• Journal of Information Technology Applications and Management
• /
• v.22 no.2
• /
• pp.171-199
• /
• 2015

This study proposes the practical information security measures that help IT personnel of banks comply the information security policy. The research model of the study is composed of independent variables (clarity and comprehensiveness of policy, penalty, dedicated security organization, audit, training and education program, and top management support), a dependent variable (information security policy compliance intention), and moderating variables (age and gender). Analyses results show that the information security measures except 'clarity of policy' and 'training and education program' are proven to affect the 'information security policy compliance intention.' In case of moderating variables, age moderated the relationship between top management support and compliance intention, but gender does not show any moderating effect at all. This study analyzes information security measures based solely on the perception of the respondents. Future study may introduce more objective measurement methods such as systematically analyzing the contents of the information security measures instead of asking the respondents' perception. In addition, this study analyzes intention of employees rather than the actual behavior. Future research may analyze the relationship between intention and actual behavior and the factors affecting the relationship.

• The KIPS Transactions:PartC
• /
• v.8C no.5
• /
• pp.607-614
• /
• 2001

With a remarkable growth and expansion of Internet, the security issues emerged from intrusions and attacks such as computer viruses, denial of services and hackings to destroy information have been considered as serious threats for Internet and the private networks. To protect networks from those attacks, many vendors have developed various security systems such as firewalls, intrusion detection systems, and access control systems. However, managing those systems individually requires too much work and high cost. Thus, in order to manage integrated security management and establish consistent security management for various security products, the policy model of PN-ISMS (Policy Based Integrated Security Management System) has become very important. In this paper, present the hierarchical policy model which explore the refinement of high-level/conceptual policies into a number of more specific policies to form a policy hierarchy. A formal method of policy description was used as the basis of the mode in order to achieve precision and generality. Z-Notation was chosen for this propose. The Z-Notation is mathematical notation for expressing and communicating the specifications of computer programs. Z uses conventional notations of logic and set theory organized into expressions called schemas.

• Journal of Information Processing Systems
• /
• v.2 no.1
• /
• pp.28-33
• /
• 2006

The initial research of Task Computing in the ubiquitous computing (UbiComp) environment revealed the need for access control of services. Context-awareness of service requests in ubiquitous computing necessitates a well-designed model to enable effective and adaptive invocation. However, nowadays little work is being undertaken on service access control under the UbiComp environment, which makes the exposed service suffer from the problem of ill-use. One of the research focuses is how to handle the access to the resources over the network. Policy-Based Access Control is an access control method. It adopts a security policy to evaluate requests for resources but has a light-weight combination of the resources. Motivated by the problem above, we propose a universal model and an algorithm to enhance service access control in UbiComp. We detail the architecture of the model and present the access control implementation.

• Journal of Internet Computing and Services
• /
• v.13 no.1
• /
• pp.75-81
• /
• 2012

Previous RFID systems exclusively manage the tags and readers for each company in individual manner. Thus, RFID system manager should understand and design specifications such as tag events, data format, and etc, based on individual companies. But it is very difficult to know all statements. To resolve theses problems, there has been conceptual research about policy-based RFID service management model that is not restrained from standards of typical RFID systems, including EPCglobal standard, and ISO/IEC standard. However, previous proposed service management model only aimed event management without including device management. Therefore, in this paper, we propose extended device management policy model for giving shape to the proposed policy-based RFID service management model. If the proposing device management policy model is used for device management, we can integrate control management for heterogeneous middleware, diverse RFID devices, and applications for each company. Moreover, we show that the RFID device management policy is translated and processed as an example using the proposing policy model in real-time RFID system.

• Spatial Information Research
• /
• v.22 no.2
• /
• pp.11-18
• /
• 2014

The aim of this study is to propose service-oriented connection model among National Geospatial Information Platforms(NGIPs). For this, the study analyzes the necessity of NGIPs connection and extracts the issues related to the connection among NGIPs through Industrial-University-Institute experts survey. Based on this analysis, this study constructs service-oriented connection model for NGIPs, so called Single Point Access model and proposes the policy and technological counterplan to realize this model. This study result can be applied to establish a platform government based on geospatial information, policy for NGIP, and the national Information plan.

