• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.349-352
• /
• 2017

Since the early 2000s, many information security professionals have sought to measure the effectiveness of information security investments. Such efforts have devised a number of ways to calculate the return in ROSI (Return On Security Investment) including the Gordon & Loeb method for calculating cyber damage. However, due to the characteristics of information security structure, the lack of relate information sharing, and many qualitative factors are included, the damage calculation is inaccurate.. This study reviews related studies, analyzes the Gordon & Loeb method and the Shin-Jin method, which are considered to be the most efficient of the existing methods, and designs improved methods.

• Journal of Digital Convergence
• /
• v.15 no.12
• /
• pp.303-311
• /
• 2017

As new information technology emerges, companies are introducing an Enterprise Security Management system to cope with new security threats, reducing redundant investments and waste of resources and counteracting security threats. Therefore, it is necessary to construct a security evaluation metric based on related standards to demonstrate that the Enterprise Security Management(ESM) System meets security. Therefore, in order to construct a metric for evaluating the security of the ESM, this study analyzed the security quality related requirements of the ESM and constructed a metric for measuring the degree of satisfaction. This metric provides synergies through the unification of security assessments that comply with ISO/IEC 15408 and ISO/IEC 25000 standards. It is expected that the evaluation model of the security quality level of ESM will be established and the evaluation method of ESM will be standardized in the future.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.961-968
• /
• 2014

In order to prevent leakage of personal information by insiders a large number of companies install pc security solutions like DRM(Digital Right Management), DLP(Data Loss Prevention), Personal information filtering software steadily. However, despite these investments anomalies personal information occurred. To establish proper security policy before implementing pc security solutions, companies can prevent personal information leakage. Furthermore by analyzing the log from the solutions, companies verify the policies implemented effectively and modify security policies. In this paper, we define the required security solutions installed on PC to prevent disclosure of personal information in a variety of PC security solution, plan to integrate operations of the solutions in the blocking personal information leakage point of view and propose security policies through PC security solution log analysis.

• The Journal of Asian Finance, Economics and Business
• /
• v.6 no.4
• /
• pp.287-295
• /
• 2019

The study aims to build a model for evaluating the effectiveness of activities and the effectiveness of financial investments in high-tech industries in Kazakhstan. The development of high-tech industries plays an important role in the economic growth of a country. In this regard, it is relevant to study the effectiveness of financing the most important industry in Kazakhstan. The development of the high-tech sector ensures the efficient functioning of the national innovation system. High-tech enterprises are one of the competitive sectors that allow us to develop and implement leading-edge innovations with the goal of their subsequent commercialization domestically and abroad. The author defines the multicriteria of efficiency in a knowledge-based economy associated with achieving an economic effect with multivariate correlation of results with costs. A multivariate dynamic model, an integral indicator of performance, an integral indicator of cost-effectiveness is proposed. The assessment of the effectiveness of financial costs and performance indicators in all regions of Kazakhstan have the positive dynamics of indicators, as well as a high economic effect. The results of the study can be applied in regional management to adequately assess the effectiveness of high-tech organizations and the effectiveness of financial investments, contribution to ensuring the economic security of the region.

• Journal of Digital Convergence
• /
• v.11 no.1
• /
• pp.47-60
• /
• 2013

This paper focuses on the role of international standards related to industrial technology and to analyze determinants to affect ISMS and its performance. Particularly its financial and operational performance were measured by survey aiming at an influence of certification and its performances. The variables explaining the performance were drawn out from factor analysis and then critical variables to affect performance were discovered by ANOVA and regression analysis. As a result of the analysis considering heteroscedastic and factor analysis, type of business and firm size were not significantly related to the performance but the existence of information security unit, investment in information security and the status of security consciousness in executives and employees were positively related. As a result, this study shows that security certification should be implemented with suitable capabilities and the investments to protect from leaking industrial technology and proved the importance of the security certification as an infrastructures and system.

• The Journal of Society for e-Business Studies
• /
• v.25 no.3
• /
• pp.109-130
• /
• 2020

