• The Journal of the Korea Contents Association
• /
• v.13 no.5
• /
• pp.377-386
• /
• 2013

The purposes of this study is to examine the effect of fitness Among Characteristics of CEO, Company's innovation and Management Control on Organization Performance. CEO characteristics are investigated by the risk-taking propensity, need for achievement. Company's Innovation are measured by product innovation, technological innovation. Management control are applied by action control and result control. Organization performances are analyzed by internal performance, growth performance, financial performance. the research methodology applied in this paper is contingency theory by Drazin and Van de Ven(1985) - selective approach, Interaction approach, system approach. This paper was applied by the Three way interaction term among CEO characteristics, Company's Innovation and Management control to analyze the influences to the organization performances. As a result of this paper, there are the differences between Two way interaction terms or three way interaction terms to affect the organization performances. this paper can confirm the desirable combinations between two or three variables(CEO characteristics, Company's Innovation and Management control) to affect significantly to the particular organization performance.

• Journal of Korean Library and Information Science Society
• /
• v.46 no.4
• /
• pp.325-354
• /
• 2015

Corporate information has great value, but also poses great risk. Information governance is an organization's coordinated, inter-disciplinary approach to satisfying information compliance requirements and managing information risks while optimizing information value. This study aims to suggest the directions of implementing information governance in business firms based on analyses of Sedona Conference Principles of Information Governance. After analysing and reformulating the principles into control standards, and they are investigated and interpreted in terms of practicing information governance.

• The Journal of Society for e-Business Studies
• /
• v.12 no.1
• /
• pp.151-166
• /
• 2007

As the number of users who are involved in a business process increases, it becomes imperative to effectively control their privileges of accessing sensitive data and information which are usually easily obtained by BPM system. Traditional RBAC (Role-based Access Control) model was first introduced to provide a logical framework to prevent unauthorized users from obtaining confidential, but in more dynamic environment such as B2B and SCM process, it usually lacks in capability of addressing such issues as configurability, customizability, or scalability of user privileges. In this study, we have proposed a privilege-template based RBAC model that can address such issues effectively. We also provided a design of the RBAC model along with illustrative examples and pseudo codes that can be used for implementing a prototype system.

• Review of KIISC
• /
• v.11 no.3
• /
• pp.38-48
• /
• 2001

다양한 정보보안 평가 방법론들 중에서 BS7799는 정보시스템을 운영하는 조직 전반의 보안 상태를 평가하는데 유용한 방법론으로서, 여러 나라에서 활용하고 있으며 최근에는 국제표준으로 채택되었다. 본 고에서는 BS7799에서 제시하고 있는 보안통제 항목과 정보보안관리시스템의 구축 및 이의 객관적인 평가를 위한 인증 방법을 살펴본다. BS7799는 전자상거래를 수행하는 기업들 사이에 보안 수준에 대한 상호 신뢰를 확인하기 위한 방법으로 활용될 수 있으며, 최근에 제정된 정보통신기반보호법에서 요구하고 있는 취약성 평가에도 적용될 수 있을 것이다.

• Review of KIISC
• /
• v.20 no.2
• /
• pp.32-43
• /
• 2010

클라우드 컴퓨팅 서비스의 많은 장점에도 불구하고 아직 기업들이 서비스의 가용성 및 데이터 보안, 자사 데이터에 대한 통제권 확보, 종속성 등의 문제로 클라우드 컴퓨팅 서비스의 이용을 꺼리고 있다. 이 같은 문제들은 기술개발, 표준화, 표준약관, 서비스수준협약(SLA) 등으로 어느 정도 해결이 가능하다 그러나 데이터가 여러 국가에 복제되어 분산 저장될 경우 데이터의 국외이전 금지 문제, 데이터의 보관 및 파기 의무, IT 컴플라이언스 수탁자의 불법행위에 대한 위탁자의 책임, 자신의 데이터센터에 저장된 불법정보에 대한 클라우드 서비스제공자의 책임범위, 클라우드 서비스제공자의 책임제한 등 현행법상의 법적 규제와 충돌되는 부분에 대해서는 법. 제도적 접근과 검토가 필요하다. 클라우드 컴퓨팅 산업의 촉진 및 이용 활성화를 위해서는 구체적으로 다음과 같은 사항이 법 제도적으로 검토되어야 한다. (1) 클라우드 서비스나 솔루션을 시험할 수 있는 테스트베드 구축 등 시범사업 근거 마련, (2) 분야별 특화된 클라우드 서비스 모델 개발 및 사업화를 위한정부시책 추진 및 지원 근거 마련, (3) 민 관의 포괄적 협력 기반조성 및 정부의 기술 개발연구 지원체계 마련, (4) 사전 인증 및 사후 보증체계 구축을 통한 클라우드 서비스의 신뢰성 및 안정성 제고, (5) 클라우드 서비스의 상호운용성 확보를 위한 표준화, (6) 클라우드 컴퓨팅의 정보보안, 개인정보보호 등 각종 법률 이슈와 예상되는 다양한 이해관계 충돌 문제에 대응할 수 있도록 서비스제공자와 이용자 대상의 지침 근거 마련, (7) 클라우드 속에 있는 기업의 정보지산에 대한 접근권 보장, (8) 정보자산의 실제 위치와 선택권 보장, (9) 정보자산의 부적절한 접근 방지와 오남용 방지, (10) 클라우드 서비스 제공기업 또는 서비스 자체의 영속성 보장, (11) 서비스 장애 책임범위와 분담, (12) 소프트웨어 라이선스 등에 대한 규정이 고려되어야 한다.