• Journal of the Korean Society for information Management
• /
• v.22 no.3 s.57
• /
• pp.13-36
• /
• 2005

As the importance of cultural information becomes greater than before, there are some needs for a new national economic paradigm in the knowledge based society. The purpose of this paper is to suggest guidelines for building up a national cultural information network model that enable to promote government's recognition and cultural policy. This research includes feasibility analysis of cultural policy perspective, current situations, and economic effect of cultural industry.

• The Journal of Information Systems
• /
• v.29 no.4
• /
• pp.57-76
• /
• 2020

Purpose Although examining the antecedents of employees' extra-role behavior (i.e. information security participation behavior) in the information security context is significant for researchers and practitioners, most behavioral security studies have focused on employees' in-role behavior (i.e. information security policy compliance). Thus, this research addresses this gap by investigating how organizational information security climate influences information security participation behavior based on social information processing theory and Griffin and Neal's safety model. Design/methodology/approach We developed a research model by applying Griffin and Neal's safety model to the information security context and then tested our research model by conducting an online survey for employees of organizations with information security policies. Structural equation modeling (SEM) with SmartPLS 3.3.2 is used to test the corresponding hypothesis. Findings Our results show that organizational information security climate, information security knowledge, information security motivation are effective in motivating information security participation behavior. Also, we find that organizational information security climate positively influences both information security knowledge and information security motivation. Our findings emphasize the importance of organizational information security climate because it is capable of affecting employees on information security participation behavior. Our study contributes to the literature on information security by exploring the role of organizational information security climate in enhancing employees' information security participation behavior.

• Journal of the Korean Society for Library and Information Science
• /
• v.49 no.4
• /
• pp.289-315
• /
• 2015

The Fixed book price policy, a portion of publication and printing promotion act applied from February 2003 in the South Korea, is a system of fixed book prices that administered by a government body. The publishing industries had been attempted to lower the discount rate and to extend the application scope. The amendment for the attempts was passed in April 2014, and implemented from November 2014. From the library point of view, this amendment caused a reduction of buying library materials. For this reason, the agenda about expansion of material budget in libraries has been recognized as the alternative. The purpose of this study is to analyze the stance and role of libraries as actors in the policy process. Based on this, this study also attempt to identify usefulness and improvement point of Policy Network Model. For this purpose, this study identifies actor's internal characteristics as an improvement point that previous studies did not identified.

• Journal of Information Technology Services
• /
• v.14 no.3
• /
• pp.85-97
• /
• 2015

The information and communications construction business has the characteristics of an infrastructure industry and responsibility for the construction and maintenance of all ICT infrastructures. With the recent proliferation of the smart convergence of various industries based on ICT infrastructure, the role of the information and communications construction business has been highlighted to accommodate the convergence and implementation environment in construction and medical industries. Therefore, this paper seeks policy measures to establish the new role of the information and communications business under the rapidly developing smart convergence environment and the priorities of policy measures to strengthen the capability of the information and communications business using a quantitative model. The analysis result suggests that the difference in importance of each policy measure should be considered in order to execute effectively the policy of promoting the information and communications construction business. Given the constraint of limited budget, policy priorities include the development of new markets, and establishment of incentive for new technology. This study is significant for its theoretical contribution, being the first quantitative approach to policy priorities for the promotion of information and communications construction business under the smart convertgence environment.

• The KIPS Transactions:PartC
• /
• v.10C no.2
• /
• pp.171-178
• /
• 2003

Differentiated Services (DiffServ) is a technique to provide Quality of Service (QoS) in an efficient and scalable way. However, current DiffServ specifications have limitations in providing the complete QoS management framework and its implementation model. This paper proposes a policy-based QoS management model that supports DiffServ policies for managing QoS of DiffServ networks. The management model conforms to Model-View-Controller (MVC) architecture, and is based on Enterprise JavaBeans (EJBs) technologies. In our model, high-level DiffServ QoS policies are represented as valid XML documents with an XML Schema and are translated to low-level EJB policy beans in the EJB-based policy server. The routing topology and role information required to define QoS policies is discovered by using SNMP MIB-II, and the QoS policy distribution and monitoring is accomplished by using SNMP DiffServ MIB.