Empirical Analysis of Behavior on Information Security

In this article, we raise some prohibited matters within the organizations from the viewpoint of information security measures, and investigate factors such as individual attributes and organizational attributes which impact the decision making on not complying with the rule. By using the collected data from a survey that we conducted in March 2010 and employing a stepwise log it model as a statistical tool, we analyze the relationships between decision making on not complying with the rule and some attributes. As a result, we found the some features of respondents who took problematic behavior. First of all, the psychological factors such as risk perception and risk aversion influence the problematic behaviors. Next, the high individuals´ morals are able to prevent their taking problematic behaviors. Third, the individuals who experienced some information security accidents, or the individuals whose degree of workplace satisfaction is low, tend to take problematic behavior. In addition, by introducing power shift from ruling body to lower organization as the incentive system for employee´s working, individuals come to tend to take problematic behaviors. Though with regard to factors such as the individual´s attitude toward the risk and/or moral as the rule within the organization, we propose to educate and train about the information security and the awareness. On the other hand, factors such as the experience of information security accidents, the degree of workplace satisfaction and the incentive system for employee´s working may be controlled by the organization by designing the appropriate organizational environment.