• Title/Summary/Keyword: Security Governance

Search Result 153, Processing Time 0.022 seconds

A Research on the Development of Information Security Governance Framework (정보보호 거버넌스 프레임워크 개발에 관한 연구)

  • Lee, Seong-Il;Hwang, Kyung-Tae
    • Journal of Information Technology Applications and Management
    • /
    • v.18 no.2
    • /
    • pp.91-108
    • /
    • 2011
  • Enormous losses of shareholders and consumers caused by the risks threatening today's business (e.g., accounting fraud and inside trading) have ignited the necessity of international regulations on corporate ethics and internal control, such as Basel II and SOX. Responding to these regulations, companies are establishing governance system, applying it consistently to the core competency of the company, and increasing the scope of the governance system. Recently occurred security related incidents require companies to take more strict accountability over information security. One of the results includes strengthening of legislation and regulations. For these reasons, introduction of information security governance is needed. Information security governance governs the general information security activities of the company (establishment of information security management system, implementation of information security solutions) in the corporate level. Recognizing that the information security is not restricted to IT domain, but is the issue of overall business, this study develops information security governance framework based on the existing frameworks and systems of IT governance. The information security governance framework proposed in the study include concept, objective, and principle schemes which will help clearly understand the concepts of the information security governance, and execution scheme which will help implement proper organization, process and tools needed for the execution of information security governance.

A Study on the Influence of the Components Related to Information Security Governance on the Perception and Behavior of Employees (정보보안 거버넌스의 구성요소가 종업원의 보안 인식과 행위에 미치는 영향에 관한 연구)

  • Kim, Young-Gon
    • Journal of Advanced Navigation Technology
    • /
    • v.14 no.6
    • /
    • pp.935-950
    • /
    • 2010
  • The purpose of this study is to try to find out the relationship between the perception and behavior of employees and the Information Security Governance (ISG) which consists of leadership and governance, security management and organization, security policies, security program management, user security management, and technology protection and operations. Some effective suggestions from the verification of research hypotheses and the analysis of the most appropriate model were drawn out.

A Study on Factors Affecting the Level of Information Security Governance in Korea Government Institutions and Agencies (공공기관 정보보호 거버넌스 수준에 영향을 미치는 요인에 관한 연구)

  • Song, Jeong-Seok;Jeon, Min-Jun;Choi, Myeong-Gil
    • The Journal of Society for e-Business Studies
    • /
    • v.16 no.1
    • /
    • pp.133-151
    • /
    • 2011
  • To solidate information security, Korea government introduces information security governance. The public institutions and agencies in korea have begun to recognize the importance of information security governance. For solidating information security governance, the government has tried to establish and solidate an information security policy and information security systems. This study suggests factors affecting the level of information security governance in the public agencies and institutions through the factor analysis and the linear regression analysis. The results of this study show that the CEO's support is able to elevate the level of information security governance. The level of information security governance has relation with the number of the staff in information departments, and the budget in the public agencies and the institutions. This study provides directions for the public agencies and the institution for elevating the levels of information security governance.

A Study on Critical Success Factors for Implementing Information Security Governance (정보보호 거버넌스 구현을 위한 핵심성공요인에 관한 연구)

  • Kim, Kun-Woo;Kim, Jung-Duk
    • Journal of Digital Convergence
    • /
    • v.8 no.4
    • /
    • pp.97-108
    • /
    • 2010
  • Nowadays, information security governance which is an integral part of corporate governance has become an important issue in protecting valuable business information assets. However, there are few organizations which have implemented information security governance because of its abstract concept. The objective of this paper is to develop CSFs for implementing information security governance. Ten CSFs were developed based on the ISO/IEC 27014 Information Security Governance Framework.

  • PDF

Ways to establish public authorities information security governance utilizing E-government information security management system (G-ISMS) (전자정부 정보보호관리체계(G-ISMS)를 활용한 공공기관 정보보호 거버넌스 수립방안)

  • Ryu, Seung-Han;Jeong, Dae-Ryeong;Jung, Hoe-Kyung
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.17 no.4
    • /
    • pp.769-774
    • /
    • 2013
  • In order to strengthen the protection of information, public institutions have introduced information security governance system. Public institutions recognizes the importance of information security governance system, and have striven to establish information security governance by establishing institutions and making policies. In this paper, in order to investigate ways that will be the basis for the establishment of information security governance in public institutions, we studied the necessity and model of information security governance. Also, by studying the government policies and cases, we proposed the direction of the policy.

