원문정보
A Study on the Factors for Violation of Information Security Policy in Financial Companies : Moderating Effects of Perceived Customer Information Sensitivity
초록
영어
This paper analyzed factors for employees to violate information security policy in financial companies based on the theory of reasoned action (TRA), general deterrence theory (GDT), and information security awareness and moderating effects of perceived sensitivity of customer information. Using the 376 samples that were collected through both online and offline surveys, statistical tests were performed. We found that the perceived severity of sanction and information security policy support to information policy violation attitude and subjective norm but the perceived certainty of sanction and general information security awareness support to only subjective norm. Also, the moderating effects of perceived sensitivity of customer information against information policy violation attitude and subjective norm were supported. Academic implications of this study are expected to be the basis for future research on information security policy violations of financial companies; Employees’ perceived sanctions and information security policy awareness have an impact on the subjective norm significantly. Practical implications are that it can provide a guide to establish information security management strategies for information security compliance; when implementing information security awareness training for employees to deter violations by emphasizing the sensitivity of customer information, a company should make their employees recognize that the customer information is very sensitive data.
목차
1. 서론
2. 이론적 배경
2.1 정보보안정책에 대한 조직원의 행동연구 동향
2.2 합리적 행동이론
2.3 일반억제이론
2.4 정보보안인식
3. 연구모형 및 가설
3.1 연구모형
3.2 가설 설정
3.3 정보보안정책 위반 시나리오 설계
3.4 변수의 조작적 정의와 측정항목
4. 연구방법
4.1 데이터 수집 및 분석방법
4.2 기술통계
5. 실증분석
5.1 측정모형의 신뢰성 및 타당도 분석
5.2 구조모형의 경로분석
5.3 조절효과 분석
6. 결론
참고문헌
<부록 1> 변수의 설문문항
<부록 2> 독립변수의 탐색적 요인분석 결과