• Journal of Digital Convergence
• /
• v.11 no.11
• /
• pp.1-13
• /
• 2013

Every big online security breach seems to end in a big lecture. Thus, although a predominant weakness in properly securing information assets is the individual user within an organization, much of the focus of extant security research is on technical issues. The purpose of this study is to explain why insiders breach security policy by applying the moral disengagement theory. There are no consistent, widely accepted theories or theoretical frameworks in the literatures as to why insiders breach of information security, and therefore no clear, effective guidance on what to do to prevent employees from violating information security policy in organization. To do this, we theorize that moral disengagement may play a mediating role connecting stable individual differences to intention to breach security policy, because of some of the individual differences. We found that policy awareness and perceived punishment have a negatively significant effect on moral disengagement. However, negative affectivity has a positively significant influence on moral disengagement. Furthermore, moral disengagement has a positive effect on intention to breach security policy. Conclusions and implications are discussed.

• Korean Security Journal
• /
• no.42
• /
• pp.155-178
• /
• 2015

This study surveyed the subject of companies' industrial security on priorities of the government policy for the confidentiality of corporate and the necessity of expanding the government support for the industrial security. In determining the priority, we should consider all opinions of companies, individuals, societies, and governments that associated with the confidentiality. Especially in industrial security, companies are the most significant beneficiaries and consumers of security policy and it would be the basis for supporting on policy-making. As a result, we analyzed the 50 valid questionnaires collected from security personnel of Korean corporations and 'Enhance support for education and promotion of human resource (On/Off-Line)', 'Establish Security management and Security measures', and 'Enhance Security professionals status via qualifications/certifications' are shown as 1st, 2nd, 3rd priority of government policy to protect Corporate confidential information including its customer information. All respondents of the study says that the Government support for Industrial Security should be enlarged.

• Journal of the Korea Society of Computer and Information
• /
• v.7 no.4
• /
• pp.141-149
• /
• 2002

Recently, a number of network systems are developed rapidly and network architectures are more complex than before, and a policy-based network management should be used in network system. Especially, a new paradigm that policy-based network management can be applied for the network security is raised. A security policy server in the management layer can generate new policy, delete. update the existing policy and decide the policy when security policy is requested. The security server needs to analyze and manage the alert message received from server Policy enforcement system in the enforcement layer for the available information. In this paper, we implement an alert analyzer that analyze the stored alert data for making of security policy efficiently in framework of the policy-based network security management. We also propose a data mining system for the analysis of alert data The implemented mining system supports alert analyzer and the high level analyzer efficiently for the security.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.10C
• /
• pp.1033-1044
• /
• 2003

In this paper, we propose security management architecture that manages efficiently security systems that are produced by different companies and programmable middleware that can reduce the load of management traffic. The proposed architecture applies programmable networks technology to policy based network management (PBNM). The proposed architecture manages and cooperates various security systems using security policy. Also, the programmable middleware provides convenience of management and reduces the overhead of a policy server by translating security policy into execution command. In addition, using programmable middleware, an administrator can manage various security systems that are produced by different companies. We showed that the programmable middleware could reduce the load of management traffic by comparing processing time for enforcing and transferring of policies/messages between the proposed architecture and PBNM architecture.

• The Journal of Information Systems
• /
• v.22 no.4
• /
• pp.49-69
• /
• 2013

Recently, enterprises have reinforced security control in order to prevent infringement of personal information and abuse of customer information by insiders. However, the reinforcement of security control by enterprises makes it difficult for internal users to perform business by using a business information system. There is, therefore, a need for research on various fields, which makes it possible to establish an appropriate security control policy while minimizing an impact on business. The present research verifies and analyzes an impact on difficulty in business of internal users using customer information, which is caused by security control performed by display restriction on customer information identifiers. The present research is intended to academically develop a technique for statistically analyzing an impact degree and a causal relationship between security control and an impact on business, which is a dichotomous variable, and to practically contribute to the establishment of an efficient security policy in consideration of an impact on business when an enterprise applies security control. A research target was internal business information systems of domestic securities enterprises, data was collected by questionnaire, and verification/analysis was performed by logistic regression analysis.

