• Asia pacific journal of information systems
• /
• v.23 no.4
• /
• pp.129-149
• /
• 2013

According to the development of new Information Technologies, firms consistently invest a significant amount of money in IT activities, such as establishing internal and external information systems. However, several anti-Information activities-such as hacking, leakage of information and system destruction-are also rapidly increasing, thus many firms are exposed to direct and indirect threats. Therefore, firms try to establish information security systems and manage these systems more effectively via an enterprise perspective. However, stakeholders or some managers have negative opinions about information security systems. Therefore, in this research, we study the relationship between multibusiness firms' performance and information security systems. Information security indicates physical and logical correspondence of information system department against threats and disaster. Studies on information security systems suggested frameworks such as IT Governance Cube and COBIT Framework to identify information security systems. Thus, this study define that information security systems is a controlled system on enterprise IT process and resource on IT Governance perspective rather than independent domain of IT. Thus, Information Security Systems should be understood as a subordinate concept of IT and business processes. In addition, this study incorporates information capability to information security system literature to show the positive relationship between Information Security Systems and Corporate Performance. The concept of information capability suggested that an interaction of human, information, technical and an effect on corporate performance using three types of capability (IT Practice, Information Management Practice, Information Behaviors and Values). Information capability is about firms' capability to manage IT infrastructure and information as well as individual employees who use IT infrastructure and information. Thus, this study uses information capability as a mediating variable for the relationship between information security systems and firms' performance. To investigate the relationship between Information Security Systems and multibusiness firms' performance, this study extends the IT relatedness concept into Information Security Systems. IT relatedness provides understanding of how corporations cope with conflicts between headquarters and business units to create a synergy effect and achieve high performance using IT resources. Based on the previous literature, this study develops the IT Security Relatedness model. IT Security Relatedness is our main independent variable, while Information Capability and Information Security Performance are mediating variables. To control for the common method bias, we collect each multibusiness firm's financial performance and use it as our dependent variable. We find that Information Security Systems influence Information Capability and Information Security Performance positively, and these two variables consequently influence Corporate Performance positively. In addition, this result indirectly shows that corporations under a multibusiness environment can obtain synergy effects using the integrated Information Security Systems. This positive impact of Information Security Systems on multibusiness firms' performance has an important implication to various stakeholders. Therefore, multibusiness firms need to establish Information Security Systems to achieve better financial performance.

• Journal of the Korea Safety Management & Science
• /
• v.17 no.3
• /
• pp.205-213
• /
• 2015

This study aims to verify the structural correlation empirically between information security performance and information management performance. To verify the correlation, three factors such as managerial controlled activity, technical controlled activity, and physical controlled activity are divided for the information security activities variable. the security performance are divided into accident prevention and accident response variables. As a result, security organization activity is a unique factor being positively significant to information security and management performance. And three activities such as human security, security training, development security do not affect at all on both information security and management performance.

• ETRI Journal
• /
• v.37 no.2
• /
• pp.428-437
• /
• 2015

This study was conducted to analyze the effect of information security activities on organizational performance. With this in mind and with the aim of resolving transaction stability in the securities industry, using an organization's security activities as a tool for carrying out information security activities, the effect of security activities on organizational performance was analyzed. Under the assumption that the effectiveness of information security activities can be bolstered to enhance organizational performance, such effects were analyzed based on Herzberg's motivation theory, which is one of the motivation theories that may influence information protection activities. To measure the actual attributes of the theoretical model, an empirical survey of the securities industry was conducted. In this explorative study, the proposed model was verified using partial least squares as a structural equation model consisting of IT service, information security, information sharing, transaction stability, and organizational performance.

• KIPS Transactions on Computer and Communication Systems
• /
• v.3 no.9
• /
• pp.301-310
• /
• 2014

The absence of proactive information security management to ensure availability, accessibility and safety of information can bring serious risks to customers as well as to the organization's performance and competitiveness because improper security management undermines business continuity. This study analyzed the maturity of information security which affects the organizational performance. Through the literature reviews, a research model using the organizational performance as the dependent variable, the risk management process maturity and risk assessment process as independent variables and the information security policy indexes as moderate variables was proposed, and an empirical analysis was made on the basis of survey. The results showed that there was a high causal relationship between information security maturity and organizational performance. However, even if the proportions of information security staff ratio and the information security budget ratio increased, information security maturity did not affect organizational performance. It suggests that information security maturity affects organizational performance, but information security regulations have their limitation as being a catalyst to improve organizational performance.

