• 한국항행학회논문지
• /
• 제15권3호
• /
• pp.405-411
• /
• 2011

현재의 정보화 사회에서는 정보의 가치는 매우 높아졌으며, 정보를 획득, 관리, 사용하는 것에 대한 많은 연구 개발이 이루어지고 있다. 특정 기업(또는 기관)에서는 기업 내의 정보가 담긴 문서들의 보안 레벨을 엄격하게 규정하고 이에 대한 보안을 철저히 지키고 있다. 본 논문에서는, 상위 보안 레벨의 보안 문서를 하위 보안 레벨로 변환할 경우를 위해, 효과적으로 문서를 검열하고 특정 보안 키워드를 일반적인 단어로 변경하는데 필요한 요소 기술에 대해 소개한다.

• Asia pacific journal of information systems
• /
• 제26권1호
• /
• pp.163-188
• /
• 2016

Compliance with information security policies has been an important managerial concern in organizations. Unlike traditional general deterrent theory, this study proposes whistle-blowing as an alternative approach for reducing internal information security policy violations. We build on the theories of planned behavior and rational choice as well as develop a theoretical model to understand the factors that influence whistle-blowing attitudes and intention at both the organizational and individual levels. Our empirical results reveal that altruistic and egoistic concerns are involved in the development of whistle-blowing attitudes. The results not only extend our understanding of whistle-blowing motivation but also offer directions to managers in promoting internal disclosure of information security breaches.

• 한국IT서비스학회지
• /
• 제2권2호
• /
• pp.97-109
• /
• 2003

As the importance and the need for network security is increased, many organization uses the various security systems. They enable to construct the consistent integrated security environment by sharing the vulnerable information among firewall, intrusion detection system, and vulnerable scanner. And Policy-based network provides a means by which the management process can be simplified and largely automated. In this article we build a foundation of policy-based network modeling environment. The procedure and structure for policy rule induction from vulnerabilities stored in SVDB (Simulation based Vulnerability Data Based) is conducted. It also transforms the policy rules into PCIM (Policy Core Information Model).

• 한국콘텐츠학회논문지
• /
• 제10권10호
• /
• pp.286-293
• /
• 2010

러시아 경호총국은 2004년 8월 7일 러시아연방 대통령령 No. 1013에 의해 해당 조직의 편성 및 지위를 체계적으로 구성하였다. 또한 경호총국 산하 특수통신 및 정보국의 창설과 경호총국 아카데미 신설을 통해 조직의 정보력과 교육훈련의 강화하고 있다. 또한 2005년 말 경호총국 역사상 처음으로 인터넷 홈페이지를 구축한 점과 최근 들어 잦은 언론자료 배포로 어둠속에 숨겨진 비밀조직에서 국가운영의 한 축을 담당하는 기관으로서 자신을 드러내고자 노력하고 있다. 이의 일환으로 러시아 경호총국은 2004년과 2005년에 대한민국 경호처와 대표단 교환을 통해 상호 이해의 폭을 넓히고자 노력하고 있다. 따라서 본 글에서는 전 세계적 변화에 대응하고자 노력하는 러시아 경호총국의 역사와 그 구조, 법적지위 등을 관련 법령을 중심으로 살펴보고, 나아가 이러한 모델이 우리나라의 공경호의 발전을 위해 적용가능한가를 살펴보도록 하겠다.

• 한국전자통신학회논문지
• /
• 제17권2호
• /
• pp.375-386
• /
• 2022

정보자산 보호가 조직의 중요한 관리 요인으로 인식되면서, 조직들은 정보보안 정책 및 기술 도입을 위한 투자를 높이고 있다. 하지만, 엄격한 정보보안의 적용은 조직원에게 스트레스를 통해 미준수 행동을 일으킬 수 있다. 본 연구의 목적은 정보보안 역할 강화로 인해 형성된 조직원의 스트레스가 자기결정성을 통해 준수 의도에 미치는 매커니즘을 제시하고, 개인조직 적합성을 통해 준수 의도 강화 방안을 제시하는 것이다. 연구는 정보보안 정책을 도입한 기업에 근무하는 조직원을 대상으로 온라인 설문을 하였으며, 475개의 표본을 활용하여 가설검증을 하였다. 첫째, 구조방정식 모형을 적용한 주효과 분석 결과는 역할 스트레스가 자기결정성을 감소하여 준수 의도에 영향을 미쳤다. 둘째, Process 3.1을 적용한 조절 효과 분석 결과는 개인조직 적합성이 자율성, 관계성이 준수 의도에 미치는 영향을 강화하였다. 연구는 조직원의 정보보안 스트레스, 행동 동기의 영향을 확인함으로써, 조직 내부의 정보보안 목표달성 방향을 제언한 측면에서 시사점을 가진다.

