• Asia pacific journal of information systems
• /
• v.26 no.1
• /
• pp.163-188
• /
• 2016

Compliance with information security policies has been an important managerial concern in organizations. Unlike traditional general deterrent theory, this study proposes whistle-blowing as an alternative approach for reducing internal information security policy violations. We build on the theories of planned behavior and rational choice as well as develop a theoretical model to understand the factors that influence whistle-blowing attitudes and intention at both the organizational and individual levels. Our empirical results reveal that altruistic and egoistic concerns are involved in the development of whistle-blowing attitudes. The results not only extend our understanding of whistle-blowing motivation but also offer directions to managers in promoting internal disclosure of information security breaches.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.12
• /
• pp.6139-6160
• /
• 2018

For ease of use and access, web browsers are now being used to access and modify sensitive data and systems including critical control systems. Due to their computational capabilities and network connectivity, browsers are vulnerable to several types of attacks, even when fully updated. Browsers are also the main target of phishing attacks. Many browser attacks, including phishing, could be prevented or mitigated by using site-, user-, and device-specific security configurations. However, we discovered that all major browsers expose disparate security configuration procedures, option names, values, and semantics. This results in an extremely hard to secure web browsing ecosystem. We analyzed more than a 1000 browser security configuration options in three major browsers and found that only 13 configuration options had syntactic and semantic similarity, while 4 configuration options had semantic similarity, but not syntactic similarity. We: a) describe the results of our in-depth analysis of browser security configuration options; b) demonstrate the complexity of policy-based configuration of web browsers; c) describe a knowledge-based solution that would enable organizations to implement highly-granular and policy-level secure configurations for their information and operational technology browsing infrastructures at the enterprise scale; and d) argue for necessity of developing a common language and semantics for web browser configurations.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.4 no.4
• /
• pp.671-690
• /
• 2010

The continuous growth of attacks in the Internet causes to generate a number of rules in security devices such as Intrusion Prevention Systems, firewalls, etc. Policy anomalies in security devices create security holes and prevent the system from determining quickly whether allow or deny a packet. Policy anomalies exist among the rules in multiple security devices as well as in a single security device. The solution for policy anomalies requires complex and complicated algorithms. In this paper, we propose a new method to remove policy anomalies in a single security device and avoid policy anomalies among the rules in distributed security devices. The proposed method classifies rules according to traffic direction and checks policy anomalies in each device. It is unnecessary to compare the rules for outgoing traffic with the rules for incoming traffic. Therefore, classifying rules by in-out traffic, the proposed method can reduce the number of rules to be compared up to a half. Instead of detecting policy anomalies in distributed security devices, one adopts the rules from others for avoiding anomaly. After removing policy anomalies in each device, other firewalls can keep the policy consistency without anomalies by adopting the rules of a trusted firewall. In addition, it blocks unnecessary traffic because a source side sends as much traffic as the destination side accepts. Also we explain another policy anomaly which can be found under a connection-oriented communication protocol.

• Journal of Korea Society of Industrial Information Systems
• /
• v.19 no.1
• /
• pp.1-12
• /
• 2014

An access control system is needed to ensure only authorized users can access a sensitive resource. We propose a secure access control based on a fully secure and fine grained ciphertext-policy attribute-based encryption scheme. The access control for a sensitive resource is ensured by encrypting it with encryption algorithm from the CP-ABE scheme parameterized by an access control policy. Furthermore, the proposed access control supports non-monotone type access control policy. The ciphertext only can be recovered by users whose attributes satisfy the access control policy. We also implement and measure the performance of our proposed access control. The results of experiments show that our proposed secure access control is feasible.

• Management & Information Systems Review
• /
• v.20
• /
• pp.17-32
• /
• 2007

We try to study the plan to deliver the message of the hope and common peoples are diligent and we can buy the real estate in work if we make efforts hard that relieve an real estate price and analyze a timex situation. If prepared the countermeasure in the government with many real estate policy with due to a short though countermeasure which is seen at one's face. The error to the people of the policy which does not do the staring gaze to tie. This paper to pursue the stability of an real estate price and analyze the price according to an real estate policy and lead an real estate policy for a residing stability of the common people. There are we even though we grope the method to actualize and protect a lease security according to a house lease law of protection.

