• Review of KIISC
• /
• v.23 no.4
• /
• pp.22-28
• /
• 2013

정보보호의 중요성으로 공공기관이나 일반 기업은 정보보호관리체계를 수립, 운영하고 있거나 정보보호 활동을 하고 있다. 하지만 정보보호관리체계나 정보보호 활동에 대한 성과측정이 불명확한 기준을 가지고 있거나 명확한 기준이 없는 것이 현실적인 문제점이다. 이러한 문제점으로 적절한 성과측정이 이루어지지 않기 때문에 현재의 정보보호 수준을 올바르게 측정할 수 없을 뿐만 아니라 그에 따른 성과개선을 하기에도 어려운 실정이다. COBIT 프레임워크의 정보보호 성숙도 모델을 활용하여 정보보호 거버넌스 관점과 연계함으로써 정보보호 성과에 대한 측정지표를 구체적으로 제시하고자 한다. 구체적인 정보보호 성과에 대한 측정지표를 활용함으로써 현재의 정보보호 수준을 파악하고 나아가서 정보보호 수준을 개선하고자 하는데 이 연구의 의미를 두고 있다.

• Review of KIISC
• /
• v.22 no.6
• /
• pp.15-21
• /
• 2012

정보기술(IT) 인프라가 기업의 핵심 인프라로 자리 잡으면서 기업은 고객에게 다양하고 유용한 서비스 및 재화를 제공하기 위하여 개인정보에 대한 의존도 및 활용도를 높이고 있다. 더불어 개인정보를 보호하기 위한 투자 요구도 높아지고 있으며, 이를 위해서 조직은 개인정보의 보호에 대한 측정 및 평가 방법을 수립하는 것이 필요하다. 본 연구에서 다양한 정보보호 투자의 성과측정 방법 및 IT 성과측정 방법의 기존 연구를 고찰하여 개인정보보호 투자에 따른 성과측정에 가장 적절한 방안으로 경제효율성평가(WiBe) 프레임워크를 선정하고, 그 타당성을 제시한다.

• KIPS Transactions on Computer and Communication Systems
• /
• v.3 no.9
• /
• pp.301-310
• /
• 2014

The absence of proactive information security management to ensure availability, accessibility and safety of information can bring serious risks to customers as well as to the organization's performance and competitiveness because improper security management undermines business continuity. This study analyzed the maturity of information security which affects the organizational performance. Through the literature reviews, a research model using the organizational performance as the dependent variable, the risk management process maturity and risk assessment process as independent variables and the information security policy indexes as moderate variables was proposed, and an empirical analysis was made on the basis of survey. The results showed that there was a high causal relationship between information security maturity and organizational performance. However, even if the proportions of information security staff ratio and the information security budget ratio increased, information security maturity did not affect organizational performance. It suggests that information security maturity affects organizational performance, but information security regulations have their limitation as being a catalyst to improve organizational performance.

• Journal of Information Management
• /
• v.40 no.3
• /
• pp.61-77
• /
• 2009

Recently, enterprises are protecting information assets with the various means of control and management. Nevertheless, they are confronted with the dilemma which the higher securitylevel they request, the lesser efficiency and productivity in short terms they acquire by the inconvenience of business process. In addition, in spite of the steady increase of organization's investment on information protection, the systematic way for the performance measurement of information protection has not been suggested, so that in reality, it is difficult to make the decision to invest on information-protection and elicit the direction to improve it. For this reason, this study intended to establish the concept of the protection and security of information assets of enterprises and to categorize the type of activities to protect information assets into management activity and control activity, and analyze the effects of management activity and control activity for information asset protection on the performance of information asset protection activity and organization. For this research, questionnaire survey was conducted with literature study and the PLS(Partial Least Square) was used to analyze the measurement model and hypotheses testing. The PLS analysis results indicate that management activity for information asset protection affects information asset protection performance. Further, organizational performance is influenced by information asset protection performance. Practical implications of these findings and future research implications are also discussed.

• Convergence Security Journal
• /
• v.7 no.1
• /
• pp.11-17
• /
• 2007

This paper related to implementing issue and performance measuring about blended mechanism between networking technology and security technology. We got more effectiveness in overall network security, when applying and composing amalgamated security mechanism between network technology and security technology. The blended method offers $8{\sim}10%$ effective result in network security than the isolated ways of applying relational two technologies. As a result, we suggest amalgamated security mechanism between network technology and security technology, and also, we propose the blended method as a model of more effective way.

