• ETRI Journal
• /
• 제37권2호
• /
• pp.428-437
• /
• 2015

This study was conducted to analyze the effect of information security activities on organizational performance. With this in mind and with the aim of resolving transaction stability in the securities industry, using an organization's security activities as a tool for carrying out information security activities, the effect of security activities on organizational performance was analyzed. Under the assumption that the effectiveness of information security activities can be bolstered to enhance organizational performance, such effects were analyzed based on Herzberg's motivation theory, which is one of the motivation theories that may influence information protection activities. To measure the actual attributes of the theoretical model, an empirical survey of the securities industry was conducted. In this explorative study, the proposed model was verified using partial least squares as a structural equation model consisting of IT service, information security, information sharing, transaction stability, and organizational performance.

• International Journal of Contents
• /
• 제11권3호
• /
• pp.14-23
• /
• 2015

This paper presents the findings of a study in which students at a four-year university were surveyed in an effort to analyze and verify the differences in perceived security awareness, security-related activities, and security damage experiences when using smartphones, based on demographic variables such as gender, academic year, and college major. Moreover, the perceived security awareness items and security-related activities were tested to verify whether they affect the students' security damage experience. Based on survey data obtained from 592 participants, the findings indicate that demographic differences exist for some of the survey question items. The majority of the male students replied "affirmative" to some of the questions related to perceived security awareness and "enthusiastic" to questions about security-related activities. Some academic year differences exist in the responses to perceived security awareness and security-related activities. On the whole, freshmen had the lowest level of security awareness. Security alert seems to be very high in sophomores, but it decreases as the students become older. While the difference in perceived security awareness based on college major was not significant, the difference in some security-related activities based on that variable was significant. No significant difference was found in some items such as storing private information in smartphones and frequency of implementation of security applications based on the college major variable. However, differences among the college majors were verified in clicking hyperlinks in unknown SMS messages and in the number of security applications in smartphones. No differences were found in security damage experiences based on gender, academic year, and college major. Security awareness items had no impact on the experience of security damage in smartphones. However, some security activities, such as storing resident registration numbers in a smartphone, clicking hyperlinks in unknown SMS messages, the number of security apps in a smartphone, and the frequency of implementation of security apps did have an impact on security damage.

• 정보처리학회논문지D
• /
• 제17D권3호
• /
• pp.223-232
• /
• 2010

본 연구는 정보보호 아키텍처 구성과 보안활동이 정보자산보호 및 조직성과에 미치는 영향력을 밝히는데 목적을 갖고 정부, 공공기관, 민간 기업 종사자 300명을 대상으로 설문조사 하였다. 연구결과 분류식별과 위험분석 관리요인이 내부정보 유출방지를 위한 정보보호 아키텍처 구성 및 보안활동에 유용성을 갖는 것으로 나타났다. 그리고 정보기술 아키텍처와 구성원의 인식과 교육요인은 기각됨으로써 제한적인 정보보호 아키텍처 구성 및 보안활동이 요구됨을 시사해 주었다. 독립변인으로서의 아키텍처와 구성원에 대한 재인식을 위한 교육은 그 만큼 중요함을 인식시켜 주고, 일반화된 프로세스로 정보보호 통제나 관리 활동에 크게 기여하지 못하고 다만 위험분류 식별관리와 위험분석 관리의 일반화를 통한 엄격한 보안활동이 유의적인 조직성과에 미치는 영향이 큼을 시사해 준 것이라 할 수 있다.

