Acknowledgement
이 논문은 2018년 대한민국 교육부와 한국연구재단의 지원을 받아 수행된 연구임(NRF-2018S1A5A2A01039356).
References
- 공희경, 전효정, 김태성, "AHP를 이용한 정보보호투자 의사결정에 대한 연구", Journal of Information Technology Applications & Management, 제15권, 제1호, 2008, pp. 139-152.
- 과학기술정보통신부, 2018 정보보호실태조사, 2019.
- 김길환, 양원석, 김태성, "유전자 알고리즘을 이용한 정보보호 대책 투자 포트폴리오의 최적화", 한국통신학회논문지, 제43권, 제2호, 2018, pp. 439-451. https://doi.org/10.7840/kics.2018.43.2.439
- 김종기, 김지윤, "정보보호 의사결정에서 정보보호 침해사고 발생가능성의 심리적 거리감과 상대적 낙관성의 역할", Information Systems Review, 제20권, 제3호, 2018, pp. 51-71. https://doi.org/10.14329/isr.2018.20.3.051
- 안랩, 보안용어사전, 2019.11.19, Available at https://www.ahnlab.com/kr/site/main.do.
- 양대일, 정보보호개론, 한빛아카데미, 2016.
- 양원석, 김태성, 박현민, "확률모형을 이용한 정보보호 투자 포트폴리오 분석", 한국경영과학회지, 제34권, 제3호, 2009, pp. 155-163.
- 임정현, 김태성, "정보보호 대책 수준을 고려한 정보보호 투자 최적화: 유전자 알고리즘 접근법", 한국IT서비스학회지, 제18권, 제5호, 2019, pp. 155-165. https://doi.org/10.9716/KITS.2019.18.5.155
- 펜타시큐리티, 2019.11.19, Available at https://www.pentasecurity.co.kr/.
- 한국인터넷진흥원, 중소기업 정보보호컨설팅 지원사업, 2019. 11. 25, Available at http://www.smb.isconsulting.kr.
- 한국인터넷진흥원, 2017 정보보호실태조사, 2018.
- Benaroch, M., "Real options models for proactive uncertainty-reducing mitigations and applications in cybersecurity investment decision making", Information Systems Research, Vol.29, No.2, 2018, pp. 315-340. https://doi.org/10.1287/isre.2017.0714
- Biermann, E., E. Cloete, and L. M. Venter, "A comparison of intrusion detection systems", Computers & Security, Vol.20, No.8, 2001, pp. 676-683. https://doi.org/10.1016/S0167-4048(01)00806-9
- Bodin, L. D., L. A. Gordon, M. P. Loeb, "Evaluating information security investments using the analytic hierarchy process", Communications of the ACM, Vol.48, No.2, 2005, pp. 78-83. https://doi.org/10.1145/1042091.1042094
- Cavusoglu, H., B. Mishra, and S. Raghunathan, "A model for evaluating IT security investments", Communications of the ACM, Vol.47, No.7, 2004, pp. 87-92. https://doi.org/10.1145/1005817.1005828
- Cavusoglu, H., B. Mishra, and S. Raghunathan, "The value of intrusion detection systems in information technology security architecture", Information Systems Research, Vol.16, No.1, 2005, pp. 28-46. https://doi.org/10.1287/isre.1050.0041
- Fielder, A., E. Panaousis, P. Malacaria, C. Hankin, and F. Smeraldi, "Decision support approaches for cyber security investment", Decision Support Systems, Vol.86, 2016, pp. 13-23. https://doi.org/10.1016/j.dss.2016.02.012
- Gordon, L. A. and M. P. Loeb, "The economics of information security investment", ACM Transactions on Information and System Security, Vol.5, No.4, 2002, pp. 438-457. https://doi.org/10.1145/581271.581274
- Gupta, M., J. Rees, A. Chaturvedi, and J. Chi, "Matching information security vulnerabilities to organizational security profiles: A genetic algorithm approach", Decision Support Systems, Vol.41, No.3, 2006, pp. 592-603. https://doi.org/10.1016/j.dss.2004.06.004
- Houmb, S. H. and V. N. Franqueira, "Estimating ToE risk level using CVSS", 2009 International Conference on Availability, Reliability and Security, IEEE, 2009, pp. 718-725.
- Kong, H. K., T. S. Kim, and J. Kim, "An analysis on effects of information security investments: A BSC perspective", Journal of Intelligent Manufacturing, Vol.23, No.4, 2012, pp. 941-953. https://doi.org/10.1007/s10845-010-0402-7
- Kumar, R. L., S. Park, and C. Subramaniam, "Understanding the value of countermeasure portfolios in information systems security", Journal of Management Information Systems, Vol.25, No.2, 2008, pp. 241-280. https://doi.org/10.2753/MIS0742-1222250210
- Nespoli, P., D. Papamartzivanos, F. G. Marmol, and G. Kambourakis, "Optimal countermeasures selection against cyber attacks: A comprehensive survey on reaction frameworks", IEEE Communications Surveys Tutorials, Vol.20, No.2, 2017, pp. 1361-1396. https://doi.org/10.1109/COMST.2017.2781126
- OWASP Top Ten Project, 2019.11.15, Available at https://www.owasp.org.
- Ponemon Institute, 2018 International Data Breach Statistics, 2018.
- Sonnenreich, W., J. Albanese, and B. Stout, "Return on security investment (ROSI)-a practical quantitative model", Journal of Research and Practice in Information Technology, Vol.38, No.1, 2006, pp. 45.
- Verizon, 2019 Data Breach Investigations Report, 2019.
- Viduto, V., C. Maple, W. Huang, and D. LoPez-PereZ, "A novel risk assessment and optimisation model for a multi-objective network security countermeasure selection problem", Decision Support Systems, Vol.53, No.3, 2012, pp. 599-610. https://doi.org/10.1016/j.dss.2012.04.001