• Journal of Korea Society of Digital Industry and Information Management
• /
• v.14 no.3
• /
• pp.55-68
• /
• 2018

In this paper, we identify and evaluate the information security factors considered in outsourcing development of information systems for defense agency with analytic hierarchy process(AHP). To assess the information security elements, we prepared three groups including the experts of a defense agency, subcontractor managers and subcontractor practitioners who are involved in developing information systems. And the relative importance of security factors were analyzed using questionnaires and responses. As a result of analysis of 27 security factors, factors corresponding to human and physical security as a whole were evaluated as having higher importance. Although there are some differences in the ranking of some importance according to human roles, they can be positive for the implementation of complementary information security. And administrative security and technical security can be relatively insignificant considering that they can be considered as infrastructure of the overall information environment. The result of this paper will be helpful to recognize the difference of perception of information security factors among the persons in the organization where collaboration is activated and to prepare countermeasures against them.

• Journal of the Korea Convergence Society
• /
• v.13 no.1
• /
• pp.283-295
• /
• 2022

This study attempts to explore factors that influence the perception of importance of information security. Three possible exogenous variables including perceived certainty of punishment, perceived response cost, and acquiescense are suggested that are based on the protectiom motivation theory. As a result, we found followings. First, The perceived punishment certainty has a significant effect on the perceived importance of information security. Also, it influences a negative effect on acquiescence. Second, the response cost has a negative effect on the perceived importance of information security. In addition, the response cost positively effects on acquiescence. Finally, acquiescence negatively influences on the perceived importance of information security. The results show that, in order to increase the perceived importance of information security among employees, it is necessary to make them aware that a security violation can result in certain punishment. At the same time, organizations should also attempt to remove major obstacles accompanying security behaviors of employees. Finally, organizations encourage open communication relating to information security among employees.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.919-929
• /
• 2014

Recently, organizational efforts to adopt ISMS(Information Security Management System) have been increasingly mandated and demanded due to the rising threat and the heavier cost of security failure. However there is a serious gap between awareness and investment of information security in a company, hence it is very important for the company to control effectively a variety of information security threats within a tight budget. To phase the ISMS, this study suggests the priorities based on evaluating the Importance of 13 areas for the ISMS by the information security experts and then we attempt to see the difference between importance and investment through the assessment of the actual investment in each area. The research findings show that intrusion incident handling is most important and IT disaster recovery is the area that is invested the most. Then, information security areas with the considerable difference between priorities of importance and investment are cryptography control, information security policies, education and training on information security and personnel security. The study results are expected to be used in making a decision for the effective investment of information security when companies with a limited budget are considering to introduce ISMS or operating it.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1329-1335
• /
• 2014

The importance of information security is increasing in the public and private organizations. The interruption of the information system might cause massive disorder. To protect information systems effectively, information systems would be categorized and managed in terms of degree of importance. In this study, we suggest a new evaluation method that categorizes information systems based on the three nature of security, confidentiality, integrity and availability. For validation of the method, we use a case study in a public sector. Through the validation of method, the availability of applying the method for categorization information systems to other domains could be suggested.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.3
• /
• pp.133-155
• /
• 2016

Recently, in the adoption of cloud computing are emerging as locations are key requirements of security and privacy, at home and abroad, several organizations recognize the importance of privacy in cloud computing environments and research-based transcription and systematic approach in progress have. The purpose of this study was to recognize the importance of privacy in the cloud computing environment based on personal information security methodology to the security of cloud computing, cloud computing, users must be verified, empirical research on the improvement plan. Therefore, for existing users of enhanced security in cloud computing security consisted framework of existing cloud computing environments. Personal information protection management system: This is important to strengthen security for existing users of cloud computing security through a variety of personal information security methodology and lead to positive word-of-mouth to create and foster the cloud industry ubiquitous expression, working environments.

• Journal of the Korea Convergence Society
• /
• v.9 no.9
• /
• pp.69-81
• /
• 2018

The ultimate intention of this research is to identify the factors that have a significant effect on the perceived importance of information security as the antecedent of intention to information security policy compliance. We found that the effectiveness of information security training program did not have statistically significant effect on the perceived cost of policy compliance. Second, the effectiveness of information security policy has significant influence on the perceived cost of policy compliance. Third, perceived vulnerability has a significant effect on the perceived cost of policy compliance. Fourth, perceived cost of policy compliance has a significant effect on perceived importance of information security. Fifth, supervisor's attitude toward information security silence has a significant effect on employee silent behavior towards information security. Sixth, communication opportunities towards information security has a significant influence on employee silent behavior towards information security. Finally, it was shown that employee silent behavior towards information security had a significant influence on the perceived importance of information security.

• Korean Management Science Review
• /
• v.31 no.4
• /
• pp.1-13
• /
• 2014

This study aims to expand the future study methodology and to develop a methodology of future-oriented curriculum analysis with future skills needs derived from patent analysis. With the case of information security, the methodology is applied to the 16 universities, which have information security department in undergraduate course. From the results, the followings are suggested : 1) for the increasing importance area including hacking, infiltration and PC security, a practical exercise should be emphasized; 2) for the convergence area including security policy, security legislation and OS security, proper faculties should be filed with recruiting field-based experts; 3) for the increasing importance area including professional area including security audit and information security protocol, the advanced curriculum related to graduate level should be provided.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.2
• /
• pp.747-763
• /
• 2018

Information Technology (IT) plays an increasingly important role for small and medium-sized enterprises. It has become fundamental for these companies to protect information and IT assets in relation to risks and threats that have grown in recent years. This study aims to understand the importance and structure of an information security policy, using a quantitative study that intends to identify the most important and least relevant elements of an information security policy document. The findings of this study reveal that the top three most important elements in the structure of a security policy are the asset management, security risk management and define the scope of the policy. On the other side, the three least relevant elements include the executive summary, contacts and manual inspection. Additionally, the study reveals that the importance given to each element of the security policy is slightly changed according to the sectors of activity. The elements that show the greatest variability are the review process, executive summary and penalties. On the other side, the purpose of the policy and the asset management present a stable importance for all sectors of activity.

• Asia pacific journal of information systems
• /
• v.9 no.4
• /
• pp.181-201
• /
• 1999

This study presents an information security level index and a quantification scheme. A comprehensive survey on previous researches in information security checklists has been performed. A candidate indicator list for information security level has been developed, Desirability of each indicator has been tested by 4 criteria, They are general validity, relative importance, probability of accident and impact of accident. 67 experts' opinion has been collected and analysed. The result shows that selected indicators are a very good candidate set for the determination of information security level. A factor analysis shows indicators are well structured. There exists strong correlation between validity and probability, validity and impact, and importance and probability. A quantification scheme of information security index has been developed by experts' judgement and statistical tests.

• Journal of Platform Technology
• /
• v.11 no.5
• /
• pp.126-135
• /
• 2023

Demand for NFT is expanding along with Blockchain. And cyber security threats are also increasing. Therefore, this study derives security level inspection items by analyzing status related to NFT security such as NFT features, security threats, and compliance for the purpose of strengthening NFT security. Based on this, the relative importance was confirmed by applying it to the AHP model. As a result of the empirical analysis, the priority order of importance was found in the order of Security management system establishment and operation, encryption, and risk management, etc. The significance of this study is to reduce NFT security incidents and improve the NFT security management level of related companies by deriving NFT-related security level check items and demonstrating the research model. And If you perform considering relative importance of the NFT check items, the security level can be identified early.