• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.4
• /
• pp.582-590
• /
• 2022

As security threats caused by cyber attacks continue, security control is mainly operated in the form of a service business with expertise for rapid detection and response. Accordingly, a number of studies have been conducted on the operation of security control services. However, due to the research on the resulting management, indicators, and measurements, the work process has not been studied in detail, causing confusion in the field, making it difficult to respond to security accidents. This paper presents ISMS-P-based service management methods and proposes an easy outsourcing service management method for client by checklisting each item derived from the mapping of 64 items of ISMS-P protection requirements through business relevance analysis. In addition, it is expected to help implement periodic security compliance and acquire and renew ISMS-P in the mid- to long-term, and to contribute to enhancing security awareness of related personnel.

• Journal of the Korean hospital association
• /
• v.18 no.12 s.170
• /
• pp.52-57
• /
• 1989

• Journal of the Korean hospital association
• /
• v.21 no.7.8 s.196
• /
• pp.40-61
• /
• 1992

• Journal of the Korean hospital association
• /
• v.20 no.10 s.188
• /
• pp.46-51
• /
• 1991

• Journal of the Korean hospital association
• /
• v.19 no.1.2 s.171
• /
• pp.45-55
• /
• 1990

• Journal of the Korean hospital association
• /
• v.19 no.3 s.172
• /
• pp.31-38
• /
• 1990

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.17 no.4
• /
• pp.27-34
• /
• 2017

In recent years, major security data such as research data and confidential documents have been leaked to the outside due to the carelessness of the companies and research institutes performing IT related services such as information technology projects and research and development of financial institutions, companies and public institutions is. Leakage cases are caused by leakage of personal information due to lack of security management of information system maintenance companies, such as unauthorized leakage or storage of related materials in outsourcing service process. In this paper, we analyzed the types and management status of service business through the environmental survey of corporate informatization business and analyzed the problems in development and maintenance using external service companies. Furthermore, in this paper, we provide an information system service that focuses on the business activities based on the items considered, and at the same time, it provides the informatization service for companies that can prevent infiltration of viruses and hacking from the outside. This paper presents a methodology for enhancing security for the system construction.

• The Korean Journal of Health Service Management
• /
• v.14 no.1
• /
• pp.111-122
• /
• 2020

Objectives: The study aims to compare indirect form of employment with direct form of employment on the variables of occupational danger and physical health. Methods: I studied based on the data of 5th Korean Working Conditions Survey (KWCS) which was performed by Occupational Safety & Health Research Institute of Korea Occupational Safety and Health Agency in 2017. SAS 9.4 was used for statistical analysis of the final data. Results: Based on the verification result, the hazard is higher for direct employment than for dispatch or subcontract in case of exposure to risks in the health and social welfare industry. Based on cross tabulation, significant differences were found in the proportions of harmful and safe tasks in direct employment and those in outsourcing in the physical health industry. It was found that the risk of hazard is 2.18 times higher in outsourcing jobs than in direct employment. Conclusions: It is necessary to consider a dispatch and subcontract partner as a strategic partner and not simply hand over dangerous or hard tasks to them. Active and aggressive cooperation along with support from the employer enterprise built in the contract is necessary for the safety and health of dispatch or subcontract laborers.

• Convergence Security Journal
• /
• v.17 no.5
• /
• pp.133-142
• /
• 2017

Breaking away from the blind faith of internal military security network, current military security demands strengthening measure on the H/W, controlling measure against information communications within the military, strengthening measure on the linkage point of the military and universal internal networks, legal supplementation, sucurity management ofn the military facilities from outsourcing services supporting the military. By analyzing the danger of military organizations hacking and real hacking cases, policy establishment for strengthening the security on military network hacking, legal supplementation and controlling measure for the outsourcing services are the pragmatic counter measures against military security hacking considering the peculiarities of military rather than the application of physical containment linked with information communications technology on the H/W safety measures.

• Information Systems Review
• /
• v.18 no.4
• /
• pp.17-42
• /
• 2016

Information security incidents caused by authorized insiders are increasing in financial firms, and this increase is particularly increased by outsourced contractors. With the increase in outsourcing in financial firms, outsourced contractors having authorized right has become a threat and could violate an organization's information security policy. This study aims to analyze the differences between own employees and outsourced contractors and to determine the factors affecting the violation of information security policy to mitigate information security incidents. This study examines the factors driving employees to violate information security policy in financial firms based on the theory of planned behavior, general deterrence theory, and information security awareness, and the moderating effects of employee type between own employees and outsourced contractors. We used 363 samples that were collected through both online and offline surveys and conducted partial least square-structural equation modeling and multiple group analysis to determine the differences between own employees (246 samples, 68%) and outsourced contractors (117 samples, 32%). We found that the perceived sanction and information security awareness support the information security policy violation attitude and subjective norm, and the perceived sanction does not support the information security policy behavior control. The moderating effects of employee type in the research model were also supported. According to the t-test result between own employees and outsourced contractors, outsourced contractors' behavior control supported information security violation intention but not subject norms. The academic implications of this study is expected to be the basis for future research on outsourced contractors' violation of information security policy and a guide to develop information security awareness programs for outsourced contractors to control these incidents. Financial firms need to develop an information security awareness program for outsourced contractors to increase the knowledge and understanding of information security policy. Moreover, this program is effective for outsourced contractors.