• Journal of Korea Society of Digital Industry and Information Management
• /
• v.15 no.1
• /
• pp.43-51
• /
• 2019

This research proposed the necessary capability of cyber security professional personnel for cyber security education and training. Cyber security professional personnel were required specialized capability because the curriculum of cyber security education and training is structured around practice and training. Based on the knowledge, skills, and attitudes of professors, we derive candidate capabilities and index through the results of precedent research. As a result, we derived capability such the candidate capability group as teaching qualification, expert knowledge, practical ability, lecture ability, and research ability, and detailed capability index was derived accordingly. Finally, based on the questionnaire results of the professors related to the information security, it was determined that the capability required for the cyber security education and training professional personnel were expert knowledge, practical ability, and lecture ability. Among the capabilities, executive ability means that they have to fulfil abundant executive experience due to the high proportion of practical training due to the characteristics of cyber security education and training.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.227-235
• /
• 2016

As various measures of law observance obligations such as mandatory obligation of privacy impact assessment (PIA) for public institutions and authorization of information security management system (ISMS) are put into practice, increase in demand for information security consulting and securement of information security consultants are emerging as a major issue. The purpose of this study is to empirically investigate what core competencies information security consultants should possess and how much they actually possess them. By analyzing the differences in perception between practitioners and managers on core competencies, this study understands difference of views between the two groups and suggests ideas for cultivation of information security consultants.

• Journal of Intelligence and Information Systems
• /
• v.26 no.3
• /
• pp.37-50
• /
• 2020

Information security has become an important issue in the world. Various information and communication technologies, such as the Internet of Things, big data, cloud, and artificial intelligence, are developing, and the need for information security is increasing. Although the necessity of information security is expanding according to the development of information and communication technology, interest in information security investment is insufficient. In general, measuring the effect of information security investment is difficult, so appropriate investment is not being practice, and organizations are decreasing their information security investment. In addition, since the types and specification of information security measures are diverse, it is difficult to compare and evaluate the information security countermeasures objectively, and there is a lack of decision-making methods about information security investment. To develop the organization, policies and decisions related to information security are essential, and measuring the effect of information security investment is necessary. Therefore, this study proposes a method of constructing an investment portfolio for information security measures using game theory and derives an optimal defence probability. Using the two-person game model, the information security manager and the attacker are assumed to be the game players, and the information security countermeasures and information security threats are assumed as the strategy of the players, respectively. A zero-sum game that the sum of the players' payoffs is zero is assumed, and we derive a solution of a mixed strategy game in which a strategy is selected according to probability distribution among strategies. In the real world, there are various types of information security threats exist, so multiple information security measures should be considered to maintain the appropriate information security level of information systems. We assume that the defence ratio of the information security countermeasures is known, and we derive the optimal solution of the mixed strategy game using linear programming. The contributions of this study are as follows. First, we conduct analysis using real performance data of information security measures. Information security managers of organizations can use the methodology suggested in this study to make practical decisions when establishing investment portfolio for information security countermeasures. Second, the investment weight of information security countermeasures is derived. Since we derive the weight of each information security measure, not just whether or not information security measures have been invested, it is easy to construct an information security investment portfolio in a situation where investment decisions need to be made in consideration of a number of information security countermeasures. Finally, it is possible to find the optimal defence probability after constructing an investment portfolio of information security countermeasures. The information security managers of organizations can measure the specific investment effect by drawing out information security countermeasures that fit the organization's information security investment budget. Also, numerical examples are presented and computational results are analyzed. Based on the performance of various information security countermeasures: Firewall, IPS, and Antivirus, data related to information security measures are collected to construct a portfolio of information security countermeasures. The defence ratio of the information security countermeasures is created using a uniform distribution, and a coverage of performance is derived based on the report of each information security countermeasure. According to numerical examples that considered Firewall, IPS, and Antivirus as information security countermeasures, the investment weights of Firewall, IPS, and Antivirus are optimized to 60.74%, 39.26%, and 0%, respectively. The result shows that the defence probability of the organization is maximized to 83.87%. When the methodology and examples of this study are used in practice, information security managers can consider various types of information security measures, and the appropriate investment level of each measure can be reflected in the organization's budget.

• Journal of the Society of Disaster Information
• /
• v.5 no.2
• /
• pp.108-122
• /
• 2009

Purpose of this research about reduction the scholastic systematic triangular position of the security guard martial art which repeats a development is insufficient with demand of the while society to recognize and for the philosophic value research of security guard martial art composition principle puts out with the one method and from the reporter to search the aesthetics which appears does. In order to attain the goal of the research which sees the literature which relates with an security guard martial art widly, was an investigation and observed the aesthetics from concept and martial art of aesthetics and this the technical free use ability from actual site of the technical find which leads the practice voluntary repetition practice of security guard martial art with character and the body guard aesthetic integral part experience possibly did, there being will be able to acquire an aesthetic inspiration, confirmed. So the security guard martial art follows the composition principle of maximization central attitude and shock point breath control and mental intensive etc. of reinforcement of direction shock of relativity redundancy mental moral culture body agreement characteristic force and relaxation force and is completed and will be able to embody an aesthetic value with aesthetic elements of technical polishing process inside goes about reduction.

