• The Journal of Information Systems
• /
• v.29 no.4
• /
• pp.57-76
• /
• 2020

Purpose Although examining the antecedents of employees' extra-role behavior (i.e. information security participation behavior) in the information security context is significant for researchers and practitioners, most behavioral security studies have focused on employees' in-role behavior (i.e. information security policy compliance). Thus, this research addresses this gap by investigating how organizational information security climate influences information security participation behavior based on social information processing theory and Griffin and Neal's safety model. Design/methodology/approach We developed a research model by applying Griffin and Neal's safety model to the information security context and then tested our research model by conducting an online survey for employees of organizations with information security policies. Structural equation modeling (SEM) with SmartPLS 3.3.2 is used to test the corresponding hypothesis. Findings Our results show that organizational information security climate, information security knowledge, information security motivation are effective in motivating information security participation behavior. Also, we find that organizational information security climate positively influences both information security knowledge and information security motivation. Our findings emphasize the importance of organizational information security climate because it is capable of affecting employees on information security participation behavior. Our study contributes to the literature on information security by exploring the role of organizational information security climate in enhancing employees' information security participation behavior.

• Journal of Information Processing Systems
• /
• v.16 no.1
• /
• pp.61-82
• /
• 2020

The security risk management used by some service providers is not appropriate for effective security enhancement. The reason is that the security risk management methods did not take into account the opinions of security experts, types of service, and security vulnerability-based risk assessment. Moreover, the security risk assessment method, which has a great influence on the risk treatment method in an information security risk assessment model, should be security risk assessment for fine-grained risk assessment, considering security vulnerability rather than security threat. Therefore, we proposed an improved information security risk management model and methods that consider vulnerability-based risk assessment and mitigation to enhance security controls considering limited security budget. Moreover, we can evaluate the security cost allocation strategies based on security vulnerability measurement that consider the security weight.

• Journal of Information Technology Services
• /
• v.12 no.1
• /
• pp.289-308
• /
• 2013

This study proceeded to examine the cause of the continuous secret information leakage in the firms. The purpose of this study is to find out what type of security among administrative, technological and physical security would have important influence on firm's security performance such as the security-incident response competence. We established the model that can empirically verify correlation between those three types of security and the security-incident response competence. In addition, We conducted another study to look at relation between developing department of security in the firms and reaction ability at the accidents. According to the study, the administrative security is more important about dealing with the security-incident response competence than the rest. Furthermore, a group with department of security has better the security-incident response competence and shows higher competence in fixing or rebuilding the damage. Therefore, this study demonstrates that investing in administrative security will be effective for the firm security.

• Korean Security Journal
• /
• no.50
• /
• pp.35-57
• /
• 2017

Security Act has been partially revised many times since it was revised to "Security Service Act". Main contents of such revision consist of the addition of security work such as protection or special security, responsibility enforcement of security company or security guard and systematic management of security service based on security work of previous security service act. But, it needs to be checked out that the fundamental matter about the concept of 'security' is directly related as double-edged sword in such flow of legal revision. That is because security service satisfies the multiple needs for security in the modern risky society and is based on the concept of active management whose goal is to forster and develop the function of actual security service comparing that current "Security Service Act" regulates the formal security service whose goal is permission of security service and systematic management based on article 2 as previous facilities and manned security that is guard duty-centered security service in another respect. So, this study pointed out the limit of interpreting security and security service in "Security Services Industry Act" in respect of providing private security service and drew the conclusion that the legislation and efforts are required for 'security for citizen' by reinterpreting the legislation and revision of private security service-related law as the normal regulation of "Security Services Industry Act" and the special law of "Private Security Services Industry Act".

• Korean Security Journal
• /
• no.8
• /
• pp.197-218
• /
• 2004

This study has been conducted to provide data that contribute to increasing efficiency of 'Private Security', which is cooperated by customer, security companies and the police which carried out 'Public Law Enforcement' and controls security companies. To reach this purpose, we investigated the status of the 'Security Alarm Systems' operated by security service companied in Korea, analyzed arising problems, considered the polices for improving the operational quality. 'Electronic Security Systems' will increase working efficiency in performing 'Private Security'. There can be no two opinions on this matter. Therefore, it can be supposed that the improvement of operational quality of 'Electronic Security System' is an important factor to accomplish security services. 'Security Alarm System' is one of the 'Electronic Security System'. The critical problems in operating 'Security Alarm system' are unnecessary response by false alarm and nuisance alarm. To reduce the problems, it is suggested that security specialist officially licensed should improve security planning, installation and maintenance, and the 'Alarm Verification System' should be introduced with appropriate facilities.

