DOI QR코드

DOI QR Code

The Correspondence Competence of Information Accident by Firms Experienced in Confidential Information Leak

기밀정보 유출 경험을 가진 기업들의 정보사고 대응역량 강화에 관한 연구

  • 정병호 (한국외국어대학교 경영정보학과)
  • Received : 2016.06.01
  • Accepted : 2016.06.17
  • Published : 2016.06.30

Abstract

The purpose of this study is to examine a security investment for firms experienced in confidential information leak. Information security is an apparatus for protection of secret information. The competence of information security is a competitiveness to avoid information leakage in changing business environment. The type of information security is divided into administrative security, technical security and physical security. It is necessary to improve the incident correspondence competence through information security investment of the three types. Therefore, the investment of information security is to enhance information-asset protection of firms. To reinforce accident response competence, an organization discussed an establishment, security technology development, expand investment and legal system of the security system. I have studied empirically targeting the only information leak of firms. This data is a technical security competence and technology leakage situation of firms happened in 2010. During recovery of the DDos virus damage on countries, company and individual, the collected data signify a reality of information security. The data also identify a security competence of firms worrying information security management. According to the study, the continuous investment of information security has a high competence of accident correspondence. In addition, the most of security accidents showed a copy and stealing of paper and computer files. Firm on appropriate security investment is an accident correspondence competence higher than no security investment regardless of a large, small and medium-sized, and venture firm. Furthermore, the rational security investment should choose the three security type consideration for firm size.

