• Journal of the Korea Society of Computer and Information
• /
• v.22 no.2
• /
• pp.51-57
• /
• 2017

The first thing to be prioritized is to set the scope of the management system when establishing an information security management system for systematic and effective information security management. It is important to set the scope for an organization's information security goals due to the scope affects the organization's overall information security activities. If the scope is set incorrectly, it might become impossible to protect important services and therefore, the scope of the management system should be determined in consideration of the core business services of the organization. We propose a core service selection model based on the organization's mission-critical service and high risk service in order to determine the effective information security management system scope in this paper. Core service selection criteria include the type of service, contribution to sales, socio-economic impact, and linkage with other services.

• Korean Security Journal
• /
• no.1
• /
• pp.17-50
• /
• 1997

I study on the security organization for the chief of state in North and South Korea. The paper, purporting to analyze security system in comparative prospectives, comprise four chapters. Chapter I Which sets out purpose, scope and method, is followed by Chapter II , dealing largely with the power structure on The Socialist Constitution of Democratic People's Republic of Korea, the protection organization and security activities for the chief of state in North Korea. Chapter III concerns the security environment - terrorist groups, firearms, explosives, suspects, movements of hostile countries and orthers - and the protection organization on The Presidential Security Service for the president in South Korea, culminating in projection of certain problem area. It is followed by concluding observation made in Chapter IV. To be operated security systems effectively, these need to be regulated according to a protective scale, function, authority of a existing.

• Journal of National Security and Military Science
• /
• s.13
• /
• pp.43-81
• /
• 2016

Security environment we face in the Korean Peninsula is unexpectable. Tensions between Seoul and Pyeongyang and its threats are continuously evolving. Kim Jung Un will keep on conducting provocations and DPRK's isolation will result uncertainty to their objective and intention. KPA is centered on ground forces with conventional weapons but they possess modernized missiles and nuclear capabilities. What's more concerning is that North Korea continuously pursue and develop nuclear weapons and missile capabilities. Pursuing defense reform is inevitable for the ROK to deal adequately against the security threats posed by the North and to prepare for the environment of future warfare. If we are satisfied with the current capabilities then our military capabilities and security status will retrogress. We have to reorganize our units to make a small but FMC, smart military organization. Organization analysis is an urgent issue for reorganizing units. However, it isn't an easy task to reform an organization. There are vague parts for analysis and strong resistance from the people within the organization. Therefore should not focus on the reduction of people and the organization. Organization reform should be done with the acknowledgement of most of the personnel and should focus on the task and its method. These should be reflected to the organization analysis.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.5 no.4
• /
• pp.109-116
• /
• 2009

In the paper, we designed an automatic security diagnostic evaluation System(SeDES) based on a security diagnostic evaluation model(SeDEM) for an organization's security assurance. The SeDEM evaluates a security level of an organization quantitatively by a security evaluation formula which is composed of security variables and security index as applying the statistical CAEL model for evaluate risk level of banks. The SeDES has a good expandability as changing security variables according to an organization scale, characteristics and so on. And it also has a excellent usage because it inputs only numeric data got from statistical technique to security index. We can understand more a security level correctly than the existent risk assessment system because it is possible to assess quantitatively with an security grade as well as score. analysis.

• Information Systems Review
• /
• v.12 no.1
• /
• pp.23-42
• /
• 2010

Although organizations are given various benefits with information technologies, they sometimes have suffered fatal damages due to information security incidents now such as computer virus, hacking, counterfeiting, plagiarizing, etc. The fundamentalcauses of information security incidents are closely related to individuals who do not comply with information security policy or rules. The spontaneous self-control of individuals and monitoring for individuals could be the most essential solution for the ongoing observance of information security policy. Thus, the purpose of this study is to analyze effects of punishment and ethics training on compliance of information security policy of individuals in organizations, to determine individual divide among security propensity depending on organization types, and to find the more fundamental solution which leads change of organizational members’ behaviors and self-control. Regardless of the type of organizations, the results of the study suggest that there exist positive effects of punishment and ethics training in all types of organization on compliance of information security rules or regulations. A member of unitary form organization has higher cognition of punishment than a member's cognition of the multi-divisional form organization, while relatively lower awareness of ethics training. Also, a member of public organization has higher awareness of ethics training than a member’s awareness of private organization, while lower cognition of punishment. Finally, the result shows that punishment and ethics training may be major factors which affect information security. It also suggests that organizational security managers have to understand and consider organization member’s propensity relying on organization form and organization characteristics for establishment and enforcement of information security policy.

