• Journal of Convergence for Information Technology
• /
• v.10 no.12
• /
• pp.91-99
• /
• 2020

The aim of this study to assess the effect of information security policy awareness, information security involvement, compliance behavioral intention on information security behavior The research method is composed of a cross-sectional design of reward and fairness. This paper focuses on the process of organizational policy on the information security compliance intention in the individual decision-making process. As a result, the reward had a significant effect on compliance behavioral intention, and it was found that influence of the psychological reward-based condition was greater than the material reward-based condition. The fairness had a significant effect on information security policy awareness, information security involvement, information security behavior, and it was found that influence of the equity-based condition was greater than the equality-based condition. The exploration model was verified as a multiple mediation model. In addition, the discussion presented the necessary research direction from the perspective of synergy by the cultural environment of individuals and organizations.

• Journal of Digital Convergence
• /
• v.19 no.2
• /
• pp.105-115
• /
• 2021

The purpose of this study is to present the effect of differences in individual coping and organizational homogeneity culture on information security compliance from an exploratory perspective. The study divided groups into individual coping (task-oriented, emotion-oriented) and organizational homogeneity culture (homogeneity, heterogeneity), confirms the difference in information security for each group through cross-design and presents a multiple mediation model between information security factors. As a result of the study, in the coping dimension, the average of the security compliance factors was higher in the emotion-oriented than the task-oriented, and in the homogeneity culture dimension, the average of the security compliance factors was higher in the homogeneity than the heterogeneity. Additionally, social influence and involvement had a multiple mediation effect on the relationship between information security awareness and compliance intention. The implications of this study were to confirm the difference in the effect of individual decision-making styles on security compliance according to the organizational culture differences. The results suggest the necessity of applying a customized information security compliance model for each organization and individual characteristics.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1225-1233
• /
• 2015

This study investigates the effects of information security awareness arising from E-Commerce in terms of the Elaboration Likelihood Model(ELM) and analyzes the moderating effect of the trust's involvement and experience. Consumers are using E-Commerce Web sites, depending on the level of involvement and experience in E-Commerce. This study is based on the ELM, the information security awareness of consumer confidence in E-Commerce form, according to the degree of experience and involvement suggested a theoretical model to describe the effect that the scaling and, through empirical studies validation of model. Consumer confidence is formed the attitude of the E-Commerce company through different paths, depending on the type of awareness in the E-Commerce web site, this moderate has the effect of consumer involvement and experience. Studying the information security awareness of consumer in the on E-Commerce is considered to present a new perspective on trust.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.941-950
• /
• 2021

Single Sign-On (SSO) service manages user's account passwords from multiple websites so that security in a high level is required. Users who use the SSO service are authenticated through the Identity Provider (IdP) when logging into the website. We present the security requirements that IdP can take in order to minimize the user's risk whose IdP account is compromised. We describe the security threats that arise when the security requirements are not satisfied. Through evaluation, we prove that the attacker's session cannot be canceled even if the user recognizes the attack if the IdP does not satisfy the security requirements.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10b
• /
• pp.88-90
• /
• 2003

병원, 은행과 같이 중요한 정보를 다루는 조직체들은 그들 데이터를 보호하기 위해 기업 환경과 어플리케이션 특성에 맞는 특별한 데이터베이스 보안 정책을 사용하고 있다. 이러한 대규모의 조직체에서는 업무가 다양하고 복잡하므로 보안정책에 대한 변경이 빈번하게 발생한다. 따라서 보안정책의 무결성을 보존하면서 수시로 변경되는 보안 요구사항을 반영하고 효율적으로 보안관리를 할 수 있는 보안 시스템이 요구된다. 본 연구에서는 조혈계 질환 시료정보관리시스템을 대상으로 IRH(Improved Role Hierarchy)를 이용한 유연성 있는 데이터베이스 보안 시스템을 구현하였다. 데이터 접근은 MAC 방식으로 통제하며, RBAC의 역할계층(Role Hierarchy)을 개선한 IRH를 사용하여 유연성 있는 접근제어를 제공하고 효과적인 보안관리를 할 수 있다. 본 시스템은 보안정책이 바뀔 경우 분산된 보안관리 방식으로 IRH를 수정함으로써 정책 변경이 용이하고 주체의 보안등급이 고정되지 않은 상태에서 IRH을 통해 사용자와 세션이 맺어질 때 결정되므로 정책이 바뀐 후에도 변경된 보안정책이 유연하게 적용된다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.907-918
• /
• 2019

The purpose of this study is to understand the cybersecurity policies and critical infrastructure protection of the United States through analyzing Donald Trump's administration executive orders, the national cyber strategy, and the legislation. The analysis has three findings. First, the Department of Homeland Security (DHS) became a main agent in the cybersecurity while the role of the White House was reduced. Second, Trump's administration expanded its role and mission in the policy area by extending the meaning of critical infrastructure. Third, in the case of cyber threats, the government can be involved in the operation of critical infrastructures in the private sector. The opinions of the professional bureaucrats and DHS were more reflected in the direction of the cybersecurity policy than those of the White House. In contrast to Barack Obama's administration, the Trump administration's cybersecurity strategies were not much studied. This study provides insights for improving cybersecurity policies and critical infrastructure protection.

