• Title/Summary/Keyword: it security

Search Result 11,472, Processing Time 0.038 seconds

An Empirical Approach to the Influence of IT Assets Security and Information Security Service on Information Security Qualify and Satisfaction (IT자산 안전성과 정보보호 서비스가 정보보호 품질 및 만족도에 미치는 영향에 관한 실증연구)

  • Kwon, Soon-Jae;Lee, Kun-Chang;Kim, Chang-Hyun
    • Journal of the Korean Operations Research and Management Science Society
    • /
    • v.32 no.2
    • /
    • pp.149-162
    • /
    • 2007
  • In the era of the internet and ubiquitous computing, IS users are still facing a variety of threats. Therefore, a need of more tightened information security service increases unprecedentedly. In this sense, this study is aimed at proposing a new research model in which IT assets (i.e., network, system, and information influence) Security and Information Security Service (i.e., confidentiality, integrity, nonrepudiation, authentication) affect information security quality positively, leading to users' satisfaction eventually. To prove the validity of the proposed research model, PLS analysis is applied with valid 177 questionnaires. Results reveal that both IT assets Security and Information Security Service influence informations security qualify positively, and user satisfaction as well. From the results, it can be concluded that Korean government's recent orchestrated efforts to boost the IT assets Security and Information Security Service helped great improve the information security quality and user satisfaction.

Study about the Impact of Information Security Systems on Corporate Performance: Based on IT Relatedness Theory (정보보안체계 수립이 Multibusiness 기업 성과에 미치는 영향에 관한 연구: IT Relatedness 이론 관점에서)

  • Koo, Ja Myon;Park, Joo Seok;Park, Jae Hong
    • Asia pacific journal of information systems
    • /
    • v.23 no.4
    • /
    • pp.129-149
    • /
    • 2013
  • According to the development of new Information Technologies, firms consistently invest a significant amount of money in IT activities, such as establishing internal and external information systems. However, several anti-Information activities-such as hacking, leakage of information and system destruction-are also rapidly increasing, thus many firms are exposed to direct and indirect threats. Therefore, firms try to establish information security systems and manage these systems more effectively via an enterprise perspective. However, stakeholders or some managers have negative opinions about information security systems. Therefore, in this research, we study the relationship between multibusiness firms' performance and information security systems. Information security indicates physical and logical correspondence of information system department against threats and disaster. Studies on information security systems suggested frameworks such as IT Governance Cube and COBIT Framework to identify information security systems. Thus, this study define that information security systems is a controlled system on enterprise IT process and resource on IT Governance perspective rather than independent domain of IT. Thus, Information Security Systems should be understood as a subordinate concept of IT and business processes. In addition, this study incorporates information capability to information security system literature to show the positive relationship between Information Security Systems and Corporate Performance. The concept of information capability suggested that an interaction of human, information, technical and an effect on corporate performance using three types of capability (IT Practice, Information Management Practice, Information Behaviors and Values). Information capability is about firms' capability to manage IT infrastructure and information as well as individual employees who use IT infrastructure and information. Thus, this study uses information capability as a mediating variable for the relationship between information security systems and firms' performance. To investigate the relationship between Information Security Systems and multibusiness firms' performance, this study extends the IT relatedness concept into Information Security Systems. IT relatedness provides understanding of how corporations cope with conflicts between headquarters and business units to create a synergy effect and achieve high performance using IT resources. Based on the previous literature, this study develops the IT Security Relatedness model. IT Security Relatedness is our main independent variable, while Information Capability and Information Security Performance are mediating variables. To control for the common method bias, we collect each multibusiness firm's financial performance and use it as our dependent variable. We find that Information Security Systems influence Information Capability and Information Security Performance positively, and these two variables consequently influence Corporate Performance positively. In addition, this result indirectly shows that corporations under a multibusiness environment can obtain synergy effects using the integrated Information Security Systems. This positive impact of Information Security Systems on multibusiness firms' performance has an important implication to various stakeholders. Therefore, multibusiness firms need to establish Information Security Systems to achieve better financial performance.

