Factors Affecting Behavioral Intention of Computer Virus Controls (컴퓨터 바이러스 통제의 행위의도에 영향을 미치는 요인)

KIM, JONGKI (김종기); Jinhwan Jeon (전진환)

Factors Affecting Behavioral Intention of Computer Virus Controls

Informatization Policy
Abbr : 정보화정책
2006, 13(3), pp.174-196
Publisher : NIA
Research Area : Social Science > Public Policy

KIM, JONGKI ¹, Jinhwan Jeon ¹

¹부산대학교

Accredited

ABSTRACT

Information security is one of the most important issues in the information age. Computer viruses and other related information security matters are not only technical problems but also managerial ones. This study focuses on the managerial aspect of information security and identifies a number of factors affecting user’s behavioral intention to control computer viruses. A theoretical model incorporating security attitudes, risk perception, user's security propensity and organizational security policies, was tested using the survey data. Based on the risk analysis methodology for information systems, assets, threats and vulnerability are identified as the antecedent factors of user’s risk perception. The analysis using structural equation modeling shows that security threat and vulnerability have significant influence on risk perception, while the value of assets does not have significant relationship with risk perception. User’s security perception, user’s security propensity and security policy significantly affect risk perception. There is also a highly significant relationship between security attitudes and security intention, which implies that positive security attitudes lead to affirmative security intention.

KEYWORDS

Information Security, Computer Virus, Security Behavioral Intention, Security Policy

Citation status

* References for papers published after 2023 are currently being built.

[journal] 김세헌 / 2002 / 정보보호 관리 및 정책 / 서울:생능출판사

[journal] 김영걸 / 1998 / 정보시스템의 위험도 분석에 대한 연구 :통합적 분석 틀을 중심으로 8(2) : 37~53

[journal] 김종기 / 2005 / A Research on Information Security Risk-based Antecedents Influencing Electronic Commerce User's Trust 15(2) : 65~96

[journal] 안춘수 / 2003 / 업무 프로세스 중심의 정보기술보안 위험분석 적용 사례 - 클라이언트/서버 시스템을 중심으로 16(4) : 421~431

[journal] 이성만 / 1994 / 해외의 보안위험분석 방법론 현황 및 분석 4(1) : 316~323

[journal] 한국전산원 / 2003 / 2003 한국인터넷백서 / 서울:한국전산원

[journal] 한국정보보호진흥원 / 1999 / 정보통신망 안전운영 기술지침서 / 서울:한국정보보호진흥원

[journal] Ajzen, I / 1997 / Attitude-Behavior Relation: A Theoretical Analysis and Review of Empirical Research 84(5) : 888~918

[journal] Anderson / 1987 / “An Approach for Confirmatory Measurement and Structural Equation Modeling of Organizational Properties : 525~541

[journal] Anderson / 1988 / “Structural Equation Modeling in Practice : 411~423

[journal] Bagchi, K / 2003 / An Analysis of the Growth of Computer and Internet Security Breaches 12 : 684~700

[journal] Bagozzi / 1988 / “On the Evaluation of Structural Equation Models ” Journal of the Academy of Marketing Science : 74~97

[journal] Barsanti, C / 1999 / Modern Network Complexity Needs Comprehensive Security 36(7) : 65~

[journal] Bassham / 1992 / “Threat Assessment of Malicious Code and Human Computer Threats National Institute of Standards and Technology

[journal] Boudreau, M / 2001 / Validation in Information Systems Research: A Stateof-the-Art Assessment 25(1) : 1~16

[journal] BSI / 1999 / BS7799: Code of Practices for Information Security Management / London:British Standards Institution

[journal] Longley / 1989 / Information Security for Managers / Stockton Press

[journal] CCTA / 2001 / CRAMM User Guide / London:Central Computer and Telecommunications Agency

[journal] Cerf, V / 2005 / Spam, Spim and Spit 48(4) : 39~43

[journal] Chin, W / 2003 / A Partial Squares Latent Variable Modeling Approach for Measuring Interaction Effects: Results from a Monte Carlo Simulation Study and an Electronic-Mail Emotion/ Adoption Study 14(2) : 189~217

