• Title, Summary, Keyword: Security

Search Result 21,404, Processing Time 0.064 seconds

The Impact of Organizational Information Security Climate on Employees' Information Security Participation Behavior (조직의 정보보안 분위기가 조직 구성원의 정보보안 참여 행동에 미치는 영향)

  • Park, Jaeyoung;Kim, Beomsoo
    • The Journal of Information Systems
    • /
    • v.29 no.4
    • /
    • pp.57-76
    • /
    • 2020
  • Purpose Although examining the antecedents of employees' extra-role behavior (i.e. information security participation behavior) in the information security context is significant for researchers and practitioners, most behavioral security studies have focused on employees' in-role behavior (i.e. information security policy compliance). Thus, this research addresses this gap by investigating how organizational information security climate influences information security participation behavior based on social information processing theory and Griffin and Neal's safety model. Design/methodology/approach We developed a research model by applying Griffin and Neal's safety model to the information security context and then tested our research model by conducting an online survey for employees of organizations with information security policies. Structural equation modeling (SEM) with SmartPLS 3.3.2 is used to test the corresponding hypothesis. Findings Our results show that organizational information security climate, information security knowledge, information security motivation are effective in motivating information security participation behavior. Also, we find that organizational information security climate positively influences both information security knowledge and information security motivation. Our findings emphasize the importance of organizational information security climate because it is capable of affecting employees on information security participation behavior. Our study contributes to the literature on information security by exploring the role of organizational information security climate in enhancing employees' information security participation behavior.

A Cost-Optimization Scheme Using Security Vulnerability Measurement for Efficient Security Enhancement

  • Park, Jun-Young;Huh, Eui-Nam
    • Journal of Information Processing Systems
    • /
    • v.16 no.1
    • /
    • pp.61-82
    • /
    • 2020
  • The security risk management used by some service providers is not appropriate for effective security enhancement. The reason is that the security risk management methods did not take into account the opinions of security experts, types of service, and security vulnerability-based risk assessment. Moreover, the security risk assessment method, which has a great influence on the risk treatment method in an information security risk assessment model, should be security risk assessment for fine-grained risk assessment, considering security vulnerability rather than security threat. Therefore, we proposed an improved information security risk management model and methods that consider vulnerability-based risk assessment and mitigation to enhance security controls considering limited security budget. Moreover, we can evaluate the security cost allocation strategies based on security vulnerability measurement that consider the security weight.

Incident Response Competence by The Security Types of Firms:Socio-Technical System Perspective (기업 보안 유형에 따른 보안사고 대응역량 : 사회기술시스템 이론 관점에서)

  • Lee, Jeonghwan;Jung, Byungho;Kim, Byungcho
    • Journal of Information Technology Services
    • /
    • v.12 no.1
    • /
    • pp.289-308
    • /
    • 2013
  • This study proceeded to examine the cause of the continuous secret information leakage in the firms. The purpose of this study is to find out what type of security among administrative, technological and physical security would have important influence on firm's security performance such as the security-incident response competence. We established the model that can empirically verify correlation between those three types of security and the security-incident response competence. In addition, We conducted another study to look at relation between developing department of security in the firms and reaction ability at the accidents. According to the study, the administrative security is more important about dealing with the security-incident response competence than the rest. Furthermore, a group with department of security has better the security-incident response competence and shows higher competence in fixing or rebuilding the damage. Therefore, this study demonstrates that investing in administrative security will be effective for the firm security.

Limit of interpreting 'security service' in current 「Security Services Industry Act」 and direction of legislating and revising private security industry (현행 「경비업법」상 경비개념과 경비업무 해석의 한계 및 민간보안산업 관련 입법의 제·개정 방향)

  • Choi, Eun-Ha;Kim, Na-Ri;Yoo, Young-Jae
    • Korean Security Journal
    • /
    • no.50
    • /
    • pp.35-57
    • /
    • 2017
  • Security Act has been partially revised many times since it was revised to "Security Service Act". Main contents of such revision consist of the addition of security work such as protection or special security, responsibility enforcement of security company or security guard and systematic management of security service based on security work of previous security service act. But, it needs to be checked out that the fundamental matter about the concept of 'security' is directly related as double-edged sword in such flow of legal revision. That is because security service satisfies the multiple needs for security in the modern risky society and is based on the concept of active management whose goal is to forster and develop the function of actual security service comparing that current "Security Service Act" regulates the formal security service whose goal is permission of security service and systematic management based on article 2 as previous facilities and manned security that is guard duty-centered security service in another respect. So, this study pointed out the limit of interpreting security and security service in "Security Services Industry Act" in respect of providing private security service and drew the conclusion that the legislation and efforts are required for 'security for citizen' by reinterpreting the legislation and revision of private security service-related law as the normal regulation of "Security Services Industry Act" and the special law of "Private Security Services Industry Act".