A Study on Information Security Governance Framework (정보보안 거버넌스 프레임워크에 관한 연구)

  • Kim, Min-Jun;Kim, Kui-Nam J.
    • Convergence Security Journal
    • /
    • v.10 no.4
    • /
    • pp.13-19
    • /
    • 2010
  • The flow of time, depending on the company's ongoing business link to guarantee the proportion of much greater importance, it in the organization as part of an enterprise-wide level, rather than acting on the information society has been considered as the topic of race. Information Security Governance, the integrity of the information, service continuity, the three kinds of information asset protection purpose begins. It is essential for corporate governance, transparency should be part, must be aligned with the IT framework. Existing information security governance framework that small businesses a wide range of governance issues and interests have never had. Therefore, we simplified the information security governance framework is proposed, and solve problems, and propose a framework for analysis of the safety and efficiency through the analysis of the effectiveness of the proposed method were discussed.

The Study on Corporate Information Security Governance Model for CEO (최고경영자를 위한 기업 정보보호 거버넌스 모델에 대한 연구)

  • Kim, Do Hyeong
    • Convergence Security Journal
    • /
    • v.17 no.1
    • /
    • pp.39-44
    • /
    • 2017
  • The existing enterprise information security activities were centered on the information security organization, and the top management considers information security and enterprise management to be separate. However, various kinds of security incidents are constantly occurring. In order to cope with such incidents, it is necessary to protect information in terms of business management, not just information security organization. In this study, we examine the existing corporate governance and IT governance, and present an information security governance model that can reflect the business goals of the enterprise and the goals of the management. The information security governance model proposed in this paper induces the participation of top management from the planning stage and establishes information security goals. We can strengthen information security activities by establishing an information security plan, establishing and operating an information security system, and reporting the results to top management through compliance audit, vulnerability analysis and risk management.

A Building Method of Designing National Cyber Security Governance Model Through Diagnosis of Operational Experience (정보보안체계 운영경험 진단을 통한 국가 사이버보안 거버넌스 모델 연구 방법)

  • Bang, Kee-Chun
    • Journal of Digital Convergence
    • /
    • v.16 no.6
    • /
    • pp.205-212
    • /
    • 2018
  • This Study aims to propose a new information security governance model design method for streamlining security governance at national strategic level. The research method of this study is to diagnose our operational experience and to derive a new model design method. In the meantime, national information security activities were perceived to be focused on knowledge transfer, and motivation of activities and securing of executive power were weak. As a result, security blind spots and frequent occurrence of large security incidents have become unresolved challenges. National cyber security governance should be grouped together as a whole systematically from the upper policy to the lower level of performance under the responsibility of the national leader. Based on this approach, this study presented the comprehensive framework of Korean security governance model and embodied it into four architectural designs such as vision, goal, process, and performance, thus deriving the foundation for future national governance model design. Further research is needed to diagnose problems in life cycle flow, security policies based on environmental changes, and new frameworks in which all subjects participate.

A Study on the Information Security Plan for Network Centric Warfare : Development of Information Security Governance Assessment Index (네트워크 중심전(NCW)하의 정보보호체계 구축방안 연구 : 정보보호체계 평가지표 개발을 중심으로)

  • Kwon, Moon-Taek
    • Convergence Security Journal
    • /
    • v.7 no.4
    • /
    • pp.83-91
    • /
    • 2007
  • Information security is a critical issue for network centric warfare(NCW). This paper provides a information security governance index for NCW, which is a result of the research through a group decision making process. The purpose of the research is to intended to help military organization's planners determine the degree to which they have implemented an information systems governance framework at the strategic and tactical level within their organization.

  • PDF

A Study on Enterprise Information Security Portal Model for Enterprise Information Security Governance (기업 정보보호 거버넌스를 위한 기업 정보보호 포털 모델에 대한 연구)

  • Kim, Do Hyeong
    • Convergence Security Journal
    • /
    • v.20 no.3
    • /
    • pp.39-46
    • /
    • 2020
  • In order to protect the business information of the enterprise, the company is engaged in various information security activities, such as establishing an information security management system, establishing and operating an information security system, checking vulnerabilities and security controls. It is an enterprise information security governance that organizes various information security activities for enterprise business, and it needs to be systematized to operate them effectively. In this study, to systematize the enterprise information security governance, we would like to explore the existing Enterprise Information Portal(EIP) model and propose an Enterprise Information Security Portal(EISP) model based on it. The Enterprise Information Security Portal(EISP) model provides an integrated environment for supporting the activities of the information security departments by systemizing the enterprise information security governance, which is a variety of information security activities of the enterprises, so that the information security activities of the enterprises can participate directly from CEO to executives and employees, not just from the information security departments.