• Journal of Information Management
• /
• v.40 no.3
• /
• pp.61-77
• /
• 2009

Recently, enterprises are protecting information assets with the various means of control and management. Nevertheless, they are confronted with the dilemma which the higher securitylevel they request, the lesser efficiency and productivity in short terms they acquire by the inconvenience of business process. In addition, in spite of the steady increase of organization's investment on information protection, the systematic way for the performance measurement of information protection has not been suggested, so that in reality, it is difficult to make the decision to invest on information-protection and elicit the direction to improve it. For this reason, this study intended to establish the concept of the protection and security of information assets of enterprises and to categorize the type of activities to protect information assets into management activity and control activity, and analyze the effects of management activity and control activity for information asset protection on the performance of information asset protection activity and organization. For this research, questionnaire survey was conducted with literature study and the PLS(Partial Least Square) was used to analyze the measurement model and hypotheses testing. The PLS analysis results indicate that management activity for information asset protection affects information asset protection performance. Further, organizational performance is influenced by information asset protection performance. Practical implications of these findings and future research implications are also discussed.

• The KIPS Transactions:PartD
• /
• v.17D no.3
• /
• pp.223-232
• /
• 2010

This study was carried out for the purpose of inquiring into the effect of composition and security activities for information security architecture on information asset protection and organizational performance in terms of general information security. This study made a survey on 300 workers in the government, public institutions and private companies, which it showed that management factors of risk identification and risk analysis, in general, have an usefulness to composition and security activities for information security architecture to prevent inside information leakage. And the understanding and training factors of IT architecture and its component were rejected, requiring the limited composition and security activities for information security architecture. In other words, from the reality, which most institutions and organizations are introducing and operating the information security architecture, and restrictively carrying out the training in this, the training for a new understanding of architecture and its component as an independent variable made so much importance, or it did not greatly contribute to the control or management activities for information security as the generalized process, but strict security activities through the generalization of risk identification and risk analysis management had a so much big effect on the significant organizational performance.

• KIPS Transactions on Computer and Communication Systems
• /
• v.11 no.8
• /
• pp.249-258
• /
• 2022

Since the advent of Bitcoin, various virtual assets have been actively traded through virtual asset services of virtual asset exchanges. Recently, security accidents have frequently occurred in virtual asset exchanges, so the government is obligated to obtain information security management system (ISMS) certification to strengthen information protection of virtual asset exchanges, and 56 additional specialized items have been established. In this paper, we compared the domain importance of ISMS and CryptoCurrency Security Standard (CCSS) which is a set of requirements for all information systems that make use of cryptocurrencies, and analyzed the results after mapping them to gain insight into the characteristics of each certification system. Improvements for 4 items of High Level were derived by classifying the priorities for improvement items into 3 stages: High, Medium, and Low. These results can provide priority for virtual asset and information system security, support method and systematic decision-making on improvement of certified items, and contribute to vitalization of virtual asset transactions by enhancing the reliability and safety of virtual asset services.

• Journal of Information Processing Systems
• /
• v.2 no.2
• /
• pp.95-100
• /
• 2006

While conventional business administration-based information technology management methods are applied to the risk analysis of information systems, no security risk analysis techniques have been used in relation to information protection. In particular, given the rapid diffusion of information systems and the demand for information protection, it is vital to develop security risk analysis techniques. Therefore, this paper will suggest an ideal risk analysis process for information systems. To prove the usefulness of this security risk analysis process, this paper will show the results of managed, physical and technical security risk analysis that are derived from investigating and analyzing the conventional information protection items of an information system.

• Journal of Advanced Navigation Technology
• /
• v.12 no.6
• /
• pp.673-680
• /
• 2008

Multimedia system security can be categorized into groups such as protection of multimedia asset itself and protection of multimedia systems which can process multimedia asset. Divided consideration for these two factors will not hurt the importance of security management. In this paper, managing practices for keeping security level of multimedia systems are induced and categorized.

