Browse > Article

Cyber Security Management of Small and Medium-sized Enterprises with Consideration of Business Management Environment  

Chun, Yong-Tae (경기대학교 시큐리티매니지먼트전공)
Publication Information
Korean Security Journal / v., no.59, 2019 , pp. 9-35 More about this Journal
Abstract
Until now, a lot of research on cyber security have been tried, but there have been few studies on overall relationships, including internal factors and external factors. Therefore, this study examined cyber security management considering not only internal elements of SMEs but also corporate management environment. The first qualitative analysis and the second quantitative analysis were conducted through mixed method research. Qualitative analysis was conducted through a semi-structured interview method, and three themes were found: insufficient cyber security management system, internal noncooperation for cyber security, and problems derived from decision-making system. In the quantitative analysis, multiple regression analysis was conducted on the data obtained through the questionnaire. The perception of cyber threats and internal support among independent variables positively influenced the cyber security management system or the dependent variable. Through this study, internal variables had a causal impact on the cyber security management system rather than external environment variables. This implies that the variables related to the organizational culture such as employees' perception are important. These results are expected to provide practical significance for enhancing the cyber security management system in SMEs.
Keywords
Small and medium-sized enterprises; Mixed methods; Cyber security management; Technical.human.managerial controls; Holistic approach;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 Blackburn, R. (2012). Segmenting the SME market and implications for service provision: A literature review (Research Paper Ref: 9/12). London: Advisory, Conciliation and Arbitration Service.
2 Boyatzis, R. E. (1998). Transforming qualitative information: Thematic analysis and code development. Sage.
3 Chang, E. S., & Ho, C. B. (2006). Organizational factors to the effectiveness of implementing information security management. Industrial Management & Data Systems, 106(3), 345-361.   DOI
4 강정헌 (2015). 국내 중소기업 산업보안 증진 방안 제시-통합 기술보호증진센터 설립과 단계별 지원 방안을 중심으로. 한국산업보안연구, 5(1), 113-144.
5 권장기, 김경일 (2017). 자원 제약하의 중소기업 정보보안계획 수립방안 연구. 융합정보논문지, 7(2), 119-124.   DOI
6 김상현, 송영미 (2011). 조직 구성원들의 정보보안 정책 준수 동기요인에 관한 연구. e-비즈니스연구, 12(3), 327-349.
7 김양훈 (2014). 핵심기술 유출과 보안수준 상관관계 연구: 중소기업 기술유출을 중심으로. 한국산업보안연구, 4(1), 97-108.
8 Johnston, A. C., & Warkentin, M. (2010). Fear appeals and information security behaviors: an empirical study. MIS Quarterly, 34(3), 549-566.   DOI
9 Gupta, A., & Hammond, R. (2005). Information systems security issues and decisions for SMEs: An empirical examination. Information Management & Computer Security, 13(4), 297-310.   DOI
10 Hall, J. H., Sarkani, S., & Mazzuchi, T. A. (2011). Impacts of organizational capabilities in information security. Information Management & Computer Security, 19(3), 155-176.   DOI
11 Kayworth, T., & Whitten, D. (2010). Effective information security requires a balance of social and technology factors. MIS Quarterly Executive, 9(3), 2012-2052.
12 Levy, M., & Powell, P. (2005). Strategies for growth in SMEs: The role of information and information systems. Oxford: Butterworth Heinemann.
13 Organ, D. (2015). Trust through certification in SME Cloud adoption. In P. R. J. Trim, & H.Y. Youm (Eds.), Korea-UK Collaboration in Cyber Security: From Issues and Challenges to Sustainable Partnership (pp. 32-46), Seoul: British Embassy in South Korea.
