Earticle

초록

영어

Rapid progress of information technology and widespread use of the personal computers have brought various conveniences in our life. But this also provoked a series of problems such as hacking, malicious programs, illegal exposure of personal information etc. Information security threats are becoming more and more serious due to enhanced connectivity of information systems. Nevertheless, users are not much aware of the severity of the problems. Using appropriate password is supposed to bring out security effects such as preventing misuses and banning illegal users. The purpose of this research is to empirically analyze a research model which includes a series of factors influencing the effectiveness of passwords. The research model incorporates the concept of risk based on information systems risk analysis framework as the core element affecting the selection of passwords by users. The perceived risk is a main factor that influences user's attitude on password security, security awareness, and intention of security behavior.To validate the research model this study relied on questionnaire survey targeted on evening class MBA students. The data was analyzed by AMOS 7.0 which is one of popular tools based on covariance-based structural equation modeling. According to the results of this study, while threat is not related to the risk, information assets and vulnerability are related to the user's awareness of risk. The relationships between the risk, users security awareness, password selection and security effectiveness are all significant.Password exposure may lead to intrusion by hackers, data exposure and destruction. The insignificant relationship between security threat and perceived risk can be explained by user's indetermination of risk exposed due to weak passwords. In other words, information systems users do not consider password exposure as a severe security threat as well as indirect loss caused by inappropriate password. Another plausible explanation is that severity of threat perceived by users may be influenced by individual difference of risk propensity.This study confirms that security vulnerability is positively related to security risk which in turn increases risk of information loss. As the security risk increases so does user's security awareness. Security policies also have positive impact on security awareness. Higher security awareness leads to selection of safer passwords. If users are aware of responsibility of security problems and how to respond to password exposure and to solve security problems of computers, users choose better passwords. All these antecedents influence the effectiveness of passwords.Several implications can be derived from this study. First, this study empirically investigated the effect of user's security awareness on security effectiveness from a point of view based on good password selection practice. Second, information security risk analysis framework is used as a core element of the research model in this study. Risk analysis framework has been used very widely in practice, but very few studies incorporated the framework in the research model and empirically investigated. Third, the research model proposed in this study also focuses on impact of security awareness of information systems users on effective-ness of password from cognitive aspect of information systems users.

목차

abstract
 Ⅰ. 서 론
 Ⅱ. 문헌연구
  2.1 정보보안
  2.2 정보유출과 패스워드
  2.3 자산
  2.4 위협
  2.5 취약성
  2.6 위험분석방법론
  2.7 보안정책
  2.8 개인정보 보안의식
  2.9 패스워드 선택
  2.10 개인적 특성
  2.11 보안효과
 Ⅲ. 연구내용
  3.1 연구모형의 설계
  3.2 연구의 가설
  3.3 연구변수의 조작적 정의 및 측정항목
 Ⅳ. 실증분석
  4.1 자료의 수집과 분석
  4.2 표본의 특성
  4.3 측정모형의 추정과 분석
  4.4 구조모형의 평가 및 가설검증
 Ⅴ. 결 론
 참 고 문 헌

저자

• 김종기 [ Jongki Kim | 부산대학교 상과대학 경영학부 ] 주저자
• 강다연 [ Dayeon Kang | 부산대학교 일반대학원 경영학과 박사과정 ] 교신저자

참고문헌