• Asia pacific journal of information systems
• /
• v.23 no.4
• /
• pp.129-149
• /
• 2013

According to the development of new Information Technologies, firms consistently invest a significant amount of money in IT activities, such as establishing internal and external information systems. However, several anti-Information activities-such as hacking, leakage of information and system destruction-are also rapidly increasing, thus many firms are exposed to direct and indirect threats. Therefore, firms try to establish information security systems and manage these systems more effectively via an enterprise perspective. However, stakeholders or some managers have negative opinions about information security systems. Therefore, in this research, we study the relationship between multibusiness firms' performance and information security systems. Information security indicates physical and logical correspondence of information system department against threats and disaster. Studies on information security systems suggested frameworks such as IT Governance Cube and COBIT Framework to identify information security systems. Thus, this study define that information security systems is a controlled system on enterprise IT process and resource on IT Governance perspective rather than independent domain of IT. Thus, Information Security Systems should be understood as a subordinate concept of IT and business processes. In addition, this study incorporates information capability to information security system literature to show the positive relationship between Information Security Systems and Corporate Performance. The concept of information capability suggested that an interaction of human, information, technical and an effect on corporate performance using three types of capability (IT Practice, Information Management Practice, Information Behaviors and Values). Information capability is about firms' capability to manage IT infrastructure and information as well as individual employees who use IT infrastructure and information. Thus, this study uses information capability as a mediating variable for the relationship between information security systems and firms' performance. To investigate the relationship between Information Security Systems and multibusiness firms' performance, this study extends the IT relatedness concept into Information Security Systems. IT relatedness provides understanding of how corporations cope with conflicts between headquarters and business units to create a synergy effect and achieve high performance using IT resources. Based on the previous literature, this study develops the IT Security Relatedness model. IT Security Relatedness is our main independent variable, while Information Capability and Information Security Performance are mediating variables. To control for the common method bias, we collect each multibusiness firm's financial performance and use it as our dependent variable. We find that Information Security Systems influence Information Capability and Information Security Performance positively, and these two variables consequently influence Corporate Performance positively. In addition, this result indirectly shows that corporations under a multibusiness environment can obtain synergy effects using the integrated Information Security Systems. This positive impact of Information Security Systems on multibusiness firms' performance has an important implication to various stakeholders. Therefore, multibusiness firms need to establish Information Security Systems to achieve better financial performance.

• The Journal of Society for e-Business Studies
• /
• v.18 no.3
• /
• pp.125-142
• /
• 2013

As a reinforcing strategic-alignment of IT business, Financial Service becomes more rely on IT systems. It needs to continuous information security activities to provide a secure and reliable finance service. Performance measurement of information security activities can be useful for decision and management support. The purpose of this study is to derive CSF(Critical Success Factor) and KPI(Key Performance Indicator) based on K-ISMS, Financial IT Information Security Standards. Providing a rationale can be used to determine key performance indicators, which are utilized as basic data for establishing security policies for financial IT security competency.

• Journal of Internet Computing and Services
• /
• v.18 no.5
• /
• pp.113-121
• /
• 2017

Company A's core competency is IT internet security services. The Web diagnosis team analyzes the vulnerability of customer's internet web servers and provides remedy reports. Traditionally, Company A management has utilized a simple table format report for resource planning. But these reports do not notify the timing of human resource commitment. So, upper management asked its team leader to organize a task team and design a visual dashboard for decision making with the help of outside professional. The Task team selected the web security diagnosis practice process as a pilot and designed a dashboard for performance evaluation. A structural design process was implemented during the heuristic working process. Some KPI (key performance indicators) for checking the productivity of internet web security vulnerability reporting are recommended with the calculation logics. This paper will contribute for security service management to plan and address KPI design policy, target process selection, and KPI calculation logics with actual sample data.

• Korean Security Journal
• /
• no.62
• /
• pp.295-320
• /
• 2020

The purpose of this study is to analyze the influence which affects security performance of registered security guards hired by government buildings via job engagement so that basic data can be provided to improve their security performance. To accommodate this study, a survey was conducted from November 26th to December 27th, 2019 through the cooperation of registered security guards working in government buildings in Seoul, Gwacheon, Daejeon, and Sejong. A total of 234 survey sheets were collected and 28 sheets out of them had missing data or incomplete data so a subsequent total of 206 survey sheets were used in this analysis. SPSS 23.0 was applied making use of the collected data for frequency and descriptive statistics analysis, trustworthiness analysis, exploratory factor analysis, and correlation analysis. By applying AMOS 23.0, a means to examine the structural relation between organization, job engagement, and security performance were able to be analyzed. The result of this study is as follows. First, it was found that organizational justice gives a meaningful positive (+) influence on job engagement for registered security guards. Second, it was found that job engagement for registered security guards gives them a meaningful positive(+) influence in their security performance. Third, it was found that organizational justice does not give any meaningful influence on security performance directly. Fourth, organizational justice does not give any meaningful influence on security performance directly but it gives meaningful positive(+) influence on security performance via job engagement as it takes the role of full mediation variable. Based on the results, in order to maximize security performance of registered security guards, this study recommends that government building administrators to try their best to propose to the National Assembly a proposition for Police Assigned for registered security guards Act to be legalized in order to improve the leveling system of registered security guards so that registered security guards can have more job engagement.