• 융합보안논문지
• /
• 제20권3호
• /
• pp.39-46
• /
• 2020

기업은 기업의 비즈니스 정보를 보호하기 위해 정보보호 관리체계 구축, 정보보호 시스템 구축 및 운영, 취약점 점검, 보안 관제 등 다양한 정보보호 활동을 하고 있다. 기업 비즈니스를 위한 다양한 정보보호 활동들을 체계화한 것이 기업 정보보호 거버넌스라고 할 수 있으며, 이를 효과적으로 운영하기 위해서는 시스템화할 필요성이 있다. 본 연구에서는 기업 정보보호 거버넌스를 시스템화하기 위해 기존의 기업 정보 포털(EIP) 모델에 대해 알아보고, 이에 기반한 기업 정보보호 포털(EISP) 모델을 제시하고자 한다. 기업 정보보호 포털(EISP) 모델은 기업의 다양한 정보보호 활동인 기업 정보보호 거버넌스를 시스템화하여 정보보호부서의 활동을 지원하고 기업의 정보보호 활동이 정보보호부서만의 활동이 아닌 최고경영자부터 임직원까지 직접 참여할 수 있도록 통합된 환경을 제시한다.

• 정보보호학회논문지
• /
• 제27권4호
• /
• pp.897-912
• /
• 2017

본 논문은 정보보호 인식을 매개로 기업이 정보보호 활동을 수행했을 때 정보보호 침해 사고 예방에 어떤 효과가 있는지에 초점을 맞춘다. 본 연구 모델로 정보보호 활동과 정보보호 인식이 정보보호 침해 사고를 감소시킨다는 가설을 설정하였다. 분석 대상의 일반적 특성은 빈도 분석을 실시하였으며, 측정 도구의 신뢰도는 Cronbach's ${\alph}$ 계수를 활용하였으며 분석 결과, 정보보호 활동과 정보보호 인식 그리고 정보보호 침해 사고의 관계에 대한 가설이 입증되었다.

• 시큐리티연구
• /
• 제56호
• /
• pp.107-124
• /
• 2018

국내 민간경호는 질적 산업으로 양산화 되기보다는 국내 업체들 간의 과열 경쟁으로 소수 업체를 제외하고 영세한 업체로 난립하는 양상을 보이고 있다. 이런 상황에서 한국계 중국인은 자체적으로 자국민을 위한 업무 영역을 만들어 국내 업체들과의 차별화된 산업으로 전문화되어지고 있는 상황이다. 본 연구는 재한 외국인 민간경호의 성장요인을 분석하고 선의 경쟁을 하는 한국 민간경호와 한국계 중국인 민간경호를 시작으로 협업을 통한 성공적인 활성화 개선방안을 제시하는데 그 목적이 있다. 본 연구에서 도출한 연구결과는 다음과 같다. 첫째, 한국계 중국인 경호활동의 성장을 불안감 없이 인정해야 하는지 둘째, 한국계 중국인 경호활동이 한국 내 필요한 이유를 찾기 위한 분석과 연구 지속적으로 진행되어야 한다. 셋째, 한국계 중국인 경호활동의 장점과 단점을 분석하여 한정되어 있는 국내 경호활동에서 벗어나기 위한 노력 중의 하나로 언어 능력 향상이 필요하다. 어렵다면 언어 구사가 가능한 인재를 발탁하여 경호활동 가능자로 배출해야 한다. 넷째, 한국계 중국인 경호활동과 국내 경호활동의 협업 활성화를 위하여 한국계 중국인에 대한 인식이 우선 변화되어야하며, 경쟁속의 경호활동이 아닌 서로를 이해하고 상부상조하는 회사 대 회사로 인정하는 관계 개선이 시급하다.

• 대한안전경영과학회지
• /
• 제17권3호
• /
• pp.205-213
• /
• 2015

This study aims to verify the structural correlation empirically between information security performance and information management performance. To verify the correlation, three factors such as managerial controlled activity, technical controlled activity, and physical controlled activity are divided for the information security activities variable. the security performance are divided into accident prevention and accident response variables. As a result, security organization activity is a unique factor being positively significant to information security and management performance. And three activities such as human security, security training, development security do not affect at all on both information security and management performance.