• Korean Security Journal
• /
• no.29
• /
• pp.87-113
• /
• 2011

Korean security industry has history of more than half a century, and it is growing fast. Private security industry contributes not only to livelihood safety, but also to national security. The area of the industry is being expanded. Security Act is closely related to the security industry, and has contributed to the growth of private security industry sector. Security Act of Korea, which was established in 1976, was originally made after Japanese Security Act. But nowadays, Korean Security Act is as systematic as the Japanese act. However, for 10 years, Security Act of Korea has been stagnant, not able to reflect security industries' demand. The writer has contributed to the development of Security Act. In 1995, the writer wrote the basic framework of Security Instructor Qualifications System and drafted Security Act in 2002. There are currently many problems in existing Security Act, but there are four representative problems. (1) No more establishment of new security sector, (2) excessively slack qualification criteria, (3) the education system for guards, (4) the security Instructor examination system. This paper derives problems of current Security Act, and suggests solutions for them. Not only the academic world, but all of us should pay attention to the revision of Security Act.

• Convergence Security Journal
• /
• v.16 no.1
• /
• pp.39-48
• /
• 2016

In 1976, privative security law in Korea was enacted. Through the law has been revised 23 times, and it reflected changing security environment. Since the private security is now in charge of the daily safety as well as the police, private security law should be revised in overall dimension. First, the name of private security service and terms should be reorganized with applying the current environment of security. For instance, there should be an appropriate range of security service which could contain security consulting, planner, private investigator, and convergence security. Second, the errors of private security law should be corrected and applied to the revised law. Third, some inappropriate contents in the private security law should be revised. Forth, revising the private security law should consider to solve problems in selection, education, and election of security instructor.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.8 no.1
• /
• pp.23-37
• /
• 1998

This paper considers the design and management of security MIB for EDI system. EDI system has to establish various securety wervices and mechanisms to protect against security threats. Hence, the EDIsystem requires appropriate security management to monitor and control the security obhects for its security services and mechanisms. In this paper, I identify security objects for management of secueity services defined in the EDIsystem, and propose the design of a security MIB and describe the use of SNMPnetwork management protocol in its management.

• Knowledge Management Research
• /
• v.20 no.4
• /
• pp.39-55
• /
• 2019

Although Firms have been increasing their information security significantly to handle increased security risks, the effects of information security were not well understood. This study aims to investigate the market value of information security by employing the event study methodology. Our research also explores how market responses vary depending on the type of information security announcements. We collected 177 firm-level information security announcements between 2001 and 2017 in South Korea. For all samples, our results indicate that the stock market positively reacts to information security announcements. We also conducted subsample analysis and found that while information security certification announcement has a positive impact on the stock market, information security activities (e.g. award, information security system) announcement had no impact on the stock market. Our study adopted a novel approach (i.e. event study) for investigating the effects of information security and found that information security investment positively affects firm value. Our results allow managers to measure the effects of information security investment and help them make right decisions on information security investment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.8 no.3
• /
• pp.63-78
• /
• 1998

Recently, to use the evaluated firewall is recognized as a solution to achieve the security and reliability for government and organizarions in Korea. Results of firewall evaluation using ITSEC(Information Technology Security Evaluation Criteria) and CCPP(Common Criteria Protection Peofile)have been announced. Because there are problems to apply ITSECor CCPP for the firewall evaluation in korea environment, korea government and korea Information security Agency (KISA) decided to develop our own security dvaluation critrtia fir firewalls.As a result of the efforts, Korea firewall security evaluation criteria has been published on Feb. 1998. In this paper, we introduce Korea security evaluation criteria for firewalls. The ceiteria consists of functional and assurance requirements that are compatible with CC Evaluation Assurance Levels(EALs)