• Journal of the Korea Convergence Society
• /
• v.13 no.1
• /
• pp.283-295
• /
• 2022

This study attempts to explore factors that influence the perception of importance of information security. Three possible exogenous variables including perceived certainty of punishment, perceived response cost, and acquiescense are suggested that are based on the protectiom motivation theory. As a result, we found followings. First, The perceived punishment certainty has a significant effect on the perceived importance of information security. Also, it influences a negative effect on acquiescence. Second, the response cost has a negative effect on the perceived importance of information security. In addition, the response cost positively effects on acquiescence. Finally, acquiescence negatively influences on the perceived importance of information security. The results show that, in order to increase the perceived importance of information security among employees, it is necessary to make them aware that a security violation can result in certain punishment. At the same time, organizations should also attempt to remove major obstacles accompanying security behaviors of employees. Finally, organizations encourage open communication relating to information security among employees.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.14 no.3
• /
• pp.55-68
• /
• 2018

In this paper, we identify and evaluate the information security factors considered in outsourcing development of information systems for defense agency with analytic hierarchy process(AHP). To assess the information security elements, we prepared three groups including the experts of a defense agency, subcontractor managers and subcontractor practitioners who are involved in developing information systems. And the relative importance of security factors were analyzed using questionnaires and responses. As a result of analysis of 27 security factors, factors corresponding to human and physical security as a whole were evaluated as having higher importance. Although there are some differences in the ranking of some importance according to human roles, they can be positive for the implementation of complementary information security. And administrative security and technical security can be relatively insignificant considering that they can be considered as infrastructure of the overall information environment. The result of this paper will be helpful to recognize the difference of perception of information security factors among the persons in the organization where collaboration is activated and to prepare countermeasures against them.

• Korean Security Journal
• /
• no.56
• /
• pp.55-81
• /
• 2018

The purpose of this study is to find significant activities in human resource management (HRM) to solve growing-pains caused by the rapid external growth in private security business. To this end, we applied the HRM factors suggested by the National Job Capability Standard (NCS) to the private security and investigated the relative importance using the Analytic Hierarchy Process (AHP). The results were as follows. First, the importance of 4 HRM criteria in the private security was ranked in order of recruitment, operation, benefit, and retirement. Particularly, the relative importance of recruitment reached 63.8%. Second, the composite importance was calculated by dividing the 4 HRM criteria into 14 capability sub-criteria and 46 capability alternatives. As a result, personnel planning and hiring at the recruitment turned out as the areas that needed the most improvement. In addition, the operating and planning of education involved in the highest rank, 8th and 10th respectively. Based on these results, we suggested critical HRM factors for developing the private security business as well as proposed research directions and methods for further studies.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.21 no.4
• /
• pp.145-156
• /
• 2022

To strengthen the security of autonomous vehicles, this study derived checklists through the analysis of the status of autonomous vehicle security. The analyzed statuses include autonomous vehicle characteristics, security threats, and domestic and foreign security standards. The derived checklists are then applied to the AHP(Analytic Hierarchy Process) model to find their relative importance. Relative importance was ranked as one of cyber security management system establishment and implementation, encryption, risk assessment, etc. The significance of this study is to reduce cyber security incidents that cause human casualties as well improve the level of security management of autonomous vehicles in related companies by deriving the autonomous vehicle security level checklists and demonstrating the model. If the inspection is performed considering the relative importance of the checklists, the security level can be identified early.

• Convergence Security Journal
• /
• v.12 no.5
• /
• pp.71-77
• /
• 2012

Expenses in the form of personnel expenses in the past, in modern times, machine guards to gradually transition has been. This is because the machine guard is more efficient than personnel expenses. But due to false alarms, despite the high expectations of the effects of electronic security in the operation of the electronic security system due to factors that hinder the development of machine guards growth slows. Defect removal aspects of this paper, using IPA (Importance Performance Analysis) techniques to study the operation of electronic security systems and its importance in the development of machine guards, look at how high the technical aspects of electronic security systems composite type of malfunction to minimize crime sensor are presented.

