The Journal of Society for e-Business Studies (한국전자거래학회지)

Society for e-Business Studies (한국전자거래학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on Factors Affecting the Level of Information Security Governance in Korea Government Institutions and Agencies

공공기관 정보보호 거버넌스 수준에 영향을 미치는 요인에 관한 연구

  • Received : 2011.01.26
  • Accepted : 2011.02.18
  • Published : 2011.02.28
Download PDF
⟨ Previous Next ⟩

Abstract

To solidate information security, Korea government introduces information security governance. The public institutions and agencies in korea have begun to recognize the importance of information security governance. For solidating information security governance, the government has tried to establish and solidate an information security policy and information security systems. This study suggests factors affecting the level of information security governance in the public agencies and institutions through the factor analysis and the linear regression analysis. The results of this study show that the CEO's support is able to elevate the level of information security governance. The level of information security governance has relation with the number of the staff in information departments, and the budget in the public agencies and the institutions. This study provides directions for the public agencies and the institution for elevating the levels of information security governance.

공공기관은 정보보호를 강화하기 위하여 정보보호 거버넌스 체제를 도입하고 있다. 공공기관은 정보보호 거버넌스 체계의 중요성을 인식하고, 정보보호 거버넌스의 확립을 위해서 정책 수립 및 제도 확립에 노력을 기울이고 있다. 본 연구는 공공기관의 정보보호 거버넌스 수준에 영향을 미치는 요인을 탐색하기 위하여 정보보호 거버넌스 수준 측정 모형과 요인 모형을 개발한다. 본 연구는 공공기관 정보보호 거버넌스 수준은 최고경영층의 지원에 의해서 결정되며, 공공기관 정보보호 거버넌스는 정보보호 예산 및 정보화 담당 부서의 규모와 밀접한 관련이 있음을 제시한다. 본 연구의 결과는 공공기관의 정보보호 거버넌스 확립을 위한 정책 방향을 제시한다.