• ETRI Journal
• /
• v.37 no.2
• /
• pp.428-437
• /
• 2015

This study was conducted to analyze the effect of information security activities on organizational performance. With this in mind and with the aim of resolving transaction stability in the securities industry, using an organization's security activities as a tool for carrying out information security activities, the effect of security activities on organizational performance was analyzed. Under the assumption that the effectiveness of information security activities can be bolstered to enhance organizational performance, such effects were analyzed based on Herzberg's motivation theory, which is one of the motivation theories that may influence information protection activities. To measure the actual attributes of the theoretical model, an empirical survey of the securities industry was conducted. In this explorative study, the proposed model was verified using partial least squares as a structural equation model consisting of IT service, information security, information sharing, transaction stability, and organizational performance.

• Convergence Security Journal
• /
• v.22 no.5
• /
• pp.81-87
• /
• 2022

The purpose of this paper is to take a look the effect of the physical security level of companies possessing national core technology on security performance and work efficiency. To this end, a survey was set out for about 200 security officers for a month. In the survey, the independent variable was physical security level, the parameter was security performance, and the dependent variable was work efficiency. Reliability analysis, validity analysis, discriminant validity analysis, etc. were analyzed for causality through SPSS. As a result, "Physical Security Level ⇒ Security Performance, Security Performance ⇒ Work Efficiency" was adopted, but "Physical Security Level ⇒ Work Efficiency" was rejected. Therefore, it was found that the physical security level affects work efficiency through security performance, which is a parameter. However, it was found that the physical security level did not directly affect work efficiency. In order to improve work efficiency in the future, improving security performance should be a priority.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.763-777
• /
• 2021

Information security started as an IT operation process and is now recognized as an important issue of information technology, and each international organization is newly defining the concept. Information security itself is a new combination of IT technologies, a set of technologies and a technology area. As IT outsourcing becomes common in many public sectors, SLAs are introduced to evaluate the level of IT services. In the area of information security, many studies have been conducted on the derivation and selection of SLA performance indicators, but it is difficult to find a way to apply the performance indicators to service level evaluation and performance systems. This thesis conducted a study on the application of a service evaluation system for information security performance indicators based on the public sector and a performance system including compensation regulations. It presents standards and rewards(incentive and penalty) that define expectation and targets of performance indicators that take into account the environment and characteristics of a specific public sector, and defines appropriate SLA costs. It proposes a change plan for the organizational structure for practical SLA application and service level improvement.

• Journal of Information Technology Applications and Management
• /
• v.27 no.4
• /
• pp.1-19
• /
• 2020

Infringement of information security has caused the corporate image to be damaged and share price to fall, and it is emerging as an organizational risk. The value of information assets in enterprises has led to a higher level of security than in the past. As a result, companies are aware of the need for officers to protect information and to oversee a security management system. However, despite the growing importance of information security officers, there is a lack of research on their roles and characteristics. This study validates the relationship between determinants that affect the performance of information security. And a structural equation model was presented and empirically analyzed to see the impact of the internal and external characteristics of the staff in charge of information security on the organization's information security performance.

• Journal of Digital Convergence
• /
• v.11 no.12
• /
• pp.303-309
• /
• 2013

This paper analyzed about operation environment and policy for US military tactical communication, and security policy and transmission performance of tactical link. It is presented operation communication message and framework, which is supported semi automated force, SINCGARS specification of link layer in operation environment, and analyzed COMSEC policy and application layer security in tactical security policy. Also it analyzed in respect to transmission performance and crypto synchronization detection. Security policy of tactical link and COMSEC is analyzed in respect of crypto device such as AFKDMS, AKMS, RBECS, KIV-7/HSB.

• Journal of the Korean Operations Research and Management Science Society
• /
• v.38 no.4
• /
• pp.95-112
• /
• 2013

Information system (IS) security continues to present a challenge for firms. Especially, IT security accident is recently taking place successively in the financial sector. Thus, a comprehensive measure on this is demanded. A large part of a research on security relies upon technical design in nature and is restrictive in a consideration of person and organizational issue. To achieve a goal of firm security, it is possible with an effort of organizational management and supervision for maintaining the technical and procedural status. Based on a theory of accountability, we propose that the security countermeasures of organization lead to an increase in accountability and reduction in risk of IT security in a financial firm and further to firm performance like promotion in firm reliability. In addition, we investigate which difference a theoretical model shows by comparison between South Korean and American financial firms. As a result of analysis, it found that South Korea and America have significant difference, but that a measure on the financing IT security is important for both countries. We aim to enhance interpretability of a research on security by comparatively analysis between countries and conducting a study focus on specific firm called financial business. Our study suggest new theoretical framework to a research of security and provide guideline on design of security to financial firm.