Browse > Article
http://dx.doi.org/10.11627/jkise.2016.39.4.097

Prioritize Security Strategy based on Enterprise Type Classification Using Pair Comparison  

Kim, Hee-Ohl (Graduate School of Management Consulting, Hanyang University)
Baek, Dong-Hyun (Department of Business Administration, Hanyang University)
Publication Information
Journal of Korean Society of Industrial and Systems Engineering / v.39, no.4, 2016 , pp. 97-105 More about this Journal
Abstract
As information system is getting higher and amount of information assets is increasing, skills of threatening subjects are more advanced, so that it threatens precious information assets of ours. The purpose of this study is to present a strategic direction for the types of companies seeking access to information security. The framework classifies companies into eight types so company can receive help in making decisions for the development of information security strategy depending on the type of company it belongs to. Paired comparison method survey conducted by a group of information security experts to determine the priority and the relative importance of information security management elements. The factors used in the security response strategy are the combination of the information security international certification standard ISO 27001, domestic information protection management system certification K-ISMS, and personal information security management system certification PIMS. Paired comparison method was then used to determine strategy alternative priorities for each type. Paired comparisons were conducted to select the most applicable factors among the 12 strategic factors. Paired comparison method questionnaire was conducted through e-mail and direct questionnaire survey of 18 experts who were engaged in security related tasks such as security control, architect, security consulting. This study is based on the idea that it is important not to use a consistent approach for effective implementation of information security but to change security strategy alternatives according to the type of company. The results of this study are expected to help the decision makers to produce results that will serve as the basis for companies seeking access to information security first or companies seeking to establish new information security strategies.
Keywords
Information Security; Establishment of a Strategy; Company Classification; Paired comparison method;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 CONCERT, Corporate Information Security Issues Forecast, 2015.
2 Doherty, N.F. and Fulford, H., Do Information Security Policies Reduce the Incidence of Security Breaches : An Exploratory Analysis, Information Resources Management Journal, 2005, Vol. 18, No. 4, pp. 21-39.   DOI
3 Flint, D.J., Woodruff, R.B., and Gardial, S.F., Exploring the Phenomenon of Customers Desired Value Change in a Business to Business Context, Journal of Marketing, 2002, Vol. 66, No. 4, pp. 102-117.
4 Hawkins, S. and Yen, D.C., Awareness and Challenges of Internet Security, Information Management and Computer Security, 2000, Vol. 8, No. 3, pp. 131-143.   DOI
5 Hu, Q., Hart, P., and Cooke, D., The Role of External and Internal Influences on Information Systems Security Practices : An Institutional Perspective, The Journal of Strategic Information Systems Archive, 2006, Vol. 16, No. 2, pp. 153-172.
6 Introduction to privacy and personal information management framework, Financial Security Institute, 2011.
7 Karyda, M., Kiountouzis, E., and Kokolakis, S., Information security policies : a contextual perspective, Computers and Security, 2005, pp. 246-260.
8 Kim, H.O. and Baek, D.H., A Study on Categorization of Accident Pattern for Organization's Information Security Strategy Establish, Journal of the Society of Korea Industrial and Systems Engineering, 2015, Vol. 38, No. 4, pp. 193-201.   DOI
9 Kim, H.O. and Baek, D.H., Study on Development of Framework of Company Classification in Information Security Perspective, Journal of the Society of Korea Industrial and Systems Engineering, 2016, Vol. 39, No. 3, pp. 18-29.   DOI
10 Korea Communications Commission, KCS.KO-12.0001 PIMS, 2011.
11 Korea Information Security Agency, Information Security Survey, 2015.
12 Korea Information Security Agency, ISMS Controls Guide, 2004.
13 Maria Adriana Giusti, Temi di Restauro, Celid, 1988, p. 147.
14 Mintzberg, H., The design school : Reconsidering the basic premises of strategic management, Strategic Management Journal, 1990, Vol. 11, No. 3, pp. 171-195.   DOI
15 Morgan, R.T., Image of organization, Sage Publications, 1986.
16 NISC, Industry Secret Management Survey Report, 2015.
17 Rich, P., The Organizational Taxionomy : Definition and Design, Academy of Management Review, 1992, Vol. 17, No. 4, pp. 758-781.   DOI
18 Sarker, S., Lau, F., and Sahay, S., Using an Adapted Grounded Theory Approach for Inductive Theory Building About Virtual Team Development, DATA BASE for Advances in Information Systems, 2001, Vol. 2, No. 1, pp. 38-56.
19 Serio, M., Progetto di Restauro : La Basilica di San Francesco in Assisii e Primi Avanzamenti, Utet, 2003.
20 Seo, J.H., Ko, B.S., and Bae, S.M., Extracting Priorities of Strategic Components of Product Liability Response System using AHP, Journal of the Korean Society for Quality Management, 2014, Vol. 42, No. 2, pp. 235-251.   DOI
21 Spears, J.L. and Barki, H., User Participation in Information Systems Security Risk Management, MIS Quarterly, 2010, Vol. 34, No. 3, pp. 503-522.   DOI
22 Survey of personal information, Ministry of Science, ICT and Future Planning, 2015.