• Title/Summary/Keyword: Security Activities

Search Result 983, Processing Time 0.025 seconds

A Study on the Effect of Learning Activities and Feedback Seeking Behavior toward the End Users' Faithful Appropriation of Information Security System (조직내 최종사용자의 합목적적인 정보보호 시스템 사용 내재화와 학습, 피드백 추구 행동 연구)

  • Kim, Min Woong;Cheong, Ki Ju
    • The Journal of Information Systems
    • /
    • v.25 no.3
    • /
    • pp.117-146
    • /
    • 2016
  • Purpose The purpose of this paper is to examine factors and mechanism inducing end users' faithful appropriation of information security behavior through the information security system. This study is also trying to find out the role of Employees' adaptive activities like learning and feedback seeking behavior for the information security in organizations. Design/methodology/approach An empirical study was carried out with a sample of employees working in the financial service company. Employees(n = 268) completed a written questionnaire. Structural equation modeling was used to analyze the data. Findings Results indicated that employees' learning activities and feedback seeking behavior fully mediated the effect of major information security factors toward end users' faithfulness of appropriation of information security systems. In order to increase the level of employees information security behavior in accordance with security guideline, organizations should facilitate interactions that support the feedback seeking process between employees on information security awareness and behavior. Additionally, organizations may reinforce these behaviors by periodical training and adopting bounty hunter systems.

Design and Implementation of Enterprise Information Security Portal(EISP) System for Financial Companies (금융회사를 위한 기업 정보보호 포털(EISP) 시스템의 설계 및 구현)

  • Kim, Do-Hyeong
    • Convergence Security Journal
    • /
    • v.21 no.1
    • /
    • pp.101-106
    • /
    • 2021
  • To protect financial information, financial companies establish strategies and plans for information security, operate information security management systems, establish and operate information security systems, check vulnerabilities, and secure information. This paper aims to present an information security portal system for financial companies that can gain visibility into various information security activities being undertaken by financial companies and can be integrated and managed. The information security portal system systemizes the activities of the information security department, providing an integrated environment for information security activities to participate from CEOs to executives and employees, not just from the information security department. Through this, it can also be used as information security governance that can be used by top executives to reflect information security in corporate management.

Influence of Information Security Activities of Financial Companies on Information Security Awareness and Information Security Self Confidence : Focusing on the Mediating Effect of Information Security Awareness (금융회사의 정보보호활동이 정보보호의식 및 정보보호자신감에 미치는 영향 : 정보보호의식의 매개효과를 중심으로)

  • Soh, Hyeon-Chul;Kim, Jong Keun
    • Journal of Korea Society of Industrial Information Systems
    • /
    • v.22 no.4
    • /
    • pp.45-64
    • /
    • 2017
  • The Purpose of this Study is to find out the Implications of the Information Security Activities of Financial Companies on the Confidence of the Information Security Officers and to find Academic and Practical Implications to Supplement the Insufficiencies. As a Result, it was Confirmed that the Information Security Officer's Confidence in Information Security for Companies and the Level of Information Security Awareness of the Employees are Increased when Financial Companies Conduct Information Protection Activities Focusing on Information Security Education, Security Incident Responses and In/Out Security.

Analysis of the Impact of Security Liability and Compliance on a Firm's Information Security Activities (보안책임과 규제가 기업의 보안활동에 미치는 영향 분석)

  • Shim, Woo-Hyun
    • The Journal of Society for e-Business Studies
    • /
    • v.16 no.4
    • /
    • pp.53-73
    • /
    • 2011
  • Many governments have tried to develop a liability and compliance law that can improve cyber security in a sustainable way. This paper explores whether a liability and compliance law is effective in motivating firms' information security activities. In particular, I empirically investigate the impact of the 2007 Electronic Financial Transaction Act (EFTA), a liability and compliance law in Korea, on the information security activities of financial institutions and services providers. In spite of various criticisms of the effectiveness of EFTA, the empirical findings of this study clearly show that EFTA is having a positive impact on information security activities. From these findings, this article concludes that a liability and compliance law is likely to contribute to a certain degree to the achievement of sustainable development of cyber security.

A Study on the Efficiency of Auditing for Security Vulnerabilities in the Public Sector (공공부문 보안취약점 감사 효율화 방안에 관한 연구)

  • Kim, Hyun-seok
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.1
    • /
    • pp.109-122
    • /
    • 2022
  • The purpose of information security activities is to reduce large-scale material and human accidents that are concerned about hacking damage to important systems, such as control systems, through periodic preventive activities in addition to finding the cause and taking follow-up measures after damage caused by hacking. For this reason, although each institution is using a security work audit model in accordance with the relevant regulations, it is not easy to conduct company-wide inspection activities due to the constraints of manpower and time. Therefore, in this paper, we will analyze the major vulnerabilities of public institutions over the past 10 years and present a security audit model that can perform efficient security activities compared to the models for domestic and foreign security audits.

