• The Journal of the Korea institute of electronic communication sciences
• /
• v.17 no.5
• /
• pp.913-926
• /
• 2022

As information is recognized as a core competency of organizations, organizations are increasingly investing in policies and technologies for information security(IS). Recently, as information exposure accidents by people have occurred continuously, interest in IS behaviors of organization insiders is increasing. This study aims to confirm the effect of the IS environment and support structure established by the organization on the intention of individuals to comply with IS. We conducted a survey of employees in organizations with IS policies and tested the hypothesis using the structural equation of AMOS 22.0 and Process 3.1 using 421 samples. As a result of the analysis, authentic leadership and justice climate, which are factors that build an IS environment, and communication and feedback, which are factors supporting IS compliance, have a positive effect on employees' compliance intention. In addition, authentic leadership, punishment, communication, and feedback were found to reinforce the positive impact of IS justice climate. As the study suggested the overall structural design direction to be pursued to reinforce insider's IS behavior, and the results help to achieve the IS goal.

• Journal of Digital Convergence
• /
• v.12 no.9
• /
• pp.387-406
• /
• 2014

The purpose of study is desirable and effective conflict management plan and professionally, to promote sustainable job skills beyond. Therefore, the public agency information security professionals to find the causes of conflict and the level of suffering, the relationship, says the help of a job withdrawal intention and job satisfaction relationship further. The results indicated that there are differences in the factors of job withdrawal intention, conflict levels, job satisfaction, according to socio-demographic characteristics. Awareness of conflict factor increases the higher level of conflict. Job satisfaction, negative impact on the job withdrawal intention. We expect to contribute to the field of information security training key personnel in the future as a result, leaving the job to conflict prevention and mitigation, and minimized by applying the improved policies and institutions.

• Journal of Digital Convergence
• /
• v.15 no.8
• /
• pp.137-144
• /
• 2017

Recently, cyber resilience has emerged as an important concept, recognizing that there is no perfect security. However, domestic researches on cyber resilience are insufficient. In this study, the 22 indicators for cyber resilience assessment were initially developed by the literature survey and discussions with security experts. The developed indicators are reviewed using the Focus Group Interview method in terms of materiality and feasibility of the indicators. This study derived meaningful and useful indicators for the assessment of cyber resilience, and it is expected to be used as a foundation for the future cyber resilience studies. In order to generalize and apply the results of this study in practice, it is necessary to carry out quantitative researches in the future.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.769-776
• /
• 2016

Recently, cyber attacks are continuously threatening the cyberspace of the state across the border. Such cyber attacks show a surface which is intelligent and sophisticated level that can paralyze key infrastructure in the country. It can be seen well in cases, such as hacking threat of nuclear power plant, 3.20 cyber terrorism. Especially in public institutions of the country in which there is important information of the country, advanced prevention is important because the large-scale damage is expected to such cyber attacks. Technical support is also important, but by improving the cyber security awareness and security expert knowledge through the cyber security education to the country's public institutions workers is important to raise the security level. This paper suggest education courses for the rise of the best security effect through a short-term course for the country's public institutions workers.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2018.01a
• /
• pp.179-182
• /
• 2018

최근 여기어때, 인터파크 등 전자상거래 기업을 대상으로 발생한 개인정보 해킹사고 사례를 보면, 사람의 취약점을 노리는 지능화지속위협(APT) 공격과 알려진 해킹 기술이 복합적으로 이루어지고 있다. 해킹사고가 발생한 기관은 한국인터넷진흥원(KISA) 정보보호관리체계(ISMS) 의무대상 기관으로써 정보보호관리체계를 유지 관리하고 있었다. 그럼에도 불구하고 대형의 개인정보 유출사고가 발생한 주요 원인은 정보보호관리체계가 적용되지 않았던 정보시스템과 인력을 대상으로 해킹이 이루어졌기 때문이다. 해킹 위협의 변화에 따라 전자상거래 보안 수준도 변화해야 하는데, 개인정보보호 관련 규제 준수도 전자상거래 기업에서는 힘든 상황이다. 고객의 개인정보 유출 사고는 일반인을 매출 기반으로 서비스하고 있는 전자상거래 기업에서는 치명적이다. 안전한 전자상거래 플랫폼 기반에서 고객에게 서비스를 제공하기 위해서는 무엇보다도 중요 자산인 고객의 개인정보보호를 위해 역량을 집중해야 한다. 한정된 예산과 자원으로 안전한 서비스를 제공하기 위해서는 기존에 구축된 정보보호관리체계를 기반으로 IT보안감사체계를 전사적으로 확대하여 지속적으로 모니터링 할 필요가 있다. 이에 본 연구에서는 최신 사이버 보안 위협 동향과 전자상거래 기업 대상으로 발생한 최근 개인정보유출사고 사례를 분석을 통해 시사점을 도출하여 전자상거래 개인정보 보호를 위한 IT보안감사체계를 제시하였다.

