• Title/Summary/Keyword: 정보보호활동

Search Result 536, Processing Time 0.024 seconds

CEO Movement

  • 한국정보보호진흥원
    • 정보보호뉴스
    • /
    • s.136
    • /
    • pp.8-9
    • /
    • 2009
  • 신규 IT 서비스 이용확산에 따른 정보유출 및 사이버 공격 예방, 중소기업 보안활동 지원, 정보보호 취약계층 지원 등 2009년에도 다양한 활동을 펼치게 될 KISA와 황중연 원장의 활동은 연초에도 분주했다. 특히, 지난 1$\sim$2월 황 원장의 활동 중 정보보호 전문가가 아닌 일반인을 대상으로 한 강연과 인터뷰가 눈에 띈다. 2009년 한해에도 국내 민간기업과 일반인의 정보보호 수준제고를 위한 황중연 원장과 KISA의 활발한 활동을 기대해 본다.

  • PDF

기업정보보호 우수사례 벤치마킹 워크샵

  • Korea Information Security Agency
    • 정보보호뉴스
    • /
    • s.127
    • /
    • pp.8-9
    • /
    • 2008
  • 지난 4월 3일 기업 내 정보화 및 정보보호 시스템 담당자 200여명이 참석한 가운데 '기업정보보호 우수사례 벤치마킹 워크샵'이 개최됐다. 이번 워크샵은 정보보호 활동이 우수하다고 평가된 기업의 정보보호 활동 사례를 타 기업이 벤치마킹할 수 있도록 하기 위해 마련된 것으로, 그간 타 기업의 활동사례를 궁금해 했던 참석자 중 약 70% 이상이 행사 전반에 대해 만족감을 나타냈다.

  • PDF

Comparison of Information Security Controls by Leadership of Top Management (최고경영층의 정보보호 리더십에 따른 정보보호 통제활동의 차이 분석)

  • Yoo, Jinho
    • The Journal of Society for e-Business Studies
    • /
    • v.19 no.1
    • /
    • pp.63-78
    • /
    • 2014
  • This paper is to analyze how the information security leadership of top management affects controls of information security. Controls of information security include the activity related to making information security policy, the activity related to making up information security organizational structure and job responsibilities, the activity related to information security awareness and training, the activity related to technical measures installation and operation, and the activity related to emergency response, monitering and auditing. Additionally we will analyze how Internet incidents affect controls of information security and find implications.

Design and Implementation of Enterprise Information Security Portal(EISP) System for Financial Companies (금융회사를 위한 기업 정보보호 포털(EISP) 시스템의 설계 및 구현)

  • Kim, Do-Hyeong
    • Convergence Security Journal
    • /
    • v.21 no.1
    • /
    • pp.101-106
    • /
    • 2021
  • To protect financial information, financial companies establish strategies and plans for information security, operate information security management systems, establish and operate information security systems, check vulnerabilities, and secure information. This paper aims to present an information security portal system for financial companies that can gain visibility into various information security activities being undertaken by financial companies and can be integrated and managed. The information security portal system systemizes the activities of the information security department, providing an integrated environment for information security activities to participate from CEOs to executives and employees, not just from the information security department. Through this, it can also be used as information security governance that can be used by top executives to reflect information security in corporate management.

A Study on the Effects of the Information Asset Protection Performance on the Organization Performance: Management Activity and Control Activity (정보자산보호 성과가 조직성과에 미치는 영향에 관한 연구: 관리활동과 통제활동을 중심으로)

  • Kim, Kyung-Kyu;Shin, Ho-Kyoung;Park, Sung-Sik;Kim, Beom-Soo
    • Journal of Information Management
    • /
    • v.40 no.3
    • /
    • pp.61-77
    • /
    • 2009
  • Recently, enterprises are protecting information assets with the various means of control and management. Nevertheless, they are confronted with the dilemma which the higher securitylevel they request, the lesser efficiency and productivity in short terms they acquire by the inconvenience of business process. In addition, in spite of the steady increase of organization's investment on information protection, the systematic way for the performance measurement of information protection has not been suggested, so that in reality, it is difficult to make the decision to invest on information-protection and elicit the direction to improve it. For this reason, this study intended to establish the concept of the protection and security of information assets of enterprises and to categorize the type of activities to protect information assets into management activity and control activity, and analyze the effects of management activity and control activity for information asset protection on the performance of information asset protection activity and organization. For this research, questionnaire survey was conducted with literature study and the PLS(Partial Least Square) was used to analyze the measurement model and hypotheses testing. The PLS analysis results indicate that management activity for information asset protection affects information asset protection performance. Further, organizational performance is influenced by information asset protection performance. Practical implications of these findings and future research implications are also discussed.

