DOI QR코드

DOI QR Code

An Analysis of Research Trends in Information Security Based on Behavioral Economics

행동경제학 기반 정보보안 연구 동향 분석

  • 오명옥 (중앙대학교 융합보안학과) ;
  • 김정덕 (중앙대학교 산업보안학과)
  • Received : 2019.01.28
  • Accepted : 2019.03.30
  • Published : 2019.06.30

Abstract

Recently, information security accidents are becoming more advanced as social engineering attacks using new types of malicious codes such as phishing. Organizations have made various efforts to prevent information security incidents, but tend to rely on technical solutions. Nevertheless, not all security incidents can be prevented completely. In order to overcome the limitations of the information security approach that depends on these technologies, many researchers are increasingly interested in People-Centric Security. On the other hand, some researchers have applied behavioral economics to the information security field to understand human behavior and identify the consequences of the behavior. This study is a trend analysis study to grasp the recent research trend applying the concept and idea of behavioral economics to information security. We analyzed the research trends, research themes, research methodology, etc. As a result, the most part of previous research is focused on 'operational security' topics, and in the future, it is required to expand research themes and combine behavioral economics with security behavioral issues to identify frameworks and influencing factors.

최근 피싱(Phishing)과 같은 새로운 유형의 악성코드를 이용한 사회공학 공격이 빈번해짐에 따라 정보보안 사고가 점차 고도화되고 있다. 조직에서는 정보보안 사고를 예방하기 위하여 다양한 노력을 하고 있지만 대부분 기술적 보안솔루션에 의존하는 경향이 있다. 그럼에도 불구하고 모든 보안사고를 완벽하게 예방할 수 없다. 최근에는 보안기술 기반 정보보안 접근방법의 한계를 극복하기 위하여 새로운 접근방법인 인간 중심 보안에 대한 관심이 높아지고 있다. 이러한 노력의 일환으로 일부 연구자들은 인간의 실제적 행동을 이해하고 그 행동에 따른 결과를 규명하는 행동경제학을 정보보안 분야에 접목시키고 있다. 본 연구는 행동경제학의 개념과 방법을 정보보안에 적용한 최근의 연구 흐름을 파악하는 동향 분석 연구로서, 141개의 관련 논문을 대상으로 연구 추세, 연구 주제, 연구방법론 등을 분석하였다. 분석 결과, 행동경제학의 개념과 아이디어를 '운영 보안' 분야에 적용한 실증연구가 대다수이며, 향후 폭넓은 연구 주제 선정과 문헌연구를 통해 실제로 사람의 행동을 바꾸는 문제에 행동 경제학을 적용하여 프레임워크 정립, 영향 요인을 식별하는 연구가 수행되어야 한다.

Keywords

References

  1. Min Sik Kim, Jong In Lim, " The Best Model to Optimize Security Investments with Considering a Corelation of Response Techniques Against Each Threat", Jouranl of Information and Security, Vol. 16, NO. 05, 2016.
  2. Jaewon Jun, Jung-hoon Le. Chae-ri Ki, "A Study on the influence of firm's Information Security Activities on the Information Security Compliance Intention of Employee", Jouranl of Information and Security, Vol.6, NO.7, pp. 51-59, 2016.
  3. Kunwoo Kim, Jungduk Kim, "The Values and Strategies of Industrial Security in Digital Economy", Korean Journal of Industry Security, Vol.8, NO.1, pp. 61-74, 2018
  4. Osterman Research, "Best Practices for Implementing Security Awareness Training", Osterman Research, 2008.
  5. Wan Soo, Lee, Chan Souk, Kim, Chong-Ryul, Park, "'Combination of 'Econ' and 'Nudge' : The Applicability of Concepts and Theories of Behavioral Economics in Communication Effect Researches", Korean Society For Journalism And Communication Studies, Vol. l, NO. 2, pp. 129-164, 2016.
  6. Future Technology Research Center, "ECOsight 3.0: Future Technology Outlook", Electronics and Telecommunications Research Institute, 2015
  7. Seung-min Lee, Geun-Hye Song, "Information security trends and security threat analysis", Electronics and Telecommunications Research Institute, 2017
  8. Kim Eun Ji, Lee Joon Tai, "The Empirical Study on the Misuse Intention Using Information System : Focus on Healthcare Service Secto" Jouranl of Information and Security, Vol. 16, No. 5, pp. 23-31, 2016.
  9. Kahneman, "Maps of bounded rationality: Psychology for behavioral economics", American Economic Review, Vol. 93, NO. 5, pp. 1449-1475, 2003. https://doi.org/10.1257/000282803322655392
  10. Seon-gil Yun, 'Heuristics and Persuasion', Communication Books, 2015
  11. Hang-Bae Chang, "An Exploratory Study of Industrial Security Studies for Science and Technologies Protection", The Korea navigation institute, Vol. 17, NO.1, pp. 123-131, 2013.
  12. Mi-Hwa Kang, Tae-Sung Kim, "Research Trends in Information Security Economics: Focused on the Articles Presented at WEIS", Journal of The Korea Institute of Information Security & Cryptology, Vol. 25, NO. 6, pp. 1561-1570, 2015. https://doi.org/10.13089/JKIISC.2015.25.6.1561
  13. A. Gronlund, Editors, "State of the art in e-Gov Research-A survey", Proceeding of the 3rd International Conference of Electronic government, pp. 178-185, 2004.
  14. J. Webter, R. T. Watson, "Analyzing the Past to Prepare for the Future : Writing a Literature Review, Management Information System Quarterly", Vol.26, No.2, pp.13-23, 2002.
  15. Kunwoo Kim, Jungduk Kim, "An Analysis of Research Trends in Information Security Education", Journal of The Korea Institute of Information Security & Cryptology, VOL.26, NO.2, pp. 489-497, 2016. https://doi.org/10.13089/JKIISC.2016.26.2.489
  16. Myeong-gyun Song, Jungduk Kim, "An analysis of literature review about information security culture: Setting a direction for future study", Journal of Security Engineering, Vol. 12, NO. 5, pp. 515-524, 2015. https://doi.org/10.14257/jse.2015.10.04
  17. A.V. Kozachok, M.V. Bochkov, E.V. Kochetkov, "Heuristic Malware Detection Mechanism Based on Executable Files Static Analysis", Proceeding of the 3rd International Conference of Information Technology and Nanotechnology, 2017.
  18. Lee-Jin Lee, Doo-Ho Park, Chang-Hoon Lee, "Information Security : Phishing Detection Methodology Using Web Sites Heuristic", Korea Information Processing Society, Vol. 4, NO. 10, pp. 349-360, 2015.
  19. Kyung-min Shim, Hoon-beom Hyun, Yong-tae Jeon, Hyun-sik Lee, "A Smishing Analysis and Correspondence method based on Heuristic", Korean Conference on Computers, pp. 1823-1825, 2015.