• International Journal of Computer Science & Network Security
• /
• 제23권2호
• /
• pp.65-78
• /
• 2023

Investigations on information security factors re- main elusive at small and medium enterprises (SMEs), es- specially for custom-made software solutions. This article aims to investigate, classify, adopt factors from recent literature addressing information security resources. SMEs al- ready have information security in place, but they are not easy to adopt through the negotiation processes between the in-house software development companies and custom-made software clients at SMEs. This article proposes a strategic framework for implementing the process of adoption of the information security factors at SMEs after conducting a systematic snapshot approach for investigating and classifying the resources. The systematic snapshot was conducted using a search strategy with inclusion and exclusion criteria to retain 128 final reviewed papers from a large number of papers within the period of 2001-2022. These papers were analyzed based on a classification schema including management, organizational, development, and environmental categories in software development lifecycle (SDLC) phases in order to define new security factors. The reviewed articles addressed research gaps, trends, and common covered evidence-based decisions based on the findings of the systematic mapping. Hence, this paper boosts the broader cooperation between in-house software development companies and their clients to elicit, customize, and adopt the factors based on clients' demands.

• 한국전자거래학회지
• /
• 제18권3호
• /
• pp.125-142
• /
• 2013

IT비즈니스의 전략적 연계가 강화됨에 따라 금융서비스에서 IT의존도는 높아지고 있다. 안전하고 신뢰된 금융서비스를 제공하기 위해서는 지속적인 정보보호활동을 수행해야 하며, 이에 관한 조직의 정보보호 업무성과 측정은 의사결정 및 경영지원 측면에서 유용하다. 본 논문은 정보보호관리체계(K-ISMS)와 금융IT 부문 정보보호 업무 모범규준의 평가기준을 기반으로 핵심성공요인(CSF, Critical Success Factor)과 핵심성과지표(KPI, Key Performance Indicator)를 도출한다. 이는 정보보호정책 준수에 유의한 영향을 주는 핵심성과지표를 판별하는 논리적 근거를 제공하며, 금융IT 정보보호 역량을 강화하기 위한 정책을 수립하기 위한 기초자료로 활용할 수 있다.

• 산업융합연구
• /
• 제13권2호
• /
• pp.45-54
• /
• 2015

This Study aims to analyze the factors for the success of commercialization of the facial extraction and recognition image security information system of the domestic companies in Korea. As the results of the analysis, the internal factors for the success of commercialization of the facial extraction and recognition image security information system of the company were found to include (1) Holding of technology for close range facial recognition, (2) Holding of several facial recognition related patents, (3) Preference for the facial recognition security system over the fingerprint recognition and (4) strong volition of the CEO of the corresponding company. On the other hand, the external environmental factors for the success were found to include (1) Extensiveness of the market, (2) Rapid growth of the global facial recognition market, (3) Increased demand for the image security system, (4) Competition in securing of the engine for facial extraction and recognition and (5) Selection by the government as one of the 100 major strategic products.

• 융합보안논문지
• /
• 제9권2호
• /
• pp.7-21
• /
• 2009

정보 시스템 보안 체계를 보다 체계적으로 구축하고 효율적으로 운영하기 위해서는 보안에도 전략이 도입되어야 한다. 또한, 전략이 구현되어 성공적으로 작동하기 위해서는 조직 차원의 참여가 필수적이다. 하지만, 조직의 정보 시스템 보안 전략에 관한 연구는 아직까지 전략적 사고에 의한 보안 체계의 배치와 운영에 초점이 맞추어져 있어, 조직 전체를 움직이고 이끌기 위한 총체적 프레임에 관한 연구는 부족한 실정이다. 따라서 본 논문에서는 조직 차원의 보안 전략 수립에 활용할 수 있는 프레임워크를 연구한다. 이를 위하여 조직 차원의 전략 수립이라는 측면에서 총괄 전략의 개념을 도입하였으며, 총괄 전략이 갖는 4차원적 특성을 기반으로 정보 시스템 보안 총괄 전략을 구성하기 위한 프레임워크를 제시한다.

• International Journal of Computer Science & Network Security
• /
• 제23권2호
• /
• pp.210-226
• /
• 2023

It is difficult to transform a blockchain initiative from the feasibility stage to the fully commercialized the technology's products or services, especially considering the significant investment required and the lack of studies on the benefits and barriers from deployment perspective. Whereas some organizations have come up with their own solutions to moving beyond the feasibility stage, commercial applications do not yet exist and few organizations are willing to invest beyond the prototype phase and fill in the gap between the expected and actual business value of these types of projects. This study aims to develop a blockchain model using a survey to gather qualitative data on experts' opinions on the deployment of blockchain technology. Our model will measure how business professionals could take advantage of blockchain's disruptive technology to develop business opportunities. This study's contribution is to show blockchain technology's potential strategic business value. The findings from this exploration include the prospective for delivering comprehensions to businesses for different creating investment choices on the embracing of the blockchain technology.

