaire data were analyzed from the members of the organization who applied the information security technology, and the research hypothesis was verified through the structural equation modeling. Findings The hypothesis test confirms that security-related techno-stress reduces the information security compliance intention of employees, organizational technical support mitigates technical stress, and person-organization fitness mitigates the negative relationship between techno-stress and compliance intention. The results of the study contribute to the organization's strategy for minimizing the reduction of the information security compliance intention of employees, and are meaningful in that the theoretical basis for mitigating techno-stress is provided in the field of information security.

Keywords

References

  1. 유인진, 박도형 "중소기업 프로파일링 분석을 통한 기술유출 방지 및 보호 모형 연구," 정보시스템연구, 제27권, 제1호, 2018, pp. 171-191.
  2. 황인호, 김승욱, "조직원의 정보보안 관련 업무 스트레스에 대한 억제 및 업무대처에 대한 연구: 금융 비즈니스를 중심으로," e-비즈니스연구, 제18권, 제3호, 2017, pp. 147-165. https://doi.org/10.15719/GEBA.18.3.201706.147
  3. 황인호, 김상현, "SCO Framework 을 적용한 조직과 조직원의 정보보안 준수 관계 연구," 정보시스템연구, 제28권, 제4호, 2019, pp. 105-129.
  4. Alniacik, E., Alniacik, U., Erat, S., and Akcin, K., "Does Person - Organization Fit Moderate the Effects of Affective Commitment and Job Satisfaction on Turnover Intentions?," Procedia-Social and Behavioral Sciences, Vol. 99, 2013, pp. 274-281. https://doi.org/10.1016/j.sbspro.2013.10.495
  5. Andrews, M. C., Baker, T., and Hunt, T. G., "Values and Person-Organization Fit: Does Moral Intensity Strengthen Outcomes?," Leadership & Organization Development Journal, Vol. 32, No.1, 2011, pp. 5-19. https://doi.org/10.1108/01437731111099256
  6. Ayyagari, R., Grover, V., and Purvis, R., "Technostress: Technological Antecedents and Implications," MIS Quarterly, Vol. 35, No. 4, 2011, pp. 831-858. https://doi.org/10.2307/41409963
  7. Brod, C., Technostress: The Human Cost of the Computer Revolution. Reading, MA: Addison-Wesley, 1984.
  8. Bulgurcu, B., Cavusoglu, H., and Benbasat, I., "Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness," MIS Quarterly, Vol. 34, No. 3, 2010, pp. 523-548. https://doi.org/10.2307/25750690
  9. Cable, D. M., and Judge, T. A., "Person-Organization Fit, Job Choice Decisions, and Organizational Entry," Organizational Behavior and Human Decision Processes, Vol. 67, No. 3, 1996, pp. 294-311. https://doi.org/10.1006/obhd.1996.0081
  10. Chen, Y., Ramamurthy, K., and Wen, K. W., "Organizations' Information Security Policy Compliance: Stick or Carrot Approach?," Journal of Management Information Systems, Vol. 29, No.3, 2012, pp. 157-188. https://doi.org/10.2753/MIS0742-1222290305
  11. D'Arcy, J., Herath, T., and Shoss, M. K., "Understanding Employee Responses to Stressful Information Security Requirements: A Coping Perspective," Journal of Management Information Systems, Vol. 31, No. 2, 2014, pp. 285-318. https://doi.org/10.2753/MIS0742-1222310210
  12. D'Arcy, J., Hovav, A., and Galletta, D., "User Awareness of Security Countermeasures and its Impact on Information Systems Misuse: A Deterrence Approach," Information Systems Research, Vol. 20, No. 1, 2009, pp.79-98. https://doi.org/10.1287/isre.1070.0160
  13. D'Arcy, J., and Teh, P. L., "Predicting Employee Information Security Policy Compliance on a Daily Basis: The Interplay of Security-Related Stress, Emotions, and Neutralization," Information & Management, Vol. 56, No. 7, 2019, 103151. https://doi.org/10.1016/j.im.2019.02.006
  14. Dawson, J. F., "Moderation in Management Research: What, Why, When and How," Journal of Business and Psychology, Vol. 29, No. 1, 2014, pp. 1-19. https://doi.org/10.1007/s10869-013-9308-7
  15. Fornell, C., and Larcker, D. F., "Evaluating Structural Equation Models with Unobservable Variables and Measurement Error," Journal of Marketing Research, Vol. 18, No. 1, 1981, pp. 39-50. https://doi.org/10.1177/002224378101800104
  16. French, J. R. P., Caplan, R. D., and Harrison, R. V., The Mechanisms of Job Stress and Strain. New York: Wiley, 1982.
