• 디지털산업정보학회논문지
• /
• 제19권2호
• /
• pp.89-102
• /
• 2023

The purpose of this study is to examine what are the important variables for information security compliance and whether the information security investment by the industry is different. To comply with the information security policies, the organization must establish measures to prevent or resolve information security incidents. This research process consists of four stages, and the analysis method was conducted with the categorical regression analysis and the correspondence analysis. The first analysis analyzed the independent variables that affect security regulations compliance. The rest of the analysis was conducted by industry in the order of security compliance regulations, manpower investment, and budget investment. As a result of the first analysis, this had positive effects on an organization and personal information protection awareness, joint operation organization of information protection, manpower and budget investment, corporate size, and industry. The correspondence analysis was conducted from the second analysis to the fourth analysis and it analyzed the differences in information security investment by industry. The second analysis showed that the construction industry, science and technology industry, and finance industry have higher compliance with security regulations than other industries. The third analysis showed that the financial industry and the science and technology industry were higher than other industries. The last analysis showed that the financial industry was higher than other industries. The theoretical contribution of this study provided the basis for updating the information security theory. The practical contribution of this study requires government support to reduce information security deviations by industry.

• 디지털산업정보학회논문지
• /
• 제20권1호
• /
• pp.119-131
• /
• 2024

The purpose of this study is to examine the operational performances by the investment level of information security in companies. The theoretical background summarized the meaning of information security, management information security, and network security. The research process was carried out in four stages. As a result of the analysis, the level of information security was classified into four groups, and the difference in operational performance was confirmed. According to the categorical regression analysis of the three dependent variables, independent variables such as network threats, non-network threats, executive information security awareness, industry, organizational size, and information security education all affected information security regulations, in-house information security checks, and information security budget investments. The theoretical implications of this study have contributed to updating the latest information security theory. Practical implications are that rational investments should be made on the level of information security of companies.

• 안보군사학연구
• /
• 통권9호
• /
• pp.191-206
• /
• 2011

This study is presented a scheme that information security research institutions located within the central area can be participated actively m national defense information security industry. The many of information security company are located in the central region(Daejeon) and there are many research institutes. However, the participation rate of the Defense Information Security Industry is not high compared to other provinces. Although a variety of reasons, there are no the Defense Privacy Office that could have a role in protocol and the information about the industry. In addition, the Department of Defense related to national defense information security industry have not information about research institutions in the central region and are not well to identify the characteristics of institutional technology and research. So in this paper we presented some of the alternatives. 1) Building Pool involved in information security research according to the characteristics of each agency 2) Constitute the research community between Research institutions and the company 3) Build the technology cooperation between research institutions and the defense research institutes 4) Utilization of industry/university/research institutes related to Information Security Industry 5) Make strategic alliances among research institutes based on technical expertise.

• ETRI Journal
• /
• 제37권2호
• /
• pp.428-437
• /
• 2015

This study was conducted to analyze the effect of information security activities on organizational performance. With this in mind and with the aim of resolving transaction stability in the securities industry, using an organization's security activities as a tool for carrying out information security activities, the effect of security activities on organizational performance was analyzed. Under the assumption that the effectiveness of information security activities can be bolstered to enhance organizational performance, such effects were analyzed based on Herzberg's motivation theory, which is one of the motivation theories that may influence information protection activities. To measure the actual attributes of the theoretical model, an empirical survey of the securities industry was conducted. In this explorative study, the proposed model was verified using partial least squares as a structural equation model consisting of IT service, information security, information sharing, transaction stability, and organizational performance.

• 디지털산업정보학회논문지
• /
• 제6권4호
• /
• pp.307-317
• /
• 2010

The majority of financial and general business organizations have had individual damage from hacking, worms, viruses, cyber attacks, internet fraud, technology and information leaks due to criminal damage. Therefore privacy has become an important issue in the community. This paper examines various elements of the information security management system and discuss about Information Security Management System Models by using the analysis of the financial statue and its level of information security assessment. These analyses were based on the Information Security Management System (ISMS) of Korea Information Security Agency, British's ISO27001, GMITS, ISO/IEC 17799/2005, and COBIT's information security architecture. This model will allow users to manage and secure information safely. Therefore, it is recommended for companies to use the security management plan to improve the companies' financial and information security and to prevent from any risk of exposing the companies' information.

• 정보보호학회논문지
• /
• 제24권2호
• /
• pp.385-396
• /
• 2014

정보통신 산업이 발전하고 정보의 자산적 가치가 증대됨에 따라 정보보호에 대한 수요는 더욱 확대될 것으로 예상된다. 정보보호 산업은 정보보호제품을 개발 생산 또는 유통하거나 정보보호에 관한 컨설팅 등과 관련된 산업을 말한다. 본 연구에서는 제품 및 서비스 산업 정의에 기반 하여 정보보호 산업을 재분류하고, RAS 기법을 활용하여 산업연관 표를 연장하여 2013~2017년까지의 정보보호 산업의 경제적 파급효과를 분석하도록 한다. 정보보호 산업의 경제적 파급효과를 분석한 결과를 살펴보면, 정보보호 산업에 대한 투자('13 '17년)를 통해 나타나는 경제적 파급효과의 총생산유발액은 약 3조 2,069억 원에 달하였으며, 약 27,406명의 고용유발 기대할 수 있을 것으로 추정되었다.

