• Journal of Information Technology Applications and Management
• /
• v.18 no.2
• /
• pp.91-108
• /
• 2011

Enormous losses of shareholders and consumers caused by the risks threatening today's business (e.g., accounting fraud and inside trading) have ignited the necessity of international regulations on corporate ethics and internal control, such as Basel II and SOX. Responding to these regulations, companies are establishing governance system, applying it consistently to the core competency of the company, and increasing the scope of the governance system. Recently occurred security related incidents require companies to take more strict accountability over information security. One of the results includes strengthening of legislation and regulations. For these reasons, introduction of information security governance is needed. Information security governance governs the general information security activities of the company (establishment of information security management system, implementation of information security solutions) in the corporate level. Recognizing that the information security is not restricted to IT domain, but is the issue of overall business, this study develops information security governance framework based on the existing frameworks and systems of IT governance. The information security governance framework proposed in the study include concept, objective, and principle schemes which will help clearly understand the concepts of the information security governance, and execution scheme which will help implement proper organization, process and tools needed for the execution of information security governance.

• Journal of Advanced Navigation Technology
• /
• v.14 no.6
• /
• pp.935-950
• /
• 2010

The purpose of this study is to try to find out the relationship between the perception and behavior of employees and the Information Security Governance (ISG) which consists of leadership and governance, security management and organization, security policies, security program management, user security management, and technology protection and operations. Some effective suggestions from the verification of research hypotheses and the analysis of the most appropriate model were drawn out.

• The Journal of Society for e-Business Studies
• /
• v.16 no.1
• /
• pp.133-151
• /
• 2011

To solidate information security, Korea government introduces information security governance. The public institutions and agencies in korea have begun to recognize the importance of information security governance. For solidating information security governance, the government has tried to establish and solidate an information security policy and information security systems. This study suggests factors affecting the level of information security governance in the public agencies and institutions through the factor analysis and the linear regression analysis. The results of this study show that the CEO's support is able to elevate the level of information security governance. The level of information security governance has relation with the number of the staff in information departments, and the budget in the public agencies and the institutions. This study provides directions for the public agencies and the institution for elevating the levels of information security governance.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.17 no.4
• /
• pp.769-774
• /
• 2013

In order to strengthen the protection of information, public institutions have introduced information security governance system. Public institutions recognizes the importance of information security governance system, and have striven to establish information security governance by establishing institutions and making policies. In this paper, in order to investigate ways that will be the basis for the establishment of information security governance in public institutions, we studied the necessity and model of information security governance. Also, by studying the government policies and cases, we proposed the direction of the policy.

• Journal of Digital Convergence
• /
• v.8 no.4
• /
• pp.97-108
• /
• 2010

Nowadays, information security governance which is an integral part of corporate governance has become an important issue in protecting valuable business information assets. However, there are few organizations which have implemented information security governance because of its abstract concept. The objective of this paper is to develop CSFs for implementing information security governance. Ten CSFs were developed based on the ISO/IEC 27014 Information Security Governance Framework.

• Convergence Security Journal
• /
• v.10 no.4
• /
• pp.13-19
• /
• 2010

The flow of time, depending on the company's ongoing business link to guarantee the proportion of much greater importance, it in the organization as part of an enterprise-wide level, rather than acting on the information society has been considered as the topic of race. Information Security Governance, the integrity of the information, service continuity, the three kinds of information asset protection purpose begins. It is essential for corporate governance, transparency should be part, must be aligned with the IT framework. Existing information security governance framework that small businesses a wide range of governance issues and interests have never had. Therefore, we simplified the information security governance framework is proposed, and solve problems, and propose a framework for analysis of the safety and efficiency through the analysis of the effectiveness of the proposed method were discussed.

• Convergence Security Journal
• /
• v.17 no.1
• /
• pp.39-44
• /
• 2017

The existing enterprise information security activities were centered on the information security organization, and the top management considers information security and enterprise management to be separate. However, various kinds of security incidents are constantly occurring. In order to cope with such incidents, it is necessary to protect information in terms of business management, not just information security organization. In this study, we examine the existing corporate governance and IT governance, and present an information security governance model that can reflect the business goals of the enterprise and the goals of the management. The information security governance model proposed in this paper induces the participation of top management from the planning stage and establishes information security goals. We can strengthen information security activities by establishing an information security plan, establishing and operating an information security system, and reporting the results to top management through compliance audit, vulnerability analysis and risk management.

• Journal of Digital Convergence
• /
• v.16 no.6
• /
• pp.205-212
• /
• 2018

This Study aims to propose a new information security governance model design method for streamlining security governance at national strategic level. The research method of this study is to diagnose our operational experience and to derive a new model design method. In the meantime, national information security activities were perceived to be focused on knowledge transfer, and motivation of activities and securing of executive power were weak. As a result, security blind spots and frequent occurrence of large security incidents have become unresolved challenges. National cyber security governance should be grouped together as a whole systematically from the upper policy to the lower level of performance under the responsibility of the national leader. Based on this approach, this study presented the comprehensive framework of Korean security governance model and embodied it into four architectural designs such as vision, goal, process, and performance, thus deriving the foundation for future national governance model design. Further research is needed to diagnose problems in life cycle flow, security policies based on environmental changes, and new frameworks in which all subjects participate.

• Convergence Security Journal
• /
• v.20 no.3
• /
• pp.39-46
• /
• 2020

In order to protect the business information of the enterprise, the company is engaged in various information security activities, such as establishing an information security management system, establishing and operating an information security system, checking vulnerabilities and security controls. It is an enterprise information security governance that organizes various information security activities for enterprise business, and it needs to be systematized to operate them effectively. In this study, to systematize the enterprise information security governance, we would like to explore the existing Enterprise Information Portal(EIP) model and propose an Enterprise Information Security Portal(EISP) model based on it. The Enterprise Information Security Portal(EISP) model provides an integrated environment for supporting the activities of the information security departments by systemizing the enterprise information security governance, which is a variety of information security activities of the enterprises, so that the information security activities of the enterprises can participate directly from CEO to executives and employees, not just from the information security departments.

• Convergence Security Journal
• /
• v.7 no.4
• /
• pp.83-91
• /
• 2007

Information security is a critical issue for network centric warfare(NCW). This paper provides a information security governance index for NCW, which is a result of the research through a group decision making process. The purpose of the research is to intended to help military organization's planners determine the degree to which they have implemented an information systems governance framework at the strategic and tactical level within their organization.