  17. Fuglseth, A. M., and Sorebo, O., "The Effects of Technostress within the Context of Employee Use of ICT," Computers in Human Behavior, Vol. 40, 2014, pp. 161-170. https://doi.org/10.1016/j.chb.2014.07.040
  18. Galluch, P. S., Grover, V., and Thatcher, J. B., "Interrupting the Workplace: Examining Stressors in an Information Technology Context," Journal of the Association for Information Systems, Vol. 16, No. 1, 2015, pp. 1-47. https://doi.org/10.17705/1jais.00387
  19. Gaudioso, F., Turel, O., and Galimberti, C., "The Mediating Roles of Strain Facets and Coping Strategies in Translating Techno-Stressors into Adverse Job Outcomes," Computers in Human Behavior, Vol. 69, 2017, pp. 189-196. https://doi.org/10.1016/j.chb.2016.12.041
  20. Grandviewresearch, Cyber Security Market Size, Share & Trends Analysis Report By Component, By Security Type, By Solution, By Service, By Deployment, By Organization, By Application, And Segment Forecasts, 2019 - 2025, 2019.
  21. Guo, K. H., and Yuan, Y., "The Effects of Multilevel Sanctions on Information Security Violations: A Mediating Model," Information & Management, Vol. 49, No. 6, 2012, pp. 320-326. https://doi.org/10.1016/j.im.2012.08.001
  22. Guo, K. H., Yuan, Y., Archer, N. P., and Connelly, C. E., "Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior Model," Journal of Management Information Systems, Vol. 28, No. 2, 2011, pp. 203-236. https://doi.org/10.2753/MIS0742-1222280208
  23. Herath, T., and Rao, H. R., "Encouraging Information Security Behaviors in Organizations: Role of Penalties, Pressures and Perceived Effectiveness," Decision Support Systems, Vol. 47, No. 2, 2009, pp. 154-165. https://doi.org/10.1016/j.dss.2009.02.005
  24. Hung, W. H., Chen, K., and Lin, C. P., "Does the Proactive Personality Mitigate the Adverse Effect of Technostress on Productivity in the Mobile Environment?," Telematics and Informatics, Vol. 32, No. 1, 2015, pp. 143-157. https://doi.org/10.1016/j.tele.2014.06.002
  25. Hwang, I., and Cha, O., "Examining Technostress Creators and Role Stress as Potential Threats to Employees' Information Security Compliance," Computers in Human Behavior, Vol. 81, 2018, pp. 282-293. https://doi.org/10.1016/j.chb.2017.12.022
  26. Hwang, I., Kim, D., Kim, T., and Kim, S., "Why Not Comply with Information Security? An Empirical Approach for the Causes of Non-compliance," Online Information Review, Vol. 41, No. 1, 2017, pp.2-18. https://doi.org/10.1108/OIR-11-2015-0358
  27. Hwang, I. H., and Lee, H. Y., "The Employee's Information Security Policy Compliance Intention: Theory of Planned Behavior, Goal Setting Theory, and Deterrence Theory Applied," Journal of Digital Convergence, Vol. 14, No. 7, 2016, pp. 155-166. https://doi.org/10.14400/JDC.2016.14.7.155
  28. Hwang, I., Wakefield, R., Kim, S., and Kim, T., "Security Awareness: The First Step in Information Security Compliance Behavior," Journal of Computer Information Systems, 2019, pp. 1-12.
