DOI QR코드

DOI QR Code

The Effect of Organizational Justice on Information Security-Related Role Stress and Negative Behaviors

  • Hwang, Inho (Startup Development Center, Korea Polytechnic University) ;
  • Ahn, SangJoon (School of management, Kyung Hee University)
  • Received : 2019.09.04
  • Accepted : 2019.10.12
  • Published : 2019.11.29

Abstract

In recent years, many organizations protect their information resources by investing in information security technology. However, information security threats from insiders have not been reduced. This study proposes a method for reducing information security threats within an organization by mitigating negative information security behaviors of employees. Specifically, the study finds a relationship between information security related role stress and negative behavior and suggests whether organizational justice mitigates role stress. That is, the purpose of the study is to suggest a mechanism between organizational justice, information security related role stress, and negative behavior. Negative behavior consist of avoidance behavior and deviant behavior, and security related role stress consist of role conflict and role ambiguity. Organizational justice consist of distributional justice, procedural justice, and informational justice. The research model is verified through structural equation modeling. After establishing a research model and hypothesis, we develop a survey questionnaire and collect data from 383 employees whose organizations have already implemented security policies. The findings appear that security related role stress increases negative behavior and that organizational justice mitigates role stress. The results of the analysis suggest the direction of organizational strategy for minimizing insider's security-related negative behaviors.

최근 많은 조직들은 정보보안 기술에 투자를 통해, 그들의 정보자원 관리 및 보호를 위한 노력을 하고 있다. 그러나, 조직 내부자에 의한 정보보안 위협 요인은 줄지 않고 있다. 본 연구는 내부자들의 정보보안 부정적 행동에 영향을 미치는 요인을 찾는다. 세부적으로, 연구는 정보보안 관련 업무스트레스와 부정적 행동간의 관계를 찾고, 조직공정성이 업무스트레스를 완화하는 것을 제시한다. 즉, 연구 목적은 조직공정성, 정보보안관련 업무스트레스, 부정적 행동간의 연계 매커니즘을 제시하는 것이다. 매커니즘 요인 구성은 정보보안 및 인사조직 관련 선행연구를 통해 도출되었다. 부정적행동은 회피행동과 이탈행동으로 구성하였으며, 보안관련 업무스트레스는 업무갈등과 업무스트레스로 구성된다. 그리고 조직공정성은 분배공정성, 절차공정성, 그리고 정보 공정성으로 구성된다. 연구 모델 검증은 구조방정식 모델링을 통해 실시하였다. 연구모델과 가설을 설립한 이후, 본 연구는 설문항목을 개발하고 정보보안 정책을 보유한 기업에 다니는 조직원 383명의 표본을 확보하였다. 연구 결과는 정보보안 관련 업무스트레스가 조직원들의 부정적 행동을 높이는 것을 증명하였으며, 조직공정성이 조직원에게 발생하는 업무스트레스를 완화하는 것을 제시하였다. 분석 결과는 내부자의 정보보안관련 부정적 행동을 최소화하기 위한 조직적 전략 수립 방향을 제시한다.

