References
- 미래포럼, "정보보호의 다음 단계는?", 전자신문, 2011.
- 중소기업청, "보안 컨설턴트용 실무가이드북", 중소기업기술정보진흥원, 2007.
- 한국인터넷진흥원, "2011년 정보보호 실태조사 : 기업편", 2012.
- 한국정보보호진흥원, "정보보호 관리체계 관리과정 가이드", 2004.
- Anderson E. E. and C. Joobin, "Enterprise information security strategies", Computers and Security, Vol.27, No.1/2,(2008), pp.22-29. https://doi.org/10.1016/j.cose.2008.03.002
- Barnea, A. and A, Rubin, "Corporate Social Responsibility as a Conflict Between Shareholders", Journal of Business Ethics, Vol. 97, No.1(2010), pp.71-86. https://doi.org/10.1007/s10551-010-0496-z
- Baron, R. M. and D. A. Kenny, "The moderator variable distintion in social psychological research : Conceptual, strategic, and statistical considerations", Journal of Personality and Social Psychology, Vol.51(1986), pp.1173-1182. https://doi.org/10.1037/0022-3514.51.6.1173
- Baskerville and R. M. Siponen, "An information security meta-policy for emergent organizations", Journal of Enterprise Information Management, Vol.15, No.5/6(2002), pp.337-346.
- Bharadwaj, A. and M. Keil, "The Effect of Information Technology Failures on the Market Value of Firms : An Empirical Examination", The Journal of Strategic Information Systems, Vol.18, No.2(2001).
- Boehmer, W., "Appraisal of the eectiveness and eciency of an Information Security Management System based on ISO 27001", Emerging Security Information, Systems and Technologies, SECURWARE, Second International Conference on, (2008), pp.224-231.
- Bostrom, R. P. and J. S. Heinen, "MIS Problems and Failures : A Socio-Technical Perspective", MIS Quarterly, Vol.1, No.4(1977), pp.11-28.
- Bowen, H., Social Responsibilities of the Businessman, New York, Haper and Row, 1953.
- Caralli, R. A., "Managing for Enterprise Security", Carnegie Mellon Software Engineering Institute, 2004.
- Caylor, J., M. E. Withman, P. Fendler, and D. Baker, "Rebuilding Human Firewall", ACM, InfoSecCD Proceedings of the 2nd annual conference on Information security curriculum development, (2005), p.1.
- Clegg, C. W., "Sociotechnical Principles for Systems Design", Applied Ergonomics, Vol.31(2000), pp.463-477. https://doi.org/10.1016/S0003-6870(00)00009-0
- CONsortium of CERT, "CONCERT SECURITY FORECAST 2012", 2012.
- Cyert, R. M. and J. G. March, "A behavioral theory of organizational objectives", Modern Organization Theory, (1996), pp.138-148.
- Deloitte, "Global Security Survey", 2008.
- Department of the Army, "Information Security Program", Vol.1, No.5200.01(2012).
- Dhillon, G. and J. Backhouse, "Current directions in IS security research : towards socio-organizational perspectives", Information Systems Journal, Vol.11, No.2(2001), pp.127-153. https://doi.org/10.1046/j.1365-2575.2001.00099.x
- Dyne, L. V., J. W. Graham, and R. M. Dienesch, "Organizational Citizenship Behavior : Construct Redefinition, Measurement, and Validation", The Academy of Management Journal, Vol.37, No.4(1994), pp.765-802. https://doi.org/10.2307/256600
- Ettredge, M. and V. Richardson, "Assessing the Risk of in E‐commerce", System Sciences, HICSS. Proceedings of the 35th Annual Hawaii International Conference on, (2002), p.11.
- Fred, C., "Managing network security-Part 5 : Risk management or risk analysis", Network Security, Vol.1997, No.4(1997), pp.15-19.
- Gerber, M. and V. R. Solms, "From risk analysis to security requirements", Computers and Security, Vol.20, No.7(2001), pp. 577-584. https://doi.org/10.1016/S0167-4048(01)00706-4
- Goel, S. and S. I. N. Chengalur, "Metrics for Characterizing the Form of Security Policies", Journal of Strategic Information Systems, Vol.19(2010), pp.281-295. https://doi.org/10.1016/j.jsis.2010.10.002
- Goh, R., The Importance of the Human Element, Doctorial Dissertation, 2003.
