• The Journal of Society for e-Business Studies
• /
• v.25 no.1
• /
• pp.45-64
• /
• 2020

In the rapidly changing business environments, Internet companies have the characteristics of organizational culture that emphasize the flexible, open and autonomous nature of organizational culture, and are transforming into flexible smart working environment that is independent of time and place. Despite such an Internet business environment, the security management system still fails to reflect the business environment and organizational culture of the Internet company, and the control-focused security management system in the Internet company is facing limitations. Therefore, this study designed and developed Corporate members' autonomy-centered security items that considering the characteristics of the business environment and organizational culture of the Internet company. The results of this study are expected to be used to implement and operate corporate members' autonomy-centered security management system in internet companies with an agile business environment and an autonomous organizational culture.

• 정보보호뉴스
• /
• s.131
• /
• pp.21-23
• /
• 2008

기업의 사회공헌에 대한 사회 구성원들의 요구가 있다. 기업의 규모가 크면 클수록 사회 공공의 이익을 위한 더 많은 공익적 활동이 있게 마련이고, 실제로 적지 않은 기업이 봉사 활동이나 기부 등을 통해 사회공헌을 실천하고 있다. 당위성이 우선 시 되는 정보보호도 마찬가지. 지난 몇 년간 대형 웹 서비스 기업을 중심으로 정보보호에 대한 사회적 책임을 강조하는 목소리가 커지고 있다. 온라인 게임 서비스를 제공하는 넥슨도 이런 사회적 책임을 요구받는 기업 중 하나다.

• Convergence Security Journal
• /
• v.15 no.4
• /
• pp.121-126
• /
• 2015

Exposure of personal information that is held by hacking accident near the company has led to severe water level. And, it has changed security threat elements generated according to businessenterprise. Therefore, in this paper, I looked at security threat elements and proposed the way of appropriate information security consulting according type of company. First, In the financial and insurance industries, and should not have been compromised by a worm virus infection due to lack of awareness inside of members, by collectively apply in the same way the internal security standards of the organization to members, the risk of customer information. It shall be provided in advance that the security accident occurs due to a higher job group. Therefore, information security consulting method based on people and information is applied. Secondly, in industry of company, to perform consulting information security based on the attributes of the case industry groups.

• Journal of the Korea Convergence Society
• /
• v.9 no.9
• /
• pp.69-81
• /
• 2018

The ultimate intention of this research is to identify the factors that have a significant effect on the perceived importance of information security as the antecedent of intention to information security policy compliance. We found that the effectiveness of information security training program did not have statistically significant effect on the perceived cost of policy compliance. Second, the effectiveness of information security policy has significant influence on the perceived cost of policy compliance. Third, perceived vulnerability has a significant effect on the perceived cost of policy compliance. Fourth, perceived cost of policy compliance has a significant effect on perceived importance of information security. Fifth, supervisor's attitude toward information security silence has a significant effect on employee silent behavior towards information security. Sixth, communication opportunities towards information security has a significant influence on employee silent behavior towards information security. Finally, it was shown that employee silent behavior towards information security had a significant influence on the perceived importance of information security.

• Korean Security Journal
• /
• no.56
• /
• pp.145-163
• /
• 2018

Recently, security behavior of members of organizations has been recognized as a critical part of information security at the corporate level. Leakage of customers' information brings more attention to information security behavior of organizations and the importance of a task force. Research on information breach and information security is actively conducted of personal behavior toward security threats or members of organizations who use security technology. This study aims to identify factors of influence on information security behavior of members of organizations and to empirically find out how these factors affect information security behavior through behavior toward attitude, subjective norm and perceived behavior control. On the basis of the research, this study will present effective and efficient ways to foster information security activities of members of organizations. To this end, the study presented a research model that applied significant variables based on integration of Theory of Planned Behavior (TPB) and Theory of Protection Motivation (TPM). To empirically verify this research model, the study conducted a survey of members of organizations who had security-related work experience at companies. So, it is critical for members of organizations to encourage positive word of mouth (WOM) about information security behavior. Results show that based on the integration of TPM and TPB, perceived vulnerability, perceived severity, perceived efficiency and perceived barriers of information security behavior of members of organizations had significant influences on mediating variables such as behavior toward attitude, subjective norm, perceived behavior control and intention. They also had significant influences on organization information security behavior which is a dependent variable. This study indicates companies should introduce various security solutions so that members of the organizations can prevent and respond to potential internal and external security risks. In addition, they will have to take actions to inspect vulnerability of information system and to meet security requirements such as security patches.

