Most of the companies utilize information technology to strengthen their competitive advantages. Information technology system and security has become very important for companies, as loss of information can damage the growth of the organizations. However, most companies adapt only to technological elements. It as been evident that their efforts to deal with individual information security issues are insufficient. The fundamental problem of information security is based on human`s will and behavior. It is more important to establish effective policies and motivate members to follow them rather develop technical part of the information security to protect the information and systems of the organization. Unfortunately, effectiveness of the information security systems that are used by most of companies has not been proved and individual level of information security behavior and awareness was not considered in these systems. This study is based on the proposition which changes the organizational members`s awareness are essential to conduct information security under new management environment. The research aims to empirically verify the influences of information ethics of an organization on their recognition and action on an individual level. The results are presented through the security awareness and behavior of organizational members by obtaining and defining the elements of information ethics. The research defines information ethics in an organization as human. Systematic and technological activities in a corporate level prevent private and organizational information from being disclosed, misused, and altered, preventing factors that may disrupt the functionality of an information system. Research has proved that the information ethics of an organization has an influence on information security awareness and behavior. Therefore, information security behavior is required to protect information of an organization and whilst maintaining the information ethics on an organizational level. This research can convince organizations to establish the information ethics by defining the organizational information ethics, presenting a direct influence of information security awareness and behavior of individual members of the organization within the outcomes of the information security system. In addition, the research would further contribute towards an effective investment and decision-making for organizations on information security.

1 임채호, "효과적인 정보보호인식제고 방안" 한국정보보호학회 16 (16): 30-36, 2006

2 오창규, "효과적인 정보보호 교육 및 훈련을 위한 프레임워크 개발" 한국정보보호학회 13 (13): 59-69, 2003

3 서진완, "지방자치단체의 정보보호 현황분석" 한국행정연구원 17 (17): 221-245, 2008

4 김현수, "조직구성원의 정보보안 의식과 조직의 정보보안 수준과의 관계 연구" 한국데이타베이스학회 7 (7): 117-134, 2000

5 최무진, "정보처리에 있어 윤리적 판단에 관한 실증적 연구" 28 (28): 677-703, 1999

6 한국정보산업연합회, "정보윤리와 디지털 사회"

7 이선중, "정보보호문화의 평가지표에 관한 탐색적 연구" 한국정보화진흥원 15 (15): 100-119, 2008

8 "정보보호관리체계인증" 한국인터넷진흥원

9 김광용, "정보 윤리 의사결정에 관한 실증적 연구-S/W 불법복제를 중심으로" 한국산업정보학회 1999

10 "온라인 리서치"

11 김종기, "보안정책, 보안의식, 개인적 특성이 패스워드 보안효과에 미치는 영향" 한국정보보호학회 18 (18): 123-134, 2008

12 정경수, "바람직한 정보사회 구현을 위한 정보윤리관의 정립 연구" 정보통신연구진흥원 1995

13 "기술유출통계" 산업기밀보호센터

14 국가정보원, "국가정보보호백서"

15 김병순, "경영학 원론" 단국대학교 출판사 2005

16 "http://www.eprivacy.or.kr/safeoffer/view_sysa.html" 한국정보통신산업연합회

17 Constant, D., "What's mine is ours, or is it? A study of attitudes about information sharing" 5 (5): 400-421, 1994

18 Wright, M., "Third generation risk management practices" 2 : 9-12, 1999

19 Cavanagh, G., "The ethics of organizaitonal politics" 6 (6): 363-374, 1981

20 Aron, J., "The benefits of a notification process in addressing the worsening computer virus problems: results of a survey and a simulation model" 20 (20): 693-714, 2001

21 Dening, D., "Social aspect of computer security" 1987

22 Siponen, M., "Six design theories for IS security policies and guidelines" 7 (7): 445-472, 2006

23 Goodhue, D., "Security concerns of system user: A study of perceptions of the adequacy of security" 20 (20): 13-27, 1991

24 Kabay, M., "Psychosocial factors in the implementation of information security policy" 21 (21): 1-10, 1994

25 Wood, C., "Policies alone do not constitute a sufficient awareness effort" 12 : 14-19, 1997

26 Knapp, K., "Managerial dimensions in information security: A theoretical model of organizational effectiveness" Information Systems Security Certification Consortium (ISC) 2-, 2005

27 Grover, S., "Lying, deceit, and subterfuge: A model of dishonesty in the workplace" 4 (4): 478-495, 1993

28 Choi, N., "Knowing is doing" 16 (16): 484-501, 2008

29 Brenner, S., "Is the ethics of business changing? Business Ethics: Methodological issues"

30 Layton, T., "Information security awareness: the psychology behind the technology" AuthorHouse 2005

31 Wood, C., "Information security awareness raising nethods" 6 : 13-15, 1995

32 Rezgui, Y., "Information security awareness n higher education: an exploratory study" 27 (27): 241-253, 2008

33 Von Solms, B., "Information Security-A Multidimensional Discipline" 20 (20): 504-508, 2001

34 Cavusoglu, H., "Information Security control resources in organization: A Multidismensional View and Their key drivers"

35 Leach, J., "Improving user security behaviour" 22 (22): 685-692, 2003

36 Nosworthy, J., "Implementing information security in the 21 super (st) Century-do you have the balancing factors?" 19 (19): 337-347, 2000

37 박영우, "IT관련 서비스 제공에 따른 역기능 및 대책" IT와 법연구소 1 (1): 113-151, 2007

38 Parkin, R., "IT security is a business issue not a technical one" 15 (15): 411-421, 1999

39 Berkman, E., "How to staff upfor security" 15 : 15-, 2002

40 Mason, R., "Four ethical issues of the information age" 10 (10): 5-12, 1986

41 Posner, B., "Ethics in American companies: A managerial perspective" 6 (6): 383-391, 1987

42 Bowyer, K., "Ethics and computing: living responsibly in a computerized world" IEEE Computer society press 1996

43 Hudson, S., "Ethical orientation and awareness of tourism students" 62 (62): 383-396, 2005

44 Jones, T., "Ethical decision making by individuals in organizations: An issue-contingent model" 16 (16): 366-395, 1991

45 Straub Jr, D., "Effective IS Security" 1 (1): 255-276, 1990

46 Spinello, R., "Cyberethics: Morality and law in cyberspace" 14 (14): 70-90, 2005

47 Spinello, R., "Cyberethics: Morality and Law in Cyberspace, Sudbury, Massachusets" Jones and Bartlett Publishers 2000

48 Deal, T., "Corporate cultures" Addison-Wesley Reading 1982

49 Straub, D., "Coping with systems risk: security planning models for management decision making" 22 (22): 441-469, 1998

50 Johnson, D., "Computers, ethics and social values" Prentice-Hall, Inc. 1995

51 Forester, T., "Computer ethics: cautionary tales and ethica dilemmas in computing" The MIT Press 1994

52 Pierce, M., "Computer ethics: The role of personal, informal, and formal codes" 15 (15): 425-437, 1996

53 Johnson, D., "Computer ethics" Prentice Hall, Inc. 1994

54 Goodpaster, K., "Business Ethics: The Field and the Course"

55 Baumhart, R., "An honest profit: What businessmen say about ethics in business" Holt, Rinehart and Winston 1968

56 Furnell, S., "A prototype tool for information security awareness and training" 15 (15): 352-357, 2002

57 Puhakainen, P., "A design theory for information security awareness" University of Oulu 2006

58 Chen, C., "A cross-cultural investigation of situational information security awareness programs" 16 (16): 360-376, 2008

59 Siponen, M., "A conceptual foundation for organization information security awareness" 8 (8): 31-41, 2000