信息安全威胁的应对行为——基于云计算情境的实证研究被引量：12

Coping Behavior of IT Threat: An Empirical Study in Context of Cloud Computing

下载PDF

导出

摘要为了解释用户面对信息安全威胁时的"不作为"现象,基于技术威胁规避理论,构建了信息安全风险(机密性、完整性和可用性)通过感知威胁(感知易感度、感知严重度和感知可避免度)影响用户信息安全应对行为(问题导向应对和情绪导向应对)的研究模型。以云计算为实证情境,应用结构方程模型对489位企业员工的调查问卷进行数据分析和模型拟合。研究结果表明,面对信息安全威胁时用户往往更倾向于采取情绪导向应对行为,而非单纯地采取问题导向应对。研究还发现,在不同感知可避免度下,用户面对信息安全威胁采取的安全行为是不同的,在感知可避免度高的情况下,感知易感度和感知严重度越高,用户越会采取情绪导向应对行为;在感知可避免度低的情况下,感知易感度和感知严重度越高,用户越会倾向于同时采取问题导向应对和情绪导向应对行为。 In order to explore the "non-action" phenomenon of users who face IT threat, a research model is constructed based on the technology threat avoidance theory(TTAT), which shows that information security risks(confidentiality risk, integrity risk, and availability risk) influence users' coping behavior(problem-focused coping(PFC) and emotion-focused coping(EFC)) through perceived threats(perceived susceptibility, perceived severity, and perceived avoidability). The theoretical model is empirically tested using the data obtained from the survey of 489 employees in the context of cloud computing. The results indicate that, users tend to adopt PFC, besides EFC when they face IT threat. Users adopt different security behaviors when they perceive avoidability. When the perceived avoidability is high, as the perceived susceptibility and perceived severity increase, it is more likely for the the users to adopt EFC. When the perceived avoidability is low, as the perceived susceptibility and perceived severity increase, it is more likely for the users to adopt both EFC and PFC.

作者王念新施慧王志英葛世伦

机构地区江苏科技大学经济管理学院

出处《系统管理学报》 CSSCI CSCD 北大核心 2018年第4期683-693,共11页 Journal of Systems & Management

基金国家科技支撑计划资助项目(2015BAF21B01-JKD) 国家自然科学基金资助项目(71331003 71471079 71471080) 江苏高校青蓝工程资助项目

关键词信息安全风险安全行为技术威胁规避理论云计算 information security risk security behavior technology threat avoidance theory cloud computing

分类号 TP309 [自动化与计算机技术—计算机系统结构]

引文网络
相关文献

参考文献2

1邵真,葛虹,冯玉强,刘鲁宁.组织文化对ERP系统消化吸收阶段知识共享作用机理的实证研究[J].系统管理学报,2013,22(2):194-201. 被引量：11
2周驷华,万国华.信息技术能力对供应链绩效的影响:基于信息整合的视角[J].系统管理学报,2016,25(1):90-102. 被引量：23

二级参考文献75

1谭大鹏,霍国庆,董纪昌.知识转移对企业ERP实施成效的影响——基于中国制造业的实证研究[J].科研管理,2007,28(5):66-75. 被引量：10
2Schultze U, Leidner D E. Studying knowledge management in information systems research: Discourses and theoretical assumptions [J]. MIS Quarterly, 2002, 26(3): 213-242.
3WangET G, Lin C C L, JiangJ J, etal. Improving enterprise resource planning (ERP) fit to organizational process through knowledge transfer [J]. International Journal of Information Management, 2007, 27(3): 200- 212.
4Jones M C, Cline M, Ryan S. Exploring knowledge sharing in ERP implementation: An organizational culture framework [J]. Decision Support Systems, 2006, 41: 411-434.
5Jones M C, Price R L. Organizational knowledge sharing in ERP implementation: A multiple case study analysis [C]//Proceedings of the 22nd International Conference on Information Systems (ICIS), New Orleans, LA December 16-18, 2001.
6Jones M C. Tacit knowledge sharing during ERP implementation: A multi-site case study [ J ]. Information Resources Management Journal, 2005, 18(2):1-23,.
7Bock G W, Zmud R W, Kim Y G, et al. Behavioral intention formation in knowledge sharing: Examining the roles of extrinsic motivators, social-psychological forces, and organizational climate [J]. MIS Quarterly, 2005, 29(1):87-111.
8Alavi M, Leidner D E. Review: Knowledge management and knowledge management systems: Conceptual foundations and research issues [J]. MIS Quarterly (MISQ Review), 2001, 25(1) : 107-136.
9Liang H G, Saraf N, Hu Q, et al. Assimilation of enterprise systems: The effect of institutional pressures and the mediating role of top management [J]. MIS Quarterly, 2007,31(1) :59-87.
10Schein E H. Organizational culture and leadership [M]. San Francisco, CA..Jossey-Bass, 1985.