• 정보기술과데이타베이스저널
• /
• 제6권2호
• /
• pp.1-18
• /
• 1999

The purpose of this study was to identify the effect of microcomputer networking on user perception of potential threats to security employing user attitudes as a moderating variable. A research model consisting of microcomputer networking as the independent variable, user perception of potential threats to security as the dependent variable, and user attitude toward security control as the moderating variable was developed through literature review. The results of this study provide an empirical evidence of the importance of environmental change(information systems networking) on user perception of potential threats to security. Further-more the result imply that in order to improve security performance through the reinforcement of user perception of threats to security in the organization, user attitudes should be made favorable.

• 한국재난정보학회 논문집
• /
• 제5권2호
• /
• pp.24-37
• /
• 2009

In the political and economic circles of our society, the security and secretary is always accompanying the society leaders, like shadows. The job of the security and secretary is a very difficult one that requires comprehensive and extensive capability and talent. From results of the prior studies, qualities of the security and secretary are divided into three groups. i.e. personal qualities, mental qualities and physical qualities. Each quality can be summarized as follows. Firstly, personal qualities mean honesty, responsibility, initiative, work ethic, sense of duty, modest attitude, kindness and loyalty. Secondly, mental qualities represent agility & composure, judgement, adaptability, memory, prediction, accuracy & reliability, observation and secret. Finally, physical qualities such as health, cleanliness, decent appearance, good feeling voice, physical strength and Martial arts for Protection. The security and secretary equipped with the above three requisites can be said to be the most ideal the security and secretary whom this age want and need.

• 한국항해항만학회지
• /
• 제40권4호
• /
• pp.213-222
• /
• 2016

최근 조직의 정보유출사고가 연이어 발생하면서 조직차원에서 정보보안 관리와 정보보안대책 수립이 시급하다. 특히 조직구성원들의 정보보안 관리 강화 방안을 마련하고 조직구성원들의 정보보안 인식의 제고를 위해 노력을 기울여야 한다. 조직의 정보보안이행 정도가 정보보안성과에 미치는 영향을 확인하기 위한 연구모형을 설정하였으며, 표본 집단으로 해운 항만조직과 금융 보험 조직의 구성원들을 선정하였다. 구조방정식 모형을 이용하여 결과요인을 도출하였으며 설문지를 통해 수집된 데이터를 실증적으로 분석하였다. 해운 항만조직 구성원을 대상으로 정보보안성과에 영향을 미치는 요인을 분석한 결과는 다음과 같다. 첫째, 정보보안인식에 영향을 미치는 요인으로 정보보안태도, 정보보안관심도로 확인되었으며, 둘째, 조직의 정보보안정책에 영향을 미치는 요인으로는 정보보안규범인 것으로 확인되었다. 반면에 정보보안처벌과 정보보안교육은 정보보안정책 준수에 영향을 미치지 않는 것으로 확인되었다. 셋째, 정보보안인식은 정보보안정책준수, 정보보안능력, 정보보안행동에 유의한 영향을 미치는 것으로 확인되었다. 넷째, 정보보안정책준수는 정보보안능력과 정보보안행동에 영향을 미치는 요인으로 확인되었다. 마지막으로 정보보안능력과 정보보안행동은 정보보안성과에 영향을 미치는 요인으로 확인되었다.

• International Journal of Computer Science & Network Security
• /
• 제21권8호
• /
• pp.167-176
• /
• 2021

This is the world of computer science and innovations. In this modern era, every day new apps, webs and software are being introduced. As well as new apps and software are being introduced, similarly threats and vulnerable security matters are also increasing. Web apps are software that can be used by customers for numerous useful tasks, and because of the developer experience of good programming standards, web applications that can be used by an attacker also have multiple sides. Web applications Security is expected to protect the content of critical web and to ensure secure data transmission. Application safety must therefore be enforced across all infrastructure, including the web application itself, that supports the web applications. Many organizations currently have a type of web application protection scheme or attempt to build/develop, but the bulk of these schemes are incapable of generating value consistently and effectively, and therefore do not improve developers' attitude in building/designing stable Web applications. This article aims to analyze the attacks on the website and address security scanners of web applications to help us resolve web application security challenges.