• Management & Information Systems Review
• /
• v.4
• /
• pp.309-325
• /
• 2000

Organizations rely on Secure ID resources today to handle vast amounts of information. Because the data can vary widely in type and in degree of sensitivity, employees need to be able to exercise flexibility in handling and protecting it. It would not be practical or cost-effective to require that all data be handled in the same manner or be subject to the same protection requirements. Without some degree of standardization, however inconsistencies can develop at introduce risks. Policy formulation is an important step toward standardization of security activities for ID resources. ID security policy is generally formulated from the input of many members of an organization, including security officials, line managers, and ID resource specialists. However, policy is ultimately approved and issued by the organization's senior management. In environments where employees feel inundated with policies, directives, guidelines and procedures, an ID security policy should be introduced in a manner that ensures that management's unqualified support is clear. The organization's policy is management's vehicle for emphasizing the commitment to ID security and making clear the expectations for employee involvement and accountability. This paper will discuss ID security Policy in terms of the different types (program-level and issue-specific), components, and Implementation of Expert System Simulation based on 4GL, PowerBuilder.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.6
• /
• pp.243-253
• /
• 2016

Company strengthen various information security policy and activity in order to protect important information assets that the company has been dealing with and prevents information security accidents such as personal information spill. However, some study said these policy and activity increase employee's information security stress and still information security accidents by employees have happened so far. Therefore, this study will review preceding theories and studies used in many various fields including Information Security areas needed to explain human's behavioral intention and determinants and summarize characteristic factors that have influence on control of human's behavioral intention in the results of the above theories and studies. Secondly, this study will implement exploratory analysis on characteristic factors perceived by employees that has been stemmed from various company's information security policy and activity in order to increase employee/'s information security compliance intention under the its surrounding security circumstance. Thirdly, this study will fulfil multiple-regression analysis in order to identify cause-effect relationship between employee's perceived information security stress and employee's perceived characteristic factor. Finally, this study will explain casual relationship with same analysis methods between information security stress and information security compliance intention based on results of the survey conducted on the financial firm's employees with same analysis methods.

• Journal of Digital Convergence
• /
• v.10 no.1
• /
• pp.105-111
• /
• 2012

This study is to propose national information security policies based on the policy framework, which has four components: government, industry/company, individual, and environments. According to the framework, the four policy agenda are derived: national information security governance scheme, information security industry competitiveness and corporate security level enhancement, eco-system for security professionals, and finally related laws & regulations modification and security culture movement. Specific issues and policies in each agenda are proposed.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.42 no.2
• /
• pp.36-48
• /
• 2019

As the importance of Knowledge Management System (KMS) in the military increases, Republic of Korea Army (ROK Army) developed Army Knowledge Portal. Although the members in the military are encouraged to use the portal, few members currently use it. This study was conducted to find variables to predict the user's intention to use the portal, which contributes to activating the use of Army Knowledge Portal in the army. On the basis of Technology Acceptance Model (TAM), ten variables such as perceived ease of use, general information security awareness, information security awareness, expectation for external rewards, expectation for relationships, sense of self-worth, attitude toward compliance with security policy, attitude toward knowledge sharing, intention of non-combat knowledge sharing, and intention of combat knowledge sharing were considered as independent variables. 105 participants on active duty who currently use or have experience to use the portal participated in this study. The results indicated that general information security awareness and information security awareness increases compliance with the information security policy. In addition, the attitude toward knowledge sharing is enhanced by expectations for relationship and sense of self-worth. Based on the results, the authors propose the need for policy alternatives to reinforce the reward system and security policy, which activates the use of Knowledge Portal Service for ROK Army.

• Journal of Digital Convergence
• /
• v.11 no.2
• /
• pp.19-32
• /
• 2013

The purpose of this paper is to find an answer why employees in organization violate the organizational information security policy. To do this, this study is rooted in the moral disengagment theory. This study found that moral belief and perceived sanction have an effect on security policy violation. However, if moral disengagement is involved in the research model, perceived sanction is not significant. Finally, SETA, moral belief, and perceived sanction have a negative effect on moral disengagement, which in turn moral disengagement influences positively the security policy violation. The conclusions and implications are discussed.