• Journal of the Korean Operations Research and Management Science Society
• /
• v.32 no.2
• /
• pp.149-162
• /
• 2007

In the era of the internet and ubiquitous computing, IS users are still facing a variety of threats. Therefore, a need of more tightened information security service increases unprecedentedly. In this sense, this study is aimed at proposing a new research model in which IT assets (i.e., network, system, and information influence) Security and Information Security Service (i.e., confidentiality, integrity, nonrepudiation, authentication) affect information security quality positively, leading to users' satisfaction eventually. To prove the validity of the proposed research model, PLS analysis is applied with valid 177 questionnaires. Results reveal that both IT assets Security and Information Security Service influence informations security qualify positively, and user satisfaction as well. From the results, it can be concluded that Korean government's recent orchestrated efforts to boost the IT assets Security and Information Security Service helped great improve the information security quality and user satisfaction.

• Asia pacific journal of information systems
• /
• v.23 no.4
• /
• pp.129-149
• /
• 2013

According to the development of new Information Technologies, firms consistently invest a significant amount of money in IT activities, such as establishing internal and external information systems. However, several anti-Information activities-such as hacking, leakage of information and system destruction-are also rapidly increasing, thus many firms are exposed to direct and indirect threats. Therefore, firms try to establish information security systems and manage these systems more effectively via an enterprise perspective. However, stakeholders or some managers have negative opinions about information security systems. Therefore, in this research, we study the relationship between multibusiness firms' performance and information security systems. Information security indicates physical and logical correspondence of information system department against threats and disaster. Studies on information security systems suggested frameworks such as IT Governance Cube and COBIT Framework to identify information security systems. Thus, this study define that information security systems is a controlled system on enterprise IT process and resource on IT Governance perspective rather than independent domain of IT. Thus, Information Security Systems should be understood as a subordinate concept of IT and business processes. In addition, this study incorporates information capability to information security system literature to show the positive relationship between Information Security Systems and Corporate Performance. The concept of information capability suggested that an interaction of human, information, technical and an effect on corporate performance using three types of capability (IT Practice, Information Management Practice, Information Behaviors and Values). Information capability is about firms' capability to manage IT infrastructure and information as well as individual employees who use IT infrastructure and information. Thus, this study uses information capability as a mediating variable for the relationship between information security systems and firms' performance. To investigate the relationship between Information Security Systems and multibusiness firms' performance, this study extends the IT relatedness concept into Information Security Systems. IT relatedness provides understanding of how corporations cope with conflicts between headquarters and business units to create a synergy effect and achieve high performance using IT resources. Based on the previous literature, this study develops the IT Security Relatedness model. IT Security Relatedness is our main independent variable, while Information Capability and Information Security Performance are mediating variables. To control for the common method bias, we collect each multibusiness firm's financial performance and use it as our dependent variable. We find that Information Security Systems influence Information Capability and Information Security Performance positively, and these two variables consequently influence Corporate Performance positively. In addition, this result indirectly shows that corporations under a multibusiness environment can obtain synergy effects using the integrated Information Security Systems. This positive impact of Information Security Systems on multibusiness firms' performance has an important implication to various stakeholders. Therefore, multibusiness firms need to establish Information Security Systems to achieve better financial performance.

• Convergence Security Journal
• /
• v.11 no.5
• /
• pp.3-12
• /
• 2011

According to the NIS, damages due to leaking industrial technology are reaching tens of trillion won. The type of damages are classified according to insider leaks, joint research, and hacking, illegal technology leaks and collaborated camouflaged. But 80% of them turned out to be an insider leak about connecting with physical security. The convergence of IT and non IT is accelerating, and the boundaries between all area are crumbling. Information Security Industry has grown continuously focusing Private Information Security which is gradually expanding to Knowledge Information Security Industry, but Information Security Industry hereafter is concentrated with convergence of IT Security Technology and product, convergence of IT Security and Physical Security, and IT convergence Industry Security. In this paper, for preventing company information leaks, logical security and physical security both of them are managed at the same level. In particular, using convergence of physical security systems (access control systems, video security systems, and others) and IT integrated security control system, convergence security monitoring model is proposed that is the prevention of external attacks and insider leaks, blocked and how to maximize the synergy effect of the analysis.

• Journal of Internet Computing and Services
• /
• v.15 no.3
• /
• pp.91-100
• /
• 2014

While IT security investment of organizations has been increased, the amount of the monetary loss of organizations caused by IT security breaches did not decrease as much as their expectation. Also, from surveys, it was discovered that the poor usage of their security budget thwarted the improvement of the organization's security level. In this paper, to resolve the poor usage of security budget of organizations, we propose a comprehensive economic model for determining the optimal amount of investment in security solutions, including the proactive security solutions(PSSs) and the reactive security solutions(RSSs). Using the proposed analytical model under different parameters of security solutions, we show the optimal condition to maximize the expected net benefits from IT security investment of organizations. Also, we verify the common belief that the optimal level of investment in security solutions is an increasing function of vulnerability. Through simulations, we find the optimal level of IT security investment, given parameters of different characteristics of security solutions.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.2
• /
• pp.233-245
• /
• 2010

This paper proposes security architecture, security audit framework, and audit check item. These are based on the security requirement that has been researched in the information system audit. The proposed information security architecture is built in a way that it could defend a cyber attack. According to its life cycle, it considers a security service and security control that is required by the information system. It is mapped in a way that it can control the security technology and security environment. As a result, an audit framework of the information system is presented based on the security requirement and security architecture. The standard checkpoints of security audit are of the highest level. It was applied to the system introduction for the next generation of D stock and D life insurance company. Also, it was applied to the human resources information system of K institution and was verified. Before applying to institutions, system developers and administrators were educated about their awareness about security so that they can follow guidelines of a developer security. As a result, the systemic security problems were decreased by more than eighty percent.

