An Empirical Study on Influencing Factors of Using Information Security Technology

Sang-Hoon Kim, Gab-Su Lee


Although three types of the information security measures (technical, physical and managerial ones) are all together critical to maintaining information security in the organizations and should be implemented at the same time, this study aims at providing theoretical basis of establishing and implementing effective managerial security measures. The rationale behind this research objective is that it is very important to effectively perform the managerial security measures to achieve the target performance level of the technical and the physical security measures because main agents of practicing the information security measures in the organizations are staff members even though the technical and the physical ones are well constructed and implemented.
In particular, this study intends to develop and propose the theoretical model applicable to providing the way of improving organizational members’ intention to use information security technologies since the very intention to use them is essential to effectively establishing and promoting managerial security measures. In order to achieve the objective of this study, the factors critical to influencing upon the intention to use information security technologies are derived through systematically reviewing related theories and previous studies, and then the research model and hypotheses are proposed by logically reasoning the casual relationship among the these factors. Also, the empirical analyses are performed by conducting the survey of the organization members of domestic large companies and analyzing the structural equation model by PLS (Partial Least Squares) method. The significant results of this study can contribute to expanding the research area of managerial information security and can be applied to suggesting the practical guidelines for effectively establishing and implementing the managerial security measures in various organizations.

Full Text:



Adams, D. A., Nelson, R. R., and Todd, P. A., “Perceived Usefulness, Ease of Use, and Usage of Information Technology: a Replication,” MIS Quarterly, Vol. 16, No. 2, pp. 227-247, 1992.

Ajzen, I., “The theory of planned behavior,” Organizational Behavior and Human Decision Processes, Vol. 50, pp. 179-211, 1991.

Ajzen, I., “Perceived behavioral control, self-efficacy, locus of control, and the theory of planned behavior,” Journal of Applied Social Psychology, Vol. 32, pp. 665-683, 2002.

Amoroso, D. L., “Organizational issues of end-user computing,” Data Base, Vol. 19, No. 3-4, pp. 49-58, 1988.

Bagozzi, R. P., “Attitudes, intentions, and behavior: A test of some key hypotheses,” Journal of Personality and Social Psychology, Vol. 41, No. 4, pp. 607-627, 1981.

Bagozzi, R. P., “A Field Investigation of Causal Relations among Cognitions, Affect, Intentions, and Behavior,” Journal of Marketing Research, Vol. 19, No. 4, pp. 562- 583, 1982.

Bandura, A., “Self-efficacy: toward a unifying theory of behavioral change,” Psychological Review, Vol. 84, No. 2, pp. 191-215, 1986.

Chin, W., “Issues and Opinion on Structural Equation Modeling,” MIS Quarterly, Vol. 22, No. 1, pp.7-16, 1998.

Davis, F. D., “Perceived usefulness, perceived ease of use, and user acceptance of information technology,” MIS Quarterly, Vol. 13, No. 1, pp. 319-340, 1989.

Davis. F. D., Bagozzi. R. P., and Warshaw, P. R., “User acceptance of computer technology: a comparison of two theoretical models,” Management Science, Vol. 35, No. 8, pp. 982-1003, 1989.

Dinev, T. and Hart, P., “Internet privacy concerns and social awareness as determinants of intention to transact,” International Journal of E-Commerce, Vol. 10, No. 2, pp. 7-31, 2006.

Dinev, T. and Hu, Q., “The centrality of awareness in the formation of user behavioral intention toward protective information technologies,” Journal of the Association for Information Systems, Vol. 8, pp. 386-408, 2007.

Fishbein, M., “An investigation of relationships between beliefs about an object and the attitude toward that object,” Human Relations, Vol. 16, pp. 233-240, 1963.

Fishbein, M. and Ajzen, I., Belief, Attitude, Intention, and Behavior: An Introduction to Theory and Research, Reading, MA: Addison-Wesley, 1975.

Gefen, D. and Straub, D. W., “A Practical Guide to Factorial Validity Using PLS- Graph: Tutorial and Annotated Example,” Communications of the Association for Information Systems, Vol. 16, No. 5, pp. 91-109, 2005.

Goodhue, D. L. and Straub, D. W., “Security concerns of system users: A study of perceptions of the adequacy of security,” Information and Management, Vol. 20, No. 1, pp. 13-27, 1991.

Hu, Q. and Dinev, T., “Is Spyware an Internet Nuisance or Public Menace?,” Communications of the ACM, Vol. 48, No. 8, pp. 61-66, 2005.

Hu, Q., Hart, P., and Cooke, D., “The Role of External Influences on Organizational Information Security Practices: An Institutional Perspective,” Proceedings of the 39th Hawaii International Conference on Systems Science (HICSS 39), January 4- 7, Hawaii, USA. CD-ROM, IEEE Computer Society, 2006.