• Management & Information Systems Review
• /
• v.28 no.4
• /
• pp.155-174
• /
• 2009

The purpose of this paper is to analyze the stock market performances CAR of reorganized firms and study the disclosure effect of completion of reorganization to examine whether there exists significant economic merit for the institutionalized continuation of unprofitable firms. The main results of this paper can be summarized as follows. First, the average stock market performances for +12 months after the completion of reorganization compared to those for -6 months before the proposal of reorganization show consistently negative returns. Second, to see whether there exist significant differences between the stock market performances of reorganized firms and those of normal firms with similar characteristics, CAR's measured from -6 months before the proposal of reorganization to +12 months after the completion of reorganization are statistically tested, which results in significantly negative values starting +5 months after the completion of reorganization. Finally, to see the disclosure effect of the news of completion of reorganization, daily CAR's are measured and tested, which shows positive values only for -20 days and -19 days before the disclosure, and shows negative values for the whole periods up to +20 days after the disclosure. The results of the paper imply consistently that the reorganized firms have no better performances compared to the similar normal firms, and the performances do not improve even after the completion of reorganization, which casts serious doubts upon the current forms of the institutionalized continuation of unprofitable firms.

• The Journal of Information Systems
• /
• v.25 no.1
• /
• pp.49-73
• /
• 2016

Purpose Though many information systems researchers have made various attempts to investigate the relationship between information technology capability and firm performance from diverse perspectives, we have not come to a conclusion yet with some mixed results. In this research, focusing on the adoption of Enterprise Resource Planning (ERP) systems by firms as a proxy measure for information technology capability, we reexamine whether the association is significantly positive. Design/methodology/approach Previous research on this topic had some limitations to the samples and analysis method. Some research focused only on the 1990s or early 2000s, and other studies failed to adequately compare the impact of ERP adoption on firm performance between the treatment group and the control group. In this research, extending previous analysis approaches with the matched sample comparison of IT leaders and the control group, we attempt to apply propensity score matching in combination with difference-in-difference analysis with a sample of Korean firms that adopted ERP systems in the late 2000s. We match ERP adopters and non-adopters with propensity score matching and compare their financial performance with difference-in-difference estimation between the pre- and post-adoption periods. Findings According to our analysis, we find no positive and significant relationship between ERP adoption and firm performance in profit ratios. This research shows that, contrary to the era of proprietary information systems, standardized information systems today have no additional competitive advantages over competitors.

• The Journal of Society for e-Business Studies
• /
• v.20 no.2
• /
• pp.167-174
• /
• 2015

Information security organization has normally been organized under the IT department. However, as the importance of information security has gradually increased, the way of information security organized for enterprise security management has become a noteworthy issue. The need for separation of Information security organization from IT department is growing, such as restriction on the concurrent positions in CIO and CISO. Nowadays there are many studies about Information security organization while relatively there has been minimal research regarding a departmentalization. For these reasons this study proposes a Information Security Departmentalization Model which is based on business risk and reliance on the IT for effectively organizing Information security organization, using Contingency theory. In addition, this study classified the position of Information security organization into Planning & Coordination, Internal Control, Management and IT and analyze the strengths and weaknesses of each case.