• Asia pacific journal of information systems
• /
• 제22권1호
• /
• pp.53-77
• /
• 2012

Financial firms, especially large scaled firms such as KB bank, NH bank, Samsung Card, Hana SK Card, Hyundai Capital, Shinhan Card, etc. should be securely dealing with the personal financial information. Indeed, people have tended to believe that those big financial companies are relatively safer in terms of information security than typical small and medium sized firms in other industries. However, the recent incidents of personal information privacy invasion showed that this may not be true. Financial firms have increased the investment of information protection and security, and they are trying to prevent the information privacy invasion accidents by doing all the necessary efforts. This paper studies how effectively a financial firm will be able to avoid personal financial information privacy invasion that may be deliberately caused by internal staffs. Although there are several literatures relating to information security, to our knowledge, this is the first study to focus on the behavior of internal staffs. The big financial firms are doing variety of information security activities to protect personal information. This study is to confirm what types of such activities actually work well. The primary research model of this paper is based on Theory of Planned Behavior (TPB) that describes the rational choice of human behavior. Also, a variety of activities to protect the personal information of financial firms, especially credit card companies with the most customer information, were modeled by the four-step process Security Action Cycle (SAC) that Straub and Welke (1998) claimed. Through this proposed conceptual research model, we study whether information security activities of each step could suppress personal information abuse. Also, by measuring the morality of internal staffs, we checked whether the act of information privacy invasion caused by internal staff is in fact a serious criminal behavior or just a kind of unethical behavior. In addition, we also checked whether there was the cognition difference of the moral level between internal staffs and the customers. Research subjects were customer call center operators in one of the big credit card company. We have used multiple regression analysis. Our results showed that the punishment of the remedy activities, among the firm's information security activities, had the most obvious effects of preventing the information abuse (or privacy invasion) by internal staff. Somewhat effective tools were the prevention activities that limited the physical accessibility of non-authorities to the system of customers' personal information database. Some examples of the prevention activities are to make the procedure of access rights complex and to enhance security instrument. We also found that 'the unnecessary information searches out of work' as the behavior of information abuse occurred frequently by internal staffs. They perceived these behaviors somewhat minor criminal or just unethical action rather than a serious criminal behavior. Also, there existed the big cognition difference of the moral level between internal staffs and the public (customers). Based on the findings of our research, we should expect that this paper help practically to prevent privacy invasion and to protect personal information properly by raising the effectiveness of information security activities of finance firms. Also, we expect that our suggestions can be utilized to effectively improve personnel management and to cope with internal security threats in the overall information security management system.

• Nuclear Engineering and Technology
• /
• 제46권1호
• /
• pp.47-54
• /
• 2014

The protection of nuclear safety software is essential in that a failure can result in significant economic loss and physical damage to the public. However, software security has often been ignored in nuclear safety software development. To enforce security considerations, nuclear regulator commission recently issued and revised the security regulations for nuclear computer-based systems. It is a great challenge for nuclear developers to comply with the security requirements. However, there is still no clear software development process regarding security activities. This paper proposes an integrated development process suitable for the secure development requirements and system security requirements described by various regulatory bodies. It provides a three-stage framework with eight security activities as the software development process. Detailed descriptions are useful for software developers and licensees to understand the regulatory requirements and to establish a detailed activity plan for software design and engineering.

• 한국IT서비스학회지
• /
• 제19권5호
• /
• pp.15-31
• /
• 2020

This study explores the process in which employees adopt the information security policy. The results of this study, which surveyed 234 employees in three call centers and four hospitals, show that the employees adapt the information security policy through the social structuring process suggested by the AST model. In particular, this study identifies roles of two appropriation activities (FOA : Faithfulness of Appropriation & COA : Consensus on Appropriation) observed in the social structuring process. Regarding to the interactions between the two appropriation activities, FOA, which indicates a better understanding of the information security policy, is examined as a more critical factor than COA, which indicates the degree of agreement among employees about how to use it. FOA not only has a direct effect on compliance intention toward the information security policy, but also indirectly through COA, whereas COA has only a indirect effect through FOA. This result shows that, in order for a company to successfully implement a new information security policy, it is important for employees to understand its purpose and intention. The adaption of information security policy through two appropriation activities is observed in both hospitals and call centers, but due to the different working environments, there were differences in the preceding variables affecting the appropriation activities. The results of this study are expected to provide guidelines for companies who want to successfully adopt information security policy.