• Title/Summary/Keyword: Information Security Support Policy

Search Result 134, Processing Time 0.021 seconds

A Study on the Factors for Violation of Information Security Policy in Financial Companies : Moderating Effects of Perceived Customer Information Sensitivity (금융회사 정보보안정책의 위반에 영향을 주는 요인 연구 : 지각된 고객정보 민감도에 따른 조절효과)

  • Lee, Jeong-Ha;Lee, Sang-Yong Tom
    • Journal of Information Technology Applications and Management
    • /
    • v.22 no.4
    • /
    • pp.225-251
    • /
    • 2015
  • This paper analyzed factors for employees to violate information security policy in financial companies based on the theory of reasoned action (TRA), general deterrence theory (GDT), and information security awareness and moderating effects of perceived sensitivity of customer information. Using the 376 samples that were collected through both online and offline surveys, statistical tests were performed. We found that the perceived severity of sanction and information security policy support to information policy violation attitude and subjective norm but the perceived certainty of sanction and general information security awareness support to only subjective norm. Also, the moderating effects of perceived sensitivity of customer information against information policy violation attitude and subjective norm were supported. Academic implications of this study are expected to be the basis for future research on information security policy violations of financial companies; Employees' perceived sanctions and information security policy awareness have an impact on the subjective norm significantly. Practical implications are that it can provide a guide to establish information security management strategies for information security compliance; when implementing information security awareness training for employees to deter violations by emphasizing the sensitivity of customer information, a company should make their employees recognize that the customer information is very sensitive data.

A Study on Improvement Plans of SMEs Support Policy for Information Security in Korea (국내 중소기업 정보보호 지원 정책 개선 방안에 관한 연구)

  • Jang, Sang-Soo
    • Journal of Convergence for Information Technology
    • /
    • v.10 no.11
    • /
    • pp.332-339
    • /
    • 2020
  • This study aims to analyze problems and deduce improvement plans for information security support policies for SMEs in Korea. To this end, an effective support policy necessary for reinforcing cyber safety nets to enhance the level of information security of domestic SMEs based on the analysis results by analyzing the status and problems of the previous research review and analysis, the current status of information security of SMEs and the information security support policies of major SMEs at home and abroad. I would like to suggest improvement measures. Reinforcement of awareness, legal basis, voluntary capacity building, joint response system, professional manpower and budget support, cyber security construction, untact era support, and regional strategic industry security internalization were suggested. This can be used as the government's information security support policy to raise the level of information security of SMEs in preparation for the post Covid19.

A Study on the Information Security Measures Influencing Information Security Policy Compliance Intentions of IT Personnel of Banks (은행 IT 인력의 정보보호 정책 준수에 영향을 미치는 정보보호 대책에 관한 연구)

  • Shim, Joonbo;Hwang, K.T.
    • Journal of Information Technology Applications and Management
    • /
    • v.22 no.2
    • /
    • pp.171-199
    • /
    • 2015
  • This study proposes the practical information security measures that help IT personnel of banks comply the information security policy. The research model of the study is composed of independent variables (clarity and comprehensiveness of policy, penalty, dedicated security organization, audit, training and education program, and top management support), a dependent variable (information security policy compliance intention), and moderating variables (age and gender). Analyses results show that the information security measures except 'clarity of policy' and 'training and education program' are proven to affect the 'information security policy compliance intention.' In case of moderating variables, age moderated the relationship between top management support and compliance intention, but gender does not show any moderating effect at all. This study analyzes information security measures based solely on the perception of the respondents. Future study may introduce more objective measurement methods such as systematically analyzing the contents of the information security measures instead of asking the respondents' perception. In addition, this study analyzes intention of employees rather than the actual behavior. Future research may analyze the relationship between intention and actual behavior and the factors affecting the relationship.

Priority of the Government Policy to support Industrial Security - Focus on a companies' demand and efficiency of policy - (산업보안 지원 정책 결정의 우선 순위 - 기업 수요와 효율성을 중심으로 -)

  • Kim, Chang-Ho;Yu, Jai-Hwan
    • Korean Security Journal
    • /
    • no.42
    • /
    • pp.155-178
    • /
    • 2015
  • This study surveyed the subject of companies' industrial security on priorities of the government policy for the confidentiality of corporate and the necessity of expanding the government support for the industrial security. In determining the priority, we should consider all opinions of companies, individuals, societies, and governments that associated with the confidentiality. Especially in industrial security, companies are the most significant beneficiaries and consumers of security policy and it would be the basis for supporting on policy-making. As a result, we analyzed the 50 valid questionnaires collected from security personnel of Korean corporations and 'Enhance support for education and promotion of human resource (On/Off-Line)', 'Establish Security management and Security measures', and 'Enhance Security professionals status via qualifications/certifications' are shown as 1st, 2nd, 3rd priority of government policy to protect Corporate confidential information including its customer information. All respondents of the study says that the Government support for Industrial Security should be enlarged.

  • PDF

A Study on Employee's Compliance Behavior towards Information Security Policy : A Modified Triandis Model (조직 구성원의 정보보안정책 준수행동에 대한 연구 : 수정된 Triandis 모델의 적용)

  • Kim, Dae-Jin;Hwang, In-Ho;Kim, Jin-Soo
    • Journal of Digital Convergence
    • /
    • v.14 no.4
    • /
    • pp.209-220
    • /
    • 2016
  • Although organizations are providing information security policy, education and support to guide their employees in security policy compliance, accidents by non-compliance is still a never ending problem to organizations. This study investigates the factors that influence employees' information security policy compliance behavior using elements of Triandis model. We analyzed the relationships among Triandis model's factors using PLS(Partial Least Squares). The result of the hypothesis tests shows that organization can induce individual's information security policy compliance intention and behavior by information security policy and facilitating conditions that support it, and proves the importance of members' expected value, habit and affect about information security compliance. This study is significant in a way that it applies Triandis model in the field of information security, and presents direction for members' information security behavior, and will be able to provide measures to establish organization's information security policy and increase members' compliance behavior.

