• Asia pacific journal of information systems
• /
• v.15 no.1
• /
• pp.115-133
• /
• 2005

This study is to develop an information security management model(ISMM) for small and medium sized enterprises(SMEs). Based on extensive literature review, a five-pillar twelve-component reference ISMM is developed. The five pillars of SME's information security are: centralized decision making, ease of management, flexibility, agility and expandability. Twelve components are: scope & organization, security policy, resource assessment, risk assessment, implementation planning, control development, awareness training, monitoring, change management, auditing, maintenance and accident management. Subsequent survey designed and administered to expose experts' perception on the importance of these twelve components revealed that five out of tweleve components require relatively immediate attention than others, especially in SME's context. These five components are: scope and organization, resource assessment, auditing, change management, and incident management. Other seven components are policy, risk assessment, implementation planning, control development, awareness training, monitoring, and maintenance. It seems that resource limitation of SMEs directs their attention to ISMM activities that may not require a lot of resources. On the basis of these findings, a three-phase approach is developed and proposed here as an SME ISMM. Three phases are (1) foundation and promotion, (2) management and expansion, and (3) maturity. Implications of the model are discussed and suggestions are made for further research.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1117-1132
• /
• 2019

Recently, IT technology such as internet, mobile, and IOT has rapidly developed, making it easy to collect data necessary for business, and the collected data is analyzed as a new method of big data analysis and used appropriately for business. In this way, data collection and analysis becomes easy. In such data, personal information including an identifier such as a sensor id, a device number, IP address, or the like may be collected. However, if systematic management is not accompanied by collecting and disposing of large-scale data, violation of relevant laws such as "Personal Data Protection Act". Furthermore, data quality problems can also occur and make incorrect decisions. In this paper, we propose a new data governance maturity model(DGMM) that can identify the personal data contained in the data collected by companies, use it appropriately for the business, protect it, and secure quality. And we also propose a over all implementation process for DG Program.

• International Journal of Computer Science & Network Security
• /
• v.21 no.12spc
• /
• pp.399-408
• /
• 2021

Information security reports four types of basic attacks on information. One of the attacks is named as fabrication. Even though mobile devices and applications are showing its maturity in terms of performance, security and ubiquity, location-based applications still faces challenges of quality of service, privacy, integrity, authentication among mobile devices and hence mobile users associated with the devices. There is always a continued fear as how location information of users or IoT appliances is used by third party LB Service providers. Even adversary or malicious attackers get hold of location information in transit or fraudulently hold this information. In this paper, location information fabrication scenarios are presented after knowing basic model of information attacks. Peer-to-Peer broadcast model of location privacy is proposed. This document contains introduction to fabrication, solutions to such threats, management of fabrication mitigation in collaborative or peer to peer location privacy and its cost analysis. There are various infrastructure components in Location Based Services such as Governance Server, Point of interest POI repository, POI service, End users, Intruders etc. Various algorithms are presented and analyzed for fabrication management, integrity, and authentication. Moreover, anti-fabrication mechanism is devised in the presence of trust. Over cost analysis is done for anti-fabrication management due to nature of various cryptographic combinations.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.6
• /
• pp.153-160
• /
• 2007

Recently, the demand against the system risk analysis and security management from the enterprises or the agencies which operate a information system is increasing even from domestic. The international against the standardization trend of information protection management system it investigates from the dissertation which it sees. It analyzed and against information property information protection management system integrated it will be able to manage a danger modeling it did it proposed. Having analyzed as well as compared the matureness of security-measurement models in regard to the global standard of proposal system, the administrative presentation for various IT technology resources. which have been managed singly so far, is now well applied under the united control of the company itself, and enabled the automated management of authentication support and renewal for ISO 27001, ISO 9000, ISO 14000, resulting in much advanced operation for both material and human resources.

• The Journal of Society for e-Business Studies
• /
• v.16 no.2
• /
• pp.159-169
• /
• 2011

In order for agencies and companies at the IT service industry to check as well as to upgrade the current status of their information security programs, this paper suggests the assessment method for information security levels. The study developed 12 assessment fields and 54 assessment items derived from domestic and foreign cases including SP800-26, SP800-53, ISMS, and ISO27001. It categorized 54 assessment items into 5 levels for determining information security levels. Also, the study presents 7 strategies for performing their efficient evaluations. The proposed method and process in this paper can be useful guidelines for improving the national information security level.

• Journal of the Korean Home Economics Association
• /
• v.38 no.11
• /
• pp.63-75
• /
• 2000

To identify the actual situation of financial information disclosure, a content analysis was performed on pamphlets of a time deposit and a new reserve trust offered by banks and other financial institutes. Although consumers required information on interest rate, tax favor, loan service, protection of brink depositors and bank security to select a financial service account, informations offered on pamphlets are not sufficient. Therefore concrete way of information offer system shoed be developed. In offering interest rate, interest rate after tax deduction or payment at maturity should be also mentioned. Information on tax favor, protection of bank depositors and bank security should be contained in pamphlets as well. Use of easy terms and notes are recommended for developing pamphlets for financial products.

