Kim Sang Hoon, Yang Kyung Hoon, Park Sunyoung
Department of Business Administration, Kwangwoon University, 26 Kwangwoon-gil, Nowon-gu, Seoul 139-701, Republic of Korea.
College of Business School, University of Wisconsin-La Crosse, 1725 State Street, La Crosse, WI 54601, USA.
ScientificWorldJournal. 2014;2014:463870. doi: 10.1155/2014/463870. Epub 2014 May 28.
The authors found the behavioral factors that influence the organization members' compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members' attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members' compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing members' neutralization intention to violate information security policy should be emphasized.
作者基于中和理论、计划行为理论和保护动机理论,找到了影响组织中成员对信息安全政策合规性的行为因素。根据计划行为理论,成员对合规的态度、规范信念和自我效能被认为决定了遵守信息安全政策的意图。中和理论是犯罪学中的一个重要理论,有望为信息系统安全政策违规行为提供解释。基于保护动机理论,可以推断预期效能可能会对合规意图产生影响。通过上述逻辑推理,可以得出综合行为模型和八个假设。通过开展调查收集数据;207份问卷中有194份有效。因果模型的检验由偏最小二乘法(PLS)进行。结果发现信度、效度和模型拟合在统计上具有显著性。假设检验的结果表明,八个假设中的七个是可接受的。本研究的理论意义如下:(1)该研究有望为未来关于组织成员对信息安全政策合规性的研究起到基线作用;(2)该研究尝试通过将心理学和信息系统安全研究相结合的跨学科方法;(3)该研究通过全面的理论综述,提出了信息安全政策合规性影响因素的具体操作定义。此外,该研究还有一些实际意义。首先,它可以为支持组织中信息系统安全政策实施的战略制定的成功执行提供指导方针。其次,它证明了应强调抑制成员违反信息安全政策的中和意图的教育和培训计划的必要性。