Keywords

References

  1. 김정덕 외 1인, "정보보호 거버넌스 이슈 및 연구과제", 정보보호학회지, 제17권, 제4호, 2007, pp. 2-8.
  2. 김정덕, 이경석, "ISO/IEC JTC1 SC27의 정보보호관리 국제표준화 동향", 정보보호학회지, 제18권, 제4호, 2008, pp. 1-4.
  3. 김지숙 외 2인, "민간기업과 공공기관의 정보보호 관리체계 차이 비교", 한국정보보호학회논문지, 제20권, 제2호, 2010, pp. 117-129.
  4. 최명길 외 1인, "정보보호 패러다임 변화 및 정보보호동향에 대한 고찰", 한국정보보호학회논문지, 제17권, 제4호, 2007, pp. 12-17.
  5. 최명길 외 2인, "정보보호정책 성숙도 수준에 영향을 미치는 요인에 관한 연구", 한국정보보호학회논문지, 제18권, 제3호, 2008, pp. 131-142.
  6. 한국정보보호진흥원, "ISMS 인증제도 소개", 2007, pp. 6-19.
  7. 한근희, "전자정부 정보보호관리체계(GISMS) 적용 정책", 한국정보보호학회논문지, 제19권, 제5호, 2009, pp. 119-131.
  8. Ahmad Abu-Musa, "Exploring Information Technology Governance in Developing Countries : An Empirical Study", The International Journal of Digital Accounting Research, Vol. 7, No. 13, 2007, pp. 71-117.
  9. Ahmad Abu-Musa, "Information Security Governance in Saudi Organizations : An Empirical Study," Information Management and Computer Security, Vol. 18, No. 4, 2010, pp. 226-276. https://doi.org/10.1108/09685221011079180
  10. Allen J. H. and Westby, J. R., "Governing for Enterprise Security (GES) : Implementation Guide, Article 1 : Characteristics of Effective Security Governance," White Paper, Carnegie Mellon University, Pittsbugh, P.A.
  11. Beatty, R. C., Shim, J. P., and Jones, M. C., "Factors Influencing Corporate Web Site Adoption : a Time-Based Assessment," Information and Management Vol. 38, 2001, pp. 337-354. https://doi.org/10.1016/S0378-7206(00)00064-1
  12. Birman, "KP, The Next-Generation Internet : Unsafe at Any Speed," IEEE Computer, Vol. 30, No. 8, 2000, pp. 54-60.
  13. Corporate Governance Task Force, "Information Security Governance : a Call to Action," April 2004.
  14. Faily S. and Fle'chais, I., "Designing and Aligning e-Science Security Culture with Design," Information Management and Computer Security, Vol. 18, No. 5, 2010.
  15. Fulford, H. and Doherty, N. F., "The Application of Information Security Policies in Large UK-based Organizations : an Exploratory Investgation," Information Management and Computer Security, Vol. 11, No. 3, 2003, pp. 106-114. https://doi.org/10.1108/09685220310480381
  16. Huang, S.-M., Lee, C. L., and Kao, A. C., "Balancing Performance Measures for Information Security Management: a Balanced Scorecard Framework," Industrial Management and Data Systems, Vol. 106, No. 2, 2006, pp. 242-255. https://doi.org/10.1108/02635570610649880
  17. ISO17799, "A Code of Practice for Information Security," 2005.
  18. ITGI, "Information Security Governance, Guidance for Boards of Directors and Executive Management, 2nd Ed., IT Governance Institute, Rolling Meadows, IL, 2006.
  19. B. Ives and Learmouth, G. P., "The Information Systems as a Competitive Weapon," Communications of the ACM, Vol. 27, No. 12, 1984, pp. 586-603.
  20. Joshi, K., "The Measurement of Fairness or Equity Perceptions of Management Information Systems Users," MIS Quarterly, Vol. 13, No. 3, 1989, pp. 343-358. https://doi.org/10.2307/249010
  21. Maria Karyda, Evangelos Kiountouzis, and Spyros Kokolakis, "Information Systems Security Polices : a Contextual Perspectives," Computers and Security, Vol. 24, No. 3, 2004, pp. 246-260.
  22. National Cyber Security Summit Task Force, Information Security Governance : a Call to Action, Corporate Governance Task Force Report, April, CS1/05-0047, available at www.technet.org/resources/IfoSecGov4_04.pdf.
  23. Solm, B., "Information Security_The Forth Wave," Computers and Security, Vol. 25, 2006, pp. 165-168. https://doi.org/10.1016/j.cose.2006.03.004
  24. Jeff Smith, H. S., Milberg, J. S., Burke, J., "Information Privacy : Measuring Individuals' Concerns about Organizational Practices," MIS Quarterly, Vol. 20, No. 2, 1996, pp. 167-196. https://doi.org/10.2307/249477
  25. Swindle O. and Coner B., "The Link Between Information Security and Corporate governance," May 2004.
  26. Symon, V., "A Review of Information Systems Evaluation : Content, Context and Process," Journal of Information Systems, Vol. 1, No. 3, 1991, pp. 205-212. https://doi.org/10.1057/ejis.1991.35
  27. Whitman M. E. and Mattford H. J, "Principles of Information Security," Course Technology, 2003, pp. 153-90.
  28. William, "Information Governance," Information Security Technical Report, Vol. 6, No. 3, 2001, pp. 60-70. https://doi.org/10.1016/S1363-4127(01)00309-0

Cited by

  1. Comparison of Information Security Controls by Leadership of Top Management vol.19, pp.1, 2014, https://doi.org/10.7838/jsebs.2014.19.1.063
  2. A Study for Influencing Factors of Organizational Performance: The Perspective of the Mediating Effect of Information Security Maturity Level vol.23, pp.3, 2014, https://doi.org/10.5859/KAIS.2014.23.3.99
  3. 행정정보의 효율적인 활용을 위한 법.규제 분석 vol.16, pp.3, 2011, https://doi.org/10.7838/jsebs.2011.16.3.211