• 정보보호학회논문지
• /
• 제33권3호
• /
• pp.561-575
• /
• 2023

정보보안 산업은 지난 수십 년간 매우 다양한 성장을 거듭해왔다. 특히 기술적, 관리적, 제도적 측면에서 다양한 해법을 제시해왔다. 그럼에도 불구하고 매년 보안사고는 지속해서 발생하고 있는데 주목해야 한다. 이는기존의 보안이 지나치게 기술 중심, 예방 중심의 정책으로 추진되고 있어서 디지털 시대의 다양한 비즈니스 변화에 한계가 있음을 증명하고 있다. 따라서 최근에 전통적인 보안 접근 방식의 한계를 벗어나고자 인간중심 보안(PCS:People-Centric Security)이 화두가 되고 있다. 본 연구에서는 정보보안 위반의 개념, PCS 전략적원칙, 전문가 인터뷰를 통해 인간이 유발할 수 있는 취약점을 크게 5가지로 구분하고 21개의 세부 구성요소로 분류함으로써 근본적인 보안 사고 대응 방안을 제시하고자 한다.

• International Journal of Computer Science & Network Security
• /
• 제22권7호
• /
• pp.103-108
• /
• 2022

Mass media in the digital age are not only one of the most important elements of the information society but also a strategic resource for its development. Effectively implemented communication makes it possible to build connections not only between individuals, but also between social institutions and representatives of various generational groups of the mass audience, as well as ensure information security in a crisis period. At the same time, in the context of a constantly increasing amount of information flows, more and more often "a person loses the ability to independently think, analyze, and critically perceive information." At the same time, "imposing" on the representatives of this or that society, through the content of multi-format mass media or active authors of social networks, a certain point of view on the problem becomes a completely realizable task. Thus, the main task of the study is to analyze the anti-crisis communications in legal discourse in terms of ensuring information security. As a result of the study, current trends and prerequisites of anti-crisis communications in legal discourse in terms of ensuring information security were revealed.

• International Journal of Computer Science & Network Security
• /
• 제21권11호
• /
• pp.111-118
• /
• 2021

The authors of the study highlight the conceptual foundations of the investment mechanism of innovation of enterprises in the context of strategic development. Such indicators of investment attraction for the enterprise as investment attractiveness, investment activity of the enterprise, critical mass of investments, minimum sufficiency of investments and others are singled out. It is proved that the balance of investment resources is facilitated by the action of the investment mechanism of innovation activity at the enterprise in the context of achievements of strategic development tasks. Investment processes and their intensification have an impact on the expansion of production capacity of economic entities in strategic development and on improving the efficiency of existing capacities. The investment mechanism of innovative activity at the enterprise in the context of achievement of tasks of strategic development contains system of complex actions which provides: definition of the clear purpose and tasks for the mechanism and achievement of the purposes of the enterprise; assessment of the investment potential of the enterprise; definition of tasks of innovative development of enterprises and investment resources necessary for this purpose, etc. The tasks of the investment mechanism of innovative activity at the enterprise in the context of achievements of tasks of strategic development and its economic, organizational and information components are singled out, as well as levers of influence and regulators of the investment mechanism of innovation in the enterprise.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제9권10호
• /
• pp.4177-4190
• /
• 2015

Current research on Internet of Things (IoT) has primarily addressed the means to enhancing smart resource allocation, automatic network operation, and secure service provisioning. In particular, providing satisfactory security service in IoT systems is indispensable to its mission critical applications. However, limited resources prevent full security coverage at all times. Therefore, these limited resources must be deployed intelligently by considering differences in priorities of targets that require security coverage. In this study, we have developed a new application of Cognitive Radio (CR) technology for IoT systems and provide an appropriate security solution that will enable IoT to be more affordable and applicable than it is currently. To resolve the security-related resource allocation problem, game theory is a suitable and effective tool. Based on the Blotto game model, we propose a new strategic power allocation scheme to ensure secure CR communications. A simulation shows that our proposed scheme can effectively respond to current system conditions and perform more effectively than other existing schemes in dynamically changeable IoT environments.

• 한국컴퓨터정보학회논문지
• /
• 제29권4호
• /
• pp.73-82
• /
• 2024

2017년 UN에서는 전 세계적으로 60세 이상 인구는 모든 젊은 연령층보다 빠르게 증가하고 있으며, 2050년까지 60세 이상 인구는 아프리카를 제외한 전 세계 인구의 최소 25%를 구성할 것으로 예상하였다. 세계는 전반적으로 고령화로 인해 일을 할 수 있는 인구의 증가율이 감소하고 있으며, 청년층은 힘들고 어려운 직업을 선호하지 않고 있다. 이론적으로는 인공지능을 겸비한 AI가 모든 분야에서 사람을 대신할 수 있다고 하지만 윤리적인 판단 등 현실 세계의 정보보호 분야에서는 사람의 판단과 노하우가 절대적으로 필요하다. 이에, 본 논문에서는 IT 종사자 중 50대 이상 퇴직자 또는 전직을 희망하는 사람을 대상으로 재교육을 통해 현업으로 유입시키는 방법을 제안하고자 한다. 연구를 위해 수요 부분의 정부·공공기관 21곳과 공급 부분의 보안관제전문업체 9곳을 대상으로 설문하였으며 설문 결과 공급(78%)와 수요(90%) 모두가 절대적으로 필요하다는 데 의견을 모았다. 향후 이 연구 결과를 토대로 현장에 적용한다면 인구 저출산 100세 시대에 정보보호분야 시니어의 전략적 육성으로 대한민국 정보보호산업의 초석이 될 신규시장을 발굴할 수 있을 것이다.