• 융합보안논문지
• /
• 제17권5호
• /
• pp.71-76
• /
• 2017

오늘날은 다수의 정보자산 내 중요 데이터를 다수의 사용자가 필요에 의해, 필요한 만큼 접근하여 열람하고 있는 정보화 사회이다. 이러한 복잡함 속에서 중요 정보 자산에 대해 허가된 사용자의 접근을 확인하고, 사용 이력을 관리하기 위해 계정관리 관련 기술이 적용되고 있다. 그러나 계정을 이용해 중요/민감 정보를 열람할 수 있다는 점은 이것이 탈취 당했을 때 공격자에게 정보 절취의 길을 열어줄 수 있게 된다는 단점이 있다. 따라서 본 논문에서는 계정 소유주의 근태에 기반하여 계정의 사용 유무를 통제할 수 있으면서도, 보안성은 높였고, 편의성 저해도 없는 안전한 계정관리시스템을 제안하였다. 제안된 시스템은 계정 소유주가 업무 목적으로만 계정을 사용할 수 있도록 허가된 기간 내에 2-Factor 인증을 통해 로그인을 허용한다. 이를 통해 계정 유휴 기간 내 발생할 수도 있는 정보 유출을 사전에 차단할 수 있다.

• Asia pacific journal of information systems
• /
• 제32권1호
• /
• pp.32-50
• /
• 2022

Technology acceptance is one of the most popular research areas. Rapid developments in technology are making human life more comfortable. However, still most of the rural area has been deprived of benefits of technological advancement. Seventy percent population of India resides in rural area. Leveraging the improved penetration of the internet; mobile friendly population in rural India has been increasingly shopping online in the last few years. e-Governance is one of the important vehicles to provide efficient services to the citizens by Governments. One major obstacle is acceptance of e-Governance platforms by the citizens. Considering the increasing trend of using e-Commerce in rural area, this paper attempts to investigate moderating effect of online shopping experience on intention to use e-Governance portals. We surveyed 365 villagers across Maharashtra: one of the leading states in India. The result confirmed online shopping experience moderates the relationship between: 'perceived security & privacy' and 'attitude'; 'perceived security & privacy' and 'intention to use'; 'Perceived usefulness' and 'attitude'; and, 'attitude' and 'intention to use'. In this study definition of moderating variable 'experience' is unique and different than most of the popular studies. We defined experience as: 'prior use of any application of technology similar to the target application of technology'. Whereas prior studies considered experience as prior experience with target application of the technology.

• 정보보호학회논문지
• /
• 제27권5호
• /
• pp.1167-1188
• /
• 2017

본 연구는 우리나라 사이버위협 정보 공유의 활성화를 위해 사이버위협 정보를 제공하는 데에 영향을 미치는 요인들을 연구하였으며, 특히 제공하는 정보의 중요도에 따른 제공의도를 비교해보았다. 연구방법은 정보보호 관련 실무자들을 대상으로 정보공유시스템의 이용자 측면에서 온라인 설문 및 실증분석을 실행하였다. 연구 결과, 간단한 정보에 대해서는 오로지 최고경영자의 태도만이 정보 제공의도에 영향을 미쳤다. 반면 중요한 정보에 대해서는 최고 경영자의 태도뿐만 아니라 정보평가체계, 민간화, 법적처벌 완화의 순으로 유의미한 영향을 미쳤다. 본 연구의 결과를 통해 국내 사이버위협 정보공유시스템의 문제점을 파악할 수 있으며, 개선사항의 우선순위와 정보 공유 시스템의 개선 전후 정보 제공의도의 변화를 확인할 수 있다.

