Browse > Article
http://dx.doi.org/10.11627/jkise.2015.38.4.193

A Study on Categorization of Accident Pattern for Organization's Information Security Strategy Establish  

Kim, Hee-Ohl (Graduate School of Management Consulting, Hanyang University)
Baek, Dong-Hyun (Department of Business Administration, Hanyang University)
Publication Information
Journal of Korean Society of Industrial and Systems Engineering / v.38, no.4, 2015 , pp. 193-201 More about this Journal
Abstract
Corporation's valuable intelligent asset is being threatened from the skills of threatening subject that has been evolved along with the growth of the information system and the amount of the information asset. Domestically, attempts of various private information attacks, important information extortion, and information damage have been detected, and some of them have abused the vulnerability of security of information system, and have become a severe social problem that generates security incident. When accessing to the security, most of companies used to establish a strategy with a consistent manner and a solution plan. However, this is not a proper way. The order of priorities vary depending on the types of business. Also, the scale of damage varies significantly depending on the types of security incidents. And method of reaction and critical control point vary depending on the types of business and security incidents. In this study, I will define the security incidents by their types and preponderantly examine how one should react to those security incidents. In this study, analyzed many types of security accidents that can occur within a corporation and an organization considering various factors. Through this analysis, thought about factors that has to be considered by corporations and organizations when they intend to access to the information security. This study focuses on the response methodology based on the analysis of the case analysis of the leakage of industrial secret and private secret other than the conceptual response methodology that examines the way to prevent the leakage of the industry security systems and the industry information activities. And based on these factors, want to be of help for corporations to apply a reasonable approach when they establish a strategy to information security.
Keywords
Information Security; Security Incident; Accident Pattern; Categorization;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 Aljifri, H. and Navarro, D.S., International Legal Aspects of Cryptography. Computers and Security, 2003, Vol. 22, No. 3, pp. 196-203.   DOI
2 Announcement on National Industrial Security Center, NISC, 2015.
3 Besnard, D. and Arief, B., Computer security impaired by legitimate user. Computers and Security, 2004, pp. 253-264.
4 Bharadwaj, A. and Keil, M. and Mahring, M., Effects of Information Technology Failures on the Market Value of Firms. The Journal of Strategic Information Systems archive, 2009, Vol. 18, No. 2, pp. 66-79.   DOI
5 Brancheau, J.C., Janz, B.D., and Wetherbe, J.C., Key Issues in Information Systems Management : 1994-95 SIM Delphi Results. MIS Quarterly, 1996, Vol. 20, No. 2, pp. 225-242.   DOI
6 Broderick, J.S., Information Security Risk Management- When should it be Managed?. Information Security Technical Report, 2001, Vol. 6, No. 3, pp. 12-18.   DOI
7 Calder, A. and Van Bom, J., Implementing Information Security Based on ISO 27001/ISO 17799. Van Haren Publishing, 2006.
8 Cavusoglu, H. and Raghunathan, S., Economics of IT Security Management : Four Improvements to Current Security Practices. Communications of the Association for Information Systems, 2004, Vol. 14, No. 3.
9 Deloitte, Touche and Tohmatsu (2005). Global Security Survey, Available at : www.deloitte.com.
10 Dhillon, G. and Moores, S., Computer Crimes : Theorizing about the Enemy within. Computers and Security, 2001, Vol. 20, No. 8, pp. 715-723.   DOI
11 Doherty, N.F. and Fulford, H., Do Information Security Policies Reduce the Incidence of Security Breaches : An Exploratory Analysis. Information Resources Management Journal, 2005, Vol. 4, pp. 21-38.
12 Ettredge, M. and Richardson, V.J., Information Transfer among Internet Firms: the Case of Hacker Attacks. Journal of Information Systems, 2003, Vol. 17, No. 2, pp. 71-82.   DOI
13 Finne, T., Information Systems Risk Management : Key Concepts and Business Processes. Computer and Security; 2000, Vol. 19, No. 3, pp. 234-42.   DOI
14 Flint, D.J., Woodruff, R.B. and Gardial, S.F., Exploring the Phenomenon of Customers Desired Value Change in a Business-to-Business Context. Journal of Marketing, 2002, Vol. 66, pp. 102-117.
15 Hagen, J.M. and Albrechtsen et al., Implementation and Effectiveness of Organizational Information Security Measures. Information Management and Computer Security, 2008, Vol. 16, No. 4, pp. 377-397.   DOI
16 Halliday, S., Badenhorst, K., and von Solms, R., A Business Approach to Effective Information Technology Risk Analysis and Management. Information Management and Computer Security, 1996, Vol. 4, No. 1, pp. 19-31.   DOI
17 Hawkins, S. and Yen, D.C., Awareness and Challenges of Internet Security. Information Management and Computer Security, 2000, Vol. 8, No. 3, pp. 131-143.   DOI
18 Hu, Q., Hart, P., and Cooke, D., The Role of External and Internal Influences on Information Systems Security Practices : An Institutional Perspective. The Journal of Strategic Information Systems Archive, 2006, Vol. 16, No. 2, pp. 153-172.
19 Information Security Specialist's CISSP Note, 2012.
20 Jahner, S. and Krcmar, H., Beyond Technical Aspects of Information Security : Risk Culture as a Success Factor for IT Risk Management, AMCIS 2005 Proceedings, 2005, p. 462.
