• Title, Summary, Keyword: Information Security

Search Result 14,770, Processing Time 0.065 seconds

The Impact of Organizational Information Security Climate on Employees' Information Security Participation Behavior (조직의 정보보안 분위기가 조직 구성원의 정보보안 참여 행동에 미치는 영향)

  • Park, Jaeyoung;Kim, Beomsoo
    • The Journal of Information Systems
    • /
    • v.29 no.4
    • /
    • pp.57-76
    • /
    • 2020
  • Purpose Although examining the antecedents of employees' extra-role behavior (i.e. information security participation behavior) in the information security context is significant for researchers and practitioners, most behavioral security studies have focused on employees' in-role behavior (i.e. information security policy compliance). Thus, this research addresses this gap by investigating how organizational information security climate influences information security participation behavior based on social information processing theory and Griffin and Neal's safety model. Design/methodology/approach We developed a research model by applying Griffin and Neal's safety model to the information security context and then tested our research model by conducting an online survey for employees of organizations with information security policies. Structural equation modeling (SEM) with SmartPLS 3.3.2 is used to test the corresponding hypothesis. Findings Our results show that organizational information security climate, information security knowledge, information security motivation are effective in motivating information security participation behavior. Also, we find that organizational information security climate positively influences both information security knowledge and information security motivation. Our findings emphasize the importance of organizational information security climate because it is capable of affecting employees on information security participation behavior. Our study contributes to the literature on information security by exploring the role of organizational information security climate in enhancing employees' information security participation behavior.

Effects of Information Security Education on the Practice of Information Security for the Youth (정보보호 교육이 청소년의 정보보호 실천에 미치는 영향)

  • Kang, Min-Seong;Kim, Tae-Sung;Kim, Taek-Young
    • Journal of Information Technology Applications and Management
    • /
    • v.26 no.2
    • /
    • pp.27-40
    • /
    • 2019
  • As reliance on information and communication becomes widespread, a variety of information dysfunctions such as hacking, viruses, and the infringement of personal information are also occurring. Korean adolescents are especially exposed to an environment in which they are experiencing information dysfunction. In addition, youth cybercrimes are steadily occurring. To prevent cybercrime and the damage caused by information dysfunction, information security practices are essential. Accordingly, the purpose of this study is to discuss the factors affecting the information security practices of Korean youths, considering information security education, perceived severity, and perceived vulnerability as leading factors of the theory of planned behavior. A questionnaire survey was administered to 118 middle and high school students. Results of the hypothesis test show that information security education affects perceived behavior control, and perceived severity affects attitude. Subjective norms, information security attitudes, and perceived behavioral control were found to influence adolescents' practices of information security. However, perceived vulnerabilities did not affect youths' information security attitudes. This study confirms that information security education can help youths to practice information security. In other words, information security education is important, and it is a necessary element in the information curriculum of contemporary youth. However, perceived vulnerability to youth information security threats did not affect information security attitudes. Consequently, we suggest that it is necessary to strengthen the contents of the information security education for Korean youths.

Market Reaction to IT Security Investment Announcements (기업의 정보보호 공시가 기업가치에 미치는 영향)

  • Park, Jaeyoung;Jung, Woo-Jin
    • Knowledge Management Research
    • /
    • v.20 no.4
    • /
    • pp.39-55
    • /
    • 2019
  • Although Firms have been increasing their information security significantly to handle increased security risks, the effects of information security were not well understood. This study aims to investigate the market value of information security by employing the event study methodology. Our research also explores how market responses vary depending on the type of information security announcements. We collected 177 firm-level information security announcements between 2001 and 2017 in South Korea. For all samples, our results indicate that the stock market positively reacts to information security announcements. We also conducted subsample analysis and found that while information security certification announcement has a positive impact on the stock market, information security activities (e.g. award, information security system) announcement had no impact on the stock market. Our study adopted a novel approach (i.e. event study) for investigating the effects of information security and found that information security investment positively affects firm value. Our results allow managers to measure the effects of information security investment and help them make right decisions on information security investment.

Design of Financial Information Security Model based on Enterprise Information Security Architecture (전사적 정보보호 아키텍처에 근거한 금융 정보보호 모델 설계)

  • Kim, Dong Soo;Jun, Nam Jae;Kim, Hee Wan
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.6 no.4
    • /
    • pp.307-317
    • /
    • 2010
  • The majority of financial and general business organizations have had individual damage from hacking, worms, viruses, cyber attacks, internet fraud, technology and information leaks due to criminal damage. Therefore privacy has become an important issue in the community. This paper examines various elements of the information security management system and discuss about Information Security Management System Models by using the analysis of the financial statue and its level of information security assessment. These analyses were based on the Information Security Management System (ISMS) of Korea Information Security Agency, British's ISO27001, GMITS, ISO/IEC 17799/2005, and COBIT's information security architecture. This model will allow users to manage and secure information safely. Therefore, it is recommended for companies to use the security management plan to improve the companies' financial and information security and to prevent from any risk of exposing the companies' information.

The Influence of Information Security Behaviors on Information Security Performance in Shipping and Port Organization (해운항만조직의 정보보안이행이 정보보안성과에 미치는 영향)

  • Kang, Da-Yeon;Chang, Myung-Hee
    • Journal of Navigation and Port Research
    • /
    • v.40 no.4
    • /
    • pp.213-222
    • /
    • 2016
  • Recently, as cases of organizations' information disclosure occur continuously, it is urgent to manage security of information and establish measures to enhance security of information by an organization itself. Especially, members of an organization should be prepared with measures for information security, and an organization should do its efforts to raise its members' awareness toward information security. I set a research model to verify what effects an organization's fulfillment of regulations to secure information brings to performance of information security and selected members from maritime and port organizations and financial and insurance institutes as sample. Results of the analysis to identify factors affecting information security performance among members of maritime and port organizations are as follows. Firstly, I found that the factors affecting information security awareness are information security attitude and information security standards. Secondly, the factor giving influence on information security policy of an organization was found to be information security standards. In contrast, information security punishments and information security training were verified not to give influence on compliance of information security policy. Thirdly, information security awareness was identified to give significant influence on compliance of information security policy, information security competence and information security behavior. Fourthly, compliance of information security policy was verified to be those factors that give influence on information security competence and information security behavior. Lastly, information security competence and information security behavior were found to be such factors that give influence on information security performance.

