Even if a rapid diffusion of digital era has brought a high level of convenience in our daily life, risks associated with security(e.g., phishing, hacking) have been increased in a same manner. Recently, the risks such as cyber attack or inside information leakage aiming financial gain has gradually transformed and appeared as new types of threat. Particularly, financial firms are more concerned about such security risks than others because negligence in surveillance results in negative result to customer. To achieve security objectives of financial firm, it needs organizational monitoring and effort of controlling to maintain technical and procedural status. In this regard, this study proposes the research model investigating the relationship between the organizational security countermeasures and the reduced financial IT risks, which then affects competitive advantage. In addition, we examine the role of transformational leadership as a moderating effect between security countermeasures and the reduced financial IT risk. The research model was analyzed using Partial Leasts Square(PLS) approach with a total of 159 data collected from financial firms. Findings indicate that all proposed hypotheses are supported. This study suggests new theoretical framework on security-related study and provides practitioners with guideline of security design.

디지털 시대의 급속한 확산은 업무와 일상생활에 편리함을 가져온 반면, 피싱이나 해킹 등의 위험도 함께 증가시켰다. 최근 들어 금전적 이익을 목적으로 하는 사이버 공격 혹은 내부 정보 유출 등 그 위협들이 점차 새로운 형태로 변형되어 나타남으로써 심각한 사회적 이슈가 되고 있다. 특히, 이러한 문제는 금융기관에서 중요하게 인식되고 있다. 왜냐하면 이들의 소홀한 관리가 내부 뿐 아니라 소비자들에게 부정적인 결과를 만들기 때문이다. 이러한 금융기업들의 보안 목표를 달성하기 위해서는 기술 및 절차적 상태를 유지하기 위한 조직적 관리와 감독의 노력에 의해서 가능하다. 이에 본 연구는 조직의 보안대책이 금융기업의 IT 보안 위험 감소를 이끌고 나아가 기업 경쟁력 강화에도 영향을 미칠 것이라고 제안한다. 또한, 변혁적 리더십이 보안대책과 감소된 금융 IT 보안 위험 사이에서 어떠한 조절역할을 하는지에 대해 살펴보았다. 총 159부의 설문을 바탕으로 SmartPLS 3.0을 사용하여 구조모형을 분석한 결과, 모든 가설은 지지된 것으로 나타났다. 본 연구는 보안관련 연구에 새로운 이론적 프레임워크를 제안하고 금융기업 실무자들에게는 보안 설계에 대한 가이드라인을 제공한다.

1 장성옥, "금융IT 보안조직 역량강화를 위한 핵심성과지표(KPI) 도출에 관한 연구" 한국전자거래학회 18 (18): 125-142, 2013

2 Kotulic, A. G., "Why There aren’t More Information Security Research Studies" 41 (41): 597-607, 2004

3 Myyry, L., "What Levels of Moral Reasoning and Values Explain Adherence to Information Security Rules? An Empirical Study" 18 (18): 126-139, 2009

4 Spears, J. L., "User Participation in Information Systems Security Risk Management" 34 (34): 503-522, 2010

5 D’Arcy, J., "User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse : A Deterrence Approach" 20 (20): 79-98, 2009

6 Judge, T. A., "Transformational and Transactional Leadership: a Metaanalytic Test of Their Relative Validity" 89 (89): 755-768, 2004

7 Avolio, B. J., "Transformational Leadership and Organizational Commitment: Mediating Role of Psychological Empowerment and Moderating Role of Structural Distance" 25 (25): 951-968, 2004

8 Burton-Jones, A., "Toward a Deeper Understanding of System Usage in Organizations : A Multilevel Perspective" 31 (31): 657-679, 2007

9 Schlarman, S., "The People, Policy, Technology(PPT)Model : Core Elements of the Security Process" 10 (10): 1-6, 2001

10 Shao, Z., "The Mediating Effect of Organizational Culture and Knowledge Sharing on Transformational Leadership and Enterprise Resource Planning Systems Success: An Empirical Study in China" 28 (28): 2400-2413, 2012