21 Karyda, M., Kiountouzis, E., and Kokolakis, S., Information security policies : a contextual perspective. Computers and Security, 2005, pp. 246-260.
22 Kim et al., Implication of Industrial Security Capacity Based on Level Evaluation. Journal of the Korean Society for Quality Management, 2013, Vol. 41, No. 4, pp. 649-658.   DOI
23 Korea Communications Commission Report, A Fact-Finding on Leak Out of Personal Data, KCC, 2015.
24 Kotulic, A.J. and J.G. Clark, Why There aren't more Information Security Research Studies. Information and Management, 2004, Vol. 41, No. 5, pp. 597-607.   DOI
25 Lebek, B., Degirmenci, K., and Breitner, M.H., Investigating the Influence of Security, Privacy, and Legal Concerns on Employees Intention to Use BYOD Mobile Devices, Proceedings of the Nineteenth Americas Conference on Information Systems, Chicago, Illinois, 2005, pp. 15-17.
26 Lee, A.S., Retrospect and Prospect : Information Systems Research in the Last and Next Twenty-Five Years. Journal of Information Technology, 2010, Vol. 25, No. 4, pp. 336-348.   DOI
27 Lee, J.H., Shin, W.S., and Park, H.J., A Study on Improvement Plans for Technology Protection of SMEs in Korea. Journal of Society of Korea Industrial and Systems Engineering, 2014, Vol. 37, No. 2, pp. 77-84.   DOI
28 Lewis, A., Time to Elevate IT Security to the Boardroom. e Secure, 2000, Vol. 1, No. 1, p. 28.
29 National Defense Science and Technology Vocabulary, 2011.
30 Lohmeyer, D.F., McCrory, J., and Pogreb, S., Managing Information Security, The McKinsey Quarterly, Special Edition : Risk and Resilience, 2002, Vol. 2, pp. 12-16.
31 National Institute of Standards and Technology, An Introduction to Computer Security : The NIST Handbook, Special Publication, 2000, pp. 800-12.
32 NIST, Information Security Handbook : A Guide for Managers, 2006.
33 Peppard, J., The Conundrum of IT Management. European Journal of Information Systems, 2007, pp. 336-345.
34 Pfhleeger, C.P., Security in Computing, Second edn, Prentice Hall, United States of America, 1997.
35 Posthumus, S. and Von Solms, R., A Framework for the Governance of Information Security. Computers and Security, 2004, Vol. 23, No. 8, pp. 638-646.   DOI
36 Ransbotham, S. and Mitra, S., Choice and Chance : A Conceptual Model of Paths to Information Security Compromise. Information Systems Research, 2009, Vol. 20, No. 1, pp. 121-139.   DOI
37 Sarker, S., Lau, F., and Sahay, S., Using an Adapted Grounded Theory Approach for Inductive Theory Building About Virtual Team Development. DATA BASE for Advances in Information Systems, 2001, Vol. 2, No. 1, pp. 38-56.
38 Smith, E., Kritzinger, E., Oosthuizen, H.J., and Von Solms, S.H., Information Security Education, in Proceedings of the WISE 4 Conference, Moscow, Russia, 2004.
39 Son, J.Y. and Benbasat, I., Organizational Buyer's Adoption and Use of B2B Electronic Marketplace : Efficiency and Legitimacy-Oriented Perspectives. Journal of Management Information Systems, 2007, Vol. 24, No. 1, pp. 55-99.   DOI
40 Spears, J.L. and Barki, H., User Participation in Information Systems Security Risk Management. MIS Quarterly, 2010, pp. 503-522.
41 Squara, D., LAN Security will become a Priority in the Networks of Tomorrow. Available at: http://itweb.co.za. 29, 2000.
42 Stiles, P. and Taylor, B., Boards at work : How directors view their roles and responsibilities. Oxford : Oxford University Press, 2001.
43 Straub, D. and Welke, R., Coping with Systems Risk : Security Planning Models for Management Decision Making. MIS Quarterly, 1998, Vol. 22, No. 4, pp. 441-469.   DOI
44 The 9th Korean Standard Industrial Classification, 2007.
45 Thomson, M.E. and Von Solms, R., Information Security Awareness : Educating Your Users Effectively. Information Management and Computer Security, 1998, Vol. 6, No. 4, pp. 167-173.   DOI
46 Unfair Competition Prevention and Business Secret Protection Law, 2007.
47 Vidgen, R. and Wang, X., Coevolving Systems and the Organization of Agile Software Development. Information Systems Research, 2009, Vol. 20, No. 3, pp. 355-376.   DOI
48 Von Solms, R. and Von Solms, S.H., From policies to culture. Computers and Security, 2004, Vol. 23, No. 4, pp. 275-279.   DOI
49 Von Solms, S.H., Information Security Management through Measurement, in Prodeedings of the SEC99 conference, Johannesburg, South-Africa, 1999.
50 Whiteman, W. and Mattord, H.J., Principles of Information Security, Thomson-Course Technology, Canada, 2003.
51 Wood, C.C., Why Information Security is Now Multi- Disciplinary, Multi-Departmental, and Multi-Organizational in Nature. Computer Fraud and Security, 2004, No. 1, pp. 16-17.