• Journal of Information Technology Services
• /
• v.17 no.1
• /
• pp.33-45
• /
• 2018

Recently, many South Korean firms have suffered financial losses and damaged corporate images from the data breaches. Accordingly, a firm should manage their IT assets securely through an information security investment. However, the difficulty of measuring the return on an information security investment is one of the critical obstacles for firms in making such investment decisions. There have been a number of studies on the effect of IT investment so far, but there are few researches on information security investment. In this paper, based on a sample of 76 investment announcements of firms whose stocks are publicly traded in the South Korea's stock market between 2001 and 2017, we examines the market reaction to information security investment by using event study methodology. The results of the main effects indicate that self-developed is significantly related to cumulative average abnormal returns (CAARs), while no significant effect was observed for discloser, investment characteristics and firm characteristics. In addition, we find that the market reacts more favorably to the news announced by the subject of investment than the vendor, in case of investments with commercial exploitation. One of main contributions in our study is that it has revealed the factors affecting the market reaction to announcement of information security investment. It is also expected that, in practice, corporate executives will be able to help make an information security investment decision.

• Journal of Convergence Society for SMB
• /
• v.6 no.3
• /
• pp.13-19
• /
• 2016

In various ICBM (IoT, Bigdata, Cloud, Mobile) IT convergence environments, IT technologies have been evolved, new information security threats have been occurred. As information security incidents in major public agencies, financial institutions and companies occurred, it was emphasized that the importance of human security was disclosed. Thus, implementing of information security management system could protect hacks and security breaches and respond quickly to accidents so it minimized the sized of loss. In this paper, comparison of human security controls shown in ISO27001, COBIT, NIST 800-53, K-ISMS, Cyber Security Framework such as the main information security management systems was analyzed, and proposed of the security implications about effective controls of human resources security issues.

• The Journal of Society for e-Business Studies
• /
• v.18 no.1
• /
• pp.1-12
• /
• 2013

With the increases of requirement for user identification in Internet services, we should let the service companies know my personal information. If the shared personal information with them are used in not-allowed area or delivered to un-authorized persons, we may have practical harms in several fields such as financial related operations. Korean Government has introduced new management method for personal information, but it is not hard to find the personal information management issues from Korean news papers. The proper measurement should be delivered to related companies to help them to decide investment for security. This paper review the indirect measurement method of demages by check the stock prices of related company for personal information management issue. We check the relationship between change of stock price and the information management issue. The result shows there are no changes in stock market. Korean government added strong regulations for personal information management though. To prevent further personal information issues, we should recognize the indirect damages properly and let the company pay higher reparations for any personal information abuse.

• Journal of IKEEE
• /
• v.27 no.4
• /
• pp.548-555
• /
• 2023

With the advancement of the internet, the use of personal information in online interactions has increased, underscoring the significance of data protection. Breaches of personal data due to unauthorized access can result in psychological and financial damage to individuals, and may even enable wide-ranging societal attacks aimed at those associated with the victims. In response to such threats, there is active research into security measures using blockchain to safeguard personal information. This study proposes a system that uses middleware and IAM (Identity and Access Management) services to protect personal information in a BaaS (Blockchain as a Service) environment where blockchain is provided via the Internet. The middleware operates on servers where IAM roles and policies are applied, authenticates users, and performs access control to allow only legitimate users to access blockchain data existing in the cloud. Additionally, to understand the impact of the proposed personal information protection method on the system, we measure the response time according to the time taken and the number of users under three assumed scenarios, and compare the proposed method and research related to personal information protection using blockchain in terms of security characteristics such as idea, type of blockchain, authentication, and confidentiality.