• Journal of Digital Convergence
• /
• v.11 no.1
• /
• pp.47-60
• /
• 2013

This paper focuses on the role of international standards related to industrial technology and to analyze determinants to affect ISMS and its performance. Particularly its financial and operational performance were measured by survey aiming at an influence of certification and its performances. The variables explaining the performance were drawn out from factor analysis and then critical variables to affect performance were discovered by ANOVA and regression analysis. As a result of the analysis considering heteroscedastic and factor analysis, type of business and firm size were not significantly related to the performance but the existence of information security unit, investment in information security and the status of security consciousness in executives and employees were positively related. As a result, this study shows that security certification should be implemented with suitable capabilities and the investments to protect from leaking industrial technology and proved the importance of the security certification as an infrastructures and system.

• The Journal of Society for e-Business Studies
• /
• v.23 no.3
• /
• pp.65-84
• /
• 2018

The government is continuously expanding its national R&D investment to actively respond to the advent of the $4^{th}$ industrial revolution era and to develop the national economy. The R&D structure is likely to be liberalized as the paradigm shifts from the pursuit type R&D to the leading type R&D, and R&D capacity enhancement that focuses on researchers' creativity is emphasized. Such changes in R&D environment will increase the risk of security accidents such as leakage of research information. In addition, security policy for protection of research result should be the Researcher-Centric Security and security policy should be changed. This study explored transforming the research security system into the Researcher-Centric Security system so that researchers can voluntarily implement necessary security measures in the course of conducting research.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.135-141
• /
• 2020

The Ministry of National Defense is strengthening the power and capacity of cyber operations as cyber protection training is conducted. However, considering the level of enemy cyber attack capability, the level of cyber defense capability of the ministry of national defense is significantly low and the protection measures and response system for responding to cyber threats to military networks are not clearly designed, falling short of the level of cyber security capabilities of the public and private sectors. Therefore, this paper is to investigate and verify the establishment of a military internal network vulnerability mitigation system that applies the intention of attackers, tactics, techniques and procedures information (ATT&CK Framework), identified military internal network main threat information, and military information system security requirements with military specificity as factors that can establish a defense network vulnerability mitigation system by referring to the domestic and foreign cyber security framework It has the advantage of having.

• Journal of Information Technology Services
• /
• v.12 no.1
• /
• pp.289-308
• /
• 2013

This study proceeded to examine the cause of the continuous secret information leakage in the firms. The purpose of this study is to find out what type of security among administrative, technological and physical security would have important influence on firm's security performance such as the security-incident response competence. We established the model that can empirically verify correlation between those three types of security and the security-incident response competence. In addition, We conducted another study to look at relation between developing department of security in the firms and reaction ability at the accidents. According to the study, the administrative security is more important about dealing with the security-incident response competence than the rest. Furthermore, a group with department of security has better the security-incident response competence and shows higher competence in fixing or rebuilding the damage. Therefore, this study demonstrates that investing in administrative security will be effective for the firm security.

• Electronics and Telecommunications Trends
• /
• v.30 no.5
• /
• pp.39-48
• /
• 2015

최근 스마트카 기술은 안전운전지원 센서 기반의 단독형 시스템에서 도로 인프라와 빅 데이터를 기반으로 ICT와 연계하여 교통흐름을 예측하고 대응할 수 있는 협력형 자율주행 서비스 개발로 발전하고 있다. 협력형 자율주행 서비스를 실현하거나, IoT 환경과 스마트카의 융합을 위해서는 스마트카에서 커넥티비티 역량이 무엇보다도 중요하게 되었으며 이를 위한 요소기술로 차량용 이더넷, V2X(Vehicle to Everything) 네트워킹, 네트워크 보안기술을 꼽을 수 있다. 본고에서는 스마트카에 적용되는 차량 내부 네트워크 및 게이트웨이, V2X 네트워킹 및 보안에 관한 최근 표준 기술동향 및 이슈를 살펴보고자 한다.