• Asia pacific journal of information systems
• /
• v.29 no.4
• /
• pp.644-672
• /
• 2019

Negative consequences incurred from employees' non-work-related computing (NWRC) have been one of the security-related issues in information intensive organizations. While most studies have focused on the factors that motivate employees to engage in NWRC, this study examines the mediating effect of moral beliefs on the relationship between sanctions and NWRC using a moral beliefs-based model. The research model posits that the formal (i.e., punishment severity and detection certainty) and informal sanctions (subjective norms and descriptive norms) enhance employees' moral beliefs against NWRC intention. From a cross-sectional scenario-based survey involving 176 employees working at banks in Mongolia, our results indicate that moral beliefs fully mediate the relationship between detection certainty/subjective norms and NWRC intention and act as a partial mediator in the relationship between descriptive norms and NWRC. The findings from this study present empirical evidence that both informal and formal sanctions could be an effective deterrent for NWRC intention through employees' moral beliefs.

• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.3-12
• /
• 2019

The outflow of defense technology can cause serious damage not only in terms of business losses, but also in terms of national security and national interests. Recently, the government has enacted the Defense Technology Security Act, recognizing the importance of technology in the defense industry, and prepared guidelines for the defense technology security accordingly. According to the law, institutions and companies with defense technologies should establish a defense technology protection system, and the government should implement various technology protection policies to improve their level of technology protection. In this study, the implications were derived by comparing existing technology protection guidelines and priority analysis was performed on the protection system details through AHP for self-diagnosis items in the defense technology security guidelines. As a result, it is expected that it will enable efficient diagnosis of the level of protection and policy support for the systematic establishment of the protection system for the target institutions.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.1
• /
• pp.167-174
• /
• 2022

Since the Promotion Committee was established on March 25, 2021, urging the enactment of the Detective Business Act, many opinions and attention from all walks of life have been gathered. The Detective Business system, which is also one of the presidential pledges of the current 19th President Moon Jae In, is expected to be significant in that it can promote the development of a welfare state as well as efficient parts such as meeting the demand for security reinforcement services, improving the judicial system, and enhancing internationalization. In accordance with the consensus of the nine judges of the Constitutional Court that the lower part of Article 40 of the "Act on the Use and Protection of Credit Information" which prohibits the use of similar names such as investigating the general life of certain people does not violate the Constitution, detective work became possible regardless of the general life investigation. In particular, the detective job officially appeared on August 5, 2020, and it will be able to provide effective work services to the public by competing with prosecutors, police, and lawyers who have occupied exclusive positions in the field of a criminal investigations. However, although the role of detectives is gradually expanding and society is rapidly changing, illegal activities are prevalent throughout society, and more than 1,600 companies are currently operating suspiciously using the only name of "detectives", but the police are virtually letting go of the situation saying that they are "unauthorized.", and the damage is only going to the people, so at this point, the most worrisome thing is the absence of the law. Meanwhile, amid concerns over institutions overseeing illegal activities caused by the emergence of the detective industry, private security and detectives are similar to each other as in the United States, and it is expected to be able to gain public trust by entrusting the police in charge of managing and supervising private security companies. Therefore, at this time when most OECD countries except Korea legislate the Detective Business Act, prematurely allowing only the detective industry without enacting industry-related laws and systems can further fuel social confusion and hinder the detective industry along with the new fourth industry.

• Asia pacific journal of information systems
• /
• v.24 no.3
• /
• pp.299-323
• /
• 2014

The reason location based service is drawing attention recently is because smart phones are being supplied increasingly. Smart phone, basically equipped with GPS that can identify location information, has the advantage that it can provide contents and services suitable for the user by identifying user location accurately. Offering such diverse advantages, location based services are increasingly used. In addition, for use of location based services, release of user's personal information and location data is essentially required. Regarding personal information and location data, in addition to IT companies, general companies also are conducting various profitable businesses and sales activities based on personal information, and in particular, personal location data, comprehending high value of use among personal information, are drawing high attentions. Increase in demand of personal information is raising the risk of personal information infringement, and infringements of personal location data also are increasing in frequency and degree. Therefore, infringements of personal information should be minimized through user's action and efforts to reinforce security along with Act on the Protection of Personal Information and Act on the Protection of Location Information. This study aimed to improve the importance of personal information privacy by empirically analyzing the effect of perceived values on the intention to strengthen location information security and continuously use location information for users who received location-based services (LBS) in mobile environments with the privacy calculation model of benefits and risks as a theoretical background. This study regarded situation-based provision, the benefit which users perceived while using location-based services, and the risk related to personal location information, a risk which occurs while using services, as independent variables and investigated the perceived values of the two variables. It also examined whether there were efforts to reduce risks related to personal location information according to the values of location- based services, which consumers perceived through the intention to strengthen security. Furthermore, it presented a study model which intended to investigate the effect of perceived values and intention of strengthening security on the continuous use of location-based services. A survey was conducted for three hundred ten users who had received location-based services via their smartphones to verify study hypotheses. Three hundred four questionnaires except problematic ones were collected. The hypotheses were verified, using a statistical method and a logical basis was presented. An empirical analysis was made on the data collected through the survey with SPSS 12.0 and SmartPLS 2.0 to verify respondents' demographic characteristics, an exploratory factor analysis and the appropriateness of the study model. As a result, it was shown that the users who had received location-based services were significantly influenced by the perceived value of their benefits, but risk related to location information did not have an effect on consumers' perceived values. Even though users perceived the risk related to personal location information while using services, it was viewed that users' perceived value had nothing to do with the use of location-based services. However, it was shown that users significantly responded to the intention of strengthening security in relation to location information risks and tended to use services continuously, strengthening positive efforts for security when their perceived values were high.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.6
• /
• pp.119-132
• /
• 2011