Information Security Activity of Analysis Phase in Information Security Model in Accordance with SDLC

  • Shin, Seong-Yoon;Lee, Tae-Wuk
    • Journal of the Korea Society of Computer and Information
    • /
    • v.21 no.11
    • /
    • pp.79-83
    • /
    • 2016
  • In this paper, we define four levels of analysis, design, implementation, and testing of the configuration of the development phase by S/W development life cycle. In particular, it dealt with the stage of the analysis phase to prepare an information system developed intensively. Details of the derivation of the information security requirements, it can be seen that comes from the perspective of confidentiality, integrity, availability and accountability, etc. It dealt with from the first manifestations of the projects planning to final planning to establish information security in activities of the Information Security requirements. As an example exhibited by assessing the information security analysis phase activities of S corporations, it can be seen that the improved sales rise in information security activities.

Effects of the Recognition of Business Information Protection Activities in Ranks on Leaks of Industrial Secretes (직위에 따른 기업정보보호활동인식이 산업기밀유출에 미치는 영향)

  • Choi, Panam;Han, Seungwhoon
    • Journal of the Society of Disaster Information
    • /
    • v.11 no.4
    • /
    • pp.475-486
    • /
    • 2015
  • The objective of this study is to analyze control factors in protecting activities of business information that affects the effects of protecting leaks of industrial secretes during business security works in the ranks of staffs. A regression analysis was implemented by 36 items of protecting activities of information and 10 items of preventing industrial secretes for a total of 354 users and managers who use internal information systems in governments, public organizations, and civilian enterprises. In the recognition of protecting activities of business information that affects the prevention of controlling industrial secretes, clerks showed recognitions in physical control, environmental control, and human resource control, and software control and assistant chiefs showed recognitions in hardware control and environmental control. Also, ranks of department managers and higher levels represented recognitions in security control activities. It showed that clerks, assistant chiefs, and above department managers show effects of technical control factors on protecting activities of industrial secretes but section chiefs represent system control factors in preventing industrial secretes.

Impacts of Information Security Culture and Management Leadership Styles on Information Security Behaviors (정보보안문화와 경영진 리더십이 조직 구성원의 정보보안 행동에 미치는 영향)

  • Park, Sunghwan;Kim, Beomsoo;Park, Jaeyoung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.2
    • /
    • pp.355-370
    • /
    • 2022
  • This research investigates the impacts of information security (IS) culture and management leadership styles on employee's security behaviors (IS policies compliance, IS participation) in financial institutions. This study use the survey data collected from 236 employees of financial institutions. This research shows that IS culture has a positive effect on both behavioral intentions to comply with IS policies and the intentions to actively participate in information security activities. Transactional leadership has a positive impact on the IS policies compliance intentions and to participate in information security activities. In contrast, transformational leadership has a positive impact on the intentions to participate in information security activities, but not on the IS policies compliance intentions.

A Study on the influence of firm's Information Security Activities on the Information Security Compliance Intention of Employees (기업의 정보보안 활동이 구성원의 정보보안 준수의도에 미치는 영향 연구)

  • Jung, Jaewon;Lee, Jung-hoon;Kim, Chae-ri
    • Convergence Security Journal
    • /
    • v.16 no.7
    • /
    • pp.51-59
    • /
    • 2016
  • An internal and external threat against an information system has increased, and to reduce it, organization has spent a great deal of money and manpower. However, in spite of such investment, security threat and trouble have happened continuously. Organization has conducted information security activity through various policies. The study classified such activities into prevention-oriented activity and control-oriented activity, and researched how information security activity of organization affects members of an organization and obeys information security policy by using health belief model. As a result of the study, prevention-oriented activity has a meaningful impact on seriousness, and this seriousness affects compliance intention for information security. Control-oriented activity has a meaningful impact on benefits, and the benefits have an effect on compliance intention. When an organization conducts prior activities such as education, PR, and monitoring, this organization should emphasize negative results that can happened because of deviation. In addition, in case of exposure and punishment through post activities such as inspection and punishment, if the organization emphasizes the positive effects of exposure and punishment rather than emphasis of negative parts, information security activity will be more effective.

A Study on the Suggestion of Participate to the Involvement of Police and Security Science Majors in Crime Prevention Activities (경찰.전공자의 공공방범활동 참여제안에 관한 연구)

  • Kim, Il Gon;Ahn, Young Kyu
    • Convergence Security Journal
    • /
    • v.14 no.3_2
    • /
    • pp.61-70
    • /
    • 2014
  • The purpose of this study was to examine the types and state of the private sector's cooperative activities for public peace and order and any problems with it in an effort to step up the revitalization of police-college collaborative efforts for public security by allowing police studies majors and security science majors to participate in crime prevention activities for which the police was responsible in each local community. What problems might possibly take place if police studies majors and security science majors would be involved in crime prevention activities was investigated by making a qualitative analysis. The findings of the study were as follows: First, more human resources and equipment should be offered, as the shortage of the two was pointed out as one of problems with the police itself. Second, how to cope with accidents that might occur if police studies majors and security science majors would take part in crime prevention activities should carefully be studied. Third, it should first be carried out at college to improve an ability to properly respond to diverse situations on the spot.