A study on Improved Convergence Security Monitoring System model (융합보안관제시스템 개선에 관한 연구)

  • Lee, Dong-Hwi;Ha, Ok-Hyun
    • Convergence Security Journal
    • /
    • v.11 no.5
    • /
    • pp.3-12
    • /
    • 2011
  • According to the NIS, damages due to leaking industrial technology are reaching tens of trillion won. The type of damages are classified according to insider leaks, joint research, and hacking, illegal technology leaks and collaborated camouflaged. But 80% of them turned out to be an insider leak about connecting with physical security. The convergence of IT and non IT is accelerating, and the boundaries between all area are crumbling. Information Security Industry has grown continuously focusing Private Information Security which is gradually expanding to Knowledge Information Security Industry, but Information Security Industry hereafter is concentrated with convergence of IT Security Technology and product, convergence of IT Security and Physical Security, and IT convergence Industry Security. In this paper, for preventing company information leaks, logical security and physical security both of them are managed at the same level. In particular, using convergence of physical security systems (access control systems, video security systems, and others) and IT integrated security control system, convergence security monitoring model is proposed that is the prevention of external attacks and insider leaks, blocked and how to maximize the synergy effect of the analysis.

A Framework for Making Decision on Optimal Security Investment to the Proactive and Reactive Security Solutions management (이 기종의 보안 솔루션 통합 운영을 위한 최적의 보안 투자 결정 모델)

  • Choi, Yoon-Ho
    • Journal of Internet Computing and Services
    • /
    • v.15 no.3
    • /
    • pp.91-100
    • /
    • 2014
  • While IT security investment of organizations has been increased, the amount of the monetary loss of organizations caused by IT security breaches did not decrease as much as their expectation. Also, from surveys, it was discovered that the poor usage of their security budget thwarted the improvement of the organization's security level. In this paper, to resolve the poor usage of security budget of organizations, we propose a comprehensive economic model for determining the optimal amount of investment in security solutions, including the proactive security solutions(PSSs) and the reactive security solutions(RSSs). Using the proposed analytical model under different parameters of security solutions, we show the optimal condition to maximize the expected net benefits from IT security investment of organizations. Also, we verify the common belief that the optimal level of investment in security solutions is an increasing function of vulnerability. Through simulations, we find the optimal level of IT security investment, given parameters of different characteristics of security solutions.

A Design on the Information Security Auditing Framework of the Information System Audit (정보시스템 감리에서의 정보보호 감리모형 설계)

  • Lee, Ji Yong;Kim, Dong Soo;Kim, Hee Wan
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.6 no.2
    • /
    • pp.233-245
    • /
    • 2010
  • This paper proposes security architecture, security audit framework, and audit check item. These are based on the security requirement that has been researched in the information system audit. The proposed information security architecture is built in a way that it could defend a cyber attack. According to its life cycle, it considers a security service and security control that is required by the information system. It is mapped in a way that it can control the security technology and security environment. As a result, an audit framework of the information system is presented based on the security requirement and security architecture. The standard checkpoints of security audit are of the highest level. It was applied to the system introduction for the next generation of D stock and D life insurance company. Also, it was applied to the human resources information system of K institution and was verified. Before applying to institutions, system developers and administrators were educated about their awareness about security so that they can follow guidelines of a developer security. As a result, the systemic security problems were decreased by more than eighty percent.

A Study on the Development of Convergence Security with the Changes in Security Environments (시큐리티 환경변화에 따른 융합보안의 대두와 물리보안업체의 대응)

  • Ahn, Hwang-Kwon
    • Convergence Security Journal
    • /
    • v.11 no.5
    • /
    • pp.31-40
    • /
    • 2011
  • As new technologies emerge and threats become increasingly complex and unpredictable, security professionals who are living in the age of information face an increasingly complex array of challenges. In recent, virtually all organizations with physical and IT assets protect those assets in a variety of methods. There are physical systems to protect facilities and their contents from unlawful trespassing. It is important to note that the integration of physical and IT security is to be required: When done correctly, the integration starts with laws, strategies, policies and procedures. Integration of physical and IT security systems is done not for its own sake but in support of security policies and procedures. Significant security improvements can be made by integrating physical and IT security management without necessarily integrating physical and logical electronic security systems. Up to now, the private security industries of the Republic of Korea have been operated and developed by the separation of physical security and industrial security. However, considering the fast changing security environments, physical security companies should turn their attention to security convergence field to cope with the new trends in the security matters. At the same time, governmental supports on the improvement of various laws, regulations and policies in such a way to meet the realistic needs of the industries should be followed.

