• Review of KIISC
• /
• v.5 no.2
• /
• pp.49-63
• /
• 1995

본 논문은 정보시스템 보안관리에 대한 개념적 모형을 INFORSEC 및 한국전산원이 제시한 모형을 중심으로 기술했으며 보안관리의 표준적인 분류체계를 근거로 BDSS의 위협. 자산, 취약성의 분류체계를 비교함으로써 위협, 자산, 취약성의 관련성을 탐색 하고자 했다. 특히 위협의 원천과 가해자 측면에서 BDSS와 CRAMM의 경우를 비교함으로써 분류체계의 장단점을 파악하고자 했다.

• The Journal of Society for e-Business Studies
• /
• v.23 no.1
• /
• pp.89-102
• /
• 2018

In this paper, the security characteristics of healthcare institutions were derived through analysis of previous research, and the characteristics and status of small and medium sized healthcare institutions were surveyed through field surveys of small and medium sized healthcare institutions. The security management evaluation model for small and medium sized healthcare institutions was designed and verified based on the security characteristics of small and medium healthcare institutions. For the design, we compared and analyzed existing security management system and evaluation certification system of healthcare institutions. We also confirmed the proposed security management evaluation model and the degree of sharing. In addition, we conducted validation for the statistical verification of the proposed security management evaluation model for small and medium sized healthcare institutions, and we performed the relative priority analysis through AHP analysis to derive the weight for each item. The result of this study is expected to be used as a standard of security management evaluation model that can be practiced in small and medium sized healthcare institutions.

• The Journal of Society for e-Business Studies
• /
• v.20 no.4
• /
• pp.177-191
• /
• 2015

Recently, the necessity of systematic security management system that consider company' character and environment has appeared because of increasing security accident continuously in domestic companies. However, most of companies has applied to only K-ISMS which is existing information security management system, although They are different from object, purpose and way of security level evaluation by companies. According to this situation, Many experts have questioned that there are many problems with effectiveness of introducing security management system. In this study, We established definition of information security management system, industrial security management system and research security management system through analysis of previous study and developed evaluation item which can implement security in whole industry comparing and analyzing the control items of them. Also, we analyzed existing security level evaluation and suggest design direction of industry-centric security level evaluation model considering character of industry.

• The Journal of Society for e-Business Studies
• /
• v.25 no.3
• /
• pp.109-130
• /
• 2020

Recently, the importance of research and development for technological innovation is increasing. The rapid development of research and development has a number of positive effects, but at the same time there are also negative effects that accelerate crimes of information and technology leakage. In this study, a research security level measurement model was developed that can safely protect the R&D environment conducted at the organizational level in order to prepare for the increasingly serious R&D result leakage accident. First, by analyzing and synthesizing security policies related to domestic and overseas R&D, 10 research security level evaluation items (Research Security Promotion System, Research Facility and Equipment Security, Electronic Information Security, Major Research Information Security Management, Research Note Security Management, Patent/Intellectual Property Security Management, Technology Commercialization Security Management, Internal Researcher Security Management, Authorized Third Party Researcher Security Management, External Researcher Security Management) were derived through expert interviews. Next, the research security level evaluation model was designed so that the derived research security level evaluation items can be applied to the organization's research and development environment from a multidimensional perspective. Finally, the validity of the model was verified, and the level of research security was evaluated by applying a pilot target to the organizations that actually conduct R&D. The research security level evaluation model developed in this study is expected to be useful for appropriately measuring the security level of organizations and projects that are actually conducting R&D. It is believed that it will be helpful in establishing a research security system and preparing security management measures. In addition, it is expected that stable and effective results of R&D investments can be achieved by safely carrying out R&D at the project level as well as improving the security of the organization performing R&D.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.687-704
• /
• 2017

As Korea's industrial competitiveness and technological prowess increase, collaboration and technical exchanges with contracting companies are increasing. In an environment where cooperation with the contracting company is unavoidable ordering companies are also striving to prevent leakage of technologies through various security systems, policy-making and security checks. However, although the contracting companies were assessed to have a high level of security management the leakage of technical datas are steadily increasing. Issues are being raised about the effectiveness of the security management assessment and the actual security management levels. Therefore, this study suggested a security management system model to improve security management efficiency in the general contract structure. To prove this, analyze the efficiency of 36 contractor companies for the technical datas security management system using the DEA model. The results of the analysis are reflected in the assessment results. Lastly, suggestions for improving the effectiveness of the technical datas security system are proposed.