14 Parsons, K., McCormac, A., Butavicius, M., Pattinson, M., & Jerram, C. (2014). Determining employee awareness using the Human Aspects of Information Security Questionnaire. Computers & Security, 42, 165-176.   DOI
15 Rhee, H.-S., Ryu, Y. U., & Kim, C.-T. (2012). Unrealistic optimism on information security management. Computers & Security, 31(2), 221-232.   DOI
16 Safa, N. S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N. A., & Herawan, T. (2015). Information security conscious care behaviour formation in organizations. Computers & Security, 53, 65-78.   DOI
17 Werlinger, R., Hawkey, K., & Beznosov, K. (2009). An integrated view of human, organizational, and technological challenges of IT security management. Information Management & Computer Security, 17(1), 4-19.   DOI
18 Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance model in organizations, Computers & Security, 56, 70-82.   DOI
19 Singh, A. N., Picot, A., Kranz, J., Gupta, M. P., & Ojha, A. (2013). Information security management (ISM) Practices: Lessons from select cases from India and Germany. Global Journal of Flexible Systems Management, 14(4), 225-239.   DOI
20 Soomro, Z. A., Shah, M. H., & Ahmed, J. (2016). Information security management needs more holistic approach: A literature review. International Journal of Information Management, 36(2), 215-225.   DOI
21 Young, R. F., & Windsor, J. (2010). Empirical evaluation of information security planning and integration. Communications of the Association for Information Systems, 26(1), 245-266.
22 Bryman, A. (2016). Social research methods. Oxford: Oxford university press.
23 남재성 (2012). 중소기업의 산업기밀 유출범죄 피해실태와 대책. 한국공안행정학회보, 21, 44-75.
24 김은정 (2013). 경호.경비 연구방법론에서 질적 연구의 활용. 한국경호경비학회지, 34, 33-55.
25 김희경, 윤순진 (2011). 에코맘의 삶과 의미에 관한 질적 사례 연구. 교육인류학연구, 14(2), 91-127.
26 나현대, 정현수 (2016) 국내${\cdot}$외 정보보호 관리체계기반의 인적보안의 이론적 비교연구. 융합정보논문지, 6(3), 13-19.
27 박태형, 임채홍, 이기오, 임종인 (2013). 중소기업 산업보안 강화를 위한 지방정부의 역할분석연구-경기도 사례에 대한 실증분석을 중심으로. 디지털융복합연구, 11(10), 1-16.   DOI
28 백민정, 손승희 (2011). 중소규모 조직구성원의 정보보안인식과 행동이 정보보안성과에 미치는 영향에 관한 연구. 중소기업연구, 33(2), 113-132.
29 Grant, K., Edgar, D., Sukumar, A., & Meyer, M. (2014). 'Risky business': Perceptions of e-business risk by UK small and medium sized enterprises (SMEs). International Journal of Information Management, 34(2), 99-122.   DOI
30 송봉규 (2014). 중소기업 영업비밀 보안수준 인식과 보안 관리체계의 차이에 관한 연구. 한국테러학회보, 77, 31-62.
31 심준섭 (2008). 행정학 연구의 대안적 방법으로서 의 방법론적 다각화(Triangulation) : 질적방법과 양적 방법의 결합. 한국행정연구, 17(2), 3-31.   DOI
32 윤승영 (2016). 기업지배구조 관점에서 바라본 내부통제와 기업의 정보보안. 기업법연구, 30(1), 9-37.
33 장항배 (2010). 중소기업 산업기술 유출방지를 위한 정보보호 관리체계 설계. 멀티미디어학회논문지, 13(1), 111-121.
34 전창욱, 유진호 (2017). 중소기업에서 산업보안을 위한 디지털포렌식 활용방안 연구-이미징처리시간 비교분석을 중심으로. 한국산업보안연구, 6(2), 169-193.
35 정재원, 이정훈, 김채리 (2016). 기업의 정보보안 활동이 구성원의 정보보안 준수의도에 미치는 영향 연구. 정보.보안논문지, 16(7), 51-59.
36 통계청 (2017). 2016 시도${\cdot}$산업${\cdot}$종사자규모별 전국 사업체 조사.
37 한진영, 유현선 (2016). 경영진의 정보보안 지능이 조직원의 보안대책 인식에 미치는 영향. Information Systems Review, 18(3), 137-153.   DOI
38 Bauer, J. M., & Dutton, W. H. (2015). The New Cyber security Agenda: Economic and Social Challenges to a Secure Internet (World Bank's World Development Report n.102965).