A Case Study on the Information Security Management System for Major Korean Businessn Groups (국내주요그룹의 정보보안관리 체계에 관한 사례 연구)

  • Sun, Han-Gil;Han, In-Goo
    • Asia pacific journal of information systems
    • /
    • v.8 no.2
    • /
    • pp.105-119
    • /
    • 1998
  • As the first step to information security, the security policy and organizational control need to be established. The purpose of this study is to investigate the policy and management of information security of five major Korean business groups. The results of case study on five giant groups can be summarized as follows. There exists a basic policy for information security. But it is outdated and not realistic in the present. The security audit and education need to be upgraded. It is also necessary to use security tools actively. The security level is low in companies which do not have independent information security divisions. Therefore, it is desirable to build information security teams. The number of security personnel is not enough for the task although there exist an information security team in the company. It is important to check if the team has the ability of perform information security task. The interview with security managers reveals that the total security management should be integrated with physical and computer security. It is suggested that an Information Security Center play the major role for information security. The study on the information security management for industry level is expected to be performed in the future.

  • PDF

A Study on Conversion Security Control System for Industrial Security (산업보안을 위한 융합보안관제시스템에 관한 연구)

  • Ha, Ok-Hyun
    • Convergence Security Journal
    • /
    • v.9 no.4
    • /
    • pp.1-6
    • /
    • 2009
  • Current paradigm of industrial security is changing into the effective operation and management from simple establishment of security equipments. If the physical security system(entry control system, video security system, etc.) and the IT integrated security control system are conversed, it makes us possible to prevent, disrupt and track afterwards the insider's information leakage through the risk and security management of enterprise. That is, Without the additional expansion of the existing physical security and IT security manpower, the establishment of systematic conversion security management process in a short time is possible and can be expected the effective operation of professional organization system at all times. Now it is needed to build up integrated security management system as an individual technique including the security event collection and integrated management, the post connected tracking management in the case of security accident, the pattern definition and real time observation of information leakage and security violation, the rapid judgement and response/measure to the attempt of information leakage and security violation, the establishment of security policy by stages and systematically and conversion security.

  • PDF

Case studies : Security issues of IT products in terms of supply chain (사례 위주로 본 공급자망을 중심으로 한 IT제품 보안 위험)

  • Choi, Woongchul
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.12 no.4
    • /
    • pp.89-96
    • /
    • 2016
  • Before an IT product is used, there is a sequence of the process such as the components supply-demand of the product, their assembly and production, their logistics and delivery, and then finally, the product can be used by a user. During this sequence of the process, there can be many security exposures and risks. In this paper, we show, by examining security cases of various IT products, that there are many security exposures in the process of IT products from their production to their delivery to end users and in their use, and also show how critical the security exposures are. Even though there are various security theories, technologies and security controls, there is still weak link from the production of an IT product to its use, and this weak link can lead to security vulnerabilities and risks. This paper tries to call attention to the importance of the execution of the security control and the control components. We examine the practical cases to find out how the security control is paralyzed, and to show how it is compromised by asymmetric security resources. Lastly, from the cases, we examine and review the possible domestic security issues and their countermeasures.

A Development of Evaluation Indicators for Information Security by Means of the Coincidence Analyses (부합성 분석을 통한 정보보안 평가지표 개발)

  • Lee, Yeong-Kyu;Kim, Sang-Hoon
    • Journal of Information Technology Services
    • /
    • v.7 no.3
    • /
    • pp.175-198
    • /
    • 2008
  • The wide spread of the Internet has become a momentum to promote informatization, and thus individuals, organizations, and government bodies are competitively participating in this kind of new wave. Informatization enables us not only to circulate and utilize information without any limitation but also to maximize users' benefits and convenience. On the other hand, it brings about negative effects-security incidents such as cyber terror, Internet fraud and technology leakage, etc. Evaluation on security level should precede over all the others in order to minimize damage by security incidents since it diagnoses current status on security as it is and can be used as a guideline for appropriate security management. In this study, evaluation domains, items and indicators of information security to evaluate information security are theoretically developed on the basis of critically reviewing the major existing research. And then the coincidence level(content validity, ease and reliability of evaluation) of each evaluation indicators are empirically analyzed through performing the field study of 83 information security experts.