Keywords

References

  1. IDC, Worldwide Semiannual Security Spending Guide, 2016.
  2. K. D. Loch, H. H. Carr, and M. E. Warkentin, "Threats to Information Systems: Today's Reality, Yesterday's Understanding," MIS Quarterly, Vol. 16, No. 2, pp. 173-186, 1992. https://doi.org/10.2307/249574
  3. Verizon, 2019 Data Breach Investigations Report, 2019.
  4. J. D'Arcy, A. Hovav, and D. Galletta, "User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach," Information Systems Research, Vol. 20, No.1, pp. 79-98, 2009. https://doi.org/10.1287/isre.1070.0160
  5. K. H. Guo, and Y. Yuan, “The Effects of Multilevel Sanctions on Information Security Violations: A Mediating Model,” Information and Management, Vol. 49, No. 6, pp. 320-326, 2012. https://doi.org/10.1016/j.im.2012.08.001
  6. N. S. Safa, M. Sookhak, R. Von Solms, S. Furnell, N. A. Ghani, and T. Herawan, "Information Security Conscious Care Behaviour Formation in Organizations," Computers and Security, Vol. 53, pp. 65-78, 2015. https://doi.org/10.1016/j.cose.2015.05.012
  7. C. Posey, T. L. Roberts, and P. B. Lowry, "The Impact of Organizational Commitment on Insiders' Motivation to Protect Organizational Information Assets," Journal of Management Information Systems, Vol. 32, No. 4, pp. 179-214, 2015. https://doi.org/10.1080/07421222.2015.1138374
  8. W. R. Flores, and M. Ekstedt, "Shaping Intention to Resist Social Engineering through Transformational Leadership, Information Security Culture and Awareness," Computers and Security, Vol. 59, pp. 26-44, 2016. https://doi.org/10.1016/j.cose.2016.01.004
  9. R. West, “The Psychology of Security,” Communications of the ACM, Vol. 51, No, 4, pp. 34-40, 2008. https://doi.org/10.1145/1330311.1330320
  10. I. Hwang, D. Kim, T. Kim, and S. Kim, “Why not Comply with Information Security? An Empirical Approach for the Causes of Non-compliance,” Online Information Review, Vol. 41, No. 1, pp. 1-17, 2017.
  11. J. D'Arcy, T. Herath, and M. K. Shoss, “Understanding Employee Responses to Stressful Information Security Requirements: A Coping Perspective,” Journal of Management Information Systems, Vol. 31, No. 2, pp. 285-318, 2014. https://doi.org/10.2753/MIS0742-1222310210
  12. I. Hwang, and O. Cha, "Examining Technostress Creators and Role Stress as Potential Threats to Employees' Information Security Compliance," Computers in Human Behavior, Vol. 81, pp. 282-293, 2018. https://doi.org/10.1016/j.chb.2017.12.022
  13. P. Ifinedo, “Understanding Information Systems Security Policy Compliance: An Integration of the Theory of Planned Behavior and the Protection Motivation Theory,” Computers and Security, Vol. 31, No. 1, pp. 83-95, 2012. https://doi.org/10.1016/j.cose.2011.10.007
  14. H. L. Chou, and C. Chou, "An Analysis of Multiple Factors Relating to Teachers' Problematic Information Security Behavior," Computers in Human Behavior, Vol. 65, pp. 334-345, 2016. https://doi.org/10.1016/j.chb.2016.08.034
  15. J. M. Stanton, K. R. Stam, P. Mastrangelo, and J. Jolton, “Analysis of End User Security Behaviors,” Computers and Security, Vol. 24, No. 2, pp. 124-133, 2005. https://doi.org/10.1016/j.cose.2004.07.001
  16. Y. Chen, and F. M. Zahedi, "Individuals' Internet Security Perceptions and Behaviors: Polycontextual Contrasts Between the United States and China," MIS Quarterly, Vol. 40, No. 1, pp. 205-222, 2016. https://doi.org/10.25300/MISQ/2016/40.1.09
  17. H. Liang, and Y. Xue, “Understanding Security Behaviors in Personal Computer Usage: A Threat Avoidance Perspective,” Journal of the Association for Information Systems, Vol. 11, No. 7, pp. 394-413, 2010. https://doi.org/10.17705/1jais.00232
  18. M. Siponen, and A. Vance, “Neutralization: New Insights into the Problem of Employee Information Systems Security Policy Violations,” MIS Quarterly, Vol. 34, No. 3, pp. 487-502, 2010. https://doi.org/10.2307/25750688
  19. R. J. Bennett, and S. L. Robinson, “Development of a Measure of Workplace Deviance,” Journal of Applied Psychology, Vol. 85, No. 3, pp. 349-360, 2000. https://doi.org/10.1037/0021-9010.85.3.349
  20. A. M. Chu, and P. Y. Chau, "Development and Validation of Instruments of Information Security Deviant Behavior," Decision Support Systems, Vol. 66, pp. 93-101, 2014. https://doi.org/10.1016/j.dss.2014.06.008
  21. M. Salanova, S. Llorens, and E. Cifre, "The Dark Side of Technologies: Technostress among Users of Information and Communication Technologies", International Journal of Psychology, Vol. 48, No. 3, pp. 422-436, 2013. https://doi.org/10.1080/00207594.2012.680460
  22. M. Tarafdar, Q. Tu, B. S. Ragu-Nathan, and T. S. Ragu-Nathan, “The Impact of Technostress on Role Stress and Productivity,” Journal of Management Information Systems, Vol. 24, No. 1, pp. 301-328, 2007. https://doi.org/10.2753/MIS0742-1222240109
  23. D. F. Parker, and T. A. DeCotiis, “Organizational Determinants of Job Stress,” Organizational Behavior and Human Performance, Vol. 32, No. 2, pp. 160-177, 1983. https://doi.org/10.1016/0030-5073(83)90145-9