• 디지털산업정보학회논문지
• /
• 제9권3호
• /
• pp.99-106
• /
• 2013

There has been a lot of growth more than 10% in the information security industry. In accordance with the industrial growth, it increased needs for the information security manpower development as a national problem. But there is an imbalance between demand and supply of the information security manpower in terms of the quantity and quality. It is mainly caused by the curriculum of the information security is made considering for suppliers not for demanders. As a resolution to solve this problem, we suggest the curriculum of information security for vocational education and training. As the information security area is wide in view of required knowledge and technology, we design the curriculum by selecting major occupation type from the information security manpower distribution and products and then by investigating the job description using NCS(National Competency Standard). And we compared the curriculum to that of two or three year diploma courses in Korea.

• 디지털산업정보학회논문지
• /
• 제12권3호
• /
• pp.133-155
• /
• 2016

Recently, in the adoption of cloud computing are emerging as locations are key requirements of security and privacy, at home and abroad, several organizations recognize the importance of privacy in cloud computing environments and research-based transcription and systematic approach in progress have. The purpose of this study was to recognize the importance of privacy in the cloud computing environment based on personal information security methodology to the security of cloud computing, cloud computing, users must be verified, empirical research on the improvement plan. Therefore, for existing users of enhanced security in cloud computing security consisted framework of existing cloud computing environments. Personal information protection management system: This is important to strengthen security for existing users of cloud computing security through a variety of personal information security methodology and lead to positive word-of-mouth to create and foster the cloud industry ubiquitous expression, working environments.

• 한국정보통신학회논문지
• /
• 제20권1호
• /
• pp.103-109
• /
• 2016

정보보호 산업은 기술집약적, 고부가 가치 산업이다. 한국은 우수한 ICT 기술과 다양한 사이버공격에 대응 경험과 기술을 보유하고 있어, 전 세계의 벤치마킹 대상이 되고 있다. 하지만 국내 정보보호기업의 영세성과 함께 지원인프라는 부족하다. 국내 정보보호 산업을 활성화하는데 일차적인 조건은, 해외진출이다. 부가가치가 높은 제품과 서비스의 해외 수출을 위해서는, 국내 IT 정보보호 산업의 해외진출 거점 인프라의 설립 추진이 필요하다. 국내 정보보호 산업을 분석해보니, 자본의 영세성과 해외 현지 진출의 판로개척, 관련 정보, 인력 부족이 문제점으로 나타났다. 무료 AS기간의 비용까지 합치면, 사실상 손실이 발생한다. 따라서 정보보호 산업 해외 거점의 인프라 구축에 관한 연구가 필요하다. 해외 거점의 인프라의 선정 방법과 선정 원인을 분석한다. 해외 거점의 인프라를 활용하여 부가가치를 올릴 수 있고, 정보보호 산업 중소기업들이 수출을 활성화하기 위한 해외 거점의 인프라를 연구를 한다.

• 시큐리티연구
• /
• 제39호
• /
• pp.269-294
• /
• 2014

최근 우리나라는 카드3사의 개인정보 유출 등으로 보안 산업에 대한 관심이 높아지고 있다. 경영자들은 개인정보 유출 등 보안 사고에 의한 피해가 어떠한 재무적 위험보다도 더 위험한 요소로 인식하고 있다. 지식정보보안 산업은 과거 물리보안 및 네트워크 보안에서 최근에는 사회 안전 및 시설보안 등 융합 산업 보안으로 진화하고 있다. 관심분야도 방화벽이나 Anti-virus 등에서 스마트폰보안 및 지능형영상보안 등 융합보안 산업으로 변해가고 있다. 융합보안은 시설경비나 출입통제 중심에서 최근에는 공공기관 및 대기업을 중심으로 수요가 확대되고 있다. 금융, 교육, 유통, 국방, 의료, 자동차산업에 이르기까지 범위가 빠르게 증가하고 있다. 융합보안시장은 지능형차량 보안, U-헬스케어 보안, 금융 보안, 스마트 그리드 보안, 주력산업 보안 등 다양한 분야에서 제품 및 서비스가 개발되고 있으며 시장이 확대되고 있다. 지식정보보안 산업의 발전을 위해 시장중심의 인재를 육성하고 학계와 연계하여 교육과 정의 신설 및 강화가 요구된다. 글로벌 기업과의 경쟁력 강화를 위해 교육의 질적 수준을 향상시키고 동시에 대국민 보안의식을 높이기 위한 노력이 병행되어야 할 것이다.