• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1207-1217
• /
• 2013

This study utilizes raw data from "Research on the actual condition of firms' information security" of KISA (2010) and constructs panel dataset to analyze a causal relationship between information security investment and security breach. Using Difference in Difference estimation method we find the following results. First, while the usual causality that information security investment reduces security breach is not supported, the reverse causality that security breach increases information security investment is well explained. Second, contrary to the conventional wisdom, firms in the finance/insurance business sector show the most significant reverse causality pattern.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.20 no.1
• /
• pp.119-131
• /
• 2024

The purpose of this study is to examine the operational performances by the investment level of information security in companies. The theoretical background summarized the meaning of information security, management information security, and network security. The research process was carried out in four stages. As a result of the analysis, the level of information security was classified into four groups, and the difference in operational performance was confirmed. According to the categorical regression analysis of the three dependent variables, independent variables such as network threats, non-network threats, executive information security awareness, industry, organizational size, and information security education all affected information security regulations, in-house information security checks, and information security budget investments. The theoretical implications of this study have contributed to updating the latest information security theory. Practical implications are that rational investments should be made on the level of information security of companies.

• KIPS Transactions on Computer and Communication Systems
• /
• v.1 no.3
• /
• pp.229-242
• /
• 2012

Although many companies acknowledge the necessity of investment of information security, it is difficult to grasp a tangible effect and to calculate a scale of damage from the security incident. Consequently, companies are under the reality that it is not easy to make an investment decision for information security and to calculate the investment scale. For the investment decision making, although there are several traditional techniques of investment analysis, the investment of information security, comparing to other tangible assets, has limitations in using traditional techniques due to the highly uncertain investment effects. In this study, the traditional technique of investment analysis will be described, and the application method of analytic technique for Real Option, which is developed from the evaluation technique of highly uncertain financial futures and options, will be suggested.

• Journal of Internet Computing and Services
• /
• v.6 no.3
• /
• pp.1-16
• /
• 2005

This paper propose not only MDIT(Mobile Digital Investment Trust) agent design for Trust Investment under Mobile E-commerce environment, but also the symmetric key algorithm 3BC(Bit, Byte and Block Cypher) and the public encryption algorithm F2mECC for solving the problems of memory capacity, CPU processing time, and security that mobile environment has. In Particular, the MDIT Security Agent is the banking security project that introduces the concept of investment trust in mobile e-commerce, This mobile security protocol creates a shared secrete key using F2mECC and then it's value is used for 3BC that is block encryption technique. The security and the processing speed of MDIT agent are enhanced using 3BC and F2mECC.

• Asia pacific journal of information systems
• /
• v.21 no.4
• /
• pp.27-43
• /
• 2011

This article explores economic models that show the optimal level of information security investment in the presence of interdependent security risks, Using particular functional forms, the analysis shows that the relationship between the levels of security vulnerability and the levels of optimal security investments is affected by externalities caused by agents' correlated security risks. This article further illustrates that, compared to security investments in the situation of independent security risks, in order to maximize the expected benefits from security investments, an agent should invest a larger fraction of the expected loss from a security breach in the case of negative externalities, while an agent should spend a smaller fraction of the expected loss in the case of negative externalities.

• Journal of the Korean Operations Research and Management Science Society
• /
• v.34 no.3
• /
• pp.155-163
• /
• 2009

We develop a probability model to evaluate information security investment portfolios. We assume that organizations install portfolios of information security countermeasures to mitigate the damage such as loss of the transaction being processed, damage of hardware and data, etc. A queueing model and Its expected value analysis are used to derive the lost cost of transactions being processed, the replacement cost of hardwares, and the recovery cost of data. The net present value for each portfolio is derived and organizations can select the optimal information security investment portfolio by comparing portfolios.

• International Journal of Computer Science & Network Security
• /
• v.22 no.10
• /
• pp.201-206
• /
• 2022

The main purpose of the study is to analyze the features of innovation and project management in the system of improving the performance of personnel as a factor in ensuring competitiveness and investment security. For the successful operation of enterprises, regardless of their form of ownership and field of activity, in order to carry out effective activities, they turn to innovative methods related to the formation of the potential of the workforce, and increasing the level of education and qualifications of staff and establishing their potential ability to make independent decisions. Based on the results of the study, the key features of innovation and project management in the system of improving the performance of personnel as a factor in ensuring competitiveness and investment security are characterized.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1271-1284
• /
• 2014

This paper classifies technical, administrative and physical areas of defects and advices made by an external audit (ISO27001) and internal audit (performed by a security team) in a company which has the management system of information security. With the classified data it finds the correlation between the budget and investment of information security, and analyze the correlation. As a result of the analysis, it has been found that as time goes on there is a consistent correlation between a administrative area and technical area of security. Specially, it has been confirmed that the relation between the scale of the budget which is not executed and the number of the defects and advices made by the audit is in direct proportion. Therefore, in this paper, so as to provide a model that can be used for validating the effectiveness of the protective investment information by statistically calculating the similarity based on the results of correlation analysis. This research is intended to help that a company makes a precise decision when it establishes a policy of information security and systematic methodology of the investment in information security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.919-929
• /
• 2014

Recently, organizational efforts to adopt ISMS(Information Security Management System) have been increasingly mandated and demanded due to the rising threat and the heavier cost of security failure. However there is a serious gap between awareness and investment of information security in a company, hence it is very important for the company to control effectively a variety of information security threats within a tight budget. To phase the ISMS, this study suggests the priorities based on evaluating the Importance of 13 areas for the ISMS by the information security experts and then we attempt to see the difference between importance and investment through the assessment of the actual investment in each area. The research findings show that intrusion incident handling is most important and IT disaster recovery is the area that is invested the most. Then, information security areas with the considerable difference between priorities of importance and investment are cryptography control, information security policies, education and training on information security and personnel security. The study results are expected to be used in making a decision for the effective investment of information security when companies with a limited budget are considering to introduce ISMS or operating it.

• Information Systems Review
• /
• v.22 no.2
• /
• pp.201-217
• /
• 2020

Information security is an essential element not only to ensure the operation of the company and trust with customers but also to mitigate uncertain damage by preventing information data breach. Therefore, It is important to select appropriate information security countermeasures and determine the appropriate level of investment. This study presents a decision support model for the appropriate investment amount for each countermeasure as well as an optimal portfolio of information countermeasures within a limited budget. We analyze statistics on the types of information security breach by industry and derive an optimal portfolio of information security countermeasures by using genetic algorithms. The results of this study suggest guidelines for investing in information security countermeasures in various industries and help to support objective information security investment decisions.