• 제목/요약/키워드: Information Security

검색결과 17,503건 처리시간 0.048초

정보보안정책 준수가 정보보안능력 및 행동에 미치는 영향 분석 : 해운항만조직 구성원을 대상으로 (An Analysis of Compliance with Information Security Policy Effects on Information Security Ability and Behavior : Focused on Workers of Shipping and Port Organization)

  • 강다연;장명희
    • 한국항만경제학회지
    • /
    • 제30권1호
    • /
    • pp.97-118
    • /
    • 2014
  • 최근 발생한 고객정보유출사고는 조직의 정보보안 강화에 대한 관심과 전담조직의 중요성을 고조시키고 있다. 이에 따라 기업들은 정보보안 강화를 위해 정보보안정책을 마련하고 있으며, 조직구성원들로 하여금 보안정책을 준수하도록 권고하고 있다. 해운항만 조직에서도 정보보안을 위해 정보보안정책을 체계화시키고 조직구성원들의 정보보안능력과 정보보안행동을 평가할 필요성이 있다. 본 연구의 목적은 해운항만조직 구성원들을 대상으로 정보보안정책 준수 정도가 정보보안능력과 정보보안행동에 미치는 영향을 분석하는데 있다. 분석결과, 먼저 해운항만조직 구성원의 정보보안정책 준수에 영향을 미치는 요인으로 정보보안규범과 정보보안교육을 확인할 수 있었고, 정보보안처벌은 정보보안정책 준수에 유의한 영향을 미치지 않는 것으로 분석되었다. 해운항만조직 구성원의 정보보안정책 준수정도는 정보보안능력과 정보보안행동에 유의한 영향을 미치는 결과를 확인할 수 있었다.

부합성 분석을 통한 정보보안 평가지표 개발 (A Development of Evaluation Indicators for Information Security by Means of the Coincidence Analyses)

  • 이영규;김상훈
    • 한국IT서비스학회지
    • /
    • 제7권3호
    • /
    • pp.175-198
    • /
    • 2008
  • The wide spread of the Internet has become a momentum to promote informatization, and thus individuals, organizations, and government bodies are competitively participating in this kind of new wave. Informatization enables us not only to circulate and utilize information without any limitation but also to maximize users' benefits and convenience. On the other hand, it brings about negative effects-security incidents such as cyber terror, Internet fraud and technology leakage, etc. Evaluation on security level should precede over all the others in order to minimize damage by security incidents since it diagnoses current status on security as it is and can be used as a guideline for appropriate security management. In this study, evaluation domains, items and indicators of information security to evaluate information security are theoretically developed on the basis of critically reviewing the major existing research. And then the coincidence level(content validity, ease and reliability of evaluation) of each evaluation indicators are empirically analyzed through performing the field study of 83 information security experts.

Trusted Certificate Validation Scheme for Open LBS Application Based on XML Web Services

  • Moon, Ki-Young;Park, Nam-Je;Chung, Kyo-Il;Sohn, Sung-Won;Ryou, Jae-Cheol
    • Journal of Information Processing Systems
    • /
    • 제1권1호
    • /
    • pp.86-95
    • /
    • 2005
  • Location-based services or LBS refer to value-added service by processing information utilizing mobile user location. With the rapidly increasing wireless Internet subscribers and world LBS market, the various location based applications are introduced such as buddy finder, proximity and security services. As the killer application of the wireless Internet, the LBS have reconsidered technology about location determination technology, LBS middleware server for various application, and diverse contents processing technology. However, there are fears that this new wealth of personal location information will lead to new security risks, to the invasion of the privacy of people and organizations. This paper describes a novel security approach on open LBS service to validate certificate based on current LBS platform environment using XKMS (XML Key Management Specification) and SAML (Security Assertion Markup Language), XACML (extensible Access Control Markup Language) in XML security mechanism.

