• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1309-1318
• /
• 2014

In the past few years, data leakage of information assets has become a prominent social issue. According to the National Industrial Security Center in South Korea, 71 percent who suffer from technology leakage are small and medium sized enterprises. Hence, establishment and operation of ISMS (Information Security Management System) for small and medium sized enterprises become an important issue. Since it is not easy to obtain ISMS certification for a small or medium sized enterprise by itself, consultation with an expert firm in information security is necessary before the security implementation. However, how to select a proper security consulting company for a small or medium sized firm has not been studied yet. In this study, we analyze empirically the selection factors of ISMS certification consulting company for a small or medium sized firm through exploratory factor analysis (EFA). Our study identified the following four important factors in selecting a security consulting company: expertise of the staffs and human resource management proficiency, market leading capability, competence to make progress during the consultation, and the performance and the size of the physical assets and human resources.

• Journal of Korea Multimedia Society
• /
• v.18 no.2
• /
• pp.218-232
• /
• 2015

According to the development of information processing technology and mobile communication technology, the utilization of mobile banking systems is drastically increasing in banking system. In the foreseeable future, it is expected to increase rapidly the demands of mobile banking in bank systems with the prevalence of smart devices and technologies. However, the keeping 'security' is very important in banking systems that handles personal information and financial assets. But it is very difficult to improve the security of banking systems only with the vulnerabilities and faults analysis methods of information security. Hence, in this paper, we accomplish the analysis of security risk factor and security vulnerability that occur in mobile banking system. With analyzed results, we propose the information security control and management processes for assessing and improving security based on the mechanisms which composes mobile banking system.

• Korean Security Journal
• /
• no.34
• /
• pp.161-184
• /
• 2013

The purpose of this research is to achieve qualitative growth for private security industry as a sector of service industry to attract clients and promote the growth of the private security industry by analyzing the factors which influence the customer's service satisfaction in using the private security services. A regression analysis was conducted to determine the factors which influences the satisfaction of private security service to ultimately achieve the research purpose. In the regression analysis, the difference between corporate clients and individual clients were analyzed for the sake of providing better security services and marketing applications. As a result, the factors that influences the satisfaction of the categorized groups were very clearly signified. Both individual and corporate clients showed increase in satisfaction rate when the fear of crime decreased. This result implies that the private security firms must possess segmented strategies as well as strategies to lower the fear factors of clients. There were no differences in all satisfaction-influencing factors when the fear reduction variable was exempted among both corporate and individual clients in usage satisfaction. This result shows that clients demand varies according to the client and the security firms must react to these demands by the clients. Although private security industry possess very clear publicity, it is a profit generating industry sector therefore, like other service industry, the private security services must implement strategies to keep up with the paradigm. If the satisfaction determinants from the research results are grafted into strategies such relationship marketing and target market selection, higher service satisfaction can be achieved from the clients.

• Korean Security Journal
• /
• no.32
• /
• pp.7-32
• /
• 2012

This study aimed to evaluate the relative status using Analytic Hierarchy Process(AHP) on the spiritual factors of the security martial arts for the guards to perform the best security service. There were 540 participants who were students majored in security martial arts, workers for security and specialists of practical and theoretical security martial arts for this study. The exploratory and confirmatory factor analysis were carried out using the selecting data through literature reviews in the level of the factor-extraction about the spiritual characteristics. The specialists' survey was conducted on the relative status among factors using the spiritual concept structure based on the studied above. Selected data was calculated with SPSS 18.0 for windows, AMOS 5.0, and Expert Choice 2000 software. The conclusion can be made through those process above. First, 4 general factors and 20 detailed factors were found as the result of the factor exploration related to the spiritual characteristics of the security martial arts. The result which was verified on Construction validity of searched factors had stable figures on every standard. In other words, the participants for survey on this study "Spiritual characteristic concepts of the security martial arts" can be evaluated it is valid. The general factors of security martial arts' spirit were conceptualized with Psychological spirit, ethical spirit, martial art spirit, practical spirit through the naming process on the general factors of the security martial arts' spiritual characteristic concepts. The detailed factors of security martial arts' spirit were concentration, self-confidence, self-management, immersion, self-esteem in psychological spirit and sacrifice, justice, royalty, peace, sense of duty in ethical spirit and courtesy, toughness, defense, balance of mind and body, bravery in martial arts and responsibility, cooperation, modesty, determination, professionalism in practical spirit of security martial arts. That is, the conceptualization of security martial arts' spirit was verified that it had validity. Second, the hierarchical model of the security martial arts was composed with 4 superordinate concepts and 20 subordinate concepts. As the result of evaluating relative status based on Spiritual characteristics-hierarchy model, the impotance was proven in order of ethical spirit(.482), martial art spirit(.248), practical spirit(.188), psychological spirit(.083). Also the importance related to spiritual characteristics of security martial arts on subordinate concepts was proven in order of sacrifice(.252), courtesy(.110), sense of duty(.108), responsibility(. 073), royalty(.053), toughness(.052), justice(.049), defense(.038), professionalism(.038), determination(.035), cooperation(.029), self-confidence (.026), bravery(.025), self-esteem(.024), balance of mind and body(.023), peace(.019), concentration(.014), modesty(.013), self-management(.011), flow (.007). To sum up, the spiritual factor related to ethics such as sacrifice, justice, royalty, peace, sense of duty was the most important for the security martial arts.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.39 no.4
• /
• pp.97-105
• /
• 2016