Keywords

References

  1. 정병호.김병초, "중소기업의 IT 투자에 따른 정보품질과 프로세스 개선에 관한 연구," 중소기업연구, 제36권, 제4호, 2014b, pp. 47-71.
  2. 정병호.권태형, "소셜 미디어는 캐즘(Chasm)과 구매 가치에 얼마나 영향을 미치는가? 채택 집단 간 정보력 및 신뢰도 효과," 한국IT서비스학회지, 제13권, 제1호, 2014, pp. 221-251. https://doi.org/10.9716/KITS.2014.13.1.221
  3. Nosworthy, Julie D., "Implementing Information Security In The 21 st Century-Do You Have the Balancing Factors?," Computers & security, Vol. 19, No. 4, 2000, pp. 337-347. https://doi.org/10.1016/S0167-4048(00)04021-9
  4. Stoneburner, G., Goguen, A., & Feringa, "A. Risk Management Guide for Information Technology Systems (Special Publication 800-30)," Gaithersburg, MD: National Institute of Standards and Technology, 2002.
  5. 이정환.정병호.김병초, "기업 보안 유형에 따른 보안사고 대응역량: 사회기술시스템 이론 관점에서," 한국IT서비스학회지, 제12권, 제1호, 2013, pp. 289-208. https://doi.org/10.9716/KITS.2013.12.1.289
  6. Kotulic, Andrew G., and Jan Guynes Clark., "Why there aren't more information security research studies," Information & Management, Vol. 41 No. 5, 2004, pp. 597-607. https://doi.org/10.1016/j.im.2003.08.001
  7. Ifinedo Princely., "Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory," Computers & Security, Vol. 31, No. 1, 2012, pp. 83-95. https://doi.org/10.1016/j.cose.2011.10.007
  8. Anderson, Evan E., and Joobin Choobineh., Enterprise information security strategies, Computers & Security, Vol. 27, No. 1, 2008, pp. 22-29. https://doi.org/10.1016/j.cose.2008.03.002
  9. 최재영, "IT 투자 정당화 요인에 관한 연구," 디지털정보산업학회지, 제11권, 제4호, 2015, pp. 177-187.
  10. Mattord, Herbert, and Michael Whitman., "Regulatory Compliance in Information Technology and Information Security," AMCIS 2007 Proceedings, 2007.
  11. Merkow, Mark S., and Jim Breithaupt., Information security: Principles and practices. Pearson Education, 2014.
  12. 신현조.이경복.박태형, "인적 및 직무특성과 보안교육 이수율 및 사이버테러 대응과의 연관성 분석," 디지털산업정보학회지, 제10권, 제4호, 2014, pp. 97-107.
  13. Fred, C., "Managing network security - Part 5: Risk management or risk analysis," Network Security, Vol. 1997, No, 4, 1997, pp 15-19. https://doi.org/10.1016/S1353-4858(97)80008-6
  14. Clegg, Chris W., Sociotechnical principles for system design, Applied ergonomics, Vol. 31, No. 5, 2000, pp. 463-477. https://doi.org/10.1016/S0003-6870(00)00009-0
  15. Heller, Frank., Socio-technology and the environment, Human Relations, Vol. 50, No. 5, 1997, pp. 605-624. https://doi.org/10.1177/001872679705000507
  16. Seni, Dan Alexander., The sociotechnology of sociotechnical systems: Elements of a theory of plans, Studies on Mario Bunge's Treatise, 1990, pp. 431-454.
  17. Trist, E., "The evolution of socio-technical systems," a conceptual framework and an action research program, Occasional paper, 1981.
  18. Guo, Ken H., Security-related behavior in using information systems in the workplace: A review and synthesis, Computers & Security, Vol. 32, 2013, pp. 242-251. https://doi.org/10.1016/j.cose.2012.10.003
  19. Yeh, Quey-Jen, and Arthur Jung-Ting Chang., "Threats and countermeasures for information system security: A cross-industry study," Information & Management, Vol. 44, No. 5, 2007, pp. 480-491. https://doi.org/10.1016/j.im.2007.05.003
  20. Vacca, John R., Computer and information security handboo,. Newnes, 2012.
  21. NIST, Information Security Handbook: A Guide for Managers, 2006.
  22. Pugh, Derek S., and David J. Hickson., Writers on organizations, Penguin UK, 2007.
  23. Baskerville, Richard, and Mikko Siponen., An information security meta-policy for emergent organizations, Logistics Information Management, Vol. 15.5, No. 6, 2002, pp. 337-346. https://doi.org/10.1108/09576050210447019
  24. Hsu, Jack Shih-Chieh, et al., "The Role of Extra-Role Behaviors and Social Controls in Information Security Policy Effectiveness, Information Systems Research," Vol. 26, No. 2, 2015, pp. 282-300. https://doi.org/10.1287/isre.2015.0569
  25. Von Solms, Basie, Corporate governance and information security, Computers & Security, Vol. 20, No. 3, 2001, pp. 215-218. https://doi.org/10.1016/S0167-4048(01)00305-4
  26. Hu, Qing, et al., "Managing employee compliance with information security policies: the critical role of top management and organizational culture," Decision Sciences, Vol. 43, No. 4, 2012, pp. 615-660. https://doi.org/10.1111/j.1540-5915.2012.00361.x
  27. Ifinedo, Princely., "Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition," Information & Management, Vol. 51, No. 1, 2014, pp. 69-79. https://doi.org/10.1016/j.im.2013.10.001
  28. Post, Gerald, and Albert Kagan, "Management tradeoffs in anti-virus strategies," Information & Management, Vol. 37, No. 1, 2000, pp. 13-24. https://doi.org/10.1016/S0378-7206(99)00028-2
  29. Whitman, Michael, and Herbert Mattord., Management of information security, Nelson Education, 2013.
  30. 중소기업청, "보안 컨설턴트용 실무가이드북," 중소기업기술정보진흥원, 2007.
  31. Vance, Anthony, Mikko Siponen, and Seppo Pahnila., "Motivating IS security compliance: insights from habit and protection motivation theory," Information & Management, Vol. 49, No. 3, 2012, pp. 190-198. https://doi.org/10.1016/j.im.2012.04.002
  32. 정병호.김병초, "IT 프로젝트 모방 투자 유형에 따른 성과 차이 연구," 한국IT서비스학회지, 제11권, 제3호, 2012, pp. 205-225. https://doi.org/10.9716/KITS.2012.11.3.205
  33. Hair, Joseph F., Multivariate data analysis, 2010.

Cited by

  1. 개인정보관리체계계(PIMS)를 이용한 클라우드컴퓨팅 개인정보 보안 개선 방안 연구 vol.12, pp.3, 2016, https://doi.org/10.17662/ksdim.2016.12.3.133
  2. 사례 위주로 본 공급자망을 중심으로 한 IT제품 보안 위험 vol.12, pp.4, 2016, https://doi.org/10.17662/ksdim.2016.12.4.089
  3. 실시간 분산 시스템에서 heartbeat 시그널을 이용한 장애 검출 vol.14, pp.3, 2018, https://doi.org/10.17662/ksdim.2018.14.3.039
  4. 정부조직 내 신기술 투자와 ICT 법·제도 운영에 따른 성과 연구 vol.17, pp.6, 2016, https://doi.org/10.14400/jdc.2019.17.6.133