• Korean Security Journal
• /
• no.5
• /
• pp.131-156
• /
• 2002

Private security industry employers in Korea has not concerned with the importance of training and education by lack of recognition and has been passive about qualified guards. And the authorities supervising and the administrating the guards has not recognized the importance of private security and has neglected the training of the guards. Korea has been operated the guard-instructor system for the acquiring the specialization of the security personnel since 1997, but there has been many problems. This study reviews the guard-instructor system in Korea comprehensively and suggests the efficient operation method of that system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.919-929
• /
• 2014

Recently, organizational efforts to adopt ISMS(Information Security Management System) have been increasingly mandated and demanded due to the rising threat and the heavier cost of security failure. However there is a serious gap between awareness and investment of information security in a company, hence it is very important for the company to control effectively a variety of information security threats within a tight budget. To phase the ISMS, this study suggests the priorities based on evaluating the Importance of 13 areas for the ISMS by the information security experts and then we attempt to see the difference between importance and investment through the assessment of the actual investment in each area. The research findings show that intrusion incident handling is most important and IT disaster recovery is the area that is invested the most. Then, information security areas with the considerable difference between priorities of importance and investment are cryptography control, information security policies, education and training on information security and personnel security. The study results are expected to be used in making a decision for the effective investment of information security when companies with a limited budget are considering to introduce ISMS or operating it.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.4
• /
• pp.860-877
• /
• 2013

Cloud computing has become one of the most important technologies for reducing cost and increasing productivity by efficiently using IT resources in various companies. The cloud computing system has mainly been built for private enterprise, but public institutions, such as governments and national institutes, also plans to introduce the system in Korea. Various researches have pointed to security problems as a critical factor to impede the vitalization of cloud computing services, but they only focus on the security threats and their correspondents for addressing the problems. There are no studies that analyze major security issues with regard to introducing the cloud computing system. Accordingly, it is necessary to research the security factors in the cloud computing given to public institutions when adopting cloud computing. This research focuses on the priority of security solutions for the stepwise adoption of cloud computing services in enterprise environments. The cloud computing security area is classified into managerial, physical and technical area in the research, and then derives the detailed factors in each security area. The research derives the influence of security priorities in each area on the importance of security issues according to the identification of workers in private enterprise and public institutions. Ordered probit models are used to analyze the influences and marginal effects of awareness for security importance in each area on the scale of security priority. The results show workers in public institutions regard the technical security as the highest importance, while physical and managerial security are considered as the critical security factors in private enterprise. In addition, the results show workers in public institutions and private enterprise have remarkable differences of awareness for cloud computing security. This research compared the difference in recognition for the security priority in three areas between workers in private enterprise, which use cloud computing services, and workers in public institutions that have never used the services. It contributes to the establishment of strategies, with respect to security, by providing guidelines to enterprise or institutions that want to introduce cloud computing systems.

• Korean Management Science Review
• /
• v.31 no.4
• /
• pp.1-13
• /
• 2014

This study aims to expand the future study methodology and to develop a methodology of future-oriented curriculum analysis with future skills needs derived from patent analysis. With the case of information security, the methodology is applied to the 16 universities, which have information security department in undergraduate course. From the results, the followings are suggested : 1) for the increasing importance area including hacking, infiltration and PC security, a practical exercise should be emphasized; 2) for the convergence area including security policy, security legislation and OS security, proper faculties should be filed with recruiting field-based experts; 3) for the increasing importance area including professional area including security audit and information security protocol, the advanced curriculum related to graduate level should be provided.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1329-1335
• /
• 2014

The importance of information security is increasing in the public and private organizations. The interruption of the information system might cause massive disorder. To protect information systems effectively, information systems would be categorized and managed in terms of degree of importance. In this study, we suggest a new evaluation method that categorizes information systems based on the three nature of security, confidentiality, integrity and availability. For validation of the method, we use a case study in a public sector. Through the validation of method, the availability of applying the method for categorization information systems to other domains could be suggested.