DOI QR코드

DOI QR Code

Prioritize Security Strategy based on Enterprise Type Classification Using Pair Comparison

쌍대비교를 활용한 기업 유형 분류에 따른 보안 전략 우선순위 결정

  • Kim, Hee-Ohl (Graduate School of Management Consulting, Hanyang University) ;
  • Baek, Dong-Hyun (Department of Business Administration, Hanyang University)
  • 김희올 (한양대학교 일반대학원 경영컨설팅학과) ;
  • 백동현 (한양대학교 경상대학 경영학부)
  • Received : 2016.11.07
  • Accepted : 2016.12.15
  • Published : 2016.12.31

Abstract

As information system is getting higher and amount of information assets is increasing, skills of threatening subjects are more advanced, so that it threatens precious information assets of ours. The purpose of this study is to present a strategic direction for the types of companies seeking access to information security. The framework classifies companies into eight types so company can receive help in making decisions for the development of information security strategy depending on the type of company it belongs to. Paired comparison method survey conducted by a group of information security experts to determine the priority and the relative importance of information security management elements. The factors used in the security response strategy are the combination of the information security international certification standard ISO 27001, domestic information protection management system certification K-ISMS, and personal information security management system certification PIMS. Paired comparison method was then used to determine strategy alternative priorities for each type. Paired comparisons were conducted to select the most applicable factors among the 12 strategic factors. Paired comparison method questionnaire was conducted through e-mail and direct questionnaire survey of 18 experts who were engaged in security related tasks such as security control, architect, security consulting. This study is based on the idea that it is important not to use a consistent approach for effective implementation of information security but to change security strategy alternatives according to the type of company. The results of this study are expected to help the decision makers to produce results that will serve as the basis for companies seeking access to information security first or companies seeking to establish new information security strategies.

Keywords

References

  1. CONCERT, Corporate Information Security Issues Forecast, 2015.
  2. Doherty, N.F. and Fulford, H., Do Information Security Policies Reduce the Incidence of Security Breaches : An Exploratory Analysis, Information Resources Management Journal, 2005, Vol. 18, No. 4, pp. 21-39. https://doi.org/10.4018/irmj.2005100102
  3. Flint, D.J., Woodruff, R.B., and Gardial, S.F., Exploring the Phenomenon of Customers Desired Value Change in a Business to Business Context, Journal of Marketing, 2002, Vol. 66, No. 4, pp. 102-117.
  4. Hawkins, S. and Yen, D.C., Awareness and Challenges of Internet Security, Information Management and Computer Security, 2000, Vol. 8, No. 3, pp. 131-143. https://doi.org/10.1108/09685220010372564
  5. Hu, Q., Hart, P., and Cooke, D., The Role of External and Internal Influences on Information Systems Security Practices : An Institutional Perspective, The Journal of Strategic Information Systems Archive, 2006, Vol. 16, No. 2, pp. 153-172.
  6. Introduction to privacy and personal information management framework, Financial Security Institute, 2011.
  7. Karyda, M., Kiountouzis, E., and Kokolakis, S., Information security policies : a contextual perspective, Computers and Security, 2005, pp. 246-260.
  8. Kim, H.O. and Baek, D.H., A Study on Categorization of Accident Pattern for Organization's Information Security Strategy Establish, Journal of the Society of Korea Industrial and Systems Engineering, 2015, Vol. 38, No. 4, pp. 193-201. https://doi.org/10.11627/jkise.2015.38.4.193
  9. Kim, H.O. and Baek, D.H., Study on Development of Framework of Company Classification in Information Security Perspective, Journal of the Society of Korea Industrial and Systems Engineering, 2016, Vol. 39, No. 3, pp. 18-29. https://doi.org/10.11627/jkise.2016.39.3.018
  10. Korea Communications Commission, KCS.KO-12.0001 PIMS, 2011.
  11. Korea Information Security Agency, Information Security Survey, 2015.
  12. Korea Information Security Agency, ISMS Controls Guide, 2004.
  13. Maria Adriana Giusti, Temi di Restauro, Celid, 1988, p. 147.
  14. Mintzberg, H., The design school : Reconsidering the basic premises of strategic management, Strategic Management Journal, 1990, Vol. 11, No. 3, pp. 171-195. https://doi.org/10.1002/smj.4250110302
  15. Morgan, R.T., Image of organization, Sage Publications, 1986.
  16. NISC, Industry Secret Management Survey Report, 2015.
  17. Rich, P., The Organizational Taxionomy : Definition and Design, Academy of Management Review, 1992, Vol. 17, No. 4, pp. 758-781. https://doi.org/10.5465/amr.1992.4279068
  18. Sarker, S., Lau, F., and Sahay, S., Using an Adapted Grounded Theory Approach for Inductive Theory Building About Virtual Team Development, DATA BASE for Advances in Information Systems, 2001, Vol. 2, No. 1, pp. 38-56.
  19. Seo, J.H., Ko, B.S., and Bae, S.M., Extracting Priorities of Strategic Components of Product Liability Response System using AHP, Journal of the Korean Society for Quality Management, 2014, Vol. 42, No. 2, pp. 235-251. https://doi.org/10.7469/JKSQM.2014.42.2.235
  20. Serio, M., Progetto di Restauro : La Basilica di San Francesco in Assisii e Primi Avanzamenti, Utet, 2003.
  21. Spears, J.L. and Barki, H., User Participation in Information Systems Security Risk Management, MIS Quarterly, 2010, Vol. 34, No. 3, pp. 503-522. https://doi.org/10.2307/25750689
  22. Survey of personal information, Ministry of Science, ICT and Future Planning, 2015.

Cited by

  1. 소스코드의 취약점 이력 학습을 이용한 소프트웨어 보안 취약점 분석 시스템 vol.18, pp.11, 2016, https://doi.org/10.5762/kais.2017.18.11.46
  2. 기계 학습 알고리즘을 이용한 효과적인 대상 영역 분할 vol.19, pp.5, 2016, https://doi.org/10.5762/kais.2018.19.5.697