Comparative study of the privacy information protection policy - Privacy information basic laws and dedicated organizations - (국내외 개인정보보호정책 비교 분석 - 개인정보보호 법률과 전담조직을 중심으로 -)

  • Jeong, Dae-Kyeong
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.4
    • /
    • pp.923-939
    • /
    • 2012
  • In the information society, to serve the normal economic activity and to delivery the public service is to secure the privacy information. The government endeavors to support with the privacy protection laws and public organizations. This paper is to study the privacy protection policy in the major countries by analyzing the laws and organizations. At last, The study is to examine the policy tasks to support the privacy protection policy.

Information Security of Organization and Employees in Social Exchange Perspective : Using Structure-Conduct-Outcome Framework (SCO Framework을 적용한 조직과 조직원의 정보보안 준수 관계 연구)

  • Hwang, In-Ho;Kim, Sanghyun
    • The Journal of Information Systems
    • /
    • v.28 no.4
    • /
    • pp.105-129
    • /
    • 2019
  • Purpose Issues related to information security have been a crucial topic of interest to researchers and practitioners in the IT/IS field. This study develops a research model based on a Structure-Conduct-Outcome (SCO) framework for the social exchange relationship between employees and organizations regarding information security. Design/methodology/approach In applying an SCO framework to information security, structure and conduct are activities imposed on employees within an organizational context; outcomes are activities that protect information security from an employee. Data were collected from 438 employees working in manufacturing and service firms currently implementing an information security policy in South Korea. Structural equation modeling (SEM) with AMOS 22.0 is used to test the validation of the measurement model and the proposed casual relationships in the research model. Findings The results demonstrate support for the relationships between predicting variables in organization structure (security policy and physical security system) and the outcome variables in organization conduct (top management support, security education program, and security visibility). Results confirm that the three variables in organization conduct had a positive effect on individual outcome (security knowledge and compliance intention).

A study on the information security compliance and non-compliance causes of organization employees (조직구성원의 정보보안 준수 및 미준수 원인에 대한 연구)

  • Hwang, In-Ho;Hu, Sung-Ho
    • Journal of the Korea Convergence Society
    • /
    • v.11 no.9
    • /
    • pp.229-242
    • /
    • 2020
  • The purpose of this study is to present the environmental factors of positive and negative aspects that affect the information security compliance intention, and reveals the relationship of the individual's the security compliance intention. The subjects of this study are employees of organizations that apply information security policies and technologies, and effective samples were obtained through surveys. In the process of analysis, the study model was verified through structural equation modeling. The measurement variables consisted of security policy, security system, technical support, work impediment, security non-visibility, compliance intention and organizational commitment and used for analysis. The results confirmed that security compliance factors such as policy, system, technical support, and non-compliance factors, work impediment, respectively, had an impact on organizational commitment, leading to compliance intention. The verification result of the research model suggests the direction of establishing a security compliance strategy for employees to improve the level of information security compliance of the organization.

Protection of Information Sovereignty as an Important Component of the Political Function of the State

  • Zadorozhnia, Halyna;Mykhtunenko, Viktoriia;Kovalenko, Hanna;Kuryliuk, Yurii;Yurchenko, Liubov;Maslennykova, Tetiana
    • International Journal of Computer Science & Network Security
    • /
    • v.21 no.9
    • /
    • pp.151-154
    • /
    • 2021
  • State information policy is an important component of foreign and domestic policy of the country and covers all spheres of society. The rapid development of the information sphere is accompanied by the emergence of fundamentally new threats to the interests of the individual, society, state and its national security. The article considers the components of the state information policy to ensure information security of the country and identifies the main activities of public authorities in this area. Internal and external information threats to the national security of Ukraine and ways to guarantee the information security of the country are analyzed. Information security is seen as a component of national security, as well as a global problem of information protection, information space, information sovereignty of the country and information support of government decisions. Approaches to ensure the process of continuity of the information security system of the state in order to monitor new threats, identify risks and levels of their intensity are proposed.

Priority Analysis of Information Security Policy in the ICT Convergence Industry in South Korea Using Cross-Impact Analysis (교차영향분석을 이용한 국내 ICT 융합산업의 정보보호정책 우선순위 분석)

  • Lee, Dong-Hee;Jun, Hyo-Jung;Kim, Tae-Sung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.3
    • /
    • pp.695-706
    • /
    • 2018
  • In recent years, industrial convergence centered on ICBM (internet of things (IoT), cloud, big data, mobile) has been experiencing rapid development in various fields such as agriculture and the financial industry. In order to prepare for cyber threats, one of the biggest problems facing the convergence industry in the future, the development of the industry must proceed in tandem with a framework of information security. In this study, we analyze the details of the current industrial development policy and related information protection policies using cross impact analysis and present policy priorities through the expert questionnaire. The aim of the study was to clarify the priorities and interrelationships within information security policy as a first step in suggesting effective policy direction. As a result, all six information security policy tasks derived from this study belong to key drivers. Considering the importance of policies, policies such as improving the constitution of the security industry and strengthening of support, training of information protection talent, and investing in the information security industry need to be implemented relatively first.