As information system is getting higher and amount of information assets is increasing, skills of threatening subjects are more advanced, so that it threatens precious information assets of ours. The purpose of this study is to present a strategic direction for the types of companies seeking access to information security. The framework classifies companies into eight types so company can receive help in making decisions for the development of information security strategy depending on the type of company it belongs to. Paired comparison method survey conducted by a group of information security experts to determine the priority and the relative importance of information security management elements. The factors used in the security response strategy are the combination of the information security international certification standard ISO 27001, domestic information protection management system certification K-ISMS, and personal information security management system certification PIMS. Paired comparison method was then used to determine strategy alternative priorities for each type. Paired comparisons were conducted to select the most applicable factors among the 12 strategic factors. Paired comparison method questionnaire was conducted through e-mail and direct questionnaire survey of 18 experts who were engaged in security related tasks such as security control, architect, security consulting. This study is based on the idea that it is important not to use a consistent approach for effective implementation of information security but to change security strategy alternatives according to the type of company. The results of this study are expected to help the decision makers to produce results that will serve as the basis for companies seeking access to information security first or companies seeking to establish new information security strategies.

• Journal of Navigation and Port Research
• /
• v.36 no.3
• /
• pp.261-271
• /
• 2012

The purpose of the present study is to empirically examine factors that affect the information security awareness and perceived information security risk of employees of port companies. In particular, in order to identify factors that affect the perceived information security risks, we investigated the relation of assets, threats, and vulnerabilities to it, using the risk analysis methodology. With A total of 252 valid questionnaires, we also performed the structural equation modeling analysis using AMOS. It was found that first, there was no meaningful relationship between the information assets and the perceived information security risk in the case of employees of port companies. Second, threats and vulnerabilities turned out to have positive influences on the perceived information security risk. Finally, there was a positive relationship not only between the information security awareness and the information security education, but also between the information security awareness and the intention of information security. However, there was no meaningful relationship between the information security concern and the information security awareness.

• Journal of Information Technology Applications and Management
• /
• v.26 no.2
• /
• pp.27-40
• /
• 2019

As reliance on information and communication becomes widespread, a variety of information dysfunctions such as hacking, viruses, and the infringement of personal information are also occurring. Korean adolescents are especially exposed to an environment in which they are experiencing information dysfunction. In addition, youth cybercrimes are steadily occurring. To prevent cybercrime and the damage caused by information dysfunction, information security practices are essential. Accordingly, the purpose of this study is to discuss the factors affecting the information security practices of Korean youths, considering information security education, perceived severity, and perceived vulnerability as leading factors of the theory of planned behavior. A questionnaire survey was administered to 118 middle and high school students. Results of the hypothesis test show that information security education affects perceived behavior control, and perceived severity affects attitude. Subjective norms, information security attitudes, and perceived behavioral control were found to influence adolescents' practices of information security. However, perceived vulnerabilities did not affect youths' information security attitudes. This study confirms that information security education can help youths to practice information security. In other words, information security education is important, and it is a necessary element in the information curriculum of contemporary youth. However, perceived vulnerability to youth information security threats did not affect information security attitudes. Consequently, we suggest that it is necessary to strengthen the contents of the information security education for Korean youths.

• The Journal of Society for e-Business Studies
• /
• v.27 no.2
• /
• pp.137-152
• /
• 2022

Consumers' enhanced intention to adopt the Mydata service or their voluntary provision of personal information is a very essential element in the stable growth of the Mydata industry along with the creation of corporate values. The growing leakage of customer information according to the rising value of data can have negative impacts on the use of Mydata service and shrink quality custom service needs based on the personal information provided by financial consumers. This study set out to identify security risks that financial consumers could recognize and security factors that could supplement them and investigate the effects of these security factors on consumers' intention to adopt the Mydata service, thus providing useful implications for increasing the acceptance of financial consumers and finding a strategy to expand safe utilization. The findings raise a need to guarantee the stability and transparency of information provided by customers as information subjects, and they should be essential requirements for the Mydata service. The security factors applied to guarantee them should include convenience in terms of financial service.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.3
• /
• pp.131-142
• /
• 2008

Enterprises accomplish their missions through obtaining and managing information. The unintended disclose of enterprises' sensitive information causes serious damage to enterprises, resulting in disruptive management. For effective security of enterprises, information security management systems and information security policy owing clear goals should be firmly established. This study analyzes factors influencing maturity of information security policy and gives important hints to execute information security policy.

• Asia pacific journal of information systems
• /
• v.15 no.2
• /
• pp.65-96
• /
• 2005

It is generally believed that, compared to traditional commerce, Electronic Commerce(EC) is more difficult to gain and sustain customers. One of the major reasons that customers do not use EC is lack of trust. Previous researches on the EC user's trust suggested that risk is an antecedent of trust and the concept of trust is highly related to risk. This study proposed a combined model in which includes the factors based on generic information security risk analysis methodology and trust factors in EC. The objectives of this study are follows; first, investigating the relationship between trust and risk that are antecedent factors of purchase intention, and second, examining the validity of information security risk analysis approach in EC environment. Based on the survey results of 143 MBA students statistical analysis showed that factors like threats and controls were significantly related to risk, but assets did not have statistically significant relationship with risk. Controls and knowledge of EC had meaningful effect on user's trust. This study found that risk analysis methodology which is generally used at organizational level is practically useful at user level on EC environment. In conclusion, the results of this study would be applied to generic situation of information security for analyzing and managing the risk. Besides, this study emphasized that EC vendors need to pay more attention to the information security risk to gain customer's trust.