• IE interfaces
• /
• v.13 no.3
• /
• pp.444-454
• /
• 2000

Due to the improvement of modern information technologies, sharing stock information among the supply chain members is a common practice nowadays. Many companies are planning to adopt the information systems to possess the real-time shared stock information. Thus, it is needed to quantify the value of shared stock information. The purpose of this paper is to evaluate the value of the shared stock information for two-echelon distribution systems. Existing reorder policies can be classified into installation stock policies and echelon stock policies. Since installation stock policies do not utilize the shared stock information, and both classes of policies may show poor performances for distribution systems, we cannot evaluate the value of the shared stock information with the existing policies. Thus, we provide a new type of reorder policy, named order risk policy. We define the order risk using marginal analysis, and prove the optimality. Through computational experiment that compares the order risk policy with the existing policies, it is shown that a significant cost reduction is achieved with the effective utilization of the shared stock information. We also show the effect of the system characteristics on the value of the shared stock information.

• The Journal of Information Systems
• /
• v.22 no.4
• /
• pp.49-69
• /
• 2013

Recently, enterprises have reinforced security control in order to prevent infringement of personal information and abuse of customer information by insiders. However, the reinforcement of security control by enterprises makes it difficult for internal users to perform business by using a business information system. There is, therefore, a need for research on various fields, which makes it possible to establish an appropriate security control policy while minimizing an impact on business. The present research verifies and analyzes an impact on difficulty in business of internal users using customer information, which is caused by security control performed by display restriction on customer information identifiers. The present research is intended to academically develop a technique for statistically analyzing an impact degree and a causal relationship between security control and an impact on business, which is a dichotomous variable, and to practically contribute to the establishment of an efficient security policy in consideration of an impact on business when an enterprise applies security control. A research target was internal business information systems of domestic securities enterprises, data was collected by questionnaire, and verification/analysis was performed by logistic regression analysis.

• Journal of Information Processing Systems
• /
• v.4 no.3
• /
• pp.103-112
• /
• 2008

This paper proposes a policy adjuster-driven Grid workflow management system for collaborative healthcare platform, which supports collaborative heart disease diagnosis applications. To select policies according to service level agreement of users and dynamic resource status, we devised a policy adjuster to handle workflow management polices and resource management policies using policy decision scheme. We implemented this new architecture with workflow management functions based on policy quorum based resource management system for providing poincare geometrycharacterized ECG analysis and virtual heart simulation service. To evaluate our proposed system, we executed a heart disease identification application in our system and compared the performance to that of the general workflow system and PQRM system under different types of SLA.

• Management Science and Financial Engineering
• /
• v.19 no.1
• /
• pp.17-23
• /
• 2013

It has been studied that retailer's using a suboptimal (R, T) policy is often more desirable to make the best use of information flows than the locally optimal (s, S) policy in a two-stage serial supply chain. In this paper, by performing an extensive computational study, we tabulate the benefit of the retailer's using (R, T) policy instead of (s, S) policy in a supply chain with information sharing, and compare it to a maximum possible benefit that could be achieved in a centralized supply chain. We can understand the mechanisms of how the cost parameters and demand variance affect the benefit of the retailer's using (R, T) policy instead of (s, S) policy, by comparing decentralized and centralized systems.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.1B
• /
• pp.87-93
• /
• 2003

As Information Security Technology has become rather transparent, wide, and integrated than in part, exclusive, and separated, A necessity of the study about integrating the separated distributed security systems into one module, has grown However, there is no integrated framework which can manage all separate security systems as one integrated one yet. Accordingly, we propose a new policy based network admirustrative model in this paper which can integrate individual security systems and distributed control way into one effectively.