• Information Systems Review
• /
• v.17 no.3
• /
• pp.39-64
• /
• 2015

As information and information technology become more important in competitive corporate environments, the risk of information security breaches has increased accordingly. Although organizations establish security measures to manage information security risks, members of organizations do not comply with them well, and their information security behavior intention is unclear. Therefore, to understand the information security risk management intention of the members of organizations, the present study developed a research model using Protection Motivation Theory, Supervisory Authority Pressure, and Background factors. This study presents empirical research findings based on the analysis of survey data from 201 members of financial institutions. Perceived Severity, Self-efficacy, and Supervisory Authority Pressure had a positive effect on intention; however, Perceived Vulnerability and Response Efficacy did not affect intention. Security Avoidance Habit, which was considered a background factor, had a negative effect on all parameters, and did not have an effect on intention. Security Awareness Training, another background factor, had a positive effect on information security risk management intention and perceived vulnerability, self-efficacy, response efficacy, and supervisory authority pressure, and had no effect on perceived severity. This study used supervisory authority pressure and background factors in the field of information security, and provided a basis to use supervisory authority pressure in future studies on behavior of organizations and members of an organization. In addition, the use of various background factors presented the groundwork for the expansion of protection motivation theory. Furthermore, practitioners can use the study findings as a foundation for organization's security activities, and to improve regulations.

• Journal of Intelligence and Information Systems
• /
• v.20 no.2
• /
• pp.163-178
• /
• 2014

Following research proposes "Virtualization of Smart Cards (ViSCa)" which is a security system that aims to provide a multi-device platform for the deployment of services that require a strong security protocol, both for the access & authentication and execution of its applications and focuses on analyzing Virtualization of Smart Cards (ViSCa) platform-based mobile payment service by comparing with other similar cases. At the present day, the appearance of new ICT, the diffusion of new user devices (such as smartphones, tablet PC, and so on) and the growth of internet penetration rate are creating many world-shaking services yet in the most of these applications' private information has to be shared, which means that security breaches and illegal access to that information are real threats that have to be solved. Also mobile payment service is, one of the innovative services, has same issues which are real threats for users because mobile payment service sometimes requires user identification, an authentication procedure and confidential data sharing. Thus, an extra layer of security is needed in their communication and execution protocols. The Virtualization of Smart Cards (ViSCa), concept is a holistic approach and centralized management for a security system that pursues to provide a ubiquitous multi-device platform for the arrangement of mobile payment services that demand a powerful security protocol, both for the access & authentication and execution of its applications. In this sense, Virtualization of Smart Cards (ViSCa) offers full interoperability and full access from any user device without any loss of security. The concept prevents possible attacks by third parties, guaranteeing the confidentiality of personal data, bank accounts or private financial information. The Virtualization of Smart Cards (ViSCa) concept is split in two different phases: the execution of the user authentication protocol on the user device and the cloud architecture that executes the secure application. Thus, the secure service access is guaranteed at anytime, anywhere and through any device supporting previously required security mechanisms. The security level is improved by using virtualization technology in the cloud. This virtualization technology is used terminal virtualization to virtualize smart card hardware and thrive to manage virtualized smart cards as a whole, through mobile cloud technology in Virtualization of Smart Cards (ViSCa) platform-based mobile payment service. This entire process is referred to as Smart Card as a Service (SCaaS). Virtualization of Smart Cards (ViSCa) platform-based mobile payment service virtualizes smart card, which is used as payment mean, and loads it in to the mobile cloud. Authentication takes place through application and helps log on to mobile cloud and chooses one of virtualized smart card as a payment method. To decide the scope of the research, which is comparing Virtualization of Smart Cards (ViSCa) platform-based mobile payment service with other similar cases, we categorized the prior researches' mobile payment service groups into distinct feature and service type. Both groups store credit card's data in the mobile device and settle the payment process at the offline market. By the location where the electronic financial transaction information (data) is stored, the groups can be categorized into two main service types. First is "App Method" which loads the data in the server connected to the application. Second "Mobile Card Method" stores its data in the Integrated Circuit (IC) chip, which holds financial transaction data, which is inbuilt in the mobile device secure element (SE). Through prior researches on accept factors of mobile payment service and its market environment, we came up with six key factors of comparative analysis which are economic, generality, security, convenience(ease of use), applicability and efficiency. Within the chosen group, we compared and analyzed the selected cases and Virtualization of Smart Cards (ViSCa) platform-based mobile payment service.