• Journal of Korea Society of Industrial Information Systems
• /
• v.26 no.3
• /
• pp.23-39
• /
• 2021

Investment of organization in information security is increasing, but information security threats within the organization are not decreasing. The purpose of this study is to suggest a direction to increase the information security compliance intention of employees. In detail, the study presents the positive effects of security motivation and organization trust on the information security compliance intention, and presents the moderating effect of work promotion focus. Research model and hypothesis verification are confirmed through structural equation modeling and the study conducted a questionnaire technique to the employees of the organization applying the information security policy for quantitative verification. As a result, information security punishment and value congruence had a positive affect on the compliance intention by mediating organization trust. In addition, work promotion focus had a moderating effect on the positive relationship between the precedent factors on the compliance intention. The research has academic and practical implications from the viewpoint of presenting the factors of the organization's efforts to improve the level of information security compliance by insiders.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.11a
• /
• pp.530-533
• /
• 2014

IT 산업의 발전과 함께 Big-Data 와 보안은 빠른 속도로 발전하고 정보보호를 위해 다양한 시스템을 구축하는 것보다는 이를 연계하고 활용하는 것이 중요한 시대가 도래하였다. 한 기업이 가지고 있는 기업정보유출사고 등 다양한 해킹공격 또한 꾸준하게 증가되고 있다. 더불어 경제적 사회적인 손실이 증가되면서 국가 및 기업 상위 감사 기관은 정보보호 관련 법 제도를 제정하고 이를 강화하여 개정 하고 있다. 하지만, 물리적, 관리적, 기술적으로 연계된 통합 보안 관리 체계가 제대로 구현되지 않는다면 다양한 취약점을 통하여 기업 정보는 언제든 유출 될 수 있다. 본 논문에서는 기업에서 기 운영중인 정보보안 솔루션과 물리보안 솔루션이 효과적으로 통합 보안 관제가 가능한 IMP 플랫폼 구성설계 방안과 불법 침입 및 보안 사고 탐지를 위한 복합시나리오 설계 방안을 제시하여 실 적용 효과를 알아보고 향후 연구 방향을 제시하고자 한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2007.05a
• /
• pp.1125-1128
• /
• 2007

보안 취약성이 끊임없이 보고되고 있다. 이는 보안솔루션의 초기 효과수준을 유지하기 위해서는, 새로운 취약성이 보고되면 즉시 대처하는 지속적 관리활동이 필요함을 뜻한다. 한편 기업성과 개선을 위한 IT투자성과관리가 강조되는 가운데, 정보보호 솔루션 도입 시 재무적 타당성 증명이 요구되고 있다. 이를 위해 여러 형태의 ROSI(Security ROI)가 제시되었으나, 지속적 보호활동에 따른 관리비용이 중요하게 다루어져야 함에도 불구하고 비용에 대한 고려가 적고 효과산정에만 치우쳐, 경영자의 의사 결정을 지원하는 실제적인 재무 성과지표로 활용될 수 없었다. 이에 본 논문은 조직수준의 비용효과 최적화를 추구하는 정보보호 관리체계에 기반을 두어 효과를 산정하고, 비용 산정은 지속적 관리활동이라는 특징을 반영하여 TCO에 기반을 둔 개선된 ROSI를 제안한다. 또한, 제안한 ROSI를 활용한 보안솔루션 평가사례를 제시한다. 증명이 어려운 정보보호 분야 투자타당성 증명은 물론 보안솔루션 선택 시 실제적인 의사결정 판단근거로서 활용될 수 있다.

• Review of KIISC
• /
• v.18 no.3
• /
• pp.109-117
• /
• 2008

기업의 Network 보안은 회사의 관문 방화벽에만 의존하고 있어 보안정책의 집중으로 효율성이 저하되고 이를 우회할 경우 심각한 위험에 노출될 수 있다. 본 연구는 신속성, 보안강화 측면에서 Network보안 관리 모델을 제시하여 기업의 보안 수준을 강화하는 것을 목적으로 하고 있다. 따라서 기업 비즈니스 환경 변화를 배경으로 관련 연구 결과 및 Trend에서 제시하는 이론(802.1x 사용자 인증, Virtual Backbone 등)을 조사하고 이를 바탕으로 보안 강화 측면에서의 기업의 Network 구조와 보안정책 관리모델을 제시하여 이를 실제 기업 Network에 적용하여 얻어진 효과를 검증한다.