• Proceedings of the Korea Society for Industrial Systems Conference
• /
• 2008.10b
• /
• pp.530-536
• /
• 2008

User Generated Content(이하 UGC)는 웹사이트 이용자에 의해 생산된 콘텐츠를 일컫는 말로, 미디어 조직에 속하지 않은 일반인들의 비직업적 활동의 산물로서 웹 공간에 공표한 콘텐츠를 의미한다. 본 연구는 UGC가 활성화되기 위해서 풀어야 할 과제를 도출하고, 도출된 요인을 바탕으로 개선된 형태의 UGC 웹 서비스 품질(Web Service Quality)의 최적화된 모형을 제시하고자 한다. UGC 웹서비스 품질은 정보성, 디자인, 통신환경, 커뮤니티, 실재감, 보안성 등의 6가지 요인으로 나누어 고객 만족도와 고객 충성도에 미치는 영향을 조사하였고, 고객 만족도와 고객 충성도 간에 매개 변수로서 관여도를 두어 고객 만족도와 고객 충성도간의 영향 요인을 온라인상 UGC 사용 및 이용 경험이 있는 사용자 총 355명을 대상으로 설문조사를 통해 연구하였다. 연구 결과, UGC 웹서비스 품질 요인으로 정보성, 디자인, 통신환경, 커뮤니티, 실재감, 보안성은 모두 고객 만족도에 직접적인 영향을 미치는 것으로 밝혀졌다. 고객 만족도는 고객 충성도에 유의한 영향을 미치고 있었으며, 고객 만족도 또한 관여도에 영향을 미친다. 매개 변수로서 관여도는 고객 충성도에 유의한 영향을 미치고 있는 것으로 나타났다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2002.11b
• /
• pp.889-892
• /
• 2002

데이터베이스를 사용하는 정보가 다양해짐에 따라 요구사항 또한 다양해져서 데이터 하나 하나에 대한 접근제어의 필요가 요구되고 있다. 이러한 데이터별 접근제어를 만족하는 보안정책을 정의하고, 정보의 기밀성, 무결성 및 가용성을 유지하는 데이터베이스 보안 모델을 제안한다. 본 논문의 목적은 공통된 data에 대하여 다양한 유형의 접근제어와 지속적으로 변화가 요구되는 접근제어 요구에 대한 해결방법을 제공한다.

• Journal of Navigation and Port Research
• /
• v.36 no.3
• /
• pp.261-271
• /
• 2012

The purpose of the present study is to empirically examine factors that affect the information security awareness and perceived information security risk of employees of port companies. In particular, in order to identify factors that affect the perceived information security risks, we investigated the relation of assets, threats, and vulnerabilities to it, using the risk analysis methodology. With A total of 252 valid questionnaires, we also performed the structural equation modeling analysis using AMOS. It was found that first, there was no meaningful relationship between the information assets and the perceived information security risk in the case of employees of port companies. Second, threats and vulnerabilities turned out to have positive influences on the perceived information security risk. Finally, there was a positive relationship not only between the information security awareness and the information security education, but also between the information security awareness and the intention of information security. However, there was no meaningful relationship between the information security concern and the information security awareness.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2002.11c
• /
• pp.2183-2186
• /
• 2002

본 논문에서 제안하는 DIT(Digital Investment Trust) 시스템의 보안설계는 계좌 생성 및 계좌 이체, 자산관리에 관련된 정보를 제 3자로부터 보호하기 위해 ADES(Advanced DES)를 이용하여 고객의 정보를 암호화시켰으며, 전자서명을 위해 ECC, S_SHA 알고리즘을 사용하였다. 특히 전자상거래 결재 상에서 사용하는 전자 화폐는 복사본 생성이 용이하기 때문에 악의의 사용자가 불법 복제하여 전자화폐를 반복적으로 사용할 수 있으므로, 이중사용을 방지하기 위한 사전 검출 방법인 Schnorr 알고리즘을 사용하였다.