Mobile devices such as smart phones have brought big changes to be called as 'mobile big bang' against which we can't go. Mobile banking service and MTS(Mobile Trading System) are freely available at any time, anywhere and we are able to activate communications between financial company staffs out of the office and take care of business works even remotely by using mobile devices. Mobile devices are approaching as 'smart mobile innovation' to improve an enterprise productivity and competitiveness, but threats which engaged in unfair trading behaviors or unwholesome business works in finance companies are increasing and the customer's information can be leaked out by using the nonpublic official information and mobile devices. Therefore, we have to analyze the potential problems and take the necessary countermeasures with preemptive steps to protect the customer's information and improve the financial trading soundness and fairness. In this paper, we would like to suggest countermeasures and threats against using the financial company's mobile devices focusing on the financial investment companies by 'Capital Market and Financial Investment Business Act'.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.05a
• /
• pp.227-230
• /
• 2013

Financial transactions using a mobile terminal and the Internet is activated, it is a stock exchange enabled using mobile devices and the Internet. Koscom in charge of IT operations of securities transaction-related in (securities ISAC), to analyze the vulnerability of information security related to securities transactions, which corresponds to running the integrated security control system. Online stock trading is a subject to the Personal Information Protection Act, electronic systems of related, has been designated as the main information and communication infrastructure to, damage financial carelessness of the user, such as by hacking is expected to are. As a result, research on the key vulnerabilities of information security fields related to securities business cancer decoding of the Securities and Exchange packet, through the analysis of security events and integrated security control is needed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1117-1132
• /
• 2019

Recently, IT technology such as internet, mobile, and IOT has rapidly developed, making it easy to collect data necessary for business, and the collected data is analyzed as a new method of big data analysis and used appropriately for business. In this way, data collection and analysis becomes easy. In such data, personal information including an identifier such as a sensor id, a device number, IP address, or the like may be collected. However, if systematic management is not accompanied by collecting and disposing of large-scale data, violation of relevant laws such as "Personal Data Protection Act". Furthermore, data quality problems can also occur and make incorrect decisions. In this paper, we propose a new data governance maturity model(DGMM) that can identify the personal data contained in the data collected by companies, use it appropriately for the business, protect it, and secure quality. And we also propose a over all implementation process for DG Program.

• Korean Security Journal
• /
• no.40
• /
• pp.175-207
• /
• 2014

This paper focuses on the study of a development direction of the industrial security Expert system. First of all, in order to manage Industrial security system, we need to have law, criminology, business and engineering professionals as well as IT experts, which are the multi-dimensional convergence professionals. Secondly, industrial organizations need to have workforce who can perform security strategy; security plan; security training; security services; or security system management and operations. Industrial security certification system can contribute to cultivate above mentioned professional workforce. Currently Industrial Security Expert(ISE) is a private qualification. However, the author argued that it have to be changed to national qualification. In addition, it is necessary that the system should be given credibility with verifying the personnel whether they are proper or not in the their field. In terms of quality innovation, it is also necessary that distinguish the levels of utilization of rating system of the industrial security coordinator through a long-term examination. With respect to grading criteria, we could consider the requirements as following: whether they must hold the degree of the industrial security-related areas of undergraduate or postgraduate (or to be); what or how many industrial security-related courses they should complete through a credit bank system. If the plan of completing certain industrial security-related credits simply through the credit bank system, without establishing a new industrial security-related department, has established, then industrial security study would be spreaded and advanced. For private certification holders, the problem of the qualification succeeding process is important matter. Additionally, it is necessary to introduce the certifying system of ISMS(Industrial Security Management System) which is a specialized system for protecting industrial technology. To sum up, when the industrial security management system links the industrial security management certification, industrial security would realize in the companies and research institutions dealing with national key technology. Then, a group synergy effect would occurs.

• The Journal of the Convergence on Culture Technology
• /
• v.2 no.4
• /
• pp.71-76
• /
• 2016

In this study, de-identification policies of the US, the UK, Japan, China and Korea are compared to suggest a future direction of de-identification regulations and a method for vitalizing the big data industry. Efficiently using the de-identification technology and the standard of adequacy evaluation contributes to using personal information for the industry to develop services and technology while not violating the right of private lives and avoiding the restrictions specified in the Personal Information Protection Act. As a counteraction, the re-identification issue may occur, for re-identifying each person as a de-identified data collection. From the perspective of business, it is necessary to mitigate schemes for discarding some regulations and using big data, and also necessary to strengthen security and refine regulations from the perspective of information security.

• Korean Security Journal
• /
• no.48
• /
• pp.35-56
• /
• 2016

The purpose of this study is to find the development of the special security business plan based on the problem that guards are now aware of special security service. In order to achieve the objectives of this study, we analyzed the data after expert survey and interview conducted by seven experts engaged in special security services more than 10 years. The guard who perform special security service proposed a development plan of special security services as follows. First, the current education system for new employees' training is required to improve the educational program of 60 hours in subjects related to special security duties by reorganization. Second, the special security service training for guards also appropriate to switch to 9-hour training program for three months through an educational organization controlled by country. Third, the special security guards should be proceeding the practical programs required in the field and quality education in the different section by competent and professional instructors. Fourth, the retirement age for special security guard stipulated in the Security Services Industry Act that needs to be readjusted upward by considering the social environment. Sixth, there needs to be organized the Special Security Association for development associated with the special security service and to protect the rights of special security guards.