• Review of KIISC
• /
• v.23 no.5
• /
• pp.12-19
• /
• 2013

본 연구는 정보보안관리의 중요성에 대해 지적하고, 적절한 정보보안관리에 대해 알아보기 위해 국외의 정보보안 관리 현황에 대해 조사연구하였다. 미국, 일본, 영국, 독일은 각각 정부기관에 의해 정보보안관리가 체계적으로 수행되고 있으며, 그 효과에 대해 면밀히 검토하여 우리나라에 적용할 수 있는 방안을 모색해보고자 한다.

• Convergence Security Journal
• /
• v.16 no.1
• /
• pp.33-38
• /
• 2016

The study is intended to examine awareness of safety as a differentiated service strategy and t to induce offer of more competitive services to the internal and external consumers in service industry of the South Korea. In the pursuit of this purpose, the typical occupations of the service industry targeted hotel employees and this study investigate the policy effectiveness of security management in Korea hotels. Specifically, this study was conducted by survey and involved major hotel(Seoul, Busan, Gyeongsangnam-do, Gyeongsangbuk-do) across the country. This survey went through feasibility study by major hotels managers. The results were as follows: Findings of the study suggested that most of disaster management stages did not have a statistically significant relationship with the policy effectiveness of security management. Only, repair stage have significant impact on the policy effectiveness of security management. This finding was found to be attributable to the fact that hotel employee would be concentrated in the tangible results of security management.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.11
• /
• pp.2341-2346
• /
• 2012

Voice phishing against the old or weak persons have used the methods which are social engineering in the object and financial structure and function. Until recently Voice phishing from Chaina caused economic devastation and the economic loss by phishing grows with the South Koreans in the whole. Korean government and public organizations involved have been strengthening protection system and a financial security devices. But it is not easy to verify how much effects of security measures are. In this paper I will study the economic loss caused by voice phishing and potential economic effects of security measures and security device reinforcements of the Republic of Korea. Direct costs are reported about 100 million dollars and potential economic effects of voice phinshing secure measures may be around 320 million dollars.

• Journal of Digital Convergence
• /
• v.12 no.2
• /
• pp.27-37
• /
• 2014

While organizations are making a considerable effort to leverage formal and informal control mechanisms (e.g., policies, procedures, organizational culture) to improve security, their impact and effectiveness is under scrutiny as employees seldom comply with information security procedures. The best way to ensure the viability of a security policy is to make sure users understand it and accept necessary precautions. From an organization's perspective, a lack of security knowledge and awareness on the part of employees is a major problem. However, previous studies suggest that effect of security awareness education is inconsistent. Thus, this study is to find the answer why security awareness education is not effective. Conclusions and implications are discussed.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.12
• /
• pp.541-552
• /
• 2013

Recently software security of the smart phone is an important issue in the field of information science and technology due to fast propagation of smart technology in our life. The smart phone as the security critical systems which are utilizing in terminal systems of the banking, ubiquitous home management, airline passengers screening, and so on are related to the risk of costs, risk of loss, risk of availability, and risk by usage. For the security issues, software hazard analysis of smart phone is the key approaching method by use of observed failures. In this paper, we propose an efficient integrative framework for software security analysis of the smart phone using Fault Tree Analysis (FTA) and Failure Mode Effect Analysis (FMEA) to gain a convergence security and reliability analysis technique on hand handle devices. And we discuss about that if a failure mode effect analysis performs simpler, not only for improving security but also reducing failure effects on this smart device, the proposed integrative framework is a key solution.

• Journal of Digital Convergence
• /
• v.11 no.1
• /
• pp.47-60
• /
• 2013

This paper focuses on the role of international standards related to industrial technology and to analyze determinants to affect ISMS and its performance. Particularly its financial and operational performance were measured by survey aiming at an influence of certification and its performances. The variables explaining the performance were drawn out from factor analysis and then critical variables to affect performance were discovered by ANOVA and regression analysis. As a result of the analysis considering heteroscedastic and factor analysis, type of business and firm size were not significantly related to the performance but the existence of information security unit, investment in information security and the status of security consciousness in executives and employees were positively related. As a result, this study shows that security certification should be implemented with suitable capabilities and the investments to protect from leaking industrial technology and proved the importance of the security certification as an infrastructures and system.