• 정보보호학회논문지
• /
• 제28권1호
• /
• pp.269-281
• /
• 2018

정보화 사회에서 핵심 가치로 평가받고 있는 자원은 정보 그 자체이다. 이런 이유로 기업의 가치 있는 정보를 노리는 시도가 많아지며 정보보안 사고가 급증하고 있다. 기업에서는 정보보안 사고를 예방하기 위해 다양한 정보보안 부문에 투자하고 있으나, 어떤 부문에 대한 투자가 정보보안 사고를 감소시키는 데에 직접적으로 기여하는지는 잘 알지 못한 채 투자하고 있다. 기업의 대표적인 정보보안 투자 부문인 제품뿐만 아니라 대표적인 정보보안 서비스 사업으로 각광받고 있는 정보보안 교육 및 훈련, 보안관제 서비스, 그리고 취약점 분석의 투자 효용을 알아보기 위해 본 연구를 진행하였다. 한국 인터넷 진흥원의 2014년 정보보호 실태 조사의 원자료를 이용하고, 총 정보보안 사고건수를 종속변수로 두고 음이항분포 회귀분석을 실시한 결과 교육 서비스와 취약점 분석 서비스가 정보보안 사고를 줄이는 데에 유의미하게 기여하는 것으로 판단되었다. 이 연구는 학문적으로는 정보보안 경제학을 이론적 배경으로하여 정보보안 투자 부문의 실제 효용을 파악한 연구이며, 실증적으로는 조직에서 한정된 자원을 정보보안 투자에 배분할 때 효율적인 의사결정을 하는 데에 지침을 제공할 수 있는 연구이다.

• 한국정보시스템학회지:정보시스템연구
• /
• 제10권1호
• /
• pp.127-146
• /
• 2001

The area of business applications in the internet are extended enormously in result of fast development of computing and communication technologies, increase of internet use, and use of intranet/extranet in enterprise information system. Widely spread the use of the internet, there are various applications for Business to Business (B to B) or Business to Customer(B to C) model that are based on the intranet or extranet. This paper designed and implemented the Web-based Electronic Bidding System for Business to Business (B to B) model. The technical issues of electronic bidding system in the internet are involved in the connection between web client and server, electronic data interchange for the contract document, and security solution during the bidding and contracting processes. The web-based electronic bidding system in this paper is implemented using Java applet and servlet as a connection interface for web client and server, XML/EDI-based documents for a bid and a contract, and bidding server and notary server for enhancing the security using PKI(Public Key Infrastructure)-based public key cryptography, digital signature and Certification Authority(CA).

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제7권5호
• /
• pp.1213-1235
• /
• 2013

In this paper, we investigated the factors affecting the intention to use smartphone banking with a research model based on the Technology Acceptance Model (TAM) extended to include security risk, trust, and self-efficacy. With analysis after controlling factors such as age, gender, and previous experience of smartphone banking that may have effects, we conclude that perceived usefulness, perceived ease of use, security risk, and trust have direct effect on the intention to use smartphone banking, and self-efficacy has indirect effect on the intention to use through mediation of perceived ease of use. We performed a study to check the validity of TAM in the context of smartphone banking, and confirmed that perceived ease of use has both direct and indirect effect on the intention to use.

• Journal of information and communication convergence engineering
• /
• 제21권1호
• /
• pp.32-44
• /
• 2023

Information security breach is a major risk in e-learning. This study presents the potential information security disruptions in Learning Management Systems (LMS) from the perspective of users. We use the Technology Acceptance Model approach as a user perception model of information security, and the results of a questionnaire comprising 44 questions for instructors and students across Indonesia to verify the model. The results of the data analysis and model testing reveals that lecturers and students perceive the level of information security in the LMS differently. In general, the information security aspects of LMSs affect the perceptions of trust of student users, whereas such a correlation is not found among lecturers. In addition, lecturers perceive information security aspect on Moodle is and Google Classroom differently. Based on this finding, we recommend that institutions make more intense efforts to increase awareness of information security and to run different information security programs.

• Journal of Information Processing Systems
• /
• 제10권2호
• /
• pp.240-255
• /
• 2014

Cloud computing has increasingly been drawing attention these days. Each big company in IT hurries to get a chunk of meat that promises to be a whopping market in the future. At the same time, information is always associated with security and risk problems. Nowadays, the handling of these risks is no longer just a technology problem, with a good deal of literature focusing on risk or security management and framework in the information system. In this paper, we find the specific business meaning of the BMIS model and try to apply and leverage this model to cloud risk. Through a previous study, we select and determine the causal risk factors in cloud service, which are also known as CSFs (Critical Success Factors) in information management. Subsequently, we distribute all selected CSFs into the BMIS model by mapping with ten principles in cloud risk. Finally, by using the leverage points, we try to leverage the model factors and aim to make a resource-optimized, dynamic, general risk control business model for cloud service providers.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제9권3호
• /
• pp.1231-1245
• /
• 2015