11 Workman, M., "Security Lapses and the Omission of Information Security Measures : An Empirical Test of the Threat Control Model" 24 (24): 2799-2816, 2008

12 Gewald, H., "Risks and Benefits of Business Process Outsourcing : A Study of Transaction Services in the German Banking Industry" 46 (46): 249-257, 2009

13 Herath, T., "Protection Motivation and Deterrence : A Framework for Security Policy Compliance in Organizations" 18 (18): 106-125, 2009

14 Anderson, C. L., "Practicing Safe Computing: A Multimethod Empirical Examination of Home Computer User Security Behavioral Intentions" 34 (34): 613-643, 2010

15 Siponen, M., "Neutralization: New Insights into the Problem of Employee Information Systems Security Policy Violations" 34 (34): 487-502, 2010

16 Aiken, L. S., "Multiple Regression: Testing and Interpreting Interactions" Sage Publications 1991

17 Bass, B. M., "Leadership and Performance Beyond Expectations" Free Press 1985

18 Li, Y., "Leadership Characteristics and Developers’Motivation in Open Source Software Development" 49 (49): 257-267, 2012

19 Hsu, C., "Institutional Influences on Information Systems Security Innovations" 23 (23): 1-22, 2012

20 McCumber, J., "Information Systems Security: A Comprehensive Model" 328-337, 1991

21 Vatanasombut, "Information Systems Continuance Intention of Web-Based Applications Customers : The Case of Online Banking" 45 (45): 419-428, 2008

22 Bulgurcu B. H, "Information Security Policy Compliance : An Empirical Study of Rationality-Based Beliefs and Information Security Awareness" 34 (34): 523-548, 2010

23 Gefen, D., "Inexperience and Experience with Online Stores : The Importance of TAM and Trust" 50 (50): 307-321, 2003

24 Carte, T., "In Pursuit of Moderation : Nine Common Errors and Their Solutions" 27 (27): 479-501, 2003

25 Bass, B. M., "Improving Organizational Effectiveness through Transformational Leadership" Sage 1994

26 Zhang, J., "Impact of Perceived Technical Protection on Security Behaviors" 17 (17): 330-340, 2009

27 Boss, S. R., "If Someone is Watching, I’ll Do What I’m Asked : Mandatoriness, Control, and Information Security" 18 (18): 151-164, 2009

28 Cho, J., "How Does Leadership Affect Information Systems Success? The Role of Transformational Leadership" 48 (48): 270-277, 2011

29 Parker, D. B., "Fighting Computer Crime" Scribner 1983

30 Fornell, C., "Evaluating Structural Equation Models with Unobservable Variables and Measurement Error" 18 (18): 39-50, 1981

31 Liang, H., "Ensuring Employees’ IT Compliance : Carrot or Stick?" 24 (24): 279-294, 2013

32 Pahnila, S., "Employees’ Behavior Towards IS Security Policy Compliance" IEEE Computer Society Press 2007

33 Brown S. A, "Do I Really Have To? User Acceptance of Mandated Technology" 11 (11): 283-295, 2002

34 Straub, D. W., "Coping with Systems Risk : Security Planning Models for Management Decision Making" 22 (22): 441-469, 1998

35 Cho, J., "Are Transformational Leaders Fair? A Multi-Level Study of Transformational Leadership Justice Perceptions, and Organizational Citizenship Behaviors" 21 (21): 409-421, 2010

36 Hovav, A., "Applying and Extended Model of Deterrence Across Cultures : An Investigation of Information Systems Misuse in the U. S. and South Korea" 49 (49): 99-110, 2012

37 Kankanhalli, A., "An Integrative Study of Information Systems Security Effectiveness" 23 (23): 139-154, 2003

38 Chin, W., "A Partial Least Squares Latent Variable Modeling Approach for Measuring Interaction Effects: Results from a Monte Carlo Simulation Study and an Electronic-Mail Emotion/Adoption Study" 14 (14): 189-217, 2003

39 Maconachy, W. V., "A Model for Information Assurance: An Integrated Approach" United State Military Academy, IEEE 306-310, 2001