• Convergence Security Journal
• /
• v.11 no.5
• /
• pp.31-40
• /
• 2011

As new technologies emerge and threats become increasingly complex and unpredictable, security professionals who are living in the age of information face an increasingly complex array of challenges. In recent, virtually all organizations with physical and IT assets protect those assets in a variety of methods. There are physical systems to protect facilities and their contents from unlawful trespassing. It is important to note that the integration of physical and IT security is to be required: When done correctly, the integration starts with laws, strategies, policies and procedures. Integration of physical and IT security systems is done not for its own sake but in support of security policies and procedures. Significant security improvements can be made by integrating physical and IT security management without necessarily integrating physical and logical electronic security systems. Up to now, the private security industries of the Republic of Korea have been operated and developed by the separation of physical security and industrial security. However, considering the fast changing security environments, physical security companies should turn their attention to security convergence field to cope with the new trends in the security matters. At the same time, governmental supports on the improvement of various laws, regulations and policies in such a way to meet the realistic needs of the industries should be followed.

• Asia pacific journal of information systems
• /
• v.8 no.2
• /
• pp.105-119
• /
• 1998

As the first step to information security, the security policy and organizational control need to be established. The purpose of this study is to investigate the policy and management of information security of five major Korean business groups. The results of case study on five giant groups can be summarized as follows. There exists a basic policy for information security. But it is outdated and not realistic in the present. The security audit and education need to be upgraded. It is also necessary to use security tools actively. The security level is low in companies which do not have independent information security divisions. Therefore, it is desirable to build information security teams. The number of security personnel is not enough for the task although there exist an information security team in the company. It is important to check if the team has the ability of perform information security task. The interview with security managers reveals that the total security management should be integrated with physical and computer security. It is suggested that an Information Security Center play the major role for information security. The study on the information security management for industry level is expected to be performed in the future.

• Convergence Security Journal
• /
• v.9 no.4
• /
• pp.1-6
• /
• 2009

Current paradigm of industrial security is changing into the effective operation and management from simple establishment of security equipments. If the physical security system(entry control system, video security system, etc.) and the IT integrated security control system are conversed, it makes us possible to prevent, disrupt and track afterwards the insider's information leakage through the risk and security management of enterprise. That is, Without the additional expansion of the existing physical security and IT security manpower, the establishment of systematic conversion security management process in a short time is possible and can be expected the effective operation of professional organization system at all times. Now it is needed to build up integrated security management system as an individual technique including the security event collection and integrated management, the post connected tracking management in the case of security accident, the pattern definition and real time observation of information leakage and security violation, the rapid judgement and response/measure to the attempt of information leakage and security violation, the establishment of security policy by stages and systematically and conversion security.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.4
• /
• pp.89-96
• /
• 2016

Before an IT product is used, there is a sequence of the process such as the components supply-demand of the product, their assembly and production, their logistics and delivery, and then finally, the product can be used by a user. During this sequence of the process, there can be many security exposures and risks. In this paper, we show, by examining security cases of various IT products, that there are many security exposures in the process of IT products from their production to their delivery to end users and in their use, and also show how critical the security exposures are. Even though there are various security theories, technologies and security controls, there is still weak link from the production of an IT product to its use, and this weak link can lead to security vulnerabilities and risks. This paper tries to call attention to the importance of the execution of the security control and the control components. We examine the practical cases to find out how the security control is paralyzed, and to show how it is compromised by asymmetric security resources. Lastly, from the cases, we examine and review the possible domestic security issues and their countermeasures.

• Journal of Information Technology Services
• /
• v.7 no.3
• /
• pp.175-198
• /
• 2008

The wide spread of the Internet has become a momentum to promote informatization, and thus individuals, organizations, and government bodies are competitively participating in this kind of new wave. Informatization enables us not only to circulate and utilize information without any limitation but also to maximize users' benefits and convenience. On the other hand, it brings about negative effects-security incidents such as cyber terror, Internet fraud and technology leakage, etc. Evaluation on security level should precede over all the others in order to minimize damage by security incidents since it diagnoses current status on security as it is and can be used as a guideline for appropriate security management. In this study, evaluation domains, items and indicators of information security to evaluate information security are theoretically developed on the basis of critically reviewing the major existing research. And then the coincidence level(content validity, ease and reliability of evaluation) of each evaluation indicators are empirically analyzed through performing the field study of 83 information security experts.