• Title/Summary/Keyword: security information

Search Result 17,850, Processing Time 0.032 seconds

Improvement of Information Security Management System Evaluation Model Considering the Characteristics of Small and Medium-Sized Enterprises (중소기업의 특성을 고려한 정보보호 관리체계 평가 모델 개선)

  • Kim, Yi Heon;Kim, Tae-Sung
    • Journal of Information Technology Services
    • /
    • v.21 no.1
    • /
    • pp.81-102
    • /
    • 2022
  • Although more than 99% of all Korean companies are small and medium-sized enterprises (SMEs), which accounts for a large part of the national economy, they are having difficulties in securing information protection capabilities due to problems such as budget and manpower. On the other hand, as 97% of cyber incidents are concentrated in SMEs, it is urgent to strengthen the information protection management and response capabilities of SMEs. Although the government is promoting company-wide information security consulting for SMEs, the need for supplementing it's procedures and consulting items is being raised. Based on the results of information security consulting supported by the government in 2020, this study attempted to derive improvement plans by interviewing SME workers, information security consultants, and system operators. Through the research results, it is expected to create a basis for SMEs to autonomously check the information security management system and contribute to the reference of related policies.

Investigating of Psychological Factors Affecting Information Security Compliance Intention: Convergent Approach to Information Security and Organizational Citizenship Behavior (정보보안 준수의도에 대한 사회심리적 요인 분석: 정보보안과 조직시민행동이론 융합)

  • Han, Jin-Young;Kim, Yoo-Jung
    • Journal of Digital Convergence
    • /
    • v.13 no.8
    • /
    • pp.133-144
    • /
    • 2015
  • In digital convergence environment, information security management plays crucial role in maintaining firms' competitiveness. Organizational citizenship behavior(OCB) enables informations security countermeasures to be more effectively worked by helping employees to have much knowledge of information security policy, by facilitating employees to participate in information security education/training. Thus, the purpose of this study is to investigate the mediating effect of OCB on the relationships between information security countermeasures and compliance intention. Questionary was designed based on prior information security research, and survey was conducted among companies' employees across the industry. Results showed that information security policy and information security education/training were found to be key predictors of compliance intention. In addition, OCB was proven to mediate the relationships between information security countermeasures and compliance intention.

A study on effects of implementing information security governance by information security committee activities (정보보호 위원회 활동에 따른 정보보호 거버넌스 구현 효과에 관한 연구)

  • Kim, Kunwoo;Kim, Jungduk
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.4
    • /
    • pp.915-920
    • /
    • 2015
  • The commitment of top management is still insufficient for information security even the core of information security governance is dependent on the leadership of top management. In this situation, information security committee can be a good way to vitalize the commitment of top management and its activities are essential for implementing information security governance. The purpose of this study is to test that information security committee affects implementing information security governance and security effect. For a empirical analysis, questionnaire survey was conducted and the PLS(Partial Least Square) was used to analyze the measurement and structural model. The study result shows that a hypothesis related value delivery is not accepted and it is required to study various methods about how the information security provides positive value to business.

An Exploratory Research on Factors Influence Perceived Compliance Cost and Information Security Awareness in Small and Medium Enterprise (보안정책 준수 비용과 정보보안 중요성 인식 수준에 미치는 요인에 관한 연구: 중소기업을 중심으로)

  • Yim, Myung-Seong
    • Journal of the Korea Convergence Society
    • /
    • v.9 no.9
    • /
    • pp.69-81
    • /
    • 2018
  • The ultimate intention of this research is to identify the factors that have a significant effect on the perceived importance of information security as the antecedent of intention to information security policy compliance. We found that the effectiveness of information security training program did not have statistically significant effect on the perceived cost of policy compliance. Second, the effectiveness of information security policy has significant influence on the perceived cost of policy compliance. Third, perceived vulnerability has a significant effect on the perceived cost of policy compliance. Fourth, perceived cost of policy compliance has a significant effect on perceived importance of information security. Fifth, supervisor's attitude toward information security silence has a significant effect on employee silent behavior towards information security. Sixth, communication opportunities towards information security has a significant influence on employee silent behavior towards information security. Finally, it was shown that employee silent behavior towards information security had a significant influence on the perceived importance of information security.

A Study on the Stock Price Fluctuation of Information Security Companies in Personal Information Leakage (개인정보 유출 사고 시 정보보호 기업의 주가 변동에 관한 연구)

  • Kim, Min-Jeong;Heo, Namgil;Yoo, Jinho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.1
    • /
    • pp.275-283
    • /
    • 2016
  • Currently Internet and IT infrastructure of Korea has maintained the world's highest levels. But in another aspect, security incident, especially personal information breaches occur frequently. As personal information leakage happened, the companies will be negatively affected. And to prevent this, they have implemented to use a variety of security solutions from information security vendors. Therefore we set up hypotheses that the companies experienced personal information leakage as well as information security companies providing security solutions will be affected by the leakages. So this paper verify hypotheses about the impact of the value of information security companies, through analysing stock price fluctuation of the companies. We found that the stock price of information security companies has increased as personal information leakage happened. And differences according to leakage volumes and types of business are not statistically significant. But there are significant differences according to business classification of information security companies.