• Convergence Security Journal
• /
• v.14 no.4
• /
• pp.41-53
• /
• 2014

In order to achieve efficient and effective organizational information security objectives, for the level of information security to accurately evaluation and direction for improving that performance evaluation index and method of measurement for information security outcomes are needed. For information security activities of domestic companies to measure the performance or effectiveness, that standard method of measuring and the available evaluation Index are insufficient. company is difficult to investment for information security budget. Therefore, the purpose of this study was developing of performance evaluation index and method of measurement for information security outcomes applying BSC available in the company. The results of this study that companies can determine the level of information security itself. Analysis of the information security status and the strategy establishment of the information security investment can be applied.

• 정보보호뉴스
• /
• no.9 s.132
• /
• pp.19-21
• /
• 2008

최근 IT 기술의 화두는 단연 '융합'이다. 방송과 통신이 결합하고, 자동차와 IT가 본격적으로 합쳐질 것으로 보인다. 이 같은 IT와 타 산업분야의 융합 현상은 정보보호 연구분야의 확장과 자연스럽게 연계된다. 그런 의미에서 이번 호부터 ITRC에 소속된 정보 보호 연구센터를 방문해 최근 등장하고 있는 정보보호 연구영역과 그 성과들을 조명해 보고자 한다. 그리고 그 첫번째 순서로 고려대학교 정보보호 연구원을 찾았다.

• 한국벤처창업학회:학술대회논문집
• /
• 2020.11a
• /
• pp.89-93
• /
• 2020

산업이 발전함에 따라 타인의 아이디어에 대한 가치가 점점 높게 인정되고 있다. 아이디어는 지식재산권으로 보호가 될 수 있으며, 특히 발명에 대한 아이디어는 특허로 보호된다. 특허법상 요건에 맞는 발명은 특허권으로 보호될 수 있고, 특허권으로 보호되는 발명은 특허권자만이 실시할 수 있는 독점적인 지위가 인정된다. 기업들은 새롭게 개발한 기술을 특허권으로 보호하기 위해 많은 노력을 기울이고 있는데, 이러한 특허가 기업의 매출에 영향을 미치는지를 분석하기 위해 다양한 연구들이 계속되고 있다. 본 연구의 목적 역시 중소기업이 개발한 새로운 기술에 대한 특허취득활동이 기업의 매출과 같은 경영성과와 기업이 속한 기술분야에서 시장점유율에 유의미한 영향을 미치는지를 조사하고, 시장점유율 상승이 기업의 매출증진에 매개효과를 일으킬 것인지, 기업이 속한 산업분류가 특허취득활동의 경영성과 등에 미치는 영향에 조절효과를 일으킬 것인지에 대해 분석 하는데 있다. 본 연구에서는 중소기업의 특허취득활동이 시장점유율과 경영성과에 미치는 영향을 분석하였다. 아울러 특허취득활동이 시장점유율과 경영성과에 미치는 영향력이 산업분류에 의해 조절되는지 여부과 시장점유율이 경영성과에 미치는 매개효과를 조사하였다.

• Knowledge Management Research
• /
• v.21 no.3
• /
• pp.197-213
• /
• 2020

This study analyzed the impact of information security service company certification on financial performance. The purpose of this study was to analyze the effect of the "Information Security Service Certification Company" system from a financial point of view for information security service certified & non-certified companies, and listed & unlisted companies. From a financial point of view, performance analysis was conducted using two-way ANOVA on sales, operating profit, and profit rate. This study verified whether there is a difference in management performance between an information security service certified company and an uncertified company. In the financial performance indicators of sales, operating profit, and profit rate, the information security service certification system showed an impact on financial performance because the information security service certification company showed better management performance than the uncertified company. The implications of this study are that the empirical performance analysis from the financial point of view of the information security service certified company system can be used as a basis for negative regulatory policies to revitalize the information security industry in the future, contributing to the growth of information security companies with excellent growth potential.

• Journal of Digital Convergence
• /
• v.11 no.1
• /
• pp.99-106
• /
• 2013

Personal information protection has become one of the most impending business issues because leakage of personal information can cause tremendous financial losses and image degradation. Consequently, personal information protection initiatives have been recognized widely in business. To invigorate personal information protection investments, performance measurement method such as cost benefits analysis or qualitative analyses are needed, which have not been studied enough in the previous studies. This study proposes a performance measurement model which can include quantitative and qualitative analyses in the context of personal information protection investments. A comparative analysis has been performed on security investment and IT investment performance measurements, which leads to choose the WiBe method (developed by the German Interior Ministry), considering the privacy characteristics and the method's applicability. In particular, the quantitative effect measured how proactive threat assessment based on the way according to the nature of the businesses and organizations of privacy and possible investment decisions. This study proposes the 16 performance indicators, which turn out to be meaningful in terms of their materiality and feasibility by conducting focus group interviews of 25 experts on personal information protection.