• The Korean Nurse
• /
• 제26권3호통권141호
• /
• pp.21-26
• /
• 1987

• Journal of KIISE
• /
• 제43권10호
• /
• pp.1124-1130
• /
• 2016

A controlled group is closed compared to other organizations, which hinders collection of data and accurate analysis, so that it is hard to evaluate a controlled group's power structure and predict future changes using usual analytical methods including sociological approach. Analyzing a controlled group using SNA can allow for evaluation of inner power structure by revealing the relationships between members and identifying members with central roles given limited data. In this study, in order to evaluate changes in power structure, time-sequential SNA research was conducted by analyzing eigenvector centrality, which reflects individual influence and reveals the overall power structure. The result showed an improvement in accuracy compared to other centralities that contain individual degree or closeness, and made it possible to presume structural changes such as promotion or purge of a member.

• Information Systems Review
• /
• 제12권1호
• /
• pp.23-42
• /
• 2010

Although organizations are given various benefits with information technologies, they sometimes have suffered fatal damages due to information security incidents now such as computer virus, hacking, counterfeiting, plagiarizing, etc. The fundamentalcauses of information security incidents are closely related to individuals who do not comply with information security policy or rules. The spontaneous self-control of individuals and monitoring for individuals could be the most essential solution for the ongoing observance of information security policy. Thus, the purpose of this study is to analyze effects of punishment and ethics training on compliance of information security policy of individuals in organizations, to determine individual divide among security propensity depending on organization types, and to find the more fundamental solution which leads change of organizational members’ behaviors and self-control. Regardless of the type of organizations, the results of the study suggest that there exist positive effects of punishment and ethics training in all types of organization on compliance of information security rules or regulations. A member of unitary form organization has higher cognition of punishment than a member's cognition of the multi-divisional form organization, while relatively lower awareness of ethics training. Also, a member of public organization has higher awareness of ethics training than a member’s awareness of private organization, while lower cognition of punishment. Finally, the result shows that punishment and ethics training may be major factors which affect information security. It also suggests that organizational security managers have to understand and consider organization member’s propensity relying on organization form and organization characteristics for establishment and enforcement of information security policy.

• Asia Marketing Journal
• /
• 제4권3호
• /
• pp.1-22
• /
• 2002

본 연구는 다양한 통제메커니즘이 관계의 질에 미치는 영향과 환경불확실성의 조절효과를 분석하고 있다. 국내 모 백화점의 202개 공급업체를 대상으로 한 서베이 분석결과, 위 연구문제들에 대한 해답은 명쾌하게 제시되고 있지 않다. 첫째, 관계의 질에 가장 큰 영향을 미치는 변수는 조직간 통합인 것으로 나타났다. 조직간 통합은 신뢰, 만족, 장기거래의지를 모두 증가시키는 것으로 나타났다. 둘째, 인센티브로서 공급자의 거래특유투자가 많을수록 만족과 장기거래의지는 증가하는 것으로 나타났다. 셋째, 자격제한과 감시의 주효과와 환경불확실성의 조절효과는 없는 것으로 확인되고 있다. 결론부분에서는 이상의 연구결과가 구매자-공급자간 거래에서의 통제메커니즘의 활용과 관련하여 가지는 이론 및 실제적 의의와 시사점을 기술하고 있다.

• The Journal of Society for e-Business Studies
• /
• 제22권2호
• /
• pp.99-121
• /
• 2017

Standard makers in both private and public sectors have been increasingly mandating security standards upon organizations to protect organizational digital assets. A major issue in security standardization is that standards often cannot regulate all possible security efforts by the standard maker because some efforts are unverifiable by nature. This paper studies from an analytical perspective how a standard maker should design the standard using a verifiable security control in the presence of another related unverifiable one. We compare it with two benchmark standards; $na{\ddot{i}}ve$-standard which refers to the standard maker who ignores the existence of the unverifiable control, and complete-information standard which refers to the maker sets standards on both controls. Optimal standard and benchmark standard depend critically on how the two controls are configured. Under parallel configuration, the existence of the unverifiable control induces the policy maker to set a higher standard (the complete-information standard is optimal); under serial configuration, a lower standard is applied (neither benchmark works). Under best-shot configuration and if the verifiable control is more cost-efficient, the existence of the unverifiable control has no impact on the optimal standard (the $na{\ddot{i}}ve$ standard is optimal).

