• Journal of Digital Convergence
• /
• v.13 no.8
• /
• pp.133-144
• /
• 2015

In digital convergence environment, information security management plays crucial role in maintaining firms' competitiveness. Organizational citizenship behavior(OCB) enables informations security countermeasures to be more effectively worked by helping employees to have much knowledge of information security policy, by facilitating employees to participate in information security education/training. Thus, the purpose of this study is to investigate the mediating effect of OCB on the relationships between information security countermeasures and compliance intention. Questionary was designed based on prior information security research, and survey was conducted among companies' employees across the industry. Results showed that information security policy and information security education/training were found to be key predictors of compliance intention. In addition, OCB was proven to mediate the relationships between information security countermeasures and compliance intention.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.915-920
• /
• 2015

The commitment of top management is still insufficient for information security even the core of information security governance is dependent on the leadership of top management. In this situation, information security committee can be a good way to vitalize the commitment of top management and its activities are essential for implementing information security governance. The purpose of this study is to test that information security committee affects implementing information security governance and security effect. For a empirical analysis, questionnaire survey was conducted and the PLS(Partial Least Square) was used to analyze the measurement and structural model. The study result shows that a hypothesis related value delivery is not accepted and it is required to study various methods about how the information security provides positive value to business.

• Journal of the Korea Convergence Society
• /
• v.9 no.9
• /
• pp.69-81
• /
• 2018

The ultimate intention of this research is to identify the factors that have a significant effect on the perceived importance of information security as the antecedent of intention to information security policy compliance. We found that the effectiveness of information security training program did not have statistically significant effect on the perceived cost of policy compliance. Second, the effectiveness of information security policy has significant influence on the perceived cost of policy compliance. Third, perceived vulnerability has a significant effect on the perceived cost of policy compliance. Fourth, perceived cost of policy compliance has a significant effect on perceived importance of information security. Fifth, supervisor's attitude toward information security silence has a significant effect on employee silent behavior towards information security. Sixth, communication opportunities towards information security has a significant influence on employee silent behavior towards information security. Finally, it was shown that employee silent behavior towards information security had a significant influence on the perceived importance of information security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.275-283
• /
• 2016

Currently Internet and IT infrastructure of Korea has maintained the world's highest levels. But in another aspect, security incident, especially personal information breaches occur frequently. As personal information leakage happened, the companies will be negatively affected. And to prevent this, they have implemented to use a variety of security solutions from information security vendors. Therefore we set up hypotheses that the companies experienced personal information leakage as well as information security companies providing security solutions will be affected by the leakages. So this paper verify hypotheses about the impact of the value of information security companies, through analysing stock price fluctuation of the companies. We found that the stock price of information security companies has increased as personal information leakage happened. And differences according to leakage volumes and types of business are not statistically significant. But there are significant differences according to business classification of information security companies.

• Information Systems Review
• /
• v.11 no.2
• /
• pp.113-129
• /
• 2009

With increasing interest in information security, many studies have been conducted on cultivation and management of information security manpower. The widespread application of information security made the activity of information security professionals more diverse. Therefore, it is essential to analyze the knowledge and skills that are necessary for information security professionals to carry out their job and we also need to take these into considerations for the development and operation of education programs. In this study, for analyzing the perception gaps of information security knowledge and skills level between academia and industry, we have derived 58 knowledge and skills by conducting the literature review and Delphi method and we also conducted a survey of information security knowledge and skills requirements for information security professionals who are now working in industries and educational organizations. As a result, we analyze the perception gaps between two groups of information security professionals and suggest some guidelines for establishing the demand-based curriculum for training information security professionals.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.4
• /
• pp.77-89
• /
• 2009

As the awareness on the information security has been well developed, there have been various studies on effective training and management of the information security workforce. But, one of the most important things for the effective training is to develop education programs based on knowledge and skills requirements for information security professionals. This study aims to analyze the required and possessed levels of knowledge and skills for information security professionals' career. For this study, we selected 71 critical knowledge and skills for information security professionals by literature review and Delphi method, and we conducted a survey of information security knowledge and skills requirements for information security professionals to perform their jobs. As a result, we analyzed the current status of the information security professionals' knowledge and skills level and suggested some guidelines for educating information security professionals by their job career.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.39 no.3
• /
• pp.18-29
• /
• 2016

For most organizations, a security infrastructure to protect company's core information and their technology is becoming increasingly important. So various approaches to information security have been made but many security accidents are still taking place. In fact, for many Korean companies, information security is perceived as an expense, not an asset. In order to change this perception, it is very important to recognize the need for information security and to find a rational approach for information security. The purpose of this study is to present a framework for information security strategies of companies. The framework classifies companies into eight types so company can receive help in making decisions for the development of information security strategy depending on the type of company it belongs to. To develope measures to classify the types of companies, 12 information security professionals have done brainstorming, and based on previous studies, among the factors that have been demonstrated to be able to influence the information security of the enterprise, three factors have been selected. Delphi method was applied to 29 security experts in order to determine sub items for each factor, and then final items for evaluation was determined by verifying the content validity and reliability of the components through the SPSS analysis. Then, this study identified characteristics of each type of eight companies from a security perspective by utilizing the developed sub items, and summarized what kind of actual security accidents happened in the past.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.4
• /
• pp.15-31
• /
• 2001

In this paper we classify security threat elements of satellite communication into four parts; Level-0(satellite propagation signal), Level-1(satellite control data), Level-2(satellite application data) and ground network security level according to the personality and data of the satellite communication network. And we analyze each security levels. Using analyzed security threat elements, we divide security requirements into signal security level and information security level separately. And then above the existent signal security level countermeasure, we establish the countermeasure on the basis of information security policy such as satellite network security policy, satellite system security policy and satellite data security policy in information security level. In this paper we propose secure satellite communication network through the countermeasure based on information security policy.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.10 no.3
• /
• pp.99-106
• /
• 2014

The most significant change and trend in the information security market in the year of 2014 is in relation to the issue and incidents of personal information security, which leads the area of information security to a new phase. With the year of 2011 as the turning point, the security technology advanced based on the policies and conditions that combine personal information and information security in the same category. Such technical changes in information security involve various types of information, rapidly changing security policies in response to emerging illegal techniques, and embracing consistent changes in the network configuration accordingly. This study presents the result of standardization and quantification of external access inference by utilizing the measurements to fathom the access authorization performance in advance for information security in specialized networks designed to carry out certain tasks for a group of clients in the easiest and most simple manner. The findings will provide the realistic data available with the access authorization inference modes to control illegal access to the edge of a client network.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.941-950
• /
• 2018

The form of information security organization of a financial company has various organizational forms in accordance with the responsibilities and roles of the Chief Information Officer (CIO), the Chief Information Security Officer (CISO) and the Chief Privacy Officer (CPO). However, it is necessary to examine whether these various types of information protection organizations are the optimal organizational forms. In this study, six types of information security organizations among the various types of information security organizations in terms of CISO, CIO, and CPO relationship were selected as candidates. This paper aims to study and elucidate the optimal organizational form of information security for financial companies.