• 경영정보학연구
• /
• 제16권3호
• /
• pp.179-190
• /
• 2014

교육기관이 보유한 개인정보 파일의 상당수는 개인의 학사정보, 건강정보 등 민감한 정보를 포함한다. 따라서 교육기관의 개인정보유출 사건이 발생할 경우 그 피해가 클 것으로 예상된다. 이러한 피해를 막기 위해 교육부는 2012년부터 교육기관의 (개인)정보보호 담당자를 대상으로 보안인식제고 및 보안기술능력 향상을 목표로 하는 정보보호 교육센터를 설립하여 운영하는 등 다양한 노력을 하고 있지만 여전히 공공기관에서 발생한 개인정보유출 사건의 상당수는 교육기관에서 발생하고 있다. 본 연구는 정보보호 교육센터의 교육과정이 교육대상의 교육수요에 적합하게 운영되고 있는지 확인하기 위해 다음과 같이 진행하였다. 대학의 정보보호 관련 전공 커리큘럼을 조사하여 정보보호 분야의 지식 및 기술 11개를 도출하였고, 정보보호 교육센터의 교육대상인 교육기관의 (개인)정보보호 담당자를 대상으로 정보보호 분야의 지식 및 기술 11개에 대한 교육수요를 조사하였다. 또한, 정보보호 교육센터의 교육과정을 조사하였으며, 이를 교육대상의 교육수요와 비교해보았다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제15권12호
• /
• pp.4531-4544
• /
• 2021

Because the traditional network information security vulnerability risk assessment method does not set the weight, it is easy for security personnel to fail to evaluate the value of information security vulnerability risk according to the calculation value of network centrality, resulting in poor evaluation effect. Therefore, based on the network security data element feature system, this study designed a quantitative assessment method of network information security vulnerability detection risk under single transmission state. In the case of single transmission state, the multi-dimensional analysis of network information security vulnerability is carried out by using the analysis model. On this basis, the weight is set, and the intrinsic attribute value of information security vulnerability is quantified by using the qualitative method. In order to comprehensively evaluate information security vulnerability, the efficacy coefficient method is used to transform information security vulnerability associated risk, and the information security vulnerability risk value is obtained, so as to realize the quantitative evaluation of network information security vulnerability detection under single transmission state. The calculated values of network centrality of the traditional method and the proposed method are tested respectively, and the evaluation of the two methods is evaluated according to the calculated results. The experimental results show that the proposed method can be used to calculate the network centrality value in the complex information security vulnerability space network, and the output evaluation result has a high signal-to-noise ratio, and the evaluation effect is obviously better than the traditional method.

• 한국정보시스템학회지:정보시스템연구
• /
• 제25권2호
• /
• pp.51-77
• /
• 2016

Purpose Organizations invest significant portions of their budgets in fortifying information security. Nevertheless, the security threats by employees are still at large. We discuss methods to reduce security threats that are posed by employees in organization. This study finds antecedent factors that increases or decreases employee's compliance intention. Also, the study suggests organizations' security environmental factors which influences the antecedent factors of compliance intention. Design/methodology/approach The structural equation model is then applied in order to verify this research model and hypothesis. Data were collected on 415 employees working in organizations with an implemented information security policy in South Korea. We analyzed the fitness and validity of the research model via confirmatory factor analysis in order to verify the research hypothesis, then we analyzed structural model, and derived the result. Findings The result shows that organizational commitment and peer behavior increase security compliance intention of employees, while security system anxiety decreases compliance intention. And, organization's physical security system and security communication both have influence on antecedent factors for information security compliance of employees. Our findings help organizations to establish information security strategies that enhance employee security compliance intention.

• 한국정보시스템학회지:정보시스템연구
• /
• 제17권1호
• /
• pp.23-43
• /
• 2008

Nowadays, openness and accessibility of information systems increase security threats from inside and outside of organization. Appropriate password is supposed to bring out security effects such as preventing misuses and banning illegal users. This study emphasizes on choosing passwords from perspective of information security and investigated user's security awareness affecting behavioral intention. The research model proposed in this study includes user's security belief which is influenced by risk awareness factors such as information assets, threats and vulnerability elements. The risk awareness factors ale derived from risk analysis methodologies for information security. User's risk awareness is a factor influencing the security belief, attitude toward security behavior, and security behavioral intention. According to the result of this study, while vulnerability is not related to the risk awareness, information assets and threats are related to the user's risk awareness. There is a significant relationship between risk awareness and security belief. Also, user's security behavioral intention is significantly affected by security attitude.

• 한국정보시스템학회지:정보시스템연구
• /
• 제15권1호
• /
• pp.145-168
• /
• 2006

Current computer viruses are one of the most serious problems in information age due to their potential demage and impact on use of information systems. To make the problem worse, virus development technology has been advanced rapidly, and use of network systems has expanded widely. Therefore computer viruses are much more complex and use of anti-virus software(AV S/W) is not enough to prrevent virus incidents. It implies that computer viruses as well as other information security matters are not solely a technical problem but also a managerial one. This study emphasized on computer virus controls from managerial perspective of information security and investigated factors influencing the effectiveness of computer virus controls. Organization's comprehensive security policies provide guidelines on how organization or individual can protect themselves from computer viruses. Especially, user's education has positive impact on user's security related characteristics. Based on the analysis of research model using structural equation modeling technique, security policies were influencing security controls and improving user's computer viruses related awareness. Also security controls had positive impact on security effectiveness. However, no significant relationship was found between user's security related characteristics and security effectiveness.