• The Journal of Information Systems
• /
• v.26 no.3
• /
• pp.313-337
• /
• 2017

Purpose Financial technology, also known as FinTech, is conceptually defined as a new type of financial service which is combined with information technology and other traditional financial services like payments, investments, financing, insurance, asset management and so on. Most of the studies on FinTech services have been conducted from the viewpoint of technical issues or legal and institutional studies, and few studies are conducted from the health belief perspectives and security behavior approaches. In this regard, this study suggest an extended information protection behavior model. Design/Methodology/Approach The Health Belief Model (HBM), the Protection Motivation Theory (PMT), and the Technology Threat Avoidance Theory (TTAT) were employed to identify constructs relevant to information protection behavior of FinTech services. A new extended information protection behavior model in which the influence factors of information protection behavior (i.e., perceived susceptibility, perceived severity, perceived benefits, perceived barriers, perceived self-efficacy, subjective norms) affect perceived threats and perceived responsiveness positively, leading to information protection behavior of FinTech users eventually. This study developed an extended information protection behavior model to explain the protection behavior intention in FinTech users and collected 272 survey responses from the mobile users who had experiences with such mobile payments and FinTech services. Findings The finding of this study suggests that the influence factors of information protection behavior affect perceived threats and perceived responsiveness positively, and information protection behavior of FinTech users as well.

• 한국디지털정책학회:학술대회논문집
• /
• 2004.11a
• /
• pp.435-448
• /
• 2004

While Internet promises ubiquitous access, it also creates a fundamental challenge to the traditional ownership toward digital assets traded in e-commerce market. Sharing digital information freely through shared networks leads to many untapped business opportunities, but uncontrolled digital asset transaction undermines many electronic business models. Thus, in this Internet age, proper protection and safe delivery of Intellectual Property (IP) and its representation as digital assets would be a crucial ingredient of building trust in upcoming e-business environment. In this paper, we give a general structural diagram of Intellectual Property Management and Protection (IPMP) and implement an IPMP prototype based on the RSA encryption algorithm and XrML (eXtensible rights Markup Language) WORK tags to show how proper protection and safe delivery of the intellectual property is achieved. This study concludes that IPMP mechanism may contribute significantly to the volume and quality of e-commerce market.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.19 no.3
• /
• pp.25-38
• /
• 2023

Instrumentation and control systems measure and control various variables of nuclear facilities to operate nuclear power plants safely. A diverse protection system, a representative instrumentation and control system, generates a reactor trip and turbine trip signal by high pressure in a pressurizer and containment to satisfy the design requirements 10CFR50.62. Also, it generates an auxiliary feedwater actuation signal by low water levels in steam generators. Cybersecurity has become more critical as digital technology is gradually applied to solve problems such as performance degradation due to aging of analog equipment, increased maintenance costs, and product discontinuation. This paper analyzed possible cybersecurity threat scenarios in the diverse protection system using attack trees. Based on the analyzed cybersecurity threat scenario, we calculated the probability of attack occurrence and confirmed the cybersecurity risk in connection with the asset value.

• The Journal of Society for e-Business Studies
• /
• v.8 no.3
• /
• pp.69-86
• /
• 2003

A Protection Profile(PP) is a common security and assurance requirements for a specific class of Information Technology security products such as firewall and smart card. A PP should be included "TOE(Target of Evaluation) Security Environment", which is consisted of subsections: assumptions, treat, organizational security policies. This paper presents a new threats statement generation method for developing TOE security environment section of PP. Our survey guides the statement of threats in CC(Common Criteria) scheme through collected and analysed hundred of threat statements from certified and published real PPs and CC Tool Box/PKB that is included a class of pre-defined threat and attack statements. From the result of the survey, we present a new asset classification method and propose a threats statement generation model. The former is a new asset classification method, and the later is a production rule for a well formed statement of threats.

• Journal of Digital Convergence
• /
• v.10 no.6
• /
• pp.341-347
• /
• 2012

Network Access Control system of medical asset protection solutions that installation and operation on system and network to provide a process that to access internal network after verifying the safety of information communication devices. However, there are still the internal medical-data leakage threats due to spoof of authorized devices and unauthorized using of users are away hours. In this paper, Network 2-Factor Access Control Model proposed for prevention the medical-data leakage by improving the current Network Access Control system. The proposed Network 2-Factor Access Control Model allowed to access the internal network only actual users located in specific place within the organization and used authorized devices. Therefore, the proposed model to provide a safety medical asset environment that protecting medical-data by blocking unauthorized access to the internal network and unnecessary internet access of authorized users and devices.