  • PDF

The Operating Status of Security Alarm Systems and the Polices for Inproving the Operational Quality (기계경비시스템 운용현황 고찰과 운용품질개선 방안)

  • Sin, Sang-Yeop
    • Korean Security Journal
    • /
    • no.8
    • /
    • pp.197-218
    • /
    • 2004
  • This study has been conducted to provide data that contribute to increasing efficiency of 'Private Security', which is cooperated by customer, security companies and the police which carried out 'Public Law Enforcement' and controls security companies. To reach this purpose, we investigated the status of the 'Security Alarm Systems' operated by security service companied in Korea, analyzed arising problems, considered the polices for improving the operational quality. 'Electronic Security Systems' will increase working efficiency in performing 'Private Security'. There can be no two opinions on this matter. Therefore, it can be supposed that the improvement of operational quality of 'Electronic Security System' is an important factor to accomplish security services. 'Security Alarm System' is one of the 'Electronic Security System'. The critical problems in operating 'Security Alarm system' are unnecessary response by false alarm and nuisance alarm. To reduce the problems, it is suggested that security specialist officially licensed should improve security planning, installation and maintenance, and the 'Alarm Verification System' should be introduced with appropriate facilities.

  • PDF

Problems of Security Act and Solutions (경비업법의 현안과 해결방안)

  • Park, Byung-Sick
    • Korean Security Journal
    • /
    • no.29
    • /
    • pp.87-113
    • /
    • 2011
  • Korean security industry has history of more than half a century, and it is growing fast. Private security industry contributes not only to livelihood safety, but also to national security. The area of the industry is being expanded. Security Act is closely related to the security industry, and has contributed to the growth of private security industry sector. Security Act of Korea, which was established in 1976, was originally made after Japanese Security Act. But nowadays, Korean Security Act is as systematic as the Japanese act. However, for 10 years, Security Act of Korea has been stagnant, not able to reflect security industries' demand. The writer has contributed to the development of Security Act. In 1995, the writer wrote the basic framework of Security Instructor Qualifications System and drafted Security Act in 2002. There are currently many problems in existing Security Act, but there are four representative problems. (1) No more establishment of new security sector, (2) excessively slack qualification criteria, (3) the education system for guards, (4) the security Instructor examination system. This paper derives problems of current Security Act, and suggests solutions for them. Not only the academic world, but all of us should pay attention to the revision of Security Act.

  • PDF

Construction of Security MIB for EDI System

  • Park Tae-Kyou
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.8 no.1
    • /
    • pp.23-37
    • /
    • 1998
  • This paper considers the design and management of security MIB for EDI system. EDI system has to establish various securety wervices and mechanisms to protect against security threats. Hence, the EDIsystem requires appropriate security management to monitor and control the security obhects for its security services and mechanisms. In this paper, I identify security objects for management of secueity services defined in the EDIsystem, and propose the design of a security MIB and describe the use of SNMPnetwork management protocol in its management.

  • PDF

The Proposal of Problems in Private Security Law (경비업법령의 문제와 개정방향)

  • Ahn, Hwang Kwon;Choi, Kyung Chul
    • Convergence Security Journal
    • /
    • v.16 no.1
    • /
    • pp.39-48
    • /
    • 2016
  • In 1976, privative security law in Korea was enacted. Through the law has been revised 23 times, and it reflected changing security environment. Since the private security is now in charge of the daily safety as well as the police, private security law should be revised in overall dimension. First, the name of private security service and terms should be reorganized with applying the current environment of security. For instance, there should be an appropriate range of security service which could contain security consulting, planner, private investigator, and convergence security. Second, the errors of private security law should be corrected and applied to the revised law. Third, some inappropriate contents in the private security law should be revised. Forth, revising the private security law should consider to solve problems in selection, education, and election of security instructor.

A Study on Policy for cost estimate of Security Sustainable Service in Information Security Solutions (정보보안솔루션 보안성 지속 서비스 대가 산정 정책 연구)

  • Jo, Yeon-ho;Lee, Yong-pil;Lim, Jong-in;Lee, Kyoung-ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.4
    • /
    • pp.905-914
    • /
    • 2015
  • Once information security solution is implemented, it requires many services other than just general user management, such as malicious code analysis and security updated for consistent security against external threats or attacks, analysis of threat and attack, effectivity management of obtained security assurance, and advisory activities of security technical professionals. However, even if information security solutions provide those extra services, they are not properly treated in real market. Thus, for the security sustainable services, this study analyzes the service status of domestic information security, and suggest policy measure of price which could reflected the characteristics of information security solutions.

Market Reaction to IT Security Investment Announcements (기업의 정보보호 공시가 기업가치에 미치는 영향)

  • Park, Jaeyoung;Jung, Woo-Jin
    • Knowledge Management Research
    • /
    • v.20 no.4
    • /
    • pp.39-55
    • /
    • 2019
  • Although Firms have been increasing their information security significantly to handle increased security risks, the effects of information security were not well understood. This study aims to investigate the market value of information security by employing the event study methodology. Our research also explores how market responses vary depending on the type of information security announcements. We collected 177 firm-level information security announcements between 2001 and 2017 in South Korea. For all samples, our results indicate that the stock market positively reacts to information security announcements. We also conducted subsample analysis and found that while information security certification announcement has a positive impact on the stock market, information security activities (e.g. award, information security system) announcement had no impact on the stock market. Our study adopted a novel approach (i.e. event study) for investigating the effects of information security and found that information security investment positively affects firm value. Our results allow managers to measure the effects of information security investment and help them make right decisions on information security investment.