- Gordon, L. A. and M. P. Loeb, "The economics of information security investment", ACM Transactions on Information and System Security, Vol.5, No.4(2002), pp.438-457. https://doi.org/10.1145/581271.581274
- Hagen, J. M. and E. Albrechtsen, "Implementation and effectiveness of organizational information security measures", Information Management and Computer Security, Vol. 16, No.4(2008).
- Hair, J. F., C. B. William, B. J. Babin, and R. E. Anderson, Multivariate Data Analysis (7th Edition), PEARSON, 2009.
- IDC, "2007 Global Security Survey", 2008.
- Karyda, M., E. Kiountouzis, and S. Kokolakis, "Information systems security policies : acontextual perspective", Computers and Security, Vol.24, No.3(2005), pp.246-260. https://doi.org/10.1016/j.cose.2004.08.011
- Kotulic, A. G. and J. G. Clark, "Why there aren't more information security research studies", Information and Management, Vol. 41, No.5(2004), pp.597-607. https://doi.org/10.1016/j.im.2003.08.001
- Land, F. F., Evaluation in a Socio-Technical Context, in Basskerville, R., Stage, J., and DeGross, J. I., Organizational and Social Perspectives on Information Technology, Boston, Kluwer Academic Publishers, (2000), pp.115-126.
- Leavitt, H. J., Applied Organisational Change in industry : Structural, Technological and Humanistic Approaches, Carnegie Institute of Technology, Graduate School of Industrial Administration, 1965.
- Maignan, I. and O. C. Ferrell, "Corporate Social Responsibility and Marketing : An Integrative Framework", Journal of the Academy of Marketing Science, Vol.32(2004), pp.3-19. https://doi.org/10.1177/0092070303258971
- Mattord, H. and M. Whitman, "Regulatory Compliance in Information Technology and Information Security", AMCIS Proceedings, (2007), p.357.
- Michael, R., Grimaila, and L. W. Fortson, "Towards an Information Asset-Based Defensive Cyber Damage Assessment Process", Computational Intelligence in Security and Defense Applications, CISDA IEE, (2007), pp.203-212.
- Mumford, E., "A socio-technical approach to systems design", Requirements Engineering, (2000), pp.59-77.
- NIST, Information Security Handbook : A Guide for Managers, 2006.
- Nosworthy, J. D., "Implementing information security in the 21 super(st) Century-do you have the balancing factors?", Computers and Security, Vol.19, No.4(2000), pp. 337-347. https://doi.org/10.1016/S0167-4048(00)04021-9
- Nunnally. J. C., Psychometric Theory 2th Edition, Mcgraw Hill, NewYork, 1978.
- Porter, M. E. and M. R. Kramer, "Creating Shared Value", Harvard Business Review, 2011.
- Post, G. and A. Kagan, "Management tradeoffs in anti-virus strategies", Information and Management, Vol.37(2000), pp.13-24. https://doi.org/10.1016/S0378-7206(99)00028-2
- Pugh, D. S. and D. J. Hickson, Writers on Organizations, Beverly Hills, Cal. : SAGE, 2007.
- Shin, S. C. and H. J. Wen, "Building E-enterprise security : a business view", Information Systems Security, Vol.13, No.4(2003), pp.44-56.
- Simon, H. A., "Rationality as Process and as Product of Thought", The American Economic Review, apers and Proceedings of the Ninetieth Annual Meeting of the American Economic Association, Vol.68, No.2 (1978), pp.1-16.
- Solms, B., "Corporate Governance and Information Security", Computers and Security, Vol.20(2001), pp.215-218. https://doi.org/10.1016/S0167-4048(01)00305-4
- Solms, B., "Information Security-The Fourth Wave?", Computers and Security, Vol.25 (2006), pp.165-168. https://doi.org/10.1016/j.cose.2006.03.004
- Stoneburner, G., A. Goguen, and A. Feringa, "Risk Management Guide for Information Technology Systems", NIST special publication, 2002.
- Trist, E., "The evolution of socio-technical systems", a conceptual framework and an action research program, Occasional paper, No.2(1981).
- Yeh, Q. J. and A. J. T. Chang, "Threats and countermeasures for information system security : a cross-industry study", Information and Management, Vol.44, No.5(2007), pp.480-491. https://doi.org/10.1016/j.im.2007.05.003