• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.113-120
• /
• 2022

Despite the limitations of existing security policies due to technological development, companies are unable to actively respond to changes by maintaining a closed security policy. This study classified information security policy into three types: regulatory type policy, advisory type policy, and informative type policy. For each classified policy type, the effect on the information security policy compliance behavior of organizational members was investigated by applying the extended theory of planned behavior, and the moderating effect of information security stress was investigated. SmartPLS 2.0 and SPSS 21.0, which are structural equation modeling techniques, were used to analyze the relationship affecting each factor. As a result of the study, regulatory type, advisory type, and informative type security policies affected organizational members' information security policy compliance behavior, and security stress had an effect on information security compliance attitudes and subjective norms on information security, which are prerequisites for planned behavior theory. gave. This study suggests that various types of corporate information security policies can be applied and that security stress can affect information security behaviors of members.

• Korean Security Journal
• /
• no.9
• /
• pp.201-235
• /
• 2005

This study is designed to contribute for development of Private Security Business by fact-finding in instruction and training of private security guard serviced in this realm and domestic and foreign guard service and modeling effective and rational instruction and training program based on drawn problem. For this study, basically I collected and analyzed documents, theses, and papers of the inside and outside of the country. For practical use of data, I used materials of private security related institutes and police agency. And for private security educating training programs of the inside and outside of the country, I collected materials on internet, and with the help of police agency and interpol. For korean private security company's educating training programs, I made a study with the interview of private security company's businessmen. This study's conclusion is as follows. In a domestic private security enterprise, when set theory instruction minimize instruction and training program and must set up instruction and training program as practical affairs center enemy instruction, and theory instruction must be composed for instruction me that it is connected to practical affairs instruction too. The instruction course of private security guard instruction and training program composed with a security outline, a security plan, an information-gathering, civilian expenses, a security way, terror and terrorism, a related law, security trial, electronic security, a security analysis technique, company introduction, instruction and training program about a professional tube with theory instruction. Practical affairs instruction composed with the selection and a preventive security, close contact attendance security, vehicle security, security driving the security martial arts and self-protection liquor, first aid, security equipment, a gun and shooting, a security protocol, customer satisfaction, facilities security and expenses, a fire fighting instruction, teamwork training, explosive and a dangerous substance, physical strength, a documentation practical affairs, service, instruction and training program about foreigh language instruction.

• Journal of Digital Convergence
• /
• v.10 no.10
• /
• pp.31-46
• /
• 2012

Drawing upon Griffin and Neal's safety climate and performance model, this study developed an information security climate model. Research model is composed of three research variables that include information security climate, information security compliance attitude, and opportunistic security behavior. Results of the study strongly support the fundamental proposition that the organizational security climate has significant positive influence on the individual's opportunistic security behavior. However, the study also reveals that the organizational climate may not directly associate with the reduction of opportunistic security behavior. Rather the organizational security climate nurtures the favorable attitude of the employee towards the compliance of information security, which in turn discourages opportunistic security behavior.

• Journal of Information Technology Applications and Management
• /
• v.18 no.2
• /
• pp.91-108
• /
• 2011

Enormous losses of shareholders and consumers caused by the risks threatening today's business (e.g., accounting fraud and inside trading) have ignited the necessity of international regulations on corporate ethics and internal control, such as Basel II and SOX. Responding to these regulations, companies are establishing governance system, applying it consistently to the core competency of the company, and increasing the scope of the governance system. Recently occurred security related incidents require companies to take more strict accountability over information security. One of the results includes strengthening of legislation and regulations. For these reasons, introduction of information security governance is needed. Information security governance governs the general information security activities of the company (establishment of information security management system, implementation of information security solutions) in the corporate level. Recognizing that the information security is not restricted to IT domain, but is the issue of overall business, this study develops information security governance framework based on the existing frameworks and systems of IT governance. The information security governance framework proposed in the study include concept, objective, and principle schemes which will help clearly understand the concepts of the information security governance, and execution scheme which will help implement proper organization, process and tools needed for the execution of information security governance.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.10
• /
• pp.4995-5014
• /
• 2018

