• Asia pacific journal of information systems
• /
• 제24권4호
• /
• pp.531-557
• /
• 2014

Although the area of information security planning and management has gained an increased attention, not much discussion was available on the role and the impact of the board members towards a firm's security management and governance decisions. In this research, we draw on corporate governance and the organizational demography literature to conduct an exploratory empirical study on the association between the board structure of a firm and the possibility of information security breaches. Our results show that the board size, the average age/tenure and the heterogeneity of age could reduce the possibility of security breaches while the proportion of independent directors and the heterogeneity of tenure could increase it. Our findings shed lights on the important role played by the board when managing information security risks in organizations.

• 한국IT서비스학회지
• /
• 제21권1호
• /
• pp.81-102
• /
• 2022

Although more than 99% of all Korean companies are small and medium-sized enterprises (SMEs), which accounts for a large part of the national economy, they are having difficulties in securing information protection capabilities due to problems such as budget and manpower. On the other hand, as 97% of cyber incidents are concentrated in SMEs, it is urgent to strengthen the information protection management and response capabilities of SMEs. Although the government is promoting company-wide information security consulting for SMEs, the need for supplementing it's procedures and consulting items is being raised. Based on the results of information security consulting supported by the government in 2020, this study attempted to derive improvement plans by interviewing SME workers, information security consultants, and system operators. Through the research results, it is expected to create a basis for SMEs to autonomously check the information security management system and contribute to the reference of related policies.

• 시큐리티연구
• /
• 제5호
• /
• pp.327-350
• /
• 2002

We, in Korea, have over two hundred hypermarkets and the number is continuously increasing. We drop into a hypermarket for merchandise, which is an integral part of our life style. So, we should consider safety for employees as well as customers because hundreds of thousands of people use the hypermarket every day. In addition to this consideration, the government should also be a political support relating to accidents that occur in the hypermarket because security and safety matters are important to all of us. But even now, Our security conditions do not match our ideal goal and we take countermeasures after accident or loss. This is a result of not having a security management expert coupled with a chief executive officer that has no idea about security awareness and loss prevention. In addition, we do not have specific laws to address these matters. We also lack reasonable ideas to prevent accident and loss. Now is the right time to revamp the laws and ordinances to improve the quality of civilian life. Prevention of accidents is a needed investment for all security personnel. The best solution for businesses is prevention of accidents. This will increase profits and cost-effectiveness as well as increase customer satisfaction. The company should form a security management department for comprehensive protection of assets. The goal of security management employees should be productive and effective security management. Every employee should have responsibility in mind to prevent accidents in his or her work. In addition, The company should have a systematic organization in place and regular training sessions. The most effective security management comes from cooperation of all members. In the 21st century, we pursue a high standard of living which is a result of our cooperation against any accident and loss. Sennewald says The value of security is better measure by what does not happen rather than what does.

• 정보보호학회논문지
• /
• 제27권3호
• /
• pp.617-636
• /
• 2017

많은 기업에서 핵심 정보자산의 보호를 위해 보안관리 체계 강화 목적으로 ISO27001, 또는 K-ISMS 등 표준 보안 관리 체계를 도입하여 일정부분 성과를 얻고 있으나 최근 IT 기술의 발전과 침해수법의 진화 등으로 위협요인이 기하급수적으로 증가하고 있어 기업은 보안관리 측면에서 보다 더 신속하고, 정확한 대응조치가 필요하게 되었다. 이를 위해 보안관리 프로세스의 효율화, 핵심적 보안영역을 집중관리 할 수 있는 보안지표의 설정, 침해위험 영역을 사전 인지할 수 있는 위험지수의 산출 등을 바탕으로 한 '기업형 상시 보안관리 체계'를 연구하고, 전문가 집단의 의견을 조사하여 AHP(Analytic Hierarchy Process)방법론으로 적절성을 분석하였다. 본 연구를 통해 기업의 보안담당자들은 보안 관리 체계의 운영에 있어서 선제대응, 신속조치 등의 효율성을 향상시킬 수 있다.

• 정보보호학회논문지
• /
• 제25권1호
• /
• pp.225-235
• /
• 2015

최근 정보보호인증 및 보안감사의 감독과 절차가 강화되고 있지만 내부자에 의한 정보유출 및 보안사고는 지속적으로 늘어나고 있다. 2011 Cyber Security Watch Survey에 의하면 2010년 한 해 동안 발생한 보안사고 중 21%가 내부자에 의해 발생한 것으로 조사되었다. 기업들은 대외서비스와 달리 내부시스템 보안사고의 경우 즉각적으로 인지하지 못하거나 발생 시 비용증가, 신용도하락 등의 이유로 외부에 공시하지 않고 일시적 미봉책으로 해결하는 경우가 많았다. 본 논문은 시스템 접근관리에 대한 문제점을 실증적으로 연구하였으며, 타 시스템 또는 사업장에서 활용이 가능한 표준 프로세스를 제시하였다. 이를 통해 기업들이 쉽고 체계적으로 시스템 접근관리에 대한 문제점을 조사하고 분석하며 개선하는데 도움을 줄 것이다.