• 디지털융복합연구
• /
• 제11권1호
• /
• pp.27-38
• /
• 2013

보안정책의 두 가지 구성요소는 내용과 형식이다. 지금까지 보안 정책 내용에 대한 연구는 폭 넓게 수행되어온 반면, 보안 정책의 형식에 대해서는 관련연구가 매우 부족한 실정이다. 형식이 보안정책의 성공을 결정하는 중요한 요인이기 때문에 어떻게 보안 정책의 형식을 작성할 것인가는 매우 중요하다. 따라서 본 연구의 목적은 보안 정책의 형식과 조직 구성원들의 보안 정책 준수간의 관계를 규명하는 것이다. 분석결과 보안정책의 형식은 보안준수태도, 주관적 규범, 인지된 행위 통제, 그리고 인지된 보안정책 준수비용에 유의한 영향을 미치는 것으로 나타났으며, 보안정책 준수태도와 주관적 규범은 지속적 보안준수 의도에 유의한 영향을 미치는 것으로 나타났다.

• 디지털산업정보학회논문지
• /
• 제10권4호
• /
• pp.97-107
• /
• 2014

The development of ICT has led positive aspects such as popularization of Internet. It, on the other hand, is causing a negative aspect, Cyber Terror. Although the causes for recent and continuous increase of cyber security incidents are various such as lack of technical and institutional security measure, the main cause which threatens the cyber security is the users' lack of awareness and attitude. The purpose of this study is the positive analysis of how the personal and job characteristics influence the cyber security training participation rate and the response ability to cyber terror response training with a sample case of K-corporation employees. In this paper, the relationship among career, gender, department, whether he/she is a cyber security specialist, whether he/she is a regular employee), "ratio of cyber security training courses during recent three years", "ratio that he/she has opened the malicious email in cyber terror response training during recent three years", "response index of virus active-x installation (higher index means poorer response)" is closely examined. Moreover, based on the examination result, the practical and political implications regarding K-corporation's cyber security courses and cyber terror response training are studied.

• Asia pacific journal of information systems
• /
• 제18권4호
• /
• pp.1-26
• /
• 2008

Rapid progress of information technology and widespread use of the personal computers have brought various conveniences in our life. But this also provoked a series of problems such as hacking, malicious programs, illegal exposure of personal information etc. Information security threats are becoming more and more serious due to enhanced connectivity of information systems. Nevertheless, users are not much aware of the severity of the problems. Using appropriate password is supposed to bring out security effects such as preventing misuses and banning illegal users. The purpose of this research is to empirically analyze a research model which includes a series of factors influencing the effectiveness of passwords. The research model incorporates the concept of risk based on information systems risk analysis framework as the core element affecting the selection of passwords by users. The perceived risk is a main factor that influences user's attitude on password security, security awareness, and intention of security behavior. To validate the research model this study relied on questionnaire survey targeted on evening class MBA students. The data was analyzed by AMOS 7.0 which is one of popular tools based on covariance-based structural equation modeling. According to the results of this study, while threat is not related to the risk, information assets and vulnerability are related to the user's awareness of risk. The relationships between the risk, users security awareness, password selection and security effectiveness are all significant. Password exposure may lead to intrusion by hackers, data exposure and destruction. The insignificant relationship between security threat and perceived risk can be explained by user's indetermination of risk exposed due to weak passwords. In other words, information systems users do not consider password exposure as a severe security threat as well as indirect loss caused by inappropriate password. Another plausible explanation is that severity of threat perceived by users may be influenced by individual difference of risk propensity. This study confirms that security vulnerability is positively related to security risk which in turn increases risk of information loss. As the security risk increases so does user's security awareness. Security policies also have positive impact on security awareness. Higher security awareness leads to selection of safer passwords. If users are aware of responsibility of security problems and how to respond to password exposure and to solve security problems of computers, users choose better passwords. All these antecedents influence the effectiveness of passwords. Several implications can be derived from this study. First, this study empirically investigated the effect of user's security awareness on security effectiveness from a point of view based on good password selection practice. Second, information security risk analysis framework is used as a core element of the research model in this study. Risk analysis framework has been used very widely in practice, but very few studies incorporated the framework in the research model and empirically investigated. Third, the research model proposed in this study also focuses on impact of security awareness of information systems users on effectiveness of password from cognitive aspect of information systems users.