Browse > Article
http://dx.doi.org/10.13089/JKIISC.2009.19.6.153

An Empirical Research on Human Factor Management Indicators for Information Security  

Cha, In-Hwan (A3 Security Ltd.)
Kim, Jung-Duk (Chung-Ang University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.19, no.6, 2009 , pp. 153-160 More about this Journal
Abstract
This study is to develop a human resource (HR) security framework, and related HR security indicators in the context of information security. The HR security framework consists of three constructs, personnel assurance, personnel competence, and personnel security control. Based on the framework, HR security management indicators are derived as 26 indicators in 9 items out of 3 categories. An empirical research has been performed to verify the relevance and consistency between the indicators by conducting a questionnaire-based survey. Also, interrelationships between the proposed indicators and HR related security level were analyzed by the multiple regression analysis. As a result, the proposed hypothesis were mostly accepted, showing the significant relationships between the indicators and security level.
Keywords
Human Resource Security; Personnel Security; Management Indicators;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 J. Caylor, M.E. Withman, P. Fendler, and D. Baker, "Rebuilding Human Firewall," Information security development, ACM, pp. 104-106, Oct. 2005   DOI
2 CISCO, "Annual Security Report," Nov. 2008
3 S. Mikko and W. Robert, "A Critical Assessment of IS Security between 1990-2004," ECIS 2007, pp. 1551-1559, Dec. 2005
4 M.E. Whitman and H.J. Mattord, "Management of Information Security," Dec. 2007
5 ISO/IEC, "ISO 27001," Oct. 2005
6 B.V. Solms, "Information Security the Fourth Wave," Computers & Security 25, pp. 165-168, Elsevier, Mar. 2006   DOI   ScienceOn
7 J.S. Broderick, "ISMS, Security Standard and Regulation," Information Security Technical Report, vol. 11, issue. 1, pp. 26-31, Mar. 2006   DOI   ScienceOn
8 DOD, "Personnel Security Program," May 2001
9 R.A. Caralli, "Managing for Enterprise Security," CMU/SEI-2004-046, Dec. 2004
10 V. Leveque, "Computer Society, Information Security, a strategic approach," IEEE, May 2006
11 한국정보보호진흥원, "국가 정보보호수준 평가지수 모델개발 및 활용에 관한 연구," 정보전략 05-01, 2005년 12월
12 Deloitte, "Global Security Survey," Nov. 2008
13 R. Goh, "The Importance of the Human Element," Doctorial Dissertation, June 2003
14 J.H.P. Eloff and M.M. Eloff, "Information Security Architecture," Computer Fraud & Security, 2005(11), pp. 10-16, Nov. 2005   DOI   ScienceOn
15 F.L. Greitzer, L.J. Kanggas, T.W. Edgar, A.J. Brothers, and P.R. Paulson, "Predictive Adaptive Classification Model for Analysis and Notification: Internal Threat," technology report PNNL-16713, May 2007
16 CIO Megazine, "The Global State of Information Security," July 2008
17 MI5, "Personnel Security," NSAC, July 2007
18 김정덕, "개인정보보호를 위한 관리체계와 거버넌스," 정보보호학회지, 18(6), pp. 1-5, 2008년 12월
19 ISSPCS, Reference No. 6 : "Personnel Security Functional Discipline," July 2005
20 NIST, "SP 800-53," Apr. 2006
21 IDC, "2007 Global Security Survey," Apr. 2008