• International Journal of Computer Science & Network Security
• /
• 제24권3호
• /
• pp.135-141
• /
• 2024

The article examines the key constants of reengineering the modern educational cluster, associated with the processes of digital transformation of all spheres of modern socio-cultural space. The first constant is the strategic rethinking of the educational process organization and awareness of the new roles of all participants (tutors, applicants, controlling elements, etc.). The other constant involves practical re-design of the system of educational services, which consists in the reorientation from the traditional model of education functioning for society to the implementation of the educational format in the form of new projects (structural, target, business). Consequently, the purpose of the study is to highlight the attitudes relevant to the modern realities of information and technological support of education in the context of socio-economic interactions of society. The criteria for the reengineering of educational concepts and the structural organization of the educational sphere are defined. The modern world is going through a period of complete digital transformation of all spheres of public activity. The scientific intelligence notes that education is no exception in these processes, as the dependence of educational realities on information and computer technologies is now noted. The COVID-19 pandemic, for all its tragedy, was also a kind of trigger, clearly marking the new components that have become defined in the organization of the educational process. The conclusion is made that the use of digital technologies in the organization of the educational institution or in the organization of the educational process has become not an auxiliary element, but a dominant factor. Mobility, dynamism, interdisciplinarity, synergy - all these aspects are relevant for socio-economic interactions of society and should be provided by educational programs. The results of the study can be used in the reorganization processes of educational institutions and institutions. Further research requires aspects of the analysis of the foreign experience of reengineering in education, carried out taking into account digital transformations of modern sociocultural space.

• Journal of Information Technology Applications and Management
• /
• 제22권2호
• /
• pp.171-199
• /
• 2015

This study proposes the practical information security measures that help IT personnel of banks comply the information security policy. The research model of the study is composed of independent variables (clarity and comprehensiveness of policy, penalty, dedicated security organization, audit, training and education program, and top management support), a dependent variable (information security policy compliance intention), and moderating variables (age and gender). Analyses results show that the information security measures except 'clarity of policy' and 'training and education program' are proven to affect the 'information security policy compliance intention.' In case of moderating variables, age moderated the relationship between top management support and compliance intention, but gender does not show any moderating effect at all. This study analyzes information security measures based solely on the perception of the respondents. Future study may introduce more objective measurement methods such as systematically analyzing the contents of the information security measures instead of asking the respondents' perception. In addition, this study analyzes intention of employees rather than the actual behavior. Future research may analyze the relationship between intention and actual behavior and the factors affecting the relationship.

• 정보보호학회논문지
• /
• 제27권3호
• /
• pp.653-671
• /
• 2017

현재 대부분의 금융기관이 정보보호인력 산정 시, 금융회사의 규모 및 정보보호업무 영역별 특성을 고려하지 않고, 일률적으로 전자금융감독규정에서 정한 총 IT 인력 수 대비 정보보호인력 비율(5%)만 준수하고 있다. 또한, 정보보호 인력이 여러 업무를 겸직함으로써 본연의 업무 소홀로 인한 리스크가 확대되고 있는 상황이다. 본 연구에서는 금융회사의 규모 및 각 정보보호업무의 특성을 고려한 필요 인력 수를 산정하여 체계적인 정보보호조직을 구성함으로써 금융 보안사고에 보다 효율적으로 대응할 수 있는 방안을 제시하고자 한다.

• 한국IT서비스학회지
• /
• 제7권1호
• /
• pp.117-130
• /
• 2008

Multi-attribute risk assessments provide a useful framework for systematic quantitative risk assessment that the security manager can use to prioritize security requirements and threats. In the first step, the security managers identify the four significant outcome attributes(lost revenue, lost productivity, lost customer, and recovery cost). Next. the security manager estimates the frequency and severity(three points estimates for outcome attribute values) for each threat and rank the outcome attributes according to AHP(Analytic Hierarchy Process). Finally, we generate the threat index by using muiti-attribute function and make sensitivity analysis with simulation package(Crystal Ball). In this paper, we show how multi-attribute risk analysis techniques from the field of security risk management can be used by security managers to prioritize their organization's threats and their security requirements, eventually they can derive threat index. This threat index can help security managers to decide whether their security investment is consistent with the expected risks. In addition, sensitivity analysis allows the security manager to explore the estimates to understand how they affect the selection.

• 한국IT서비스학회지
• /
• 제19권6호
• /
• pp.83-95
• /
• 2020

"I think security is only trying to make it uncomfortable." "10% of my work is entering IDs and passwords, such as boot passwords, mobile phone authentication numbers, etc." As reflected in the complaint above, stress caused by information security among organizations' members is increasing. In order to strengthen information security, practical solutions to reduce stress are needed because the motivation of the members is needed in order for organizations to function properly. Therefore, this study attempts to suggest key factors that can enhance security while reducing information security stress among members of organizations. To this end, based on the theory of protection motivation, trust and security stress from information security policies are set as mediating factors to explain changes in security reinforcement behavior. Furthermore, risk, efficacy, and reaction costs of cyberattacks are considered as prerequisites. Our study suggests a solution to the security reinforcement problem by analyzing the factors that influence the behavior of members of organizations. In turn, this can raise protection motivation among members.