Differences in Perception of Information Security Knowledge and Skills Between Academia and Industry (정보보호 전문인력의 소요 지식 및 기술에 대한 산업체와 교육기관의 관점 비교)

  • Yoo, Hye-Won;Kim, Tae-Sung
    • Information Systems Review
    • /
    • v.11 no.2
    • /
    • pp.113-129
    • /
    • 2009
  • With increasing interest in information security, many studies have been conducted on cultivation and management of information security manpower. The widespread application of information security made the activity of information security professionals more diverse. Therefore, it is essential to analyze the knowledge and skills that are necessary for information security professionals to carry out their job and we also need to take these into considerations for the development and operation of education programs. In this study, for analyzing the perception gaps of information security knowledge and skills level between academia and industry, we have derived 58 knowledge and skills by conducting the literature review and Delphi method and we also conducted a survey of information security knowledge and skills requirements for information security professionals who are now working in industries and educational organizations. As a result, we analyze the perception gaps between two groups of information security professionals and suggest some guidelines for establishing the demand-based curriculum for training information security professionals.

Considering Information Security Professionals' Career to Analyze Knowledge and Skills Requirements (정보보호 전문인력의 경력에 따른 지식 및 기술 수요 특성)

  • Yoo, Hye-Won;Kim, Tae-Sung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.19 no.4
    • /
    • pp.77-89
    • /
    • 2009
  • As the awareness on the information security has been well developed, there have been various studies on effective training and management of the information security workforce. But, one of the most important things for the effective training is to develop education programs based on knowledge and skills requirements for information security professionals. This study aims to analyze the required and possessed levels of knowledge and skills for information security professionals' career. For this study, we selected 71 critical knowledge and skills for information security professionals by literature review and Delphi method, and we conducted a survey of information security knowledge and skills requirements for information security professionals to perform their jobs. As a result, we analyzed the current status of the information security professionals' knowledge and skills level and suggested some guidelines for educating information security professionals by their job career.

Study on Development of Framework of Company Classification in Information Security Perspective (정보보호 관점의 기업 유형 분류 프레임워크 개발에 관한 연구)

  • Kim, Hee-Ohl;Baek, Dong-Hyun
    • Journal of Korean Society of Industrial and Systems Engineering
    • /
    • v.39 no.3
    • /
    • pp.18-29
    • /
    • 2016
  • For most organizations, a security infrastructure to protect company's core information and their technology is becoming increasingly important. So various approaches to information security have been made but many security accidents are still taking place. In fact, for many Korean companies, information security is perceived as an expense, not an asset. In order to change this perception, it is very important to recognize the need for information security and to find a rational approach for information security. The purpose of this study is to present a framework for information security strategies of companies. The framework classifies companies into eight types so company can receive help in making decisions for the development of information security strategy depending on the type of company it belongs to. To develope measures to classify the types of companies, 12 information security professionals have done brainstorming, and based on previous studies, among the factors that have been demonstrated to be able to influence the information security of the enterprise, three factors have been selected. Delphi method was applied to 29 security experts in order to determine sub items for each factor, and then final items for evaluation was determined by verifying the content validity and reliability of the components through the SPSS analysis. Then, this study identified characteristics of each type of eight companies from a security perspective by utilizing the developed sub items, and summarized what kind of actual security accidents happened in the past.

A Study on Security Threat Elements Analysis and Security Architecture in Satellite Communication Network (위성 통신망 보안 위협요소 분석 및 보안망 구조에 관한 연구)

  • 손태식;최홍민;채송화;서정택;유승화;김동규
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.11 no.4
    • /
    • pp.15-31
    • /
    • 2001
  • In this paper we classify security threat elements of satellite communication into four parts; Level-0(satellite propagation signal), Level-1(satellite control data), Level-2(satellite application data) and ground network security level according to the personality and data of the satellite communication network. And we analyze each security levels. Using analyzed security threat elements, we divide security requirements into signal security level and information security level separately. And then above the existent signal security level countermeasure, we establish the countermeasure on the basis of information security policy such as satellite network security policy, satellite system security policy and satellite data security policy in information security level. In this paper we propose secure satellite communication network through the countermeasure based on information security policy.

A Study on Access Authorization Inference Modes for Information Security of Specialized Private Networks (특성화 사설 네트워크 정보보호를 위한 접근권한 추론모드에 관한 연구)

  • Seo, Woo Seok
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.10 no.3
    • /
    • pp.99-106
    • /
    • 2014
  • The most significant change and trend in the information security market in the year of 2014 is in relation to the issue and incidents of personal information security, which leads the area of information security to a new phase. With the year of 2011 as the turning point, the security technology advanced based on the policies and conditions that combine personal information and information security in the same category. Such technical changes in information security involve various types of information, rapidly changing security policies in response to emerging illegal techniques, and embracing consistent changes in the network configuration accordingly. This study presents the result of standardization and quantification of external access inference by utilizing the measurements to fathom the access authorization performance in advance for information security in specialized networks designed to carry out certain tasks for a group of clients in the easiest and most simple manner. The findings will provide the realistic data available with the access authorization inference modes to control illegal access to the edge of a client network.