[journal] CMU/SEI / 1999 / Operationally Critical Threat, Asset, Vulnerability Evaluation (OCTAVE) Framework Ver. 1.0 / Pittsburgh:Carnegie Mellon University/Software Engineering Institute

[journal] Coursen, S / 1997 / Financial Impact of Viruses 6(1) : 64~70

[journal] CSE / 1996 / Guide to Security Risk Management for IT Systems / Government of Canada:Communications Security Establishment

[journal] CSI / 2002 / Seventh Annual CSI/FBI Computer Crime and Security Survey / San Francisco:Computer Security Institute

[journal] CSI / 2003 / Eighth Annual CSI/FBI Computer Crime and Security Survey / San Francisco:Computer Security Institute

[journal] David, J / 1996 / The New Face of the Virus Threat 15(1) : 13~16

[journal] Davis / 1989 / Perceived Ease of Use and User Acceptance of Information Technology : 319~340

[journal] Davis / 1989 / “User Acceptance of Computer Technology A Comparison of Two Theoretical Models : 982~1003

[journal] Dennis, A / 2001 / Conducting Research in Information Systems 7(5) : 1~40

[journal] Duke, D / 2002 / Spyware, Adware, Systemware and Cookies (9) : 4~5

[journal] Eloff, M / 2000 / Information Security Management: A Hierarchical Framework for Various Approaches 19(3) : 243~356

[journal] Finne, T / 1998 / A Conceptual Framework for Information Security Management 17(4) : 303~307

[journal] Foltz, S / 2004 / Cyberterrorism, Computer Crime, and Reality 12(2) : 154~166

[journal] Fornell / 1981 / “Evaluating Structural Equation Models with Unobservable Variables and Measurement Error ” Journal of Marketing Research : 39~50

[journal] Frank / 1991 / “Securityrelated Behavior of PC Users in Organizations : 127~135

[journal] Garver, M / 1999 / Logistics Research Methods: Employing Structural Equation Modeling to Test for Construct Validity 20(1) : 33~57

[journal] Gefen, D / 2000 / Structural Equation Modeling and Regression: Guidelines for Research Practice 4(7) : 1~76

[journal] Gefen, D / 2003 / Assessing Unidimensionality through LISREL: An Explanation and Example

[journal] Gogan / 1991 / “Should “Personal” Computers Be Personally Allocated?” Journal of Management Information Systems : 91~106

[journal] Goodhue / 1991 / “Security Concerns of System Users A Study of Perception of the Adequacy of Security : 13~27

[journal] Gordon, S / 2005 / Application Program Security: Fighting Spyware and Adware in the Enterprise 14(3) : 14~17

[journal] Granova, A / 2005 / A Legal Overview of Phishing (7) : 6~11

[journal] Halliday, S / 1996 / A Business Approach to Effective Information Technology Risk Analysis and Management 4(1) : 19~31

[journal] Harris, R / 1999 / Attitudes Towards End-User Computing 18(2) : 109~125

[journal] Highland, H / 1997 / A History of Computer Viruses: The Famous Trio 16(5) : 416~429

[journal] Hubbard, J / 1998 / Computer Viruses: How Companies can Protect their Systems 98 : 12~16

[journal] ISO/IEC / 2000 / Guidelines for the Management of IT Security (GMITS))-Part 1: Concepts and Models of IT Security, TR 13335-1 / Berlin: International Organization for Standardization/ International Electrotechnical Commission

[journal] Jarvenpaa, S / 2000 / Consumer trust in an Internet store 1 : 45~71

[journal] Jung, B / 2001 / Security Threats to Internet: A Korean Multi-Industry Investigation 38(8) : 487~498

[journal] Kankanhalli, A / 2003 / An Integrative Study of Information Systems Security Effectiveness 23(2) : 139~154

[journal] Kotulic, A / 2004 / Why there aren’t more Information Security Research Studies 41(5) : 597~607

[journal] LLeach, J / 2003 / Improving User Security Behavior 22(8) : 685~692

[journal] Lee, Y / 2005 / Investigating Factors Affecting the Adoption of Anti-Spyware Systems 48(8) : 72~77