• Journal of Information Technology Applications and Management
• /
• v.27 no.4
• /
• pp.1-19
• /
• 2020

Infringement of information security has caused the corporate image to be damaged and share price to fall, and it is emerging as an organizational risk. The value of information assets in enterprises has led to a higher level of security than in the past. As a result, companies are aware of the need for officers to protect information and to oversee a security management system. However, despite the growing importance of information security officers, there is a lack of research on their roles and characteristics. This study validates the relationship between determinants that affect the performance of information security. And a structural equation model was presented and empirically analyzed to see the impact of the internal and external characteristics of the staff in charge of information security on the organization's information security performance.

• The Journal of Information Systems
• /
• v.23 no.3
• /
• pp.99-125
• /
• 2014

Internet environment and innovative ICT(information and communication technology) have brought about big changes to our lifestyle and industrial structure. In spite of the convenience of Internet, various cyber incidents such as malicious code infection, personal information leakage, smishing(sms + phishing), and pharming have frequently occurred. Information security must be recognized as a key and compulsory element for surviving in a global economy. Strategic roles of information security have recently been increasing, but effective implementation of information security is still a major challenge to organizations. Our study examines the influencing factors of information security and investigates the causal relationship between information security maturity level and organizational performance through an empirical survey. According to the results of our study, personal, organizational, technical, and social factors affect organizations's information security maturity level altogether. This result suggests that when dealing with security issues, the holistic and multi-disciplinary approaches should be required. In addition, there is a causal relationship between information security maturity level and organizational performance, and organizations aim to establish the efficient and effective ways to enhance information security maturity level on the basis of the results of this study.

• Journal of Navigation and Port Research
• /
• v.40 no.4
• /
• pp.213-222
• /
• 2016

Recently, as cases of organizations' information disclosure occur continuously, it is urgent to manage security of information and establish measures to enhance security of information by an organization itself. Especially, members of an organization should be prepared with measures for information security, and an organization should do its efforts to raise its members' awareness toward information security. I set a research model to verify what effects an organization's fulfillment of regulations to secure information brings to performance of information security and selected members from maritime and port organizations and financial and insurance institutes as sample. Results of the analysis to identify factors affecting information security performance among members of maritime and port organizations are as follows. Firstly, I found that the factors affecting information security awareness are information security attitude and information security standards. Secondly, the factor giving influence on information security policy of an organization was found to be information security standards. In contrast, information security punishments and information security training were verified not to give influence on compliance of information security policy. Thirdly, information security awareness was identified to give significant influence on compliance of information security policy, information security competence and information security behavior. Fourthly, compliance of information security policy was verified to be those factors that give influence on information security competence and information security behavior. Lastly, information security competence and information security behavior were found to be such factors that give influence on information security performance.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.20 no.1
• /
• pp.119-131
• /
• 2024

The purpose of this study is to examine the operational performances by the investment level of information security in companies. The theoretical background summarized the meaning of information security, management information security, and network security. The research process was carried out in four stages. As a result of the analysis, the level of information security was classified into four groups, and the difference in operational performance was confirmed. According to the categorical regression analysis of the three dependent variables, independent variables such as network threats, non-network threats, executive information security awareness, industry, organizational size, and information security education all affected information security regulations, in-house information security checks, and information security budget investments. The theoretical implications of this study have contributed to updating the latest information security theory. Practical implications are that rational investments should be made on the level of information security of companies.

• The Journal of Society for e-Business Studies
• /
• v.18 no.3
• /
• pp.125-142
• /
• 2013

As a reinforcing strategic-alignment of IT business, Financial Service becomes more rely on IT systems. It needs to continuous information security activities to provide a secure and reliable finance service. Performance measurement of information security activities can be useful for decision and management support. The purpose of this study is to derive CSF(Critical Success Factor) and KPI(Key Performance Indicator) based on K-ISMS, Financial IT Information Security Standards. Providing a rationale can be used to determine key performance indicators, which are utilized as basic data for establishing security policies for financial IT security competency.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.7 no.3
• /
• pp.97-105
• /
• 2011

With the advancement of network, privacy information as well as confidential information that belongs to government and company are exposed to security incident like spreading viruses or DDoS attack. To prevent these security incident and protect information that belongs to government and company, Security system has developed such as antivirus, firewall, IPS, VPN, and other network security system. Network security systems should be selected based on purpose, usage and cost. Verification for network security product's basic features performed in a variety of ways at home and abroad, but consumers who buy these network security product, just rely on the information presented at companies. Therefore, common user doing self performance evaluation for perform Verification before buying network security product but these verification depends on inaccurate data which based on some user's criteria. On this paper, we designing methodology of network security system performance evaluation focused on Korean using other cases of performance evaluation.