• The Journal of Information Systems
• /
• v.28 no.4
• /
• pp.105-129
• /
• 2019

Purpose Issues related to information security have been a crucial topic of interest to researchers and practitioners in the IT/IS field. This study develops a research model based on a Structure-Conduct-Outcome (SCO) framework for the social exchange relationship between employees and organizations regarding information security. Design/methodology/approach In applying an SCO framework to information security, structure and conduct are activities imposed on employees within an organizational context; outcomes are activities that protect information security from an employee. Data were collected from 438 employees working in manufacturing and service firms currently implementing an information security policy in South Korea. Structural equation modeling (SEM) with AMOS 22.0 is used to test the validation of the measurement model and the proposed casual relationships in the research model. Findings The results demonstrate support for the relationships between predicting variables in organization structure (security policy and physical security system) and the outcome variables in organization conduct (top management support, security education program, and security visibility). Results confirm that the three variables in organization conduct had a positive effect on individual outcome (security knowledge and compliance intention).

• The Journal of the Korea Contents Association
• /
• v.11 no.6
• /
• pp.326-336
• /
• 2011

The Purpose of this study was to examine effects of mentoring function on career development and organizational effectiveness in private security service organization. Example number used on interpretation finally using purposive sampling method after this study establishes 5 places private security service company's security guard by population in Seoul on March, 2010 is total 227 people. Reliability of questionnaire appeared Cronbach's ${\alpha}$ value more than .667. Conclusions that appears in this study is as following. First, private security service organization's Mentoring function affects in career development. That is, if friendship, patronage, career management, society mind, and role model are mobilized, innovative own development, special capacity development, and information competitive power development are helped. Second, private security service organization's Mentoring function affects in organization effectiveness. If friendship, patronage, career management, society mind, and role model are mobilized, career satisfaction, organization immersion, and job satisfaction increase. On the other hand, change of jobs intention decreases if function of society mind is mobilized. Third, private security service organization's career development affects in organization effectiveness. If reform and special capacity development are helped, career satisfaction, organization immersion, and job satisfaction increase. While change of jobs intention decreases as development of information competition is helped. Fourth, Mentoring function exerts influence of causality on career development and organization effectiveness. That is, Mentoring exerts direct influence on organization effectiveness, but it exerts indirect effect through career development.

• Journal of Information Technology Services
• /
• v.12 no.4
• /
• pp.77-90
• /
• 2013

As Cyber threats are rising, the scope of information Security (IS) is extending from technical protection of a single information system to organizational comprehensive IS capability. The ministry of National Defense (MND) has established the IS evaluation for defense organization in 'the Directive for Defense Informatization Affairs.' However, no information about an evaluation method, process and organization is provided. We surveyed information security management system (ISMS) and related best practices in public sector and other countries, and analysed the military information security affairs. Thus, this paper recommends the IS evaluation method and process. The trial IS evaluation is in progress this year and the MND will expand this IS evaluation to the entire organization.

• The Journal of Information Technology and Database
• /
• v.7 no.2
• /
• pp.117-134
• /
• 2000

This study examines the relationship between the organizational member's information security mind and organizational information security level. The influential relationships among organizational members' information security mind are investigated, and the relationship between organization's information security level and information security mind has been analyzed. As a result, too manager's information security mind is shown to give the biggest influence to other group in the organization. A strong positive correlation exists between organizational member's information security mind and the level of organization's physical, technical, managerial information security. However, there is no significant difference in information security level by types of business. In the future, a more profound study on information security mind is necessary. And alternative methods of information security level estimation need to be studied.

• Journal of the Society of Disaster Information
• /
• v.5 no.1
• /
• pp.104-119
• /
• 2009

The purpose of this study is to examine the effects of job involvement and organization commitment on job form of security guard. The total 260 subjects are composed of 50 women and 210 men who work at security company for security guards in Seoul and Gyonggi province. First, according to the populational and social character, job involvement was higher in women security guards than men, higher in 'above 41' for age, higher in 'university' for educational level, and higher in '300-400' for incomes. Second, according to the populational and social character, organization commitment was higher in men security guards than women, higher in 'above 41 ' for age, higher in 'graduate school of university' for educational level, and higher in '300-400' for incomes. Third, according to the form of the job, the job involvement was higher in 'under 10' for their career, higher in 'manager' for their responsibilities of work, higher in 'afternoon working' for the time schedules, and higher in 'field service' for the kind of working. Fourth, according to the form of the job, the organization commitment was higher in 'under 10' for their career and higher in 'field service' for the kind of working. However, there was no difference between the responsibilities of work and the time schedules. Fifth, it increases the organization, when the job involvement of the security guards such as work attachment, active performance, and the pursuit of job achievement.