Igbaria, M., “An examination of the factors contributing to microcomputer technology acceptance,” Accounting Management and Information Technologies, Vol. 4, No. 4, pp. 205-224, 1994.

Jackson, C. M. and Chow, S., “Toward an Understanding of the Behavioral Intention to Use an Information System,” Decision Sciences, Vol. 28, No. 2, pp. 357- 389, 1997.

Kim, S. and Park, S., “Influencing Factors for Compliance Intention of Information Security Policy,” The Journal of Society for e-Business Studies, Vol. 16, No. 4, pp. 33-51, 2011.

Kwon, T. H. and Zmud, R. W., “Unifying the fragmented models of information systems implementation,” Critical Issues in Information Systems Research(edited by Hirschheim, R. J. and Boland, R. A.), John Wiley and Sons, pp. 227-251, 1987.

Lang, P. J., “Cognition in emotion: Concept and action,” Emotions, Cognition and Behavior(edited by Izard, C. E., Kagan, J. and Zajonc, R.), Cambridge University Press, pp. 192-226, 1984.

Lee, S. and Lee, M., “An Exploratory Study on the Information Security Culture Indicator,” Informatization Policy, Vol. 15, No. 3, pp. 100-119, 2008.

Nam, G. H. and Won, D. H., Information System Security, Green Publishing Co., Seoul, 2010.

Nunnally, J. C., Psychometric Theory (2nd ed.), New York: McGraw-Hill, 1987.

Rogers, R. W., “A Protection Motivation Theory of Fear Appeals and Attitude Change,” Journal of Psychology, Vol. 91, pp. 93-114, 1975.

Rogers, E. M., Diffusion of Innovations (4th ed.), The Free Press, New York, 1983.

Srite, M. and Karahanna, E., “The Role of Espoused National Cultural Values in Technology Acceptance,” MIS Quarterly, Vol. 30, No. 3, pp. 679-704, 2006.

Szajna, B., “Empirical Evaluation of the Revised Technology Acceptance Model,” Management Science, Vol. 42, No. 1, pp. 85-92, 1996.

Telecommunication Technology Association, Dictionary of Information Security Technology, Telecommunication Technology Association, 2006.

Venkatesh, V., “Creation of Favorable User Perceptions: Exploring the Role of Intrinsic Motivation,” MIS Quarterly, Vol. 23, No. 2, pp. 239-260, 1999.

Venkatesh, V. and Davis, F. D., “A Theoretical Extension of the Technology Acceptance Model: Four Longitudinal Field Studies,” Management Science, Vol. 46, No. 2, pp. 186-198, 2000.

Venkatesh, V. and Morris M. G., “User Acceptance of Information Technology: Toward a Unified View,” MIS Quarterly, Vol. 27, No. 3, pp. 425-478, 2003.

Warshaw, P. R., “A New Model for Predicting Behavioral Intentions: An Alternative to Fishbein,” Journal of Marketing Research, Vol. 17, No. 2, pp. 153-172, 1980(a).

Warshaw, P. R., “Predicting Purchase and Other Behaviors from General and Contextually Specific Intentions,” Journal of Marketing Research, Vol. 17, No. 1, pp. 26-33, 1980(b).

Warshaw, P. R. and Davis, F. D., “Self- Understanding and the Accuracy of Behavioral Expectations,” Personality and Social Psychology Bulletin, Vol. 10, No. 2, pp. 111-118, 1984.

Warshaw, P. R. and Davis, F. D., “Disentangling Behavioral Intention and Behavioral Expectation,” Journal of Experimental Social Psychology, Vol. 21, No. 2, pp. 213-228, 1985.

Witte, K., “Putting the Fear Back into Fear Appeals: The Extended Parallel Process Model,” Communication Monographs, Vol. 59, pp. 329-349, 1992.

Witte, K., “Fear Control and Danger Control: A Test of the Extended Parallel Process Model(EPPM),” Communication Monographs, Vol. 61, pp. 113-134, 1994.

Witte, K., Cameron, K. A., McKeon, J. K., and Berkowitz, J. M., “Predicting Risk Behaviors: Development and Validation f a Diagnostic Scale,” Journal of Health Communication, Vol. 1, pp. 317-341, 1996.

Witte, K., “Fear as motivator, fear as inhibitor: Using the extended parallel process model to explain fear appeal successes and failures,” Handbook of communication and emotion: Research, theory, applications, and contexts (edited by Andersen, P. A. and Guerrero, L. K.), San Diego, CA, US: Academic Press, pp. 423- 450, 1998.

Witte, K., Meyer, G., and Martell, D., Effective health risk message: A step- by-step guide, Thousand Oaks, California: Sage, 2001.


  • There are currently no refbacks.