[journal] Lee, J / 2002 / A Holistic Model of Computer Abuse within Organizations 10(2) : 57~63

[journal] Lee, S / 2004 / An Integrative Model of Computer Abuse based on Social Control and General Deterrence Theories 41(6) : 707~718

[journal] Loch / 1992 / “Threats to Information Systems : 173~186

[journal] Mathieson / 1991 / Comparing the Technology Acceptance Model with the Theory of Planned Behavior : 173~191

[journal] Nachenberg, C / 1997 / Computer Virus-Anti Virus Coevolution 40(1) : 46~51

[journal] NIST / 1998 / Risk Management Guide for Information Technology Systems- Recommendations of the National Institute of Standards and Technology National Institute of Standards and Technology / Maryland:National Institute of Standards and Technology

[journal] Panko, R / 2003 / Slammer: The First Blitz Worm 11 : 207~218

[journal] Peace, A / 2003 / Software Piracy in the Workplace: A Model and Empirical Test

[journal] Peltier, T / 2001 / Information Security Risk Analysis / New York:Auerbach

[journal] Polk / 1992 / A Guide to the Selection of Anti-Virus Tools and Techniques National Institute of Standards and Technology

[journal] Post, G / 2000 / Management Tradeoffs in Anti-Virus Strategies 37(1) : 13~24

[journal] Rainer / 1991 / “Risk Analysis for Information Technology ” Journal of Management Information Systems : 129~147

[journal] Ryan, S / 1997 / Evaluating Security Threats in Mainframe and Client/Server Environment 32(3) : 137~146

[journal] Schneier, B / 2000 / Secrets & Lies: Digital Security in a Networked World / New York:Wiley & Sons

[journal] Schultz, E / 2003 / Virus & Worm Trends 23(3) : 179~180

[journal] Segars, A / 1997 / Assessing the Unidimensionality of Measurement: A Paradigm and Illustration Within the Context of Information Systems 25(1) : 107~121

[journal] Segars / 1993 / “Re-Examining Perceived Ease of Use and Usefulness : 517~525

[journal] Seltzer, L / 2005 / The Zero-Day Attack 24(21) : 109~117

[journal] Shaw, G / 2003 / Spyware & Adware: The Risks Facing Business (9) : 12~14

[journal] Sherif, J / 2003 / Deployment of Anti-Virus Software: A Case Study 11(1) : 5~10

[journal] Somers, T / 2003 / Confirmatory Factor Analysis of the End-user Computing Satisfaction Instrument: Replication within an ERP Domain 34(3) : 595~621

[journal] Stafford, T / 2005 / Spyware 48(8) : 34~36

[journal] Straub / 1990 / “Discovering and Disciplining Computer Abuse in Organizations : 45~60

[journal] Straub, D / 1998 / Coping with System Risk Security Planning Models for Management Decision Making 22(4) : 441~469

[journal] Suh, B / 2003 / The IS Risk Analysis Based on a Business Model 41(2) : 149~158

[journal] Schumacker, R / 1996 / A Beginner’s Guide to Structural Equation Modeling / New Jersey:Lawrence Erlbaum Associates

[journal] Szor, P / 2005 / The Art of Computer Virus Research and Defense / Boston:Addison-Wesley

[journal] Tedeschi, B / 2004 / Protect Your Identity : 107~112

[journal] Thatcher, J / 2002 / An Empirical Examination of Individual Traits as Antecedents to Computer Anxiety and Computer Self-Efficiency 26(4) : 381~396

[journal] Thompson, R / 2005 / Why Spyware Poses Multiple Threats to Security 48(8) : 41~43

[journal] Tregear, J / 2001 / Risk Assessment 6(3) : 19~27

[journal] Wack / 1989 / NationalInstitute of Standards and Technology

[journal] Wen, H / 1998 / Internet Computer Virus Protection Policy 6(2) : 66~71

[journal] Whitman, M / 2004 / In Defense of the Realm: Understanding the Threats to Information Security 24 : 43~57

[journal] Williams / 1986 / “Antecedents and Consequences of Organizational Turnover ” Journal of Applied Psychology : 219~231

KJCKorea
Journal Central

Informatization Policy 2023 KCI Impact Factor : 4.08