People have transferred their business model from traditional commerce to e-commerce in recent decades. Both shopping and payment can be completed through the Internet and bring convenience to consumers and business opportunities to industry. These trade techniques are mostly set up based on the Secure Sockets Layer (SSL). SSL provides the security for transaction information and is easy to set up, which makes it is widely accepted by individuals. Although attackers cannot obtain the real content even when the transferred information is intercepted, still there is risk for online trade. For example, it is impossible to prevent credit card information from being stolen by virtual merchant. Therefore, we propose a new mechanism to solve such security problem. We make use of the disposable dynamic security code (DSC) to replace traditional card security code. So even attackers get DSC for that round of transaction, they cannot use it for the next time. Besides, we apply visual secret sharing techniques to transfer the DSC, so that interceptors cannot retrieve the real DSC even for one round of trade. This way, we can improve security of credit card transaction and reliability of online business. The experiments results validate the applicability and efficiency of the proposed mechanism.

• International Journal of Computer Science & Network Security
• /
• 제23권2호
• /
• pp.210-226
• /
• 2023

It is difficult to transform a blockchain initiative from the feasibility stage to the fully commercialized the technology's products or services, especially considering the significant investment required and the lack of studies on the benefits and barriers from deployment perspective. Whereas some organizations have come up with their own solutions to moving beyond the feasibility stage, commercial applications do not yet exist and few organizations are willing to invest beyond the prototype phase and fill in the gap between the expected and actual business value of these types of projects. This study aims to develop a blockchain model using a survey to gather qualitative data on experts' opinions on the deployment of blockchain technology. Our model will measure how business professionals could take advantage of blockchain's disruptive technology to develop business opportunities. This study's contribution is to show blockchain technology's potential strategic business value. The findings from this exploration include the prospective for delivering comprehensions to businesses for different creating investment choices on the embracing of the blockchain technology.

• 한국IT서비스학회지
• /
• 제11권3호
• /
• pp.17-38
• /
• 2012

Social network service(SNS), provided by social network sites such as Facebook, Twitter and Cyworld is rapidly growing in online business. Furthermore, many companies have growing interests in finding effective ways to use SNSs for their innovations, marketing and advertisement. In fact, firms have recognized the utility value of the SNS for their business. In this aspect, this study attempts to identify key factors influencing the intention to continuous use of SNSs. Based on the UTAUT(the Unified Theory of Acceptance and Usage of Technology)model, this study proposes the research model, including the effects of social network service characteristics(social relationship support, information sharing, image expression) and individual characteristics(self-disclosure, extroversion, familiarity) on performance expectancy as well as the moderating effect of perceived information security among UTAUT variables. The 412T sets of data collected in a survey were tested against the modeling using SEM using SmartPLS. Results indicated that social network service and individual characteristics had significant effect on performance expectancy with exception of self-disclosure. In addition, the moderating effect of perceived information security had significant effect. The results had important implications for firms providing SNSs hoping to develop a successful business model.

• Journal of Information Processing Systems
• /
• 제16권2호
• /
• pp.377-393
• /
• 2020

Freight management systems require a new business model for rapid decision making to improve their business processes by dynamically analyzing the previous experience data. Moreover, the amount of data generated by daily business activities to be analyzed for making better decisions is enormous. Online-to-offline or offline-to-online (O2O) is an electronic commerce (e-commerce) model used to combine the online and physical services. Data analysis is usually performed offline. In the present paper, to extend its benefits to online and to efficiently apply the big data analysis to the freight management system, we suggested a system architecture based on O2O services. We analyzed and extracted the useful knowledge from the real-time freight data for the period 2014-2017 aiming at further business development. The proposed system was deemed useful for truck management companies as it allowed dynamically obtaining the big data analysis results based on O2O services, which were used to optimize logistic freight, improve customer services, predict customer expectation, reduce costs and overhead by improving profit margins, and perform load balancing.

• 한국IT서비스학회지
• /
• 제18권5호
• /
• pp.155-164
• /
• 2019

With the emergence of new ICT technologies, information security threats are becoming more advanced, intelligent, and diverse. Even though the awareness of the importance of information security increases, the information security budget is not enough because of the lack of effectiveness measurement of the information security investment. Therefore, it is necessary to optimize the information security investment in each business environment to minimize the cost of operating the information security countermeasures and mitigate the damages occurred from the information security breaches. In this paper, using genetic algorithms we propose an investment optimization model for information security countermeasures with the limited budget. The optimal information security countermeasures were derived based on the actual information security investment status of SMEs. The optimal solution supports the decision on the appropriate investment level for each information security countermeasures.