• Korean Security Journal
• /
• no.39
• /
• pp.355-386
• /
• 2014

Current business environment asks the fundamental changes about business security. The essences of these changes are that the security management of today's global business is important task of managers and the security practitioner is professional who needs very specialized education and training with business thinking. Rapid process of globalization of global village tore down the business limit that was restricted on the geological areas' limitation. Rapid business environments' change that is driving depends on development of science and technology with globalization needs new paradigm to keep business continuity. With the process of globalization, Korea, which importance is gradually increasing in the national economy, has trade dependent economic system, which keeps power of national economy through trade, so Korean economic tendency is accelerating. To keep competitiveness in global market, new strategy that is different with existing domestic business management is necessary. That is, capacity of coping with outside risk in domestic business management is established in some degree, but business activities in foreign countries faces at numerous unexpected risks that differ from country to country such as difference with the custom, changes of corporate governance etc. To cope with these new risks effectively, new paradigm for business risk is necessary. Especially, flexibility of thinking like new paradigm is necessary to cope with new security risk effectively. To cope with security risk that occurs in the new business environment effectively and competes against international company in global market, company management and members' changes of cognition about security and innovative changes in security policy is necessary. In the basement of these changes, there is expansion of business security tasks, improvement of report line, enhancement of professionalism and status of security officers, variation of hands-on workers and increasing of investment to the security etc.

• Information Systems Review
• /
• v.18 no.2
• /
• pp.127-149
• /
• 2016

Based on a comprehensive literature review on Theory of Planned Behavior and Social Cognitive Theory, this study proposes and empirically examines a structural model consisting of factors affecting voluntary information security compliance behavior. To test the proposed research model, the study analyzes survey results from employees of a major Korean energy company, which employs an enterprise compliance support system. Results indicate three factors: compliance behavioral belief and compliance knowledge affect compliance behavior; compliance knowledge works as a mediator in the relationship between compliance behavioral belief and compliance behavior; and the more relevant the compliance is to an employee's job, the more the employee prioritizes compliance knowledge. This study suggests methods for encouraging employees to embrace voluntary, positive information security compliance standards. By doing so, this article aims to promote a more effective corporate compliance system for information security and enhance sustainable management practices.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.1083-1095
• /
• 2021

With the recent increase in users' dependence on the Internet and the spread of various IT devices, the influence of information security on the users' has expanded compared to the past. Therefore, it is expected to have an increased influence on information security in personal life. In addition, as the intrusion factors that threaten security continue to become more advanced and diversified (eg., fake news, cyberbullying, identity theft), the need for nurturing information security experts is increasing. Furthermore, not only corporate information security workers, but also all individuals, cannot be free from the threat of information security. Therefore, it is necessary to prepare various information security education to improve information security awareness and induce proactive information security behaviors. In this study, characteristics of domestic and foreign information security education courses are analyzed and provide a standardized framework for information security education applicable to the domestic environment.

• The Journal of the Korea Contents Association
• /
• v.21 no.11
• /
• pp.333-349
• /
• 2021

As information is recognized as an important asset of an organization, organizations are increasing their resource input for knowledge management. In particular, the enterprise content management system(ECMS) is a solution for organization-oriented content management, and it has high utility by helping to achieve business performance through systematic utilization of content and improve the level of internal information security. The purpose of this study is to suggest a plan to improve the intention to use organizational employee's ECMS and to suggest the effect of the relationships between information system quality characteristics and work environment characteristics on intention to use. In this study, a research hypothesis was presented based on previous studies, a questionnaire was conducted on workers of organizations that adopted an ECMS, and the hypothesis was verified by applying structural equation modeling. As a result of the analysis, information and service quality of the ECMS and task interdependence increased the intention to use, but task conflict decreased the intention to use. In addition, task interdependence and task conflict moderated the positive relationship between the quality factors of the ECMS and the intention to use it. This study has implications in terms of suggesting the direction of the organization's behavior through factors that increase the use of ECMS.