정보 보안 위협 통제 가능성과 정보 보안 정책 실행능숙도가 정보 보안 정책 준수 행위 의도에 미치는 영향
- 2025년 4월 3일
- 1분 분량
The Impact of Information Security Threat Controllability and Information Security Policy Competence on Information Security Policy Compliance Behavioral Intention
Abstract
This study addresses the gaps of existing research on Information Security Policy (ISP) compliance by focusing on the role of individual capabilities. Organizations face significant challenges in ensuring ISP compliance, as compliance depends heavily on employees’ ability to perceive and execute security policies effectively. Using Social Cognitive Theory (SCT) as the theoretical foundation, this study examines the impact of Threat Control Ability (TCA) and Security Policy Competence (SPC) on ISP compliance awareness, attitude, and intention. Survey data collected from 319 respondents were analyzed to validate the proposed model. The findings indicate that both TCA and SPC positively influence ISP compliance intention but do not have a significant impact on ISP compliance attitude. TCA significantly affects ISP compliance awareness, while SPC does not, suggesting that TCA helps employees understand the necessity of compliance, whereas SPC focuses on facilitating the practical execution of policies. The study highlights the differentiated roles of TCA and SPC in the ISP compliance process, emphasizing the importance of addressing both “why” and “how” aspects of compliance.
Keyword:
Information Security, Security Policy, Information Security Policy, Compliance, Social Cognitive theory, Employee Capabilities, Threat Control, Competence
출처
장재영, 이석열, & 김범수. (2025). 정보 보안 위협 통제 가능성과 정보 보안 정책 실행 능숙도가 정보 보안 정책 준수 행위 의도에 미치는 영향. 한국 IT 서비스학회지, 24(2), 99-115.