초등학생들의 정보보호실천에 영향을 미치는 요인 (Factors Affecting Information Security Practice of Elementary School Students)

  • 최승재;김형열;김태성
    • 정보보호학회논문지
    • /
    • 제26권2호
    • /
    • pp.449-461
    • /
    • 2016
  • 정보보호에 대한 인식이 부족한 학생들의 경우 쉽게 자신의 정보를 타인에게 알려주거나, 죄의식 없이 남의 정보를 가져다 이용하는 일이 발생하고 있다. 사이버 범죄로부터 학생들을 보호하고 예방하기 위해서는 정보보호교육이 필요하지만, 국내 정보 교과과정에는 구체적인 정보보호 관련 내용이 별도로 없고 학교나 교사 재량으로 네티켓 교육을 실시하는 정도에 그치고 있다. 본 연구의 목적은 초등학생들의 정보보호실천에 영향을 미치는 요인들을 찾는 것이다. 실증분석을 위하여 초등학생들이 이해하기 쉬운 정보보호 어휘로 구성된 설문지로 조사를 실시하였고, 수집된 자료는 PLS(Partial Least Square, PLS)를 이용하여 측정모형 및 구조모형 검정을 실시하였다. 연구 결과, 정보윤리인식과 정보보호인식이 정보보호실천에 정(+)의 영향을 미치는 것으로 확인되었다. 본 연구 결과는 초등학생의 정보보호실천에 필요한 구체적인 정보보호 교육내용을 선정하는데 도움을 줄 것으로 기대한다.

은행 IT 인력의 정보보호 정책 준수에 영향을 미치는 정보보호 대책에 관한 연구 (A Study on the Information Security Measures Influencing Information Security Policy Compliance Intentions of IT Personnel of Banks)

  • 심준보;황경태
    • Journal of Information Technology Applications and Management
    • /
    • 제22권2호
    • /
    • pp.171-199
    • /
    • 2015
  • This study proposes the practical information security measures that help IT personnel of banks comply the information security policy. The research model of the study is composed of independent variables (clarity and comprehensiveness of policy, penalty, dedicated security organization, audit, training and education program, and top management support), a dependent variable (information security policy compliance intention), and moderating variables (age and gender). Analyses results show that the information security measures except 'clarity of policy' and 'training and education program' are proven to affect the 'information security policy compliance intention.' In case of moderating variables, age moderated the relationship between top management support and compliance intention, but gender does not show any moderating effect at all. This study analyzes information security measures based solely on the perception of the respondents. Future study may introduce more objective measurement methods such as systematically analyzing the contents of the information security measures instead of asking the respondents' perception. In addition, this study analyzes intention of employees rather than the actual behavior. Future research may analyze the relationship between intention and actual behavior and the factors affecting the relationship.

국방정보보호산업 관련 중부권 연구기관 활용방안 (A Participation Scheme of the Central Region Research Institute related to National Defense Information Security Industry)

  • 엄정호
    • 안보군사학연구
    • /
    • 통권9호
    • /
    • pp.191-206
    • /
    • 2011
  • This study is presented a scheme that information security research institutions located within the central area can be participated actively m national defense information security industry. The many of information security company are located in the central region(Daejeon) and there are many research institutes. However, the participation rate of the Defense Information Security Industry is not high compared to other provinces. Although a variety of reasons, there are no the Defense Privacy Office that could have a role in protocol and the information about the industry. In addition, the Department of Defense related to national defense information security industry have not information about research institutions in the central region and are not well to identify the characteristics of institutional technology and research. So in this paper we presented some of the alternatives. 1) Building Pool involved in information security research according to the characteristics of each agency 2) Constitute the research community between Research institutions and the company 3) Build the technology cooperation between research institutions and the defense research institutes 4) Utilization of industry/university/research institutes related to Information Security Industry 5) Make strategic alliances among research institutes based on technical expertise.

  • PDF

쌍대비교를 활용한 기업 유형 분류에 따른 보안 전략 우선순위 결정 (Prioritize Security Strategy based on Enterprise Type Classification Using Pair Comparison)

  • 김희올;백동현
    • 산업경영시스템학회지
    • /
    • 제39권4호
    • /
    • pp.97-105
    • /
    • 2016
  • As information system is getting higher and amount of information assets is increasing, skills of threatening subjects are more advanced, so that it threatens precious information assets of ours. The purpose of this study is to present a strategic direction for the types of companies seeking access to information security. The framework classifies companies into eight types so company can receive help in making decisions for the development of information security strategy depending on the type of company it belongs to. Paired comparison method survey conducted by a group of information security experts to determine the priority and the relative importance of information security management elements. The factors used in the security response strategy are the combination of the information security international certification standard ISO 27001, domestic information protection management system certification K-ISMS, and personal information security management system certification PIMS. Paired comparison method was then used to determine strategy alternative priorities for each type. Paired comparisons were conducted to select the most applicable factors among the 12 strategic factors. Paired comparison method questionnaire was conducted through e-mail and direct questionnaire survey of 18 experts who were engaged in security related tasks such as security control, architect, security consulting. This study is based on the idea that it is important not to use a consistent approach for effective implementation of information security but to change security strategy alternatives according to the type of company. The results of this study are expected to help the decision makers to produce results that will serve as the basis for companies seeking access to information security first or companies seeking to establish new information security strategies.