• Review of KIISC
• /
• 제21권5호
• /
• pp.37-44
• /
• 2011

최근 들어 클라우드 컴퓨터의 도입에 있어 보안 및 개인정보보호가 핵심적인 요구사항으로 주목받고 있으며, 국내외 여러 조직에서는 클라우드 컴퓨팅 환경에서의 개인정보보호의 중요성을 인식하여 전사적이고 체계적인 접근법에 기초한 연구가 진행되고 있다. 본 논문에서는 클라우드 컴퓨팅의 보안을 다룬 NIST SP 800-144 문서를 기반으로 정보보호관리체제 (ISMS)에 대한 국제표준인 ISO 27002의 통제내용음 분석하고 이를 KISA-PIMS의 통제내용과 연결하여 도출하였다. 더불어, IPC 및 WPF등 해외에서 연구한 클라우도 컴퓨팅 개인정보보호 위험 및 요구사항을 KISA-PIMS의 통제목적과 비교 분석하는 한편, 클라우드 컴퓨팅 개인정보보호의 향후 연구 과제를 제시하고자 한다.

• Convergence Security Journal
• /
• 제12권4호
• /
• pp.109-114
• /
• 2012

Information society in recent times, lots of important information have been stored in information systems. In this situation, unauthorized person can obtains important information by piggy-backing and shoulder surfing in specific area of organization. Therefore, in this study, we proposed network group access control system by combining RFID and infrared-ray for blocking information leakage due to unauthorized access by internal threats and enhancing personnel security. So it can provides a more secure internal network environment.

• The Journal of Society for e-Business Studies
• /
• 제19권1호
• /
• pp.63-78
• /
• 2014

This paper is to analyze how the information security leadership of top management affects controls of information security. Controls of information security include the activity related to making information security policy, the activity related to making up information security organizational structure and job responsibilities, the activity related to information security awareness and training, the activity related to technical measures installation and operation, and the activity related to emergency response, monitering and auditing. Additionally we will analyze how Internet incidents affect controls of information security and find implications.

• Journal of Intelligence and Information Systems
• /
• 제18권1호
• /
• pp.71-90
• /
• 2012

Although it has been studied for a long time in various disciplines, most of control theories remain being developed by analyzing relatively simple tasks. Even recent research on control of information systems development explains only a small part of control phenomena observed in the real world projects. This research focuses on identifying and analyzing the concepts and structures in order to make them useful for understanding and explaining control of information systems development comprehensively This investigation utilizes the complementary relationship between views on control from organizational and economic perspectives. A conceptual framework developed by integrating previous research on control allows us to analyze the development of information systems for control purposes. The results of discussion about control mechanisms and network can be used as guidelines for designing control systems in real projects. Analysis of control networks shows that control of development projects requires quite complex networks intertwining a variety of controllers and controlees. The results of this research are expected to contribute to correcting the unbalanced status of IS research which has emphasized too heavily on planning and implementation, and deepening and widening our understanding about controlling development projects. Practitioners can use the results as guidelines for designing control mechanisms and networks, and get alerted by them about the agency risks inherent in outsourced developments.

• Journal of Information Management
• /
• 제40권3호
• /
• pp.61-77
• /
• 2009

Recently, enterprises are protecting information assets with the various means of control and management. Nevertheless, they are confronted with the dilemma which the higher securitylevel they request, the lesser efficiency and productivity in short terms they acquire by the inconvenience of business process. In addition, in spite of the steady increase of organization's investment on information protection, the systematic way for the performance measurement of information protection has not been suggested, so that in reality, it is difficult to make the decision to invest on information-protection and elicit the direction to improve it. For this reason, this study intended to establish the concept of the protection and security of information assets of enterprises and to categorize the type of activities to protect information assets into management activity and control activity, and analyze the effects of management activity and control activity for information asset protection on the performance of information asset protection activity and organization. For this research, questionnaire survey was conducted with literature study and the PLS(Partial Least Square) was used to analyze the measurement model and hypotheses testing. The PLS analysis results indicate that management activity for information asset protection affects information asset protection performance. Further, organizational performance is influenced by information asset protection performance. Practical implications of these findings and future research implications are also discussed.