  29. Jena, R. K., "Technostress in ICT Enabled Collaborative Learning Environment: An Empirical Study among Indian Academician," Computers in Human Behavior, Vol. 51, 2015, pp. 1116-1123. https://doi.org/10.1016/j.chb.2015.03.020
  30. Kristof, A. L., "Person-Organization Fit: An Integrative Review of its Conceptualizations, Measurement, and Implications," Personnel Psychology, Vol. 49, 1996, pp. 1-49. https://doi.org/10.1111/j.1744-6570.1996.tb01790.x
  31. Kristof-Brown, A. L., Zimmerman, R. D., Johnson, E. C., and Henry, B., "Consequences of Individuals' Fit at Work: A Meta-Analysis of Person-Job, Person-Organization, Person-Group, and Person-Supervisor Fit," Personnel Psychology, Vol. 58, No. 2, 2005, pp. 281-342. https://doi.org/10.1111/j.1744-6570.2005.00672.x
  32. Lauver, K. J., and Kristof-Brown, A., "Distinguishing Between Employees' Perceptions of Person-Job and Person-Organization Fit," Journal of Vocational Behavior, Vol. 59, No. 3, 2001, pp. 454-470. https://doi.org/10.1006/jvbe.2001.1807
  33. Little, T. D., Card, N. A., Bovaird, J. A., Preacher, K. J., and Crandall, C. S., "Structural Equation Modeling of Mediation and Moderation with Contextual Factors," Modeling Contextual Effects in Longitudinal Studies, Vol. 1, 2007, pp. 207-230.
  34. Loch, K. D., Carr, H. H., and Warkentin, M. E., "Threats to Information Systems: Today's Reality, Yesterday's Understanding," MIS Quarterly, Vol. 16, No. 2, 1992, pp.173-186. https://doi.org/10.2307/249574
  35. Netemeyer, R. G., Boles, J. S., McKee, D. O., and McMurrian, R., "An Investigation into the Antecedents of Organizational Citizenship Behaviors in a Personal Selling Context," Journal of Marketing, Vol. 61, No. 3, 1997, pp. 85-98. https://doi.org/10.1177/002224299706100107
  36. Nunnally, J. C., Psychometric theory (2nd ed.). New York: McGraw-Hill, 1978.
  37. Oh, S. T., and Park, S., "A Study of the Connected Smart Worker's Techno-stress," Procedia Computer Science, Vol. 91, 2016, pp. 725-733. https://doi.org/10.1016/j.procs.2016.07.065
  38. Podsakoff, P. M., MacKenzie, S. B., Lee, J. Y., and Podsakoff, N. P., "Common Method Biases in Behavioral Research: A Critical Review of the Literature and Recommended Remedies," Journal of Applied Psychology, Vol. 88, No. 5, 2003, pp. 879-903. https://doi.org/10.1037/0021-9010.88.5.879
  39. Ragu-Nathan, T. S., Tarafdar, M., Ragu-Nathan, B. S., and Tu, Q., "The Consequences of Technostress for End Users in Organizations: Conceptual Development and Empirical Validation," Information Systems Research, Vol. 19, No. 4, 2008, pp. 417-433. https://doi.org/10.1287/isre.1070.0165
  40. Ruiz-Palomino, P., and Martinez-Canas, R., "Ethical Culture, Ethical Intent, and Organizational Citizenship Behavior: The Moderating and Mediating Role of Person-Organization Fit," Journal of Business Ethics, Vol. 120, No. 1, 2014, pp. 95-108. https://doi.org/10.1007/s10551-013-1650-1
  41. Safa, N. S., Maple, C., Furnell, S., Azad, M. A., Perera, C., Dabbagh, M., and Sookhak, M., "Deterrence and Prevention Based Model to Mitigate Information Security Insider Threats in Organisations," Future Generation Computer Systems, Vol. 97, 2019, pp.587-597. https://doi.org/10.1016/j.future.2019.03.024
  42. Safa, N. S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N. A., and Herawan, T., "Information Security Conscious Care Behaviour Formation in Organizations," Computers and Security, Vol. 53, pp. 65-78, 2015. https://doi.org/10.1016/j.cose.2015.05.012
