2021 Volume 30 Issue 2 Pages 89-104
There have been many reports of information being released without permission. The purpose of this paper is to demonstrate to suppress the rationalization of unauthorized bringing-out of information from the perspective of the “awareness” requirements of the ISO/IEC 27001 by using the fraud triangle theory. We consider the three latent variables, namely, “policy”, “contribution”, and “effects of non-compliance” exhibit the effect of suppressing the rationalization of unauthorized bringing-out of information. We construct a model to test our hypotheses and performed covariance structure analysis and multiple group covariance structure analysis based on the questionnaire survey data. Our sample consist of member groups of an organization with and without the ISO/IEC 27001 certification. As a result, we confirmed our hypotheses partially and found that the requirements that shall be improved the perception differed from group to group.