정보보호 정책 규정집-정보보호 활동 기준 제시하기

  • Korea Information Security Agency
    • 정보보호뉴스
    • /
    • s.130
    • /
    • pp.27-29
    • /
    • 2008
  • KISA의 중소기업 정보보호 수준 자가평가를 통해 얻은 환상기업의 보안 성적표는 김 대리의 예상보다 훨씬 더 심각한 수준이었다. 정보화 규모와 정보화 의존도가 중간 수준으로 평가된 환상기업의 가장 큰 문제는 정보보호 활동을 위한 정책지침과 활동방향이 없다는 점. 환상기업의 정보보호 업무가 시작된 지 불과 3개월이 채 되지 않는다는 점을 감안해 본다면 당연한 결과였다. 그래서 김 대리의 업무 목표는 자연스럽게 환상기업의 정보보호 정책수립으로 이어지게 됐다.

  • PDF

Empirical Study on Internet Users' Information Privacy Concerns and Information Protection Behavior (인터넷 사용자의 정보프라이버시 염려와 정보보호 활동에 대한 실증연구)

  • Um, Myoung-Yong;Rhee, Moon-Ki;Kim, Tae-Ung
    • The Journal of Korean Association of Computer Education
    • /
    • v.18 no.1
    • /
    • pp.69-79
    • /
    • 2015
  • This research aims to empirically explore the antecedents that could impact on internet users' information protection behavior. 282 of sample data collected from internet users was used to test the hypotheses. The results of this research reveal that the internet users' information privacy concerns has a significant impact on self-efficacy, perceived usefulness, and information protection behavior. In addition, we found that perceived usefulness and information protection behavior are significantly influenced by self-efficacy. However, contrary to expectations, perceived usefulness has no statistically significant effect on information protection behavior. These findings provide significant implications for online companies and internet uses as well as educational stakeholders that give educations about information protection.

Influence of Information Security Activities of Financial Companies on Information Security Awareness and Information Security Self Confidence : Focusing on the Mediating Effect of Information Security Awareness (금융회사의 정보보호활동이 정보보호의식 및 정보보호자신감에 미치는 영향 : 정보보호의식의 매개효과를 중심으로)

  • Soh, Hyeon-Chul;Kim, Jong Keun
    • Journal of Korea Society of Industrial Information Systems
    • /
    • v.22 no.4
    • /
    • pp.45-64
    • /
    • 2017
  • The Purpose of this Study is to find out the Implications of the Information Security Activities of Financial Companies on the Confidence of the Information Security Officers and to find Academic and Practical Implications to Supplement the Insufficiencies. As a Result, it was Confirmed that the Information Security Officer's Confidence in Information Security for Companies and the Level of Information Security Awareness of the Employees are Increased when Financial Companies Conduct Information Protection Activities Focusing on Information Security Education, Security Incident Responses and In/Out Security.

A Study on Enterprise Information Security Portal Model for Enterprise Information Security Governance (기업 정보보호 거버넌스를 위한 기업 정보보호 포털 모델에 대한 연구)

  • Kim, Do Hyeong
    • Convergence Security Journal
    • /
    • v.20 no.3
    • /
    • pp.39-46
    • /
    • 2020
  • In order to protect the business information of the enterprise, the company is engaged in various information security activities, such as establishing an information security management system, establishing and operating an information security system, checking vulnerabilities and security controls. It is an enterprise information security governance that organizes various information security activities for enterprise business, and it needs to be systematized to operate them effectively. In this study, to systematize the enterprise information security governance, we would like to explore the existing Enterprise Information Portal(EIP) model and propose an Enterprise Information Security Portal(EISP) model based on it. The Enterprise Information Security Portal(EISP) model provides an integrated environment for supporting the activities of the information security departments by systemizing the enterprise information security governance, which is a variety of information security activities of the enterprises, so that the information security activities of the enterprises can participate directly from CEO to executives and employees, not just from the information security departments.

Relationship between Information Security Activities of Enterprise and Its Infringement : Mainly on the Effects of Information Security Awareness (기업의 정보보호 활동과 정보침해 사고 간의 관계: 정보보호 인식의 매개효과를 중심으로)

  • Moon, Kunwoong;Kim, Seungjoo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.4
    • /
    • pp.897-912
    • /
    • 2017
  • This paper focuses on how the protection of information security incident is effective in via Information security awareness when conducting information security activities of enterprises. Research models have theorized that the information security activity and the information security awareness will reduce the incidence of information security. The general characteristics of analysis targets have been carried out in the frequency analysis, and the reliability of the measuring tool has been utilized to calculate the coefficient of Cronbach's information protection. Evidence has been demonstrated regarding the relationship between information security activities and information security awareness and information security incidents.