Journal of the Korea Academia-Industrial cooperation Society (한국산학기술학회논문지)

The Korea Academia-Industrial cooperation Society (한국산학기술학회)
권호 표지
DOI QR코드

DOI QR Code

An empirical study on the relationship of personal optimistic bias and information security awareness and behavior in the activity of information ethics

정보윤리 활동에서 개인의 낙관적 편견과 정보보안 인식 및 정보보안 행위와의 관련성에 관한 실증 연구

  • Choi, Jong-Geun (Division of Management Information, Seoul Venture University) ;
  • Che, Myung-Shin (Division of Fusion Industry, Seoul Venture University)
  • 최종근 (서울벤쳐정보대학원대학원 정보경영학부) ;
  • 채명신 (서울벤쳐정보대학원대학원 융합산업학부)
  • Received : 2016.04.06
  • Accepted : 2016.05.12
  • Published : 2016.05.31
Download PDF
⟨ Previous Next ⟩

Abstract

With respect to the factors affecting information security awareness and behavior, the study of the relevance of the concept of optimistic bias is actively used in psychology. In other words, this study examines whether the optimistic bias of individuals affects information security in the field. In this sense, this study attempted to demonstrate the relevance of optimistic bias in information security behavior and awareness. A questionnaire survey was conducted targeting 111 people engaged in domestic private enterprises. The survey results showed that this personalized optimistic bias exists because of empirical factors related to personal security. Optimistic bias affects the security awareness information. The greater the optimistic bias, the lower the awareness and recognition of information security. In other words, optimistic bias affects information security awareness. Reducing the effects of optimistic bias is expected to reduce information security incidents, such as information leakages. However, the variety of information related ethical activities of a company did not have any effect on the information security awareness. Most previous studies have only examined the effect optimistic bias in the field of health. Therefore, this study fills an important gap in research in IT.

정보보안 인식 및 행위에 미치는 요소와 관련하여 심리학에서 사용되는 개념인 낙관적 편견과의 연관성에 대한 연구가 활발하다. 즉, 개인이 가진 낙관적 편견이 정보윤리 활동에 얼마나 어느 분야에 영향을 미치는 가를 알아보는 것이다. 이러한 점에서 본 연구는 개인의 낙관적 편견과 정보보안 인식 및 정보보안 행위와의 관련성을 실증해 보았다. 국내 민간기업 종사하는 111명을 대상으로 설문조사한 결과, 개인의 보안관련 경험적 요인으로 인해 개인별 낙관적 편견이 존재하며, 낙관적 편견은 정보보안 인식에 영향을 미치며, 낙관적 편견이 많을수록 정보보안에 대한 인식은 부(-)의 영향을 미침으로서 정보보안 인식이 낮아진다는 것을 확인하였다. 즉, 낙관적 편견이 정보보안 인식에 영향을 미치며, 낙관적 편견을 줄이는 활동을 함으로써 정보유출 등 정보보안 사고를 줄이는데 기여할 것으로 판단된다. 그러나, 정보보안 인식을 제고시키는데 낙관적 편견이 조절효과를 보여줄 것으로 판단되었어나 그 조절효과를 보여주지 못하였다. 그 이유는 낙관적 편견관련 건강분야 연구와 달리 IT분야는 선행연구가 부족하여 구체적인 조절 요인을 제시하는데 어려움이 있는 등의 한계점이 제시되었다.

