2012 Volume 21 Issue 3 Pages 205-226
Abstract: From the viewpoint of information security management, there are many countermeasures to the risk that can be assumed. Generally, such countermeasures can be thought of as various activities that prevent risk and preserve information security, and are classified into “physical measures,” “technical measures,” and “human measures.” Among these, the third one is very difficult to accomplish. Although it is often said that countermeasures from the “human behavior viewpoint” can be carried out through “rule observance,” “compliance,” “education/enlightenment,” and so forth, substance of the measures in the list is not clear.
In this study, we will focus on the “deviant behavior” of personnel and conduct questionnaire surveys concerning their perceptions, attitudes, and the organizational climate related to the rules of information security. Furthermore, we will use structural equation modeling to analyze the results of the questionnaire surveys.