Recently, the importance of research and development for technological innovation is increasing. The rapid development of research and development has a number of positive effects, but at the same time there are also negative effects that accelerate crimes of information and technology leakage. In this study, a research security level measurement model was developed that can safely protect the R&D environment conducted at the organizational level in order to prepare for the increasingly serious R&D result leakage accident. First, by analyzing and synthesizing security policies related to domestic and overseas R&D, 10 research security level evaluation items (Research Security Promotion System, Research Facility and Equipment Security, Electronic Information Security, Major Research Information Security Management, Research Note Security Management, Patent/Intellectual Property Security Management, Technology Commercialization Security Management, Internal Researcher Security Management, Authorized Third Party Researcher Security Management, External Researcher Security Management) were derived through expert interviews. Next, the research security level evaluation model was designed so that the derived research security level evaluation items can be applied to the organization's research and development environment from a multidimensional perspective. Finally, the validity of the model was verified, and the level of research security was evaluated by applying a pilot target to the organizations that actually conduct R&D. The research security level evaluation model developed in this study is expected to be useful for appropriately measuring the security level of organizations and projects that are actually conducting R&D. It is believed that it will be helpful in establishing a research security system and preparing security management measures. In addition, it is expected that stable and effective results of R&D investments can be achieved by safely carrying out R&D at the project level as well as improving the security of the organization performing R&D.

• 한국경영정보학회:학술대회논문집
• /
• 2007.06a
• /
• pp.699-704
• /
• 2007

In this study, we examine why there exist different legal systems in electronic commerce or online financial trading. When a fraud online transaction occurs and the online customer disputes the transaction, the online customer takes responsibility for the proof of her/his argument in many European countries while in the U.S., the burden of proof lays on the firm. This paper analyzes how these two different legal systems exist and how these can be applied to electronic commerce law. In particular, this paper intends to find the optimal level of e-commerce firms' investment on security and analyzes how security investments can be related to firm's profits and consumer's welfare depending on IT infrastructure and social trust environment. More on, this paper can be contributed to provide guidelines for regulatory framework on ecommerce online transactions and discuss social welfare implications.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.113-120
• /
• 2006

C4I system is the centerpiece of the military force. The system is an information based system which facilitates information grid, collection of data and dissemination of the information. The C4I system seeks to assure information dominance by linking warfighting elements in the battlespace to information network which enables sharing of battlespace information and awareness; thereby shifting concept of warfare from platform-centric paradigm to Network Centric Warfare. Although, it is evident that C4I system is a constant target from the adversaries, the issues of vulnerability via cyberspace from attack still remains. Therefore, the protection of C4I system is critical. The roadmap I have constructed in this paper will guide through the direction to protect the system during peace and war time. Moreover, it will propose vision, objectives and necessary supporting framework to secure the system from the threat. In order to fulfill these tasks, enhanced investments and plans from the Joint chief of Staff and Defense of Acquisition and Program Administration (DAPA) is critical; thereby enabling the establishment of rapid and efficient security system.

• Journal of Digital Convergence
• /
• v.14 no.7
• /
• pp.155-166
• /
• 2016

In accordance with the increase of the importance of information security, organizations are making continuous investments to develop policies and adapt technology for information security. Organization should provide systemized support to enhance employees' security compliance intention in order to increase the degree of organization's internal security. This research suggests security policy goal setting and sanction enforcement as a method to improve employees' security compliance in planning and enforcing organization's security policy, and verifies the influencing relationship of Theory of Planned Behavior which explains employee's security compliance intention. We use structural equation modeling to verify the research hypotheses, and conducted a survey on the employees of organization with information security policy. We verified the hypotheses based on 346 responses. The result shows that the degree of goal setting and sanction enforcement has positive influence on self-efficacy and coping efficacy which are antecedents that influence employees' compliance intention. As a result, this research suggested directions for strategic approach for enhancing employee's compliance intention on organization's security policy.

• Journal of the Society of Disaster Information
• /
• v.8 no.2
• /
• pp.158-170
• /
• 2012

Citizens'income has been increased along with the trend of rapid changes in society, and the quality of their lives has been improved as well. As much as the degree of increase of quality of life, the number of spectators for performing art events, etc. who desire to fulfill their needs for enjoyment of varied cultural performances have been increasing, and also a large number of spectators enjoys a variety of festivals being held in each provincial area as well as international events: we still remember such frantic rooting shown by citizens during 2002 World Cup drawing attention and interest of entire nation. There are always risks of loss of human lives if accidents occur as there sult of close-packed crowd gathered at the same time. Therefore, it is required to prepare adequate security measures in order to prevent various accidents before hand. It is hoped that this research work would be of help for further efficient and systematic security management for the performing arts centers or public theaters encouraging the event organizer and the private security firm and the Korea Private Security Association to exert great effort and investments in further projects for development of security technology. Also, it is required to build a performance culture to consider audience's safety first from the beginning to the end of the event on the basis of efficient security management. Furthermore, spect at or sare required to recognize the fact that safety in the site for performing arts should be guaranteed for everyone's sake, and, to achieve this, they are obliged to be more cooperative with the event organizer and the private security firm, forming a trinity all together, in order not to have safety threatening situations in the site of performing arts events.