Browse > Article
http://dx.doi.org/10.11627/jkise.2016.39.3.018

Study on Development of Framework of Company Classification in Information Security Perspective  

Kim, Hee-Ohl (Graduate School of Management Consulting, Hanyang University)
Baek, Dong-Hyun (Department of Business Administration, Hanyang University)
Publication Information
Journal of Korean Society of Industrial and Systems Engineering / v.39, no.3, 2016 , pp. 18-29 More about this Journal
Abstract
For most organizations, a security infrastructure to protect company's core information and their technology is becoming increasingly important. So various approaches to information security have been made but many security accidents are still taking place. In fact, for many Korean companies, information security is perceived as an expense, not an asset. In order to change this perception, it is very important to recognize the need for information security and to find a rational approach for information security. The purpose of this study is to present a framework for information security strategies of companies. The framework classifies companies into eight types so company can receive help in making decisions for the development of information security strategy depending on the type of company it belongs to. To develope measures to classify the types of companies, 12 information security professionals have done brainstorming, and based on previous studies, among the factors that have been demonstrated to be able to influence the information security of the enterprise, three factors have been selected. Delphi method was applied to 29 security experts in order to determine sub items for each factor, and then final items for evaluation was determined by verifying the content validity and reliability of the components through the SPSS analysis. Then, this study identified characteristics of each type of eight companies from a security perspective by utilizing the developed sub items, and summarized what kind of actual security accidents happened in the past.
Keywords
Information Security; Evaluation Index; Development of Framework; Company Classification;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 Hawkins, S. and Yen, D.C., Awareness and Challenges of Internet Security, Information Management and Computer Security, 2000, Vol. 8, No. 3, pp. 131-143.   DOI
2 Hu, Q., Hart, P., and Cooke, D., The Role of External and Internal Influences on Information Systems Security Practices : An Institutional Perspective, The Journal of Strategic Information Systems Archive, 2006, Vol. 16, No. 2, pp. 153-172.
3 Introduction to privacy and personal information management framework, Financial Security Institute, 2011.
4 Kankanhalli et al., An Integrative Study of Information Systems Security Effectiveness, Journal of Information Management, 2003, Vol. 23, No. 2, pp. 139-154.   DOI
5 Karyda, M., Kiountouzis, E., and Kokolakis, S., Information security policies : a contextual perspective, Computers and Security, 2005, pp. 246-260.
6 Kast, F.E. and Rosenzweig, J.E., General Systems Theory : Applications for Organization and Management, Academy of Management Journal, 1972, Vol. 15, No. 4, pp. 447-465.   DOI
7 Katz, D. and Kahn, R.L., The Social Psychology of Organizations( 2nd ed.). New York : Wiley, 1978.
8 Kim et al., The Effects of Information Security Policies, Security Controls and User's Characteristics on Anti-Virus Security Effectiveness, Journal of Information Systems, 2006, Vol. 15 No. 1, pp. 145-168.
9 Kim, H.O. and Baek, D.H., A Study on Categorization of Accident Pattern for Organization's Information Security Strategy Establish, Journal of the Society of Korea Industrial and Systems Engineering, 2015, Vol. 38 No. 4, pp. 193-201.   DOI
10 Kim, M.S., Jeoune, D.S., Nam, K.H., Kim, G.R., and Han, C.M., Implication of Industrial Security Capacity Based on Level Evaluation, The Korean Society for Quality Management, 2013, Vol. 41, No. 4, pp. 649-658.   DOI
11 Korea Communications Commission Report, A Fact-Finding on Leak Out of Personal Data, KCC, 2015.
12 Lohmeyer, D.F., McCrory, J., and Pogreb, S., Managing Information Security, The McKinsey Quarterly, Special Edition : Risk and Resilience, 2002, Vol. 2, pp. 12-16.
13 Mckelvey, B. and Aldrich, H., Populations, Natural Selection, and Applied Organizational Science, Administrative Science Quarterly, 1983, Vol. 28, No, 1, pp. 101-128.   DOI
14 Miller, P., Strategic Industrial Relations and Human Resource Management-Distiction, Definition and Recognition, Journal of Management Studies, 1987, Vol. 24, No. 4, pp. 347-361.   DOI
15 Mintzberg, H., The design school : Reconsidering the basic premises of strategic management, Strategic Management Journal, 1990, Vol. 11, No. 3, pp. 171-195.   DOI
16 Morgan, R.T., Image of organization. Sage Publications, 1986.
17 National Defense Science and Technology Vocabulary, 2011.
18 Pfhleeger, C.P., Security in Computing, Second edn, Prentice Hall, United States of America, 1997.
19 Phares, E.J., Introduction to personality, Columbus, OH : Carles E. Merrill, 1984.
20 Rich, P., The Organizational Taxionomy : Definition and Design, Academy of Management Review, 1992, Vol. 17, No. 4, pp. 758-781.   DOI
21 Sanchez, J.C., The Long and Thorny way to an Organizational Taxonomy, Organization Studies, 1993, 14/1: 73-92.   DOI
22 Sarker, S., Lau, F., and Sahay, S., Using an Adapted Grounded Theory Approach for Inductive Theory Building About Virtual Team Development, DATA BASE for Advances in Information Systems, 2001, Vol. 2, No. 1, pp. 38-56.