  24. R. Ayyagari, V. Grover, and R. Purvis, “Technostress: Technological Antecedents and Implications,” MIS Quarterly, Vol. 35, No. 4, pp. 831-858, 2011. https://doi.org/10.2307/41409963
  25. D. N. Behrman, and W. D. Perreault Jr, “A Role Stress Model of the Performance and Satisfaction of Industrial Salespersons,” Journal of Marketing, Vol. 48, No. 4, pp. 9-21, 1984. https://doi.org/10.1177/002224298404800101
  26. P. S. Galluch, V. Grover, and J. B. Thatcher, “Interrupting the Workplace: Examining Stressors in an Information Technology Context,” Journal of the Association for Information Systems, Vol. 16, No. 1, pp. 1-47, 2015. https://doi.org/10.17705/1jais.00387
  27. M. Vakola, and I. Nikolaou, “Attitudes towards Organizational Change: What is the Role of Employees' Stress and Commitment?,” Employee Relations, Vol. 27, No. 2, pp. 160-174, 2005. https://doi.org/10.1108/01425450510572685
  28. A. Tziner, ERabenu, R. Radomski, and A. Belkin, “Work Stress and Turnover Intentions among Hospital Physicians: The Mediating Role of Burnout and Work Satisfaction,” Journal of Work and Organizational Psychology, Vol. 31, No. 3, pp. 207-213, 2015.
  29. M. T. Tsai, and N. C. Cheng, “Understanding Knowledge Sharing between IT Professionals: An Integration of Social Cognitive and Social Exchange Theory,” Behaviour and Information Technology, Vol. 31, No. 11, pp. 1069-1080, 2012. https://doi.org/10.1080/0144929X.2010.550320
  30. P. E. Spector. "Industrial and organizational psychology" Research and Practice, 2009.
  31. J. S. Adams, "Inequity in Social Exchange" In Advances in experimental social psychology (Vol. 2, pp. 267-299). Academic Press, 1965.
  32. G. C. Homans, "Social behavior: Its elementary forms" Oxford, England: Harcourt Brace Jovanovich, 1974.
  33. R. H. Moorman. "Relationship between Organizational Justice and Organizational Citizenship Behaviors: Do Fairness Perceptions Influence Employee Citizenship?," Journal of Applied Psychology, Vol. 76, No. 6, pp. 845-855, 1991. https://doi.org/10.1037/0021-9010.76.6.845
  34. J. A. Colquitt. "On the Dimensionality of Organizational Justice: A Construct Validation of a Measure," Journal of Applied Psychology, Vol. 86, No. 3, pp. 386-400, 2001. https://doi.org/10.1037/0021-9010.86.3.386
  35. Y. Zhang, J. A. LePine, B. R. Buckman, and F. Wei, "It's not Fair... or is It? The Role of Justice and Leadership in Explaining Work Stressor-Job Performance Relationships," Academy of Management Journal, Vol. 57, No. 3, pp. 675-697, 2014. https://doi.org/10.5465/amj.2011.1110
  36. C. B. Meyer, "Allocation Processes in Mergers and Acquisitions: An Organizational Justice Perspective," British Journal of Management, Vol. 12, No.1, pp. 47-66, 2001. https://doi.org/10.1111/1467-8551.00185
  37. S. W. Hystad, K. J. Mearns and J. Eid, "Moral Disengagement as a Mechanism between Perceptions of Organisational Injustice and Deviant Work Behaviours," Safety Science, Vol. 68, pp. 138-145, 2014. https://doi.org/10.1016/j.ssci.2014.03.012
  38. T. A. Judge, and J. A. Colquitt, “Organizational Justice and Stress: The Mediating Role of Work-family Conflict,” Journal of Applied Psychology, Vol. 89, No. 3, pp. 395-404, 2004. https://doi.org/10.1037/0021-9010.89.3.395
  39. P. M. Muchinsky, "Psychology Applied to Work: An Introduction to Industrial and Organizational Psychology" Cengage Learning, 2006.
  40. H. Zhang, and N. C. Agarwal, “The Mediating Roles of Organizational Justice on the Relationships between HR Practices and Workplace Outcomes: An Investigation in China,” The International Journal of Human Resource Management, Vol. 20, No. 3, pp. 676-693, 2009. https://doi.org/10.1080/09585190802707482
  41. J. Greenberg, and J. A. Colquitt, "Handbook of Organizational Justice" Psychology Press, 2013.
  42. H. Li, R.Sarathy, J. Zhang, and X. Luo, “Exploring the Effects of Organizational Justice, Personal Ethics and Sanction on Internet Use Policy Compliance,” Information Systems Journal, Vol. 24, No. 6, pp. 479-502, 2014. https://doi.org/10.1111/isj.12037
  43. M. A. Alam, "Techno-stress and Productivity: Survey Evidence from the Aviation Industry," Journal of Air Transport Management, Vol. 50, pp. 62-70, 2016. https://doi.org/10.1016/j.jairtraman.2015.10.003
  44. J. C. Nunnally, "Psychometric Theory" (2nd ed.) New York: McGraw-Hill, 1978.
  45. B. H. Wixom, and H. J. Watson, “An Empirical Investigation of the Factors Affecting Data Warehousing Success,” MIS Quarterly, Vol. 25, No. 1, pp. 17-41, 2001. https://doi.org/10.2307/3250957
  46. C. Fornel,l and D. F. Larcker. "Evaluating Structural Equation Models with Unobservable Variables and Measurement Error," Journal of Marketing Research, Vol. 18, No. 1, pp. 39-50, 1981. https://doi.org/10.1177/002224378101800104
  47. L. J. Williams, and S. E. Anderson, “An Alternative Approach to Method Effects by Using Latent-variable Models: Applications in Organizational Behavior Research,” Journal of Applied Psychology, Vol. 79, No. 3, pp. 323-331, 1994. https://doi.org/10.1037/0021-9010.79.3.323

Cited by

  1. 정보보안 회피행동 완화에 대한 연구: 정보보안 관련 목표설정, 공정성, 신뢰의 관점을 중심으로 vol.18, pp.12, 2020, https://doi.org/10.14400/jdc.2020.18.12.217