Browse > Article
http://dx.doi.org/10.13089/JKIISC.2014.24.6.1271

Studies on the effect of information security investment executive  

Jeong, Seong-Hoon (Graduate School of Information Security, Korea University)
Yoon, Joon-Sub (Graduate School of Information Security, Korea University)
Lim, Jong-In (Graduate School of Information Security, Korea University)
Lee, Kyung-Ho (Graduate School of Information Security, Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.24, no.6, 2014 , pp. 1271-1284 More about this Journal
Abstract
This paper classifies technical, administrative and physical areas of defects and advices made by an external audit (ISO27001) and internal audit (performed by a security team) in a company which has the management system of information security. With the classified data it finds the correlation between the budget and investment of information security, and analyze the correlation. As a result of the analysis, it has been found that as time goes on there is a consistent correlation between a administrative area and technical area of security. Specially, it has been confirmed that the relation between the scale of the budget which is not executed and the number of the defects and advices made by the audit is in direct proportion. Therefore, in this paper, so as to provide a model that can be used for validating the effectiveness of the protective investment information by statistically calculating the similarity based on the results of correlation analysis. This research is intended to help that a company makes a precise decision when it establishes a policy of information security and systematic methodology of the investment in information security.
Keywords
Security Policy; ISMS; ISO27001; Risk Management; Information Security Investment;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Hankyoreh News, Jan. 23. 2014. http://www.hani.co.kr/arti/politics/assembly/621197.html
2 KISA, "2014 National Information Security White Paper," Apr. 2014.
3 Ministry of Science, "Information Security industrial development agenda of comprehensive plan," ICT Future Planning, Jul. 2013.
4 KISA, "Information Security Survey 2013," Dec. 2013.
5 Roper, C.A., "Risk Management for Security Professionals", Butterworth- Heinemann, Boston, MA, pp.83-96, 1999.
6 Blakley, B., "Returns on Security Investment: an Imprecise but Necessary Calculation," Secure Business Quarterly, Vol. 1, No. 2, 2001.
7 Harris, S., CISSP All-in-One Exam Guide, McGraw-Hill, New York, NY, 2001.
8 Witty R.J, et al., "The Price of Information Security," Gartner Inc., Stamford, CT, 2001.
9 Jeong-deok Kim and Jeong-Eun Park, "Based on information security ROI TCO (ROSI) study," The Society of Digital Policy & Management, Founding Conference, pp.251-261, Dec. 2003.
10 Jong-seon Lee and Hui-Ho Lee, "Using the TCO-based Security ROI information security investment performance and evaluation method", Korea Information Processing Society, Conference, pp.1125-1128, Aug. 2007.
11 Young-Tek Jo, "Study on Improving the information protection level by Integrated Evaluation Items(IEI)" pp.53-63, Aug. 2004.
12 Gordon, L.A. and Loeb, M.P., "The Economics of Information Security Investment," ACM Transactions on Information and System Security, Vol.5, No.4, pp.438-457, Nov. 2002.   DOI
13 Cavusoglu, H.(Hasan), Cavusoglu, H.(Huseyin) and Raghunathan S., "Economics of IT Security Management: Four Improvements to Current Security Practices," Communications of the Association for Information System, Vol.14, pp.65-75, 2004.
14 Cavusoglu, H., Mishara, B. and Raghunathan, S., "A Model for Evaluating IT Security Investments," Communications of the ACM, Vol.47, No.7, pp.87-92, Jul. 2004.
15 Jin Kim, "Study on the Differences of Priority between Information Protection Importance and Security Investment," pp.34-43, Feb. 2014.
16 Chul-hwan Jang, "Factors that Affect Selection of Information Security Countermeasures," pp.28-30, Feb. 2014.
17 Scott, D., Security Investment Justification and Success Factors, Gartner Inc., Stamford, CT, 1998.
18 Han-kil Seon, "Study on the effect of information security policy and organization on the performance of information security," Korea Institute of Information Management, Conference pp.1087-1095, Aug. 2005.
19 Leem, C.S. and Kim, S. "Introduction to an Integrated Methodology for Development and Implementation of Enterprise Information Systems," Journal of Systems and Software, Vol. 60 No. 3, pp.249-261, Feb. 2002.   DOI   ScienceOn
20 Davis, A., "Return on Security Investment-Proving It's Worth It," Network Security, Vol. 2, pp. 8-10, 2005.
21 Blatchford, C., "Information Security Controls-Are They Cost-effective," Computer Audit Journal, Vol. 3, pp. 11-19, 1995.
22 Young-ok Kwon and Byung-do Kim, "The Effect of Information Security Breach and Security Investment Announcement on the Market Value of Korean Firms," Information Systems Review, 9(1), 1, pp.105-120, Apr. 2007.
23 Ki-hyang Hong, "Study on the Effect of Information Security Controls and Processes on the Performance of Information Security," kookmin University Ph.D. paper, pp. 138-141, Feb. 2004.
24 Sang-hoon Nam, "Empirical Study on the Impact of Security events to the Stock Price in the Analysis method of Enterprise Security Investment Effect," Korea University Ph.D. paper, pp. 80-102, Feb. 2006.
25 Young-ok Kwon, "The Effect of Information Security Breach and Security Investment Announcement on the Market Value of Korean Firms," Seoul University, paper of masters degree, pp.44-46, Aug. 2005.