참고문헌
- Suhazimah Dzazali and Ali Hussein Zolait, "Assessment of information security maturity: An exploration study of Malaysian public service organizations", Journal of Systems and Information Technology, Vol.14, Issue.1, pp.23-57, 2013.
- ISO/IEC 27001-2005(E), "Information Technology-Security Techniques-Information Security Management Systems- Requirements", 2005.
- M. Simonsson, P. Johnson, and M. Ekstedt, "The effect of IT governance maturity on IT governance performance", Information Systems Management, Vol.27, pp.10-24, 2010. https://doi.org/10.1080/10580530903455106
- NIST SP 800-39, "Managing Information Security Risk: Organization, Mission and Information System View", available at http://csrc.nist.gov/publications, 2011.
- ISO/IEC TR 13335-2, "Information technology -Guidelines for the management of IT Security- Part 2 : Managing and planning IT Security", 1997.
- NIST SP 800-30, "Guide for Conducting Risk Assessment", available at http://csrc.nist.gov/publications/, 2012.
- ENISA(European Network and Information Security Agency), "Regulation No 460/2004 of the european parliament and of the council", 2004.
- OCTAVE, "Method Implementation Guide Version 2.0", Carnegie Mellon University, 2001.
- J. H. Hall, S. Sarkani, and T. A. Mazzuchi, "Impacts of organizational capabilities in information security", Information Management & Computer Security", Vol.19, Issue.3, pp.155-176, 2011. https://doi.org/10.1108/09685221111153546
- J. Jenkins, "Organisational IT security theory and practices: and never the twain shall meet?", available at www.sans.org/rr/securitybasics/ITsec2.php, 2003.
- R. Sommer, "How to buy information security", available at www.virtualcity.co.uk.hottobuy.htm, 2003.
- R. Baskerville, "Designing Information System Security", Wiley, Chichester, 1998.
- B. Schneier, "Secret and Lies-Digital Security in a Networked World", Wiley Computer Publishing, New York, NY, 2002.
- S. Berinato, "After the storm, reform", CIO Magazine, available at www.cio.com/archive/121503/securityfuture.html, 2003.
- K. N. Bhaskar, "Computer Security: Threat and Countermeasures", NCC-Blackwell, Oxford, 1993.
- M. B. Chrissis, M. Konrad, and S. Shrum, "CMMI- Guidelines for Process Integration and Product Improvement", United States : SEI, 2005.
- IT Governance Institute (ITGI), "Cobit 4.1", Estados Unidos:ITGI, 2007.
- Project Management Institute (PMI), "PMI Fact Sheet", USA: PMI, 2006.
- Project Management Institute (PMI), "A guide to the project management body of knowledge (PMBOK Guide)", Upper Darby, PA, 2000.
- J. M. Hagen, E. Albrechtsen, and J. Hovden, "Implementation and effectiveness of organizational information security measures", Information Management & Computer Security, Vol.16, Issue.4, pp.377-397, 2008. https://doi.org/10.1108/09685220810908796
- S. Smith, G. Stephen, and W. Malampy, "A financial Management Approach for Selecting Optimal, Cost-Effective Safeguards Upgrades for Computer and Information Security Risk Management." Computer and Security, Vol.14, No.1, pp.28-29, 1995.
- M. J. Baek and S. H. Shon, "A Study on information security awareness and behavior affecting information security effectiveness in smaller member organization", Small Business Research, Vol.33, No.2, pp.113-132, 2011.
- K. K. Kim, H. K. Shin, S. S. Park, and B.S. Kim, "A Study on impact information assets protection accomplish affecting organizational performance", Information Management Research, Vol.40, No.3, pp.61-77, 2009. https://doi.org/10.1633/JIM.2009.40.3.061
- G. H. Hong, "A Study on Impact on Information Security control and activities affecting information security performance", a doctoral thesis department of Kookmin University Graduate School, Information management department, 2003.
- Korea Financial Telecommunications & Clearings Institute, "The financial IT and information security trend prediction", Payment and information technology, No.55 pp.90-126, 2014.
- Financial Supervisory Commission, "Electronic financial supervisory regulation", 2014.
- Financial Supervisory Commission, "The financial institutions information technology security duties standard", 2012.
- B. B. Yeol, "Structural equation model for understanding and use", Publishing Daegyeong, 2006.
- X. Koufteros and G. Marcoulides, "Product development Practices and performance: A structural equation modelingbased multi-group analysis", International Journal of Production Economics, pp.286-307, 2006.
- C. Fornell and D. Larcker, "Evaluating structural equation models with unobservable variables and measurement error", Journal of Marketing Research, pp.39-50, 1981.