• Asia pacific journal of information systems
• /
• 제18권4호
• /
• pp.1-26
• /
• 2008

Rapid progress of information technology and widespread use of the personal computers have brought various conveniences in our life. But this also provoked a series of problems such as hacking, malicious programs, illegal exposure of personal information etc. Information security threats are becoming more and more serious due to enhanced connectivity of information systems. Nevertheless, users are not much aware of the severity of the problems. Using appropriate password is supposed to bring out security effects such as preventing misuses and banning illegal users. The purpose of this research is to empirically analyze a research model which includes a series of factors influencing the effectiveness of passwords. The research model incorporates the concept of risk based on information systems risk analysis framework as the core element affecting the selection of passwords by users. The perceived risk is a main factor that influences user's attitude on password security, security awareness, and intention of security behavior. To validate the research model this study relied on questionnaire survey targeted on evening class MBA students. The data was analyzed by AMOS 7.0 which is one of popular tools based on covariance-based structural equation modeling. According to the results of this study, while threat is not related to the risk, information assets and vulnerability are related to the user's awareness of risk. The relationships between the risk, users security awareness, password selection and security effectiveness are all significant. Password exposure may lead to intrusion by hackers, data exposure and destruction. The insignificant relationship between security threat and perceived risk can be explained by user's indetermination of risk exposed due to weak passwords. In other words, information systems users do not consider password exposure as a severe security threat as well as indirect loss caused by inappropriate password. Another plausible explanation is that severity of threat perceived by users may be influenced by individual difference of risk propensity. This study confirms that security vulnerability is positively related to security risk which in turn increases risk of information loss. As the security risk increases so does user's security awareness. Security policies also have positive impact on security awareness. Higher security awareness leads to selection of safer passwords. If users are aware of responsibility of security problems and how to respond to password exposure and to solve security problems of computers, users choose better passwords. All these antecedents influence the effectiveness of passwords. Several implications can be derived from this study. First, this study empirically investigated the effect of user's security awareness on security effectiveness from a point of view based on good password selection practice. Second, information security risk analysis framework is used as a core element of the research model in this study. Risk analysis framework has been used very widely in practice, but very few studies incorporated the framework in the research model and empirically investigated. Third, the research model proposed in this study also focuses on impact of security awareness of information systems users on effectiveness of password from cognitive aspect of information systems users.

• 정보보호학회논문지
• /
• 제27권3호
• /
• pp.653-671
• /
• 2017

현재 대부분의 금융기관이 정보보호인력 산정 시, 금융회사의 규모 및 정보보호업무 영역별 특성을 고려하지 않고, 일률적으로 전자금융감독규정에서 정한 총 IT 인력 수 대비 정보보호인력 비율(5%)만 준수하고 있다. 또한, 정보보호 인력이 여러 업무를 겸직함으로써 본연의 업무 소홀로 인한 리스크가 확대되고 있는 상황이다. 본 연구에서는 금융회사의 규모 및 각 정보보호업무의 특성을 고려한 필요 인력 수를 산정하여 체계적인 정보보호조직을 구성함으로써 금융 보안사고에 보다 효율적으로 대응할 수 있는 방안을 제시하고자 한다.

• 디지털산업정보학회논문지
• /
• 제9권3호
• /
• pp.99-106
• /
• 2013

There has been a lot of growth more than 10% in the information security industry. In accordance with the industrial growth, it increased needs for the information security manpower development as a national problem. But there is an imbalance between demand and supply of the information security manpower in terms of the quantity and quality. It is mainly caused by the curriculum of the information security is made considering for suppliers not for demanders. As a resolution to solve this problem, we suggest the curriculum of information security for vocational education and training. As the information security area is wide in view of required knowledge and technology, we design the curriculum by selecting major occupation type from the information security manpower distribution and products and then by investigating the job description using NCS(National Competency Standard). And we compared the curriculum to that of two or three year diploma courses in Korea.

• ETRI Journal
• /
• 제37권2호
• /
• pp.428-437
• /
• 2015

This study was conducted to analyze the effect of information security activities on organizational performance. With this in mind and with the aim of resolving transaction stability in the securities industry, using an organization's security activities as a tool for carrying out information security activities, the effect of security activities on organizational performance was analyzed. Under the assumption that the effectiveness of information security activities can be bolstered to enhance organizational performance, such effects were analyzed based on Herzberg's motivation theory, which is one of the motivation theories that may influence information protection activities. To measure the actual attributes of the theoretical model, an empirical survey of the securities industry was conducted. In this explorative study, the proposed model was verified using partial least squares as a structural equation model consisting of IT service, information security, information sharing, transaction stability, and organizational performance.

• 한국정보시스템학회지:정보시스템연구
• /
• 제29권1호
• /
• pp.51-74
• /
• 2020

Purpose Since the number of personal information breach incidents increased, many people have perceived the importance of personal information protection, in the recent. Especially, the number of personal information breach targeting middle-aged and elderly people rapidly increases. Therefore, the purpose of this study is to identify the factors which influence to fail of online information security behaviors among the elderly. Design/methodology/approach This study made a research model by adopting the factors deducted from the protection motivation theory. To analyze the research model, we conducted an online survey targeted on the elderly and middle ages users who have nations of Korean and Chinese respectively. Findings According to the empirical analysis result, we identified that only perceived severity and perceived vulnerability affected information security awareness. On contrast, it was also discovered that perceived barriers, self-efficacy, and response efficacy did not affect information security awareness. Additionally, the awareness of information security also did not affect information security behaviors. Middle-aged and elderly people with personal information protection education did more information security behaviors than people those who no education experiences. Korean middle-aged and elderly people with education significantly did more information protection behaviors than the people without the education.