DOI QR코드

DOI QR Code

Comparison of Information Security Controls by Leadership of Top Management

최고경영층의 정보보호 리더십에 따른 정보보호 통제활동의 차이 분석

  • Yoo, Jinho (Dept. of Business Administration, Sangmyung University)
  • Received : 2013.10.28
  • Accepted : 2014.02.04
  • Published : 2014.02.28

Abstract

This paper is to analyze how the information security leadership of top management affects controls of information security. Controls of information security include the activity related to making information security policy, the activity related to making up information security organizational structure and job responsibilities, the activity related to information security awareness and training, the activity related to technical measures installation and operation, and the activity related to emergency response, monitering and auditing. Additionally we will analyze how Internet incidents affect controls of information security and find implications.

본 논문에서는 정보보호 거버넌스를 강조한 선행연구들을 바탕으로, 거버넌스 측면에서 가장 첫 번째에 해당하는 최고경영층의 정보보호에 대한 리더십이 정보보호 정책수립, 정보보호 조직과 인력 구성, 정보보호 교육 및 훈련, 기술적 대책 활동, 모니터링 및 감사활동 등과 같은 정보보호 통제활동에 어떤 영향을 주는 지에 대해 실증적으로 분석하고자 한다. 뿐만 아니라 최고경영층의 리더십과 비교되는 요인으로 조직 내에서 발생한 인터넷 침해사고 피해에 의해 정보보호 통제활동에 얼마나 차이가 있는지를 분석하여 시사점을 찾고자 한다.

Keywords

References

  1. ISO/IEC 27001, Information technology-Security techniques-Information security management systems-Requirements, 2005.
  2. Solms, Basie von, "Information Security-The Fourth Wave," Computers and Security, Vol. 25, pp. 165-168, 2006. https://doi.org/10.1016/j.cose.2006.03.004
  3. Veiga, A. D. and Eloff, J. H. P., "An Information Security Governance Framework," Information System Management, Vol. 24, pp. 361-372, 2007. https://doi.org/10.1080/10580530701586136
  4. Wiant, T. L., "Information security policy's impact on reporting security incidents," Computers and Security, Vol. 24, No. 6, pp. 448-459, September 2005. https://doi.org/10.1016/j.cose.2005.03.008
  5. Solms, Basie von, "Information Security- A Multidimensional Discipline," Computers and Security, Vol. 20, pp. 504-508, 2001. https://doi.org/10.1016/S0167-4048(01)00608-3
  6. Aron, J. L., Gove, R. A., Azadegan, S., and Schneider, M. C., "The Benefits of a Notification Process in Addressing the Worsening Computer Virus Problem : Results of a Survey and a Simulation Model," Computers and Security, Vol. 20, No. 8, pp. 693-714, 2001. https://doi.org/10.1016/S0167-4048(01)00812-4
  7. Wei, H., Frincke, D., Carter, O., and Ritter, C., "Cost-benefit analysis for network intrusion detection systems," CSI 28th Annual Computer Security Conference, pp. 29-31 October, Washington DC, USA, 2001.
  8. Solms, Basie von, "Information Security Governance-Compliance management vs. operational Management," Computers and Security, Vol. 24, No. 6, pp. 443-447, 2005. https://doi.org/10.1016/j.cose.2005.07.003
  9. Vroom, C. and Von Solms, R., "Towards information security behavioural compliance," Computers and Security, Vol. 23, No. 33, pp. 191-198, 2004. https://doi.org/10.1016/j.cose.2004.01.012
  10. Caminada, M., Riet, R. V. D., Zanten, A. V., and Doorn, L. V., "Internet Security Incidents, a Survey Within Dutch Organizations," Computers and Security, Vol. 17, No. 5, pp. 417-433, 1998. https://doi.org/10.1016/S0167-4048(98)80066-7
  11. Joshi, K., "The measurement of fairness or equity perceptions of management information systems users," MIS Quarterly, Vol. 13, No. 3, pp. 343-358, 1989. https://doi.org/10.2307/249010
  12. Choi, M. G., "An Exploring Study on Relation Between Maturity Levels of Organizations and Factors Affecting Information Security Policy," Journal of Korean Academic Association of Business Administration, Vol. 22, No. 3, pp. 1729-1748, 2009.
  13. Huh, M., Understanding of Statistical Consulting, Jayu Academy, 1993.
  14. Kim, K. and Chun, M., SAS Discriminant and Classification Analysis, Jayu Academy, 1990. 1.
  15. Song, J. S., Jeon, M. J., and Choi, M. G., "A Study on Factors Affecting the Level of Information Security Governance in Korea Government Institutions and Agencies," The Journal of Society for e-Business Studies, Vol. 16, No. 1, pp. 133-151, 2011. https://doi.org/10.7838/jsebs.2011.16.1.133
  16. Kim, H. J. and Ahn, J. H., "An Empirical Study of Employeeʼs Deviant Behavior for Improving Efficiency of Information Security Governance," The Journal of Society for e-Business Studies, Vol. 18, No. 1, pp. 147-164, 2013. https://doi.org/10.7838/jsebs.2013.18.1.147

Cited by

  1. Analyzing the Privacy Leakage Prevention Behavior of Internet Users Based on Risk Perception and Efficacy Beliefs : Using Risk Perception Attitude Framework vol.19, pp.3, 2014, https://doi.org/10.7838/jsebs.2014.19.3.065
  2. A Study on Improved Detection Signature System in Hacking Response of One-Line Games vol.21, pp.1, 2016, https://doi.org/10.7838/jsebs.2016.21.1.105