• Journal of Information Technology Applications and Management
• /
• v.19 no.3
• /
• pp.31-47
• /
• 2012

As the dependence on information is increasing, the protection of personal information (PI) becomes a critical issue for the organizations, causing not only financial loss but also negative impacts on corporate images and reputations. To date, academic research in this area is scarce. This study analyzes the factors affecting the establishment and/or implementation of Personal Information Management System (PIMS) and provides direction for the practice. In this study, we assume that PIMS is one of the new technology adopted by organizations, and Unified Theory of Acceptance and Use of Technology (UTAUT) model is selected as a base model for the study. Using structural equation modeling technique, both measurement and structural models are validated, and hypotheses are tested. Major findings of the study include (1) the major driver of the organizations attempting to adopt PIMS seems to be the improvement of the business outcomes, (2) organizational capability and resource are important in the establishment of PIMS, and (3) the perceived difficulty of the establishment of PIMS is not affecting the intention to adopt PIMS. Since the importance of personal information security is high, establishment of PIMS is becoming one of the critical issues in the organizations. The establishment of PIMS should be encouraged to strengthen the competitiveness of businesses and to enhance the security level of the entire nation. It is expected that this study may contribute to developing plans and policies for establishment of PIMS in practice, and to providing a foundation for further research in this area.

• Journal of Information Technology Services
• /
• v.17 no.1
• /
• pp.33-45
• /
• 2018

Recently, many South Korean firms have suffered financial losses and damaged corporate images from the data breaches. Accordingly, a firm should manage their IT assets securely through an information security investment. However, the difficulty of measuring the return on an information security investment is one of the critical obstacles for firms in making such investment decisions. There have been a number of studies on the effect of IT investment so far, but there are few researches on information security investment. In this paper, based on a sample of 76 investment announcements of firms whose stocks are publicly traded in the South Korea's stock market between 2001 and 2017, we examines the market reaction to information security investment by using event study methodology. The results of the main effects indicate that self-developed is significantly related to cumulative average abnormal returns (CAARs), while no significant effect was observed for discloser, investment characteristics and firm characteristics. In addition, we find that the market reacts more favorably to the news announced by the subject of investment than the vendor, in case of investments with commercial exploitation. One of main contributions in our study is that it has revealed the factors affecting the market reaction to announcement of information security investment. It is also expected that, in practice, corporate executives will be able to help make an information security investment decision.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.12a
• /
• pp.513-517
• /
• 2003

올해 발생한 슬래머웜 등 인터넷웜은 감염스피드와 피해영향으로 인하여, 정보보호의 전략을 급격하게 수정하게 만들었다. 가장 큰 문제는 기존의 정보보호제품이 신종 취약점과 공격에는 무용지물임이 증명되었고, 결국 Practice에 근거한 관리 및 프로세스에 의한 보안이 중요함을 보이고 있다. 또한 그동안 보안관리는 온라인화 되지 않은 자산에 근거한 모델이 많았지만 현재는 온라인화 된 자산에 대한 실시간 보안관리 방법이 매우 중요해지고 있다. 실시간 취약점관리, 실시간 위협관리, 실시간 위험관리 등을 통하여, 실시간 보안관리의 해외동향과 이론적 근거에 바탕을 둔 프레임워크 설계를 보이고자 한다.

• Convergence Security Journal
• /
• v.19 no.1
• /
• pp.31-40
• /
• 2019

Today, information security (INFOSEC) as a discipline is gaining more and more importance according to the emergence and extension of the cyberspace. Originated from Joint Doctrine for Information Operation (Joint Pub 3-13) by the U.S. Department of Defense, 'information assurance (IA)' is the concept widely used in the relevant field. Grown from the practice of information security, it encompasses broader and more proactive protection that includes countermeasures and repair, security management throughout an information system (IS)'s life-cycle, and trustworthiness of an IS in the process of risk analysis. In Korea, many industry professionals tend to misunderstand IA, remaining unaware of the conceptual differences between IA and INFOSEC. On this account, the current study attempted to provide a combined definition of IA by reviewing relevant literature. This study showed the validity of the wordings used in the proposed definition phrase by phrase.

• The Journal of Information Systems
• /
• v.21 no.4
• /
• pp.1-29
• /
• 2012

The purpose of this study was to find about personal information security of internet and social networks by focusing on end users. User competence and subjective criterion, which are the antecedents, are affecting security behaviors For these security behaviors, the study examined the relationship between security behavior intention on internet use and security behavior intention about social network that is actively achieved in many fields. Behaviors of internet and social network were classified into an action of executing security and an action of using a security technology. In addition, this study investigated a theory about motivational factors of personal intention on a certain behavior based on theory of reasoned action in order to achieve the purpose of this study. A survey was conducted on 224 general individual users through online and offline, and the collected data was analyzed with SPSS 12.0 and SmartPLS 2.0 to verify demographic characteristics of respondents, exploratory factor analysis, and suitability of a study model. Interesting results were shown that security behavior intention of social network is not significant in all security behavior execution, which is security performance behavior, and security technology use. Internet security behavior is significant to security technology use but it does not have an effect on behavior execution.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.10
• /
• pp.3313-3332
• /
• 2022

This study is an investigation into the factors affecting patient dissatisfaction among Saudi hospitals. The selected factors considered for analysis are security of information sharing, operational practices, disruptive technologies, and the ease of use of EHR patient information management systems. From the literature review section, it was clear that hardly any other studies have embraced these concepts in one as was intended by this study. The theories that the study heavily draws from are the service dominant logic and the feature integration theory. The study surveyed 350 respondents from three large major hospitals in three different metropolitan cities in the Kingdom of Saudi Arabia. This sample came from members of the three hospitals that were willing to participate in the study. The number 350 represents those that successfully completed the online questionnaire or the limited physical questionnaires in time. The study employed the structural equation modelling technique to analyze the associations. Findings suggested that security of information sharing had a significant direct effect on patient satisfaction. Operational practice positively mediated the effect of security of information sharing on patient dissatisfaction. However, ease of use failed to significant impact this association. The study concluded that to improve patient satisfaction, Saudi hospitals must work on their systems to reinforce them against the active threats on the privacy of patients' data by leveraging disruptive technology. They should also improve their operational practices by embracing quality management techniques relevant to the healthcare sector.