Optimization of Information Security Investment Considering the Level of Information Security Countermeasure: Genetic Algorithm Approach (정보보호 대책 수준을 고려한 정보보호 투자 최적화: 유전자 알고리즘 접근법)

  • Lim, Jung-Hyun;Kim, Tae-Sung
    • Journal of Information Technology Services
    • /
    • v.18 no.5
    • /
    • pp.155-164
    • /
    • 2019
  • With the emergence of new ICT technologies, information security threats are becoming more advanced, intelligent, and diverse. Even though the awareness of the importance of information security increases, the information security budget is not enough because of the lack of effectiveness measurement of the information security investment. Therefore, it is necessary to optimize the information security investment in each business environment to minimize the cost of operating the information security countermeasures and mitigate the damages occurred from the information security breaches. In this paper, using genetic algorithms we propose an investment optimization model for information security countermeasures with the limited budget. The optimal information security countermeasures were derived based on the actual information security investment status of SMEs. The optimal solution supports the decision on the appropriate investment level for each information security countermeasures.

A Study on Policy for cost estimate of Security Sustainable Service in Information Security Solutions (정보보안솔루션 보안성 지속 서비스 대가 산정 정책 연구)

  • Jo, Yeon-ho;Lee, Yong-pil;Lim, Jong-in;Lee, Kyoung-ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.4
    • /
    • pp.905-914
    • /
    • 2015
  • Once information security solution is implemented, it requires many services other than just general user management, such as malicious code analysis and security updated for consistent security against external threats or attacks, analysis of threat and attack, effectivity management of obtained security assurance, and advisory activities of security technical professionals. However, even if information security solutions provide those extra services, they are not properly treated in real market. Thus, for the security sustainable services, this study analyzes the service status of domestic information security, and suggest policy measure of price which could reflected the characteristics of information security solutions.

Relationship between Information Security Activities of Enterprise and Its Infringement : Mainly on the Effects of Information Security Awareness (기업의 정보보호 활동과 정보침해 사고 간의 관계: 정보보호 인식의 매개효과를 중심으로)

  • Moon, Kunwoong;Kim, Seungjoo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.4
    • /
    • pp.897-912
    • /
    • 2017
  • This paper focuses on how the protection of information security incident is effective in via Information security awareness when conducting information security activities of enterprises. Research models have theorized that the information security activity and the information security awareness will reduce the incidence of information security. The general characteristics of analysis targets have been carried out in the frequency analysis, and the reliability of the measuring tool has been utilized to calculate the coefficient of Cronbach's information protection. Evidence has been demonstrated regarding the relationship between information security activities and information security awareness and information security incidents.

The Correspondence Competence of Information Accident by Firms Experienced in Confidential Information Leak (기밀정보 유출 경험을 가진 기업들의 정보사고 대응역량 강화에 관한 연구)

  • Jung, Byoungho
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.12 no.2
    • /
    • pp.73-86
    • /
    • 2016
  • The purpose of this study is to examine a security investment for firms experienced in confidential information leak. Information security is an apparatus for protection of secret information. The competence of information security is a competitiveness to avoid information leakage in changing business environment. The type of information security is divided into administrative security, technical security and physical security. It is necessary to improve the incident correspondence competence through information security investment of the three types. Therefore, the investment of information security is to enhance information-asset protection of firms. To reinforce accident response competence, an organization discussed an establishment, security technology development, expand investment and legal system of the security system. I have studied empirically targeting the only information leak of firms. This data is a technical security competence and technology leakage situation of firms happened in 2010. During recovery of the DDos virus damage on countries, company and individual, the collected data signify a reality of information security. The data also identify a security competence of firms worrying information security management. According to the study, the continuous investment of information security has a high competence of accident correspondence. In addition, the most of security accidents showed a copy and stealing of paper and computer files. Firm on appropriate security investment is an accident correspondence competence higher than no security investment regardless of a large, small and medium-sized, and venture firm. Furthermore, the rational security investment should choose the three security type consideration for firm size.

A Study on Enterprise Information Security Portal Model for Enterprise Information Security Governance (기업 정보보호 거버넌스를 위한 기업 정보보호 포털 모델에 대한 연구)

  • Kim, Do Hyeong
    • Convergence Security Journal
    • /
    • v.20 no.3
    • /
    • pp.39-46
    • /
    • 2020
  • In order to protect the business information of the enterprise, the company is engaged in various information security activities, such as establishing an information security management system, establishing and operating an information security system, checking vulnerabilities and security controls. It is an enterprise information security governance that organizes various information security activities for enterprise business, and it needs to be systematized to operate them effectively. In this study, to systematize the enterprise information security governance, we would like to explore the existing Enterprise Information Portal(EIP) model and propose an Enterprise Information Security Portal(EISP) model based on it. The Enterprise Information Security Portal(EISP) model provides an integrated environment for supporting the activities of the information security departments by systemizing the enterprise information security governance, which is a variety of information security activities of the enterprises, so that the information security activities of the enterprises can participate directly from CEO to executives and employees, not just from the information security departments.