• Journal of the Korean Operations Research and Management Science Society
• /
• v.32 no.2
• /
• pp.149-162
• /
• 2007

In the era of the internet and ubiquitous computing, IS users are still facing a variety of threats. Therefore, a need of more tightened information security service increases unprecedentedly. In this sense, this study is aimed at proposing a new research model in which IT assets (i.e., network, system, and information influence) Security and Information Security Service (i.e., confidentiality, integrity, nonrepudiation, authentication) affect information security quality positively, leading to users' satisfaction eventually. To prove the validity of the proposed research model, PLS analysis is applied with valid 177 questionnaires. Results reveal that both IT assets Security and Information Security Service influence informations security qualify positively, and user satisfaction as well. From the results, it can be concluded that Korean government's recent orchestrated efforts to boost the IT assets Security and Information Security Service helped great improve the information security quality and user satisfaction.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.5
• /
• pp.131-142
• /
• 2009

While users of information security products require high-quality products that are secure and have high performance, there are neither examples for evaluating the quality of information security products nor studies on the quality model and metrics for the quality evaluation. In this paper, information security products are categorized into three different types and the security and performance of various information security products are analyzed. Through this process and after consideration of information security products' security and performance, a new quality model that possesses 7 characteristics and 24 sub-characteristics has been defined. In addition, metrics consisting of 62 common and 45 extended metrics that can be used to evaluate the quality of information security products are introduced, and a proposition for a method of generating the quality evaluation metrics for specific information security products is included. The method of generating metrics proposed in this paper can be extended in order to be applied to a variety of information security products, and by generating and verifying the quality evaluation metrics for firewall, intrusion detection systems and fingerprint systems it is shown that it applicable on a variety of information security products.

• Journal of Information Technology Applications and Management
• /
• v.16 no.2
• /
• pp.23-43
• /
• 2009

For reliability and confidentiality of information security systems, the security engineering methodologies are accepted in many organizations. To improve the effectiveness of security engineering, this paper suggests a security methodology ISEM, which considers both product assurance and production processes, takes advantages in terms of quality and cost. To verify the effectiveness of ISEM, this paper introduces the concepts of quality loss, and compares the development costs and quality losses between ISEM and CC through the development of VPN system.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1995.11a
• /
• pp.41-47
• /
• 1995

This research suggests a criterion, security quality, which is a unifying principle in computer network security that has the lack of a unifying principle. The security quality includes secrecy, integrity, recording, and availability among the factors that represent the security evaluation of the computer system. So, we defined the security quality, which is a basis for determining the security level, as the grand total of evaluation about each factor.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.33 no.3
• /
• pp.1-9
• /
• 2010

To protect information resources, many organizations including private corporate and government employ integrated information security systems which provide the functions of intrusion detection, firewall, and virus vaccine. So, in order to develop a reliable integrated information security system during the development life cycle, the managers in charge of the development of the system must effectively distribute the development resources to the quality factors of an integrated information security system. This study suggests a distribution methodology that minimizes the total cost with satisfying the minimum quality level of an integrated information security system by appropriately assigning development resources to quality factors considered. To achieve this goal, we identify quality factors of an integrated information system and then measure the relative weights among the quality factors using analytic hierarchy process (AHP). The suggested distribution methodology makes it possible to search an optimal solution which minimizes the total cost with satisfying the required quality levels of processes by assigning development resources to quality factors during the development life cycle.

• Journal of Information Technology Applications and Management
• /
• v.11 no.2
• /
• pp.45-64
• /
• 2004

Many researchers have proved that information systems auditing is a very effective tool for improving information systems quality. However, information system auditing in Korea still includes many subjective judgements. This study deals with applying a quantitative model to improve information system auditing quality on security domain. First of all, we have looked at previous researches on information systems audit, especially on security audit. Based on this survey, we have come up with solutions to improve the evaluation efficiency on security audit. We have merged the security audit guidelines of NCA and KISA, and developed a quantified evaluation scheme. We have proved the validity of this model by interviews with experts and by case studies.

• Journal of Communications and Networks
• /
• v.11 no.6
• /
• pp.634-644
• /
• 2009

A diversity of wireless networks, with rapidly evolving wireless technology, are currently in service. Due to their innate physical layer vulnerability, wireless networks require enhanced security components. WLAN, WiBro, and UMTS have defined proper security components that meet standard security requirements. Extensive research has been conducted to enhance the security of individual wireless platforms, and we now have meaningful results at hand. However, with the advent of ubiquitous service, new horizontal platform service models with vertical crosslayer security are expected to be proposed. Research on synchronized security service and interoperability in a heterogeneous environment must be conducted. In heterogeneous environments, to design the balanced security components, quantitative evaluation model of security policy in wireless networks is required. To design appropriate evaluation method of security policies in heterogeneous wireless networks, we formalize the security properties in wireless networks. As the benefit of security protocols is indicated by the quality of protection (QoP), we improve the QoP model and evaluate hybrid security policy in heterogeneous wireless networks by applying to the QoP model. Deriving relative indicators from the positive impact of security points, and using these indicators to quantify a total reward function, this paper will help to assure the appropriate benchmark for combined security components in wireless networks.

• Proceedings of the Korean Operations and Management Science Society Conference
• /
• 2006.11a
• /
• pp.467-481
• /
• 2006

In the era of the Internet and ubiquitous computing, IS users are still facing a variety of threats. Therefore, a need of more tightened information security service increases unprecedentedly. In this sense, this study is aimed at proposing a new research model in which IT assets (i.e., network, system, and information influence) and Information Security Service (i.e., confidentiality, integrity, nonrepudiation, authentication) affect information security qualty positively, leading to users' satisfaction eventually To prove the validity of the proposed research model, PLS analysis is applied with valid 177 questionnaires. Results reveal that both IT assets and Information Security Service influence informations security quality positively, and user satisfaction as well. From the results, it can be concluded that Korean government's recent orchestrated efforts to boost the IT assets and Information Security Service helped great improve the information security quality and user satisfaction.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.5
• /
• pp.1217-1232
• /
• 2017

Because websites contain personal information such as address, contact information, etc., Attention about website security is required. This research is a study to examine that user's security awareness has a moderating effect on the relationship between website quality factors and trust, information and service value on websites holding personal information. As a result of questionnaire survey of the secondary school students and parents 635 people, website quality factors excluding usability positively affected trust of the website. Information quality on the website had a positive influence on service value and service value also affected trust. User's security awareness about the website has a moderating effect on the relationship between information and service value. The result of this research means that users are not continuously using websites with a low security level. Based on the results of this research, we presented theoretical and practical suggestions for the stakeholders of websites.

• Journal of Digital Convergence
• /
• v.13 no.10
• /
• pp.81-98
• /
• 2015

This study explores performance factors of a casino information system for foreigners, empirically examines the causal relation between these factors and business performances through organizational trust and job satisfaction and suggests a plan to develop such a information system. We found that information quality positively impacted on perception of information security, but negatively on job satisfaction; system quality positively did on security reliability, but negatively on job satisfaction; service quality positively did on trust in information security and job satisfaction; lastly security reliability positively did on job satisfaction. We found that information quality, system quality and service quality would affect perceived information security and job satisfaction.