산업별 정보보안의 투자 수준과 관리 역량에 관한 연구 (A Study on the Investment Level and Administrative Competence of Information Security by Industry)

  • 정병호;주형근
    • 디지털산업정보학회논문지
    • /
    • 제19권2호
    • /
    • pp.89-102
    • /
    • 2023
  • The purpose of this study is to examine what are the important variables for information security compliance and whether the information security investment by the industry is different. To comply with the information security policies, the organization must establish measures to prevent or resolve information security incidents. This research process consists of four stages, and the analysis method was conducted with the categorical regression analysis and the correspondence analysis. The first analysis analyzed the independent variables that affect security regulations compliance. The rest of the analysis was conducted by industry in the order of security compliance regulations, manpower investment, and budget investment. As a result of the first analysis, this had positive effects on an organization and personal information protection awareness, joint operation organization of information protection, manpower and budget investment, corporate size, and industry. The correspondence analysis was conducted from the second analysis to the fourth analysis and it analyzed the differences in information security investment by industry. The second analysis showed that the construction industry, science and technology industry, and finance industry have higher compliance with security regulations than other industries. The third analysis showed that the financial industry and the science and technology industry were higher than other industries. The last analysis showed that the financial industry was higher than other industries. The theoretical contribution of this study provided the basis for updating the information security theory. The practical contribution of this study requires government support to reduce information security deviations by industry.

보안경제성 연구동향 분석 : IS 저널 중심으로 (Research Trends in Information Security Economics : Focused on Information Systems Journals)

  • 강미화;김태성
    • Journal of Information Technology Applications and Management
    • /
    • 제23권1호
    • /
    • pp.79-96
    • /
    • 2016
  • As numerous security breaches on a variety of information assets such as personal information, corporate secrets, computer servers, and networks have occurred, information security has emerged as a critical social issue. However, researches on economically rational information security decision-making have been few. Such researches are especially rare in South Korea where information security is considered to be a discipline of engineers. This study aims to identify the preferred themes and methodologies of information security economics research in the field of information systems by reviewing papers published in Management Information Systems Quarterly (MISQ), Information Systems Research (ISR), European Journal of Information Systems (EJIS), Management Science (MS), and Information and Management (I&M). We hope that the results of the study will be helpful in rational managerial or policy decision-making for practitioners and suggest future research topics for researchers.

AHP를 이용한 정보보호인력 양성 정책 분석 (Analysis on Information Security Manpower Policy by the Analytic Hierarchy Process)

  • 김태성;전효정
    • 한국통신학회논문지
    • /
    • 제31권5B호
    • /
    • pp.486-493
    • /
    • 2006
  • 정보시스템에 대한 위협이 확산되면서 정보보호에 대한 관심이 증대되고 있다. 정보보호 제품을 생산 설치하고, 정보보호 업무를 담당할 정보보호 인력의 중요성도 증가하고 있다. 그동안 정부에서는 정보보호 인력을 양성하기 위한 다양한 정책을 시행해왔다. 하지만 그동안 정부의 정책은 주로 인력이 부족한 정보보호 분야에 많은 인력을 공급하는데 많은 관심을 보여왔다. 정부의 정책은 단기간내에 많은 정보보호 인력을 양성하는 양적 공급확대 측면에서는 성공했지만, 인력수요의 특성에 적합한 인력의 공급이라는 다양한 수요를 만족시키는 측면에서는 이렇다할만한 성과를 보이지 못했다. 본 연구에서는 AHP(Analytic Hierarchy Process) 방법론을 이용하여 정보보호인력의 양성이 우선적으로 필요한 정보보호 세부 기술분야를 도출한다. 연구결과에 의하면, 시스템 네트워크 정보보호 기술 분야의 인력에 대한 양성이 가장 시급한 것으로 나타났다.