23 Schneier, B., Secrets & Lies-Digital Security in a Networked World, Wiley Computer Publishing, New York, 2002.
24 Spears, J.L. and Barki, H., User Participation in Information Systems Security Risk Management, MIS Quarterly, 2010, pp. 503-522.
25 Sherwood, J., SALSA : A Method for Developing the Enterprise Security Architecture and Strategy, Computers and Security, 1996, Vol. 15, Issue. 6, pp. 501-506.   DOI
26 Smith, E., Kritzinger, E., Oosthuizen, H.J., and Von Solms, S.H., Information Security Education, in Proceedings of the WISE 4 Conference, Moscow, Russia, 2004.
27 Solms, V. and Solms, R., The 10 Deadly Sins of Information Security Management, Computers and Security, 2004, Vol. 23, No. 5, pp. 371-376.   DOI
28 Survey of personal information, Ministry of Science, ICT and Future Planning, 2015.
29 Thomson, M.E. and Von Solms, R., Information Security Awareness : Educating Your Users Effectively, Information Management and Computer Security, 1998, Vol. 6, No. 4, pp. 167-173.   DOI
30 Von Solms, R. and Von Solms, S.H., From policies to culture, Computers and Security, 2004, Vol. 23, No. 4, pp. 275-279.   DOI
31 Von Solms, S.H., Information Security Management through Measurement, in Proceedings of the SEC99 conference, Johannesburg, South-Africa, 1999.
32 Werlinger, R., Muldner, K., Hawkey, K., and Beznosov, K., Preparation, detection, and analysis : the diagnostic work of IT security incident response, Information Management and Computer Security, 2010, Vol. 18, No. 1, pp. 26-42.   DOI
33 Wood, C.C., Why Information Security is Now Multi-Disciplinary, Multi-Departmental, and Multi-Organizational in Nature. Computer Fraud and Security, 2004, No. 1, pp. 16-17.
34 Dzazali, S. and Zolait, A.H., Assessment of Information Security Maturity : an Exploration Study of Malaysian Public Service Organizations, Journal of Systems and Information Technology, 2012, Vol. 14, No. 1, pp. 23-57.   DOI
35 Yngstrom, L., A Systemic-Holistic Approach to Academic Programmes in IT Security, Ph.D Thesis, Department of Computer and Systems Sciences, University of Stockholm and the Royal Institute of Technology, 1996.
36 Bharadwaj, A., Keil, M., and Mahring, M., Effects of information technology failures on the market value of firms. The Journal of Strategic Information Systems, 2009, Vol. 18, No. 2, pp. 66-79.   DOI
37 Brancheau, J.C., Janz, B.D., and Wetherbe, J.C., Key Issues in Information Systems Management : 1994-95 SIM Delphi Results, MIS Quarterly, 1996, Vol. 20, No. 2, pp. 225-242.   DOI
38 Calder, A. and Van Bom, J., Implementing Information Security Based on ISO 27001/ISO 17799, Van Haren Publishing, 2006.
39 Chang, H.B., The Design of Information Security Management System for SMEs Industry Technique Leakage Prevention, Korea Multimedia Society, 2010, Vol. 13 No. 1, pp. 111-121.
40 Doherty, N.F. and Fulford, H., Do Information Security Policies Reduce the Incidence of Security Breaches : An Exploratory Analysis, Information Resources Management Journal, 2005, Vol. 4, pp. 21-38.
41 Ettredge, M. and Richardson, V.J., Information Transfer among Internet Firms : the Case of Hacker Attacks, Journal of Information Systems, 2003, Vol. 17, No. 2, pp. 71-82.   DOI
42 Flint, D.J., Woodruff, R.B., and Gardial, S.F., Exploring the Phenomenon of Customers Desired Value Change in a Business to Business Context, Journal of Marketing, 2002, Vol. 66, No. 4, pp. 102-117.
43 Gorman et al., Least Effort Strategies for Cybersecurity, The Critical Infrastructure Project Workshop I : Working Papers, May 2003, pp. 1-14.
44 Hagen, J.M., Albrechtsen, E., and Hovden, J., Implementation and Effectiveness of Organizational Information Security Measures, Information Management and Computer Security, 2008, Vol. 16, No. 4, pp. 377-397.   DOI