  43. Safa, N. S., Von Solms, R., and Futcher, L., "Human Aspects of Information Security in Organisations," Computer Fraud & Security, Vol. 2016, No. 2, 2016, pp. 15-18. https://doi.org/10.1016/S1361-3723(16)30017-3
  44. Siponen, M., Pahnila, S., and Mahmood, M. A., "Compliance with Information Security Policies: An Empirical Investigation," Computer, Vol. 43, No. 2, 2010, pp.64-71. https://doi.org/10.1109/MC.2010.35
  45. Sommestad, T., Hallberg, J., Lundholm, K., and Bengtsson, J., "Variables Influencing Information Security Policy Compliance: A Systematic Review of Quantitative Studies," Information Management & Computer Security, Vol. 22, No. 1, 2014, pp. 42-75. https://doi.org/10.1108/IMCS-08-2012-0045
  46. Steinbart, P. J., Raschke, R. L., Gal, G., and Dilla, W. N., "The Influence of a Good Relationship between the Internal Audit and Information Security Functions on Information Security Outcomes," Accounting, Organizations and Society, Vol. 71, 2018, pp. 15-29. https://doi.org/10.1016/j.aos.2018.04.005
  47. Tarafdar, M., Bolman Pullins, E., and Ragu-Nathan, T. S., "Examining Impacts of Technostress on the Professional Salesperson's Behavioral Performance," Journal of Personal Selling & Sales Management, Vol. 34, No. 1, 2014, pp. 51-69. https://doi.org/10.1080/08853134.2013.870184
  48. Tarafdar, M., Pullins, E. B., and Ragu-Nathan, T. S., "Technostress: Negative Effect on Performance and Possible Mitigations," Information Systems Journal, Vol. 25, No. 2, 2015, pp. 103-132. https://doi.org/10.1111/isj.12042
  49. Tarafdar, M., Tu, Q., Ragu-Nathan, B. S., and Ragu-Nathan, T. S., "The Impact of Technostress on Role Stress and Productivity," Journal of Management Information Systems, Vol. 24, No. 1, 2007, pp. 301-328. https://doi.org/10.2753/MIS0742-1222240109
  50. Tarafdar, M., Tu, Q., Ragu-Nathan, T. S., and Ragu-Nathan, B. S., "Crossing to the Dark Side: Examining Creators, Outcomes, and Inhibitors of Technostress," Communications of the ACM, Vol. 54, No. 9, 2011, pp. 113-120. https://doi.org/10.1145/1995376.1995403
  51. Valentine, S., Godkin, L., and Lucero, M., "Ethical Context, Organizational Commitment, and Person-Organization Fit," Journal of Business Ethics, Vol. 41, No. 4, 2002, pp. 349-360. https://doi.org/10.1023/A:1021203017316
  52. Vance, A., Siponen, M., and Pahnila, S., "Motivating IS Security Compliance: Insights from Habit and Protection Motivation Theory," Information & Management, Vol. 49, No. 3, 2012, pp. 190-198. https://doi.org/10.1016/j.im.2012.04.002
  53. Verizon, Verizon 2019 Data Breach Investigations Report, 2019.
  54. West, R., "The Psychology of Security," Communications of the ACM, Vol. 51, No. 4, 2008, pp. 34-40. https://doi.org/10.1145/1330311.1330320
  55. Wheeler, A. R., Coleman Gallagher, V., Brouer, R. L., and Sablynski, C. J., "When Person-Organization (mis) Fit and (dis) Satisfaction Lead to Turnover: The Moderating Role of Perceived Job Mobility," Journal of Managerial Psychology, Vol. 22, No. 2, 2007, pp. 203-219. https://doi.org/10.1108/02683940710726447
  56. Wixom, B. H., and Watson, H. J., "An Empirical Investigation of the Factors Affecting Data Warehousing Success," MIS Quarterly, Vol. 25, No. 1, 2001, pp. 17-41. https://doi.org/10.2307/3250957
  57. Yan, Z., Guo, X., Lee, M. K., and Vogel, D. R., "A Conceptual Model of Technology Features and Technostress in Telemedicine Communication," Information Technology & People, Vol. 26, No. 3, 2013, pp. 283-297. https://doi.org/10.1108/ITP-04-2013-0071