Browse > Article
http://dx.doi.org/10.13089/JKIISC.2012.22.5.1123

The effects of the operation of an information security management system on the performance of information security  

Jang, Sang-Soo (KISA)
Lee, Sang-Joon (Chonnam University)
Noh, Bong-Nam (Chonnam University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.22, no.5, 2012 , pp. 1123-1132 More about this Journal
Abstract
Many domestic organizations are introducing and operating various information security management systems capable of coping with technical, administrative, and legal issues comprehensively and systematically, in order to prevent various infringement incidents such as personal information disclosure and hacking preemptively and actively. However, empirical analyses regarding the extent to which an information security management system contributes to information security performance have not been fully conducted, even though enterprises and organizations are actively introducing such systems in order to achieve their information security objectives as a part of their organizational management activities in line with their respective business, by investing considerable effort and resources in developing and operating these systems. This approach can be used to apply, develop, and operate the information management system actively within an organization. this study focused on analyzing how each specific phase of the information security management system affects information security performance, compared with previous studies, which generally focus on the information security control item in analyzing information security performance. The information security management system was analyzed empirically to determine how the Security PCDA cycling model affects information security performance.
Keywords
ISO27001; ISMS; PIMS; G-ISMS; RMF; Information Security Evaluation; Information SecurityPerformance; PLS;
Citations & Related Records
연도 인용수 순위
  • Reference
1 The Complete Public Domain BCMM, Virtual Corporation, 20052010.
2 김경규, "정보자산보호 성과가 정보보호 성과에 미치는 영향에 관한 연구," 정보관리연구, 제40권, 3호, pp. 61-77, 2009.
3 김태성, "기업의 정보보호 수준평가 방법론 개발," 2009.
4 서한준, "비즈니스-IT의 전략적 연계에 따른 IT투자와 IT 거버넌스 성숙도가 IT성과에 미치는 영향." 서울과학종합대학원 박사학위논문, 2009.
5 선한길, "국내 기업의 정보보호 정책 및 조직 요인이 정보보호 성과에 미치는 영향," 한국경영학정보학회 춘계학술대회, pp. 1087-1095, 2005.
6 이학식, 임지훈,SPSS 12.0 통계분석방법 및 해설,법문사, 2010.
7 한국인터넷진흥원(KISA), "07년 국가정보보호 수준 평가지수 산출과 시사점," 정보보호 이슈리포트, 2008.
8 한국인터넷진흥원(KISA), "정보보호 관리체계 수준평가 방법론 및 등급기준 연구," 2010.
9 홍기향, "정보보호 통제와 활동이 정보보호 성과에 미치는 영향에 관한 연구," 국민대학교대학원 박사 학위논문, 2003.
10 ISM3 v2.3, Information Security Management Maturity Model, 2009.
11 ISO27004,Information technology-Security techniques-Informationsecurity ma nagement-Measurement, 2010.
12 Janne Merete Hagen, Eirik Albrechtsen, Jan Hovden, Implementation and effectiveness of organizational information security measures, Inf. Manag. Comput. Security 16(4), pp. 377-397, 2008.   DOI   ScienceOn
13 JIPDEC, ISMS 적합성 제도 도입에 관한 실태조사, 2002, 2009.
14 Marianthi Theoharidou and Spyros Kokolakis, The insider threat to information systems and the effectiveness of ISO-17799, Information Security governance, 2005.
15 Moulton, R.T. and Moulton, M.E, Electronic Communications Risk Management : A Checklist for Business Managers, Computers & Security, Vol. 15, 1996.
16 NIST Special Publication 800-39, Managing Risk from Information Systems An Organizational Perspective, 2007.
17 NIST Special Publication 800-55 Revision 1, Performance Measurement Guide for Information Security(DRAFT), 2007.
18 Shuchih Ernest Chang, Chienta Bruce Ho, Organizational factors to the effectiveness of implementing information security management, Information Security Governance, 2006.