Keywords

References

  1. N. D. T. Weinstein and Klein, D. J."Effects of Mood on High Elaboration Attitude Change: The Mediating Role of Likelihood Judgments. European Journal of Social Psychology, Vol. 24, No. 2, pp. 25-43, 1994. https://doi.org/10.1002/ejsp.2420240103
  2. K. D. Loch, H. C. Houston and E. W. Merrill. "Threats to Information Systems: Today's Reality, Yesterday's Understanding." Mis Quarterly, Vol. 16, No. 2, pp. 173-186, 1992. https://doi.org/10.2307/249574
  3. The Federation of Korean Information Industries. Information Ethics andDigital Socity, 2005
  4. M. J. Back, "A Study on the Effect of Information Ethics on the Performance of Information Security in Organization", 2010 Information Policy, 2010
  5. M. Kabay, "Psychosocial Factors in the Implementation of Information Security Policy." EDPACS: The EDP Audit, Control, and Security Newsletter, Vol. 21. No. 10, pp. 1-10, 1994. https://doi.org/10.1080/07366989409451659
  6. S.J.Lee and M. J. Lee "An Exploratory Study on the Information Security Culture Indicator", Information Policy Vol. 15, No. 3, pp. 100-119, 2008.
  7. N. Choi, D. Kim, and A. Whitmore, Knowing Is Doing, Information Management & Computer Security, Vol. 16, No. 5, pp. 484-501, 2008. https://doi.org/10.1108/09685220810920558
  8. E. Berkman, "How to Staff Up for Security." CIO Magazine, Vol. 15, 2002.
  9. J. G. Kim and D. Y. Kang, "The Effects of Security Policies, Security Awareness and Indivisual Characterics on Password Security Effctiveness." Institute of Security & Cryptolog, Vol. 18, No. 4, pp.123-133. 2008.
  10. M. A. Pierce and J. W. Henry. "Computer ethics: The Role of Personal, Informal, and Formal Codes." Journal of Business Ethics, Vol. 15, No. 4, pp. 425-437, 1996. https://doi.org/10.1007/BF00380363
  11. E. Cohen and L. Cornwell. "College Students Believe Piracy Is Acceptable." CIS Educator Forum. Vol. 1. No. 3. 1989.
  12. K. H. Hong and J. D. Kim. "National Standard on Information Security in ISO." Institute of Security & Cryptolog Vol. 14.No. 2 pp. 1-5, 2004
  13. J. Park, B. Kim and S. Joo, "Primary factors affecting corporate employees' attitudes toward information security," The Studies of Management Vol. 40, No. 4, pp. 955-985, 2011년.
  14. N. D. T. Weinstein, "Unrealistic Optimism about Future Life Events," Journal of Personality and Social Psychology, Vol. 39, No. 5, pp. 806-820, 1980. https://doi.org/10.1037/0022-3514.39.5.806
  15. V. Hoorens "Self-favoring Biases for Positive and Negative Characteristics: Independent Phenomena?." Journal of Social and Clinical Psychology Vol. 15, No. 1 pp. 53, 1996. https://doi.org/10.1521/jscp.1996.15.1.53
  16. B.C.Kim and D.G. Lee. "Optimistic Bias in Crisis of Company," Core Association for AD & PR, Vol. 8, No. 2, pp. 82-105. 2006.
  17. J. R. Chapin, Optimistic Bias Regarding Campus Violence, Current Research in Social Psychology, Vol. 6, No. 16, pp. 237-251, 2000.
  18. M.J. Han "Optimistic Bias on the Crisis of Smoking healthy," Korean Association for Broadcasting & Telecommunication Studies, 1999.
  19. C. T. Salmon, H. S. Park, and B. J. Wrigley. "Optimistic Bias and Perceptions of Bioterrorism in Michigan Corporate Spokespersons, Fall 2001." Journal of Health Communication, Vol. 8. No. 1, pp. 130-143, 2003. https://doi.org/10.1080/713851966
  20. A. Acquisti "Privacy in Electronic Commerce and the Economics of Immediate Gratification," Proceedings of the 5th ACM conference on Electronic commerce, New York, NY. pp. 21-29. 2004.
  21. H. S. Rhee, Y. Ryu, and C. T. Kim. "I Am Fine but You Are Not: Optimistic Bias and Illusion of Control on Information Security." ICIS 2005 Proceedings, 2005.
  22. L. S. Perloff, Social Comparison and Illusion of Invulnerability to Negative Life Events, In Snyder. C. R. and Ford, C., Coping with Negative Life Effects: Clinical and Social Psychological Perspectves on Negative Life Event. Plenum Press. 1987
  23. L. Sjoberg, and J. Fromm, "Information Technology Risks as Seen by the Public" Risk Analysis. Vol. 21. No. 3, pp. 427-441, 2001. https://doi.org/10.1111/0272-4332.213123
  24. Ernst & Young "Global Information Security Service," White Paper, Ernst & Young, 2004
  25. AOL/NCSA. "AOL/NCSA Online Safe Study" Research Report, American Online and the National Cyber Security Alliance, October, 2004
  26. L. C. Schaupp and L. Carter " The impact of trust, risk and optimism bias on E-file adoption" Informatio" Information Systems Frontiers, Volume 12, Issue 3, pp299-309, 2010, https://doi.org/10.1007/s10796-008-9138-8
  27. C. H. Lim. "The method of Effective Information Security Awarness," Institute of Security & Cryptolog, Vol. 16, No. 2, pp. 30-35. 2006.
  28. T. Layton, Information Security Awareness: the Psychology Behind the Technology, Author House, 2005.