• Journal of the Society of Disaster Information
• /
• v.8 no.3
• /
• pp.276-286
• /
• 2012

The purposes of this study are to investigate various experience factors of the court security team's occupational socialization process and suggest basic materials which are necessary to establish educational service strategies of preliminary court security and guard. Therefore, in-depth interview and ethnographic study were conducted for 4 court securities whose career is more than 3 years. As the result, the process of occupational socialization process of the court security was divided into preparation period, adaptation period, conflict period and maturity period. In the preparation period, vision of university departments, acquisition of certificates and information of the court security team are the factors of basic stage for becoming court securities. In the adaptation period, they adapt themselves for playing their own roles sincerely and become professional manpower after being court securities, through the university educational program useful for practical duties, certificates for practical duties and occupational satisfaction. In the conflict period, they aware conflicts of the company and job stress, that court securities should experience, and endure them. In the maturity period, they are grown by one more step as court securities, through the motivation, job professionalism, occupational prospect and efforts of self-development.

• Journal of National Security and Military Science
• /
• s.7
• /
• pp.271-303
• /
• 2009

"Ubiquitous sensor network" definition is this-Someone attaches electro-magnetic tag everything which needs communication between man to man, man to material and material to material(Ubiquitous). By using attached every electro-magnetic tag, someone detects it's native information as well as environmental information such as temperature, humidity, pollution and infiltration information(Sensor). someone connects it realtime network and manage generated information(Network). 21st century's war is joint combined operation connecting with ground, sea and air smoothly in digitalized war field, and is systematic war provided realtime information from sensor to shooter. So, it needs dramatic development on watch reconnaissance, command and control, pinpoint strike etc. Ubiquitous computing and network technologies are essential in national defense to operate 21st century style war. It is possible to use many parts such as USN combined smart dust and sensor network to protect friend unit as well as to watch enemy's deep area by unmanned reconnaissance, wearable computer upgrading soldier's operational ability and combat power dramatically, RFID which can be used material management as well as on time support. Especially, unmanned watch system using USN is core part to transit network centric military service and to get national defense efficiency which overcome the dilemma of national defense person resource reducing, and upgrade guard quality level, and improve combat power by normalizing guardian's bio rhythm. According to the test result of sensor network unmanned watch system, it needs more effort and time to stabilize because of low USN technology maturity and using maturity. In the future, USN unmanned watch system project must be decided the application scope such as application area and starting point by evaluating technology maturity and using maturity. And when you decide application scope, you must consider not only short period goal as cost reduction, soldier decrease and guard power upgrade but also long period goal as advanced defense ability strength. You must build basic infra in advance such as light cable network, frequency allocation and power facility etc. First of all, it must get budget guarantee and driving force for USN unmanned watch system project related to defense policy. You must forwarded the USN project assuming posses of operation skill as procedure, system, standard, training in advance. Operational skill posses is come from step by step application strategy such as test phase, introduction phase, spread phase, stabilization phase and also repeated test application taking example project.

• The Journal of Information Systems
• /
• v.15 no.2
• /
• pp.227-245
• /
• 2006

Several studies have investigated the success of ASP(Application Service Provider) from various perspectives. This study, thus, investigated factors affecting ASP effectiveness in various literature relevant ASP and outsourcing. By applying the basic ideas of the IS success model, this study proposes a research model of the factors affecting the success of ASP, in term of internal factors(Top Management Involvement, User Participation, IS Maturity) and external factors(Transaction Reliability, Service Reliability, System Trust Security). The proposed model is expected to help both researchers and practitioners extend their understanding of the success factors of the ASP effectiveness.

• The Journal of the Korea Contents Association
• /
• v.13 no.3
• /
• pp.339-351
• /
• 2013

In this research, we analyzed the influence factors and introducing outcomes empirically. The influencing factors over IT Outsourcing set up organizational factors(maturity of information system, the support of CEO), dealing factors(asset speciality, uncertainty, degree of using of information system), and risk factors(risk of safety/security. cost increase, loss of autonomy). The result of this study are as follows. In the organizational factors, degree of a maturity of the information system and the support of CEO were analyzed as the variables affecting the introducing outcomes positively. In the dealing factors, however, the degree of using information system was only analyzed as the variables affecting the introducing outcomes positively, while the speciality of asset and the uncertainty factors were analyzed as the variables not affecting the introducing outcomes. In the risk factors, the risk of safety/security and the increase of cost were only analyzed as the variables affecting the introducing outcomes positively, therefore loss of autonomy, was not analyzed as the affecting variables.