• 정보보호학회논문지
• /
• 제19권6호
• /
• pp.113-119
• /
• 2009

최근 국내는 전자정부 인터넷 뱅킹 포털 등 대부분의 웹 사이트에서 다양하고 동적인 온라인 서비스 제공을 위해 ActiveX Control을 개발 배포하고 있다. 하지만, 안전성이 검증되지 않은 ActiveX Control은 인터넷 사용자들에게 심각한 보안위협요소가 될 수 있다. 최근 이러한 취약한 ActiveX Control로 인한 해킹 사고가 급격히 증가되고 있음에도 불구하고, 개인 PC 보안의식에만 의존할 뿐 이에 대한 국가적인 보안정책이나 대책이 마련되어 있지 않다. 이에, 본 논문에서는 ActiveX Control 개발 배포 사용의 3가지 측면 모두에서 안전하고 효율적인 보안관리가 가능한 보안인증을 통한 ActiveX Control 보안관리 모델 설계를 위한 기술적 방법론을 제안하고자 한다.

• 제어로봇시스템학회:학술대회논문집
• /
• 제어로봇시스템학회 2005년도 ICCAS
• /
• pp.2513-2515
• /
• 2005

Internet attack incidents have steadily increased along with the increase in Internet users. To protect systems and networks from these attacks, advanced security systems have been developed. Now that these security systems are operating, their successful management is more important than the purchase and establishment of new information security systems. The acquisition of good systems is ineffective and financially wasteful unless they are managed properly. Adequate management policy has recently become the focus of users. In other words, for companies and educational institutions with their domains, capital expenses are enormous to bear, and good security staffs are difficult to find, for which reasons outsourcing vendors or Managed Security Service Providers (MSSPs) that manage and operate the information security systems of certain domains become very appealing. Today, customers expect ISPs to perform MSSP services that used to be carried out by the security companies. This document presents the role and necessity of ISPs as MSSPs.

• Journal of Information Technology Applications and Management
• /
• 제27권4호
• /
• pp.1-19
• /
• 2020

Infringement of information security has caused the corporate image to be damaged and share price to fall, and it is emerging as an organizational risk. The value of information assets in enterprises has led to a higher level of security than in the past. As a result, companies are aware of the need for officers to protect information and to oversee a security management system. However, despite the growing importance of information security officers, there is a lack of research on their roles and characteristics. This study validates the relationship between determinants that affect the performance of information security. And a structural equation model was presented and empirically analyzed to see the impact of the internal and external characteristics of the staff in charge of information security on the organization's information security performance.

• 디지털산업정보학회논문지
• /
• 제12권3호
• /
• pp.33-54
• /
• 2016

In the modern society based on information and communication, which is exposed to the risks of a lot of information security breaches, corporate information assets may be an economical scale in a country. Most of damages derived from corporate technological information leak often occur in small and medium corporations. Although many information security managers in corporations have focused on certification systems such as information security management system, small and medium corporations are poorly aware of the information security, and their environments surrounding it should be also improved. In addition, it is difficult to expect spontaneous participations in it, since the sustainable information security management systems are often not forced to be certified. Thus, the purpose of this study is to examine plans to improve small and medium corporations' technological protections by using some component of the information security management system. On the basis of this examination, it also attempts to discuss some methods for effective and efficient information security in the small and medium corporations' technological protections.

• 정보보호학회논문지
• /
• 제32권2호
• /
• pp.341-353
• /
• 2022

우리나라 대기업은 계열사를 포함한 그룹 전체의 경쟁력 및 기술력을 향상시키고 시너지를 제고하기 위해 서로 정보를 공유하고 인력을 파견하는 등 협력관계를 강화하고 있다. 이에 따라 그룹 전체의 정보보호 수준을 높이기 위해 만전을 기하고 있으나 계열사, 협력회사를 우회한 정보유출 사고가 지속적으로 발생하고 있다. 또한 모회사에서 실시하는 계열사의 보안관리 체계 평가결과와 실제 보안수준에 대한 실효성 문제가 제기되어 왔다. 또한 각 회사에서는 보안관리를 위해 투입할 수 있는 자원이 한정되어 있어 그 어느 때보다 효율적인 보안관리 체계가 필요한 시점이다. 본 연구에서는 철강분야 기업 계열사의 보안관리 체계 운영의 효율성을 DEA-SBM 모형을이용하여검토하고, 분석 결과를 토대로 보안관리 수준 제고를 위한 개선방안을 제시하고자 한다.