As the area covered by the CPS grows wider, agencies such as public institutions and critical infrastructure are collectively measuring and evaluating information security capabilities. Currently, these methods of measuring information security are a concrete method of recommendation in related standards. However, the security controls used in these methods are lacking in connectivity, causing silo effect. In order to solve this problem, there has been an attempt to study the information security management system in terms of maturity. However, to the best of our knowledge, no research has considered the specific definitions of each level that measures organizational security maturity or specific methods and criteria for constructing such levels. This study developed an information security maturity model that can measure and manage the information security capability of critical infrastructure based on information provided by an expert critical infrastructure information protection group. The proposed model is simulated using the thermal power sector in critical infrastructure of the Republic of Korea to confirm the possibility of its application to the field and derive core security processes and goals that constitute infrastructure security maturity. The findings will be useful for future research or practical application of infrastructure ISMSs.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.8B
• /
• pp.525-534
• /
• 2005

This paper proposes the architecture and the methods of security network management for auto-configuration of security systems by extending the existing policy-based network management architecture. The architecture and the methods proposed in this paper enable a security management sewer to automatically decide the best-suited security policy to apply to a security system and the most effective and efficient security system to perform security policy rule, based on the role and capability information of security systems and the role and time information of security policy. For integrated control of network system and security system, this paper also proposes SNMP protocol based security network topology map generator. To show the excellence of the proposed architecture and methods, we simulate and evaluate the automatic response against attacks.

• The Journal of the Korea Contents Association
• /
• v.5 no.6
• /
• pp.360-367
• /
• 2005

Corporation's computerization developed by diffusion of internet, and dysfunction of Information is increasing greatly with virus, computing network infringement. Therefore, the today, corporation security is more and more emphasized. Security solution by that importance of security rises so is developing together Security solution is developing to ESM system in existing single system and important thing is function of each security solution and optimizing design of policy. Existent security policy taking a serious view security from external invasion but security of interior the importance rise the today. Accordingly, must construct ESM system of new structure for this. This paper proposes and embodied integration security administration system that solidify interior security utilizing IDS. Experiment external IP and ID access and analyzed the result.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.6
• /
• pp.153-160
• /
• 2009

This study is to develop a human resource (HR) security framework, and related HR security indicators in the context of information security. The HR security framework consists of three constructs, personnel assurance, personnel competence, and personnel security control. Based on the framework, HR security management indicators are derived as 26 indicators in 9 items out of 3 categories. An empirical research has been performed to verify the relevance and consistency between the indicators by conducting a questionnaire-based survey. Also, interrelationships between the proposed indicators and HR related security level were analyzed by the multiple regression analysis. As a result, the proposed hypothesis were mostly accepted, showing the significant relationships between the indicators and security level.

• Journal of National Security and Military Science
• /
• s.1
• /
• pp.361-390
• /
• 2003

In this paper, we analyze the security requirement for a circulation of the classified documents. During the whole document process phases, including phases of drafting, sending/receiving messages, document approval, storing and saving, reading, examining, out-sending and canceling a document, we catch hold of accompanied threat factors and export every threat factors of security. We also propose an appropriate and correspondent approach for security in a well-prepared way. Last, we present the security guidelines for security architecture of the classified documents circulation.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.3 no.1
• /
• pp.8-11
• /
• 2008

There are multiple reasons that caused the present serious status of network security, including Internet itself having a weak basis. However security is usually discarded when it contends with performance. As the world becomes more tightly interconnected, security technology continues to mature, organizations are feeling a greater need to rediscover network security. Network security technology generally concentrates on protection of the network infrastructure and, by implication, the protection of the user. This is a paper, describe current problems of network security and propose solutions.