• Proceedings of the Korea Association of Information Systems Conference
• /
• 2005.12a
• /
• pp.67-85
• /
• 2005

오늘날 정보화의 급진전에 따른 PC의 광범위한 보급과 네트워크의 확산은 컴퓨터 바이러 스와 관련된 역기능을 심각하게 형성하는 계기가 되었다. 더욱이 컴퓨터 바이러스 개발기술의 발전에 따라 신종 바이러스가 더욱 기술적으로 정교해지고, 다양한 변종이 출현함에 따라 바이러스 대응 소프트웨어를 설치하는 것만으로는 효과적으로 대처할 수 없다는 문제가 제 제기 되었다. 조작의 정보보안을 위해 전반적인 관리적 차원에서 바이러스를 효과적으로 통제할 수 있도록 여러 가지 요인들을 고려해야 한다. 이를 위해 조직의 정보자원의 관리 방향을 제시하고 있는 보안정책이 강조되어야 함은 물론이며, 전체적인 관점에서 정보시스템에 대한 보안을 강화하기 위하여 정보 기술에 대한 부적절한 활용을 통제하고, 사용자 측면에서 감염 확산의 차단 및 재발을 효과적으로 억제할 수 있어야 한다. 이에 따라 본 연구에서는 직접적인 컴퓨터 바이러스 통제를 위해 관리적 측면에서 요인들을 강조하고, 사용자의 시스템 관련 지식 및 인지적 특성 등의 개인적 특성을 반영하여 보안효과를 평가할 수 있도록 연구모형을 구성하였다. 구조방정식 모형에 의한 실증분석 결과에 의하면 조직내 보안정책이 바이러스 통제의 수준에 영향을 미치며, 사용자의 컴퓨터 바이러스 관련 보안인식을 향상시킬 수 있는 것으로 나타났다. 또한 보안통제는 보안효과에 긍정적인 영향을 미치지만 사용자의 정보보안 관련 특성은 보안효과에 영향을 미치지는 않는 것으로 분석되었다.

• The Journal of Society for e-Business Studies
• /
• v.20 no.4
• /
• pp.151-175
• /
• 2015

Although three types of the information security measures (technical, physical and managerial ones) are all together critical to maintaining information security in the organizations and should be implemented at the same time, this study aims at providing theoretical basis of establishing and implementing effective managerial security measures. The rationale behind this research objective is that it is very important to effectively perform the managerial security measures to achieve the target performance level of the technical and the physical security measures because main agents of practicing the information security measures in the organizations are staff members even though the technical and the physical ones are well constructed and implemented. In particular, this study intends to develop and propose the theoretical model applicable to providing the way of improving organizational members' intention to use information security technologies since the very intention to use them is essential to effectively establishing and promoting managerial security measures. In order to achieve the objective of this study, the factors critical to influencing upon the intention to use information security technologies are derived through systematically reviewing related theories and previous studies, and then the research model and hypotheses are proposed by logically reasoning the casual relationship among the these factors. Also, the empirical analyses are performed by conducting the survey of the organization members of domestic large companies and analyzing the structural equation model by PLS (Partial Least Squares) method. The significant results of this study can contribute to expanding the research area of managerial information security and can be applied to suggesting the practical guidelines for effectively establishing and implementing the managerial security measures in various organizations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.341-353
• /
• 2022

Conglomerates are strengthening cooperative relations by sharing information and dispatching manpower with each other to improve the overall competitiveness and technology of the group, including affiliates, and to enhance synergy. As a result, we are making every effort to increase the level of information protection of the entire group, but information leakage accidents that bypass affiliates and partner companies continue to occur. In addition, the results of the evaluation of the security management system of affiliates conducted by the parent company and the effectiveness of the actual security level have been raised. In addition, each company has limited resources that can be put into security management, so it is time for an more efficient security management system than ever before. In this study, the efficiency of operating the security management system of affiliates of steel companies is reviewed using the DEA-SBM model, and based on the analysis results, improvement measures to improve the level of security management are suggested.

• Convergence Security Journal
• /
• v.16 no.2
• /
• pp.55-62
• /
• 2016

Recently, research outcome is frequently leaked in the process of progressing domestic R&D. Security system such as research security law and manual is implemented to prepare these leakage. However piecemeal solutions, simply technological measures, have a limit. Consequently, this study organizes a integrated research security framework by designing multidimensional security measures based on the R&D life cycle perspective. Concretely, this study constructs various control items predicated on law, moreover reviews the applicability of research security assessment items.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.21 no.4
• /
• pp.145-156
• /
• 2022

To strengthen the security of autonomous vehicles, this study derived checklists through the analysis of the status of autonomous vehicle security. The analyzed statuses include autonomous vehicle characteristics, security threats, and domestic and foreign security standards. The derived checklists are then applied to the AHP(Analytic Hierarchy Process) model to find their relative importance. Relative importance was ranked as one of cyber security management system establishment and implementation, encryption, risk assessment, etc. The significance of this study is to reduce cyber security incidents that cause human casualties as well improve the level of security management of autonomous vehicles in related companies by deriving the autonomous vehicle security level checklists and demonstrating the model. If the inspection is performed considering the relative importance of the checklists, the security level can be identified early.