Effect of Information Security Training and Services on Employees’ Compliance to Security Policies (보안교육 및 보안서비스가 조직구성원의 정보보안정책 준수에 미치는 영향)

Bora Kim (김보라); Lee， Jong-Won (이종원); Beomsoo Kim (김범수)

doi:10.22693/NIAIP.2018.25.1.099

Effect of Information Security Training and Services on Employees’ Compliance to Security Policies

Informatization Policy
Abbr : 정보화정책
2018, 25(1), pp.99-114
DOI : 10.22693/NIAIP.2018.25.1.099
Publisher : NIA
Research Area : Social Science > Public Policy
Received : February 6, 2018
Accepted : February 23, 2018

Bora Kim ¹, Lee， Jong-Won ², Beomsoo Kim ¹

¹연세대학교
²GS 칼텍스

Accredited

ABSTRACT

In the past, organizations tended to focus on physical and technical aspects in managing corporate's information security (IS), rather than the aspect of human resources related to IS. Recently, increasing security incidents caused by organization members raise the issue of how to improve employees' compliance to security policies. This study conducted a field experiment to examine the effect of security awareness training and technical security services on employee's security behaviors. In Study 1, the number of spam opening cases were measured right after the IS training and re-measured three months later. In Study 2, a spam warning message was provided and then the number of employees’ spam opening cases were measured to find out the effect of security services. It was found that both the IS training and the technical IS service were effective; they significantly decreased spam opening rates. However, the training effect did not last longer than three months. These findings suggest that organizations need to consider providing regular training programs and supplementary technical services to improve employees' compliance to security policies.

KEYWORDS

information security, security awareness training, technical security service, security policycompliance, field experiment, spam

Citation status

* References for papers published after 2023 are currently being built.

[journal] 권영관 / 2007 / 스팸 이메일 현황과 대응에 대한고찰 / 정보보호학회지 17(2) : 66~79

[journal] 김기영 / 2001 / 실시간 인터넷 보안 서비스 제공을 위한 정책기반 통합 서버 설계 및시뮬레이션 / 정보처리학회논문지C: 정보통신,정보보안 8(2) : 565~572

[journal] 김상훈 / 2011 / Influencing Factors for Compliance Intention of Information Security Policy / 한국전자거래학회지 / 한국전자거래학회 16(4) : 33~51

[journal] 김상훈 / 2015 / An Empirical Study on Influencing Factors of Using Information Security Technology / 한국전자거래학회지 / 한국전자거래학회 20(4) : 151~175

[journal] 김수홍 / 2007 / The Effect and Retention of CPRTraining in Nursing Students / 대한응급의학회지 / 대한응급의학회 18(6) : 496~502

[journal] 김종기 / 2008 / The Effects of Security Policies, Security Awareness and Individual Characteristics on Password Security Effectiveness / 정보보호학회논문지 / 한국정보보호학회 18(4) : 123~134

[journal] 김종기 / 2006 / Factors Affecting Behavioral Intention of Computer Virus Controls / 정보화정책 / 한국지능정보사회진흥원 13(3) : 174~196

[journal] 박서기 / 2016 / A Review of Research on Big Data Security / 정보화정책 / 한국지능정보사회진흥원 23(1) : 3~19

[journal] 박수진 / 2002 / 실시간 e-mail 대응 침입시도탐지 관리시스템의 설계 및 구현 / 정보처리학회논문지C: 정보통신,정보보안 9(3) : 359~366

[journal] 박철주 / 2012 / An Understanding of Impact of Security Countermeasures on Persistent Policy Compliance / 디지털융복합연구 / 한국디지털정책학회 10(4) : 23~35

[other] 신희은 / 2014 / 대기업에 당하고 직원이 빼가고 스파이에멍든 中企 / 머니투데이

[journal] 임명성 / 2012 / A Path Way to Increase the Intention to Comply with Information Security Policy of Employees / 디지털융복합연구 / 한국디지털정책학회 10(10) : 119~128

[journal] 임명성 / 2014 / Why Security Awareness Education is not Effective? / 디지털융복합연구 / 한국디지털정책학회 12(2) : 27~37

[journal] 채명정 / 2015 / Effects of cardiopulmonary resuscitation reeducation on persistence of knowledge, performance and self-efficacy of nursing students / 한국응급구조학회지 / 사단법인 한국응급구조학회 19(1) : 51~62

[journal] 최양서 / 2006 / 사회공학적 공격방법을 통한 개인정보 유출기술 및 대응방안 분석 / 정보보호학회지 16(1) : 40~48

[report] 한국인터넷진흥원 / 2015 / 2015 국내 정보보호산업 실태조사 / 미래창조과학부, 한국인터넷진흥원, 한국정보보호산업협회

[report] AhnLab / 2011 / ASEC Report Vol. 13 / 안철수연구소

[journal] Bulgurcu, B. / 2010 / Information Security Policy Compliance: An Empirical Study of Rationality-based Beliefs and Information Security Awareness / MIS Quarterly 34(3) : 523~548

[journal] Dhillon, G. / 2000 / Technical Opinion: Information System Security Management in the New Millennium / Communications of the ACM 43(7) : 125~128

[journal] Fornell, C. / 1981 / Evaluating Structural Equation Models with Unobservable and Measurement Error / Journal of Marketing Research 18 : 39~50

[journal] Trcek, D. / 2007 / Information Systems Security and Human Behaviour / Behaviour & Information Technology 26(2) : 113~118

[book] Desman, M. B. / 2002 / Building an IS Security Awareness Program / Auerbach Publishing

[book] Mitnick, K. D. / 2002 / The Art of Deception : Controlling the Human Element of Security / Wiley Publishing, Inc

[journal] Sheeran, P. / 2002 / Intention-Behavior Relations:A Conceptual and Empirical Review / European Review of Social Psychology 12(1) : 1~36

[journal] Straub, D. / 1990 / Effective IS Security: An Empirical Study / Information Systems Research 1(3) : 255~276

[journal] Straub, D. / 1998 / Coping with Systems Risk : Security Planning Models for Management Decision Making / MIS Quarterly 22(4) : 441~469

[journal] Da Veiga, A. / 2007 / Information Security Governance Framework / Information Systems Management 24(4) : 361~372

[journal] Warkentin, M. / 2009 / Behavioral and Policy Issues in Information Systems Security:The Insider Threat / European Journal of Information Systems 18(2) : 101~105

[journal] Workman, M. / 2007 / Punishment and Ethics Deterrents: A Study of Insider Security Contravention / Journal of the Association for Information Science and Technology 58(2) : 212~222

KJCKorea
Journal Central

Informatization Policy 2023 KCI Impact Factor : 4.08

Effect of Information Security Training and Services on Employees’ Compliance to Security Policies

ABSTRACT

KEYWORDS

Citation status

* References for papers published after 2023 are currently being built.

Informatization Policy 2023 KCI Impact Factor : 4.08

Effect of Information Security Training and Services on Employees’ Compliance to Security Policies

ABSTRACT

KEYWORDS

Statistics

Tools

Issue List

Citation status

KCI Citation Counts (15)

REFERENCES (29) * References for papers published after 2023 are currently being built.

Search PDF

Citation

* References for papers published after 2023 are currently being built.