• 한국정보시스템학회지:정보시스템연구
• /
• 제29권4호
• /
• pp.57-76
• /
• 2020

Purpose Although examining the antecedents of employees' extra-role behavior (i.e. information security participation behavior) in the information security context is significant for researchers and practitioners, most behavioral security studies have focused on employees' in-role behavior (i.e. information security policy compliance). Thus, this research addresses this gap by investigating how organizational information security climate influences information security participation behavior based on social information processing theory and Griffin and Neal's safety model. Design/methodology/approach We developed a research model by applying Griffin and Neal's safety model to the information security context and then tested our research model by conducting an online survey for employees of organizations with information security policies. Structural equation modeling (SEM) with SmartPLS 3.3.2 is used to test the corresponding hypothesis. Findings Our results show that organizational information security climate, information security knowledge, information security motivation are effective in motivating information security participation behavior. Also, we find that organizational information security climate positively influences both information security knowledge and information security motivation. Our findings emphasize the importance of organizational information security climate because it is capable of affecting employees on information security participation behavior. Our study contributes to the literature on information security by exploring the role of organizational information security climate in enhancing employees' information security participation behavior.

• Journal of Information Processing Systems
• /
• 제16권1호
• /
• pp.61-82
• /
• 2020

The security risk management used by some service providers is not appropriate for effective security enhancement. The reason is that the security risk management methods did not take into account the opinions of security experts, types of service, and security vulnerability-based risk assessment. Moreover, the security risk assessment method, which has a great influence on the risk treatment method in an information security risk assessment model, should be security risk assessment for fine-grained risk assessment, considering security vulnerability rather than security threat. Therefore, we proposed an improved information security risk management model and methods that consider vulnerability-based risk assessment and mitigation to enhance security controls considering limited security budget. Moreover, we can evaluate the security cost allocation strategies based on security vulnerability measurement that consider the security weight.

• 한국IT서비스학회지
• /
• 제12권1호
• /
• pp.289-308
• /
• 2013

This study proceeded to examine the cause of the continuous secret information leakage in the firms. The purpose of this study is to find out what type of security among administrative, technological and physical security would have important influence on firm's security performance such as the security-incident response competence. We established the model that can empirically verify correlation between those three types of security and the security-incident response competence. In addition, We conducted another study to look at relation between developing department of security in the firms and reaction ability at the accidents. According to the study, the administrative security is more important about dealing with the security-incident response competence than the rest. Furthermore, a group with department of security has better the security-incident response competence and shows higher competence in fixing or rebuilding the damage. Therefore, this study demonstrates that investing in administrative security will be effective for the firm security.

• 시큐리티연구
• /
• 제50호
• /
• pp.35-57
• /
• 2017

경비업법은 1976년 "용역경비업법"으로 제정된 이래 수많은 일부개정작업이 이루어져 왔다. 이러한 개정작업의 주된 내용은 기존의 용역경비업의 경비업무를 기초로 신변보호 업무나 특수경비와 같은 경비업무의 추가, 경비업자 또는 경비원의 책임 강화 및 경비업의 체계적 관리를 다루는 규정이 그 대부분을 이루고 있다. 그러나 이와 같은 법률개정의 흐름에는 '경비' 개념에 대한 본질적 문제가 양날의 칼처럼 직결되어 있음을 직시할 필요가 있다. 왜냐하면 일면, 현행 "경비업법"은 기존의 시설 인력경비 즉, Guard duty 중심의 경비서비스로 제2조의 경비업무를 근간으로 하여 경비업의 허가와 그 체계적 관리를 대상으로 하는 형식적 경비업을 규정하고 있음에 비해, 또 다른 관점에서 경비업은 보안(security)산업의 일종으로 현대의 위험사회에서 다원화된 보안욕구를 실현하고, 실질적 경비업의 기능을 육성과 발전의 대상으로 하는 적극적 경영 개념에 기초하고 있기 때문이다. 본 연구에서는 민간보안서비스 제공의 관점에서 "경비업법"상의 경비 및 경비업무의 해석에 대한 한계를 지적하고, "민간보안산업법"으로서 "경비업법"의 일반 법규성과 특별법으로서 민간보안서비스 관련 법률의 제 개정 작업을 재조명하였다. 또한 바람직한 입법의 제 개정방향을 제시함으로써 '국민보안'의 시대에 걸맞는 입법과 노력이 필요하다는 결론을 도출하였다.

• 시큐리티연구
• /
• 제8호
• /
• pp.197-218
• /
• 2004

This study has been conducted to provide data that contribute to increasing efficiency of 'Private Security', which is cooperated by customer, security companies and the police which carried out 'Public Law Enforcement' and controls security companies. To reach this purpose, we investigated the status of the 'Security Alarm Systems' operated by security service companied in Korea, analyzed arising problems, considered the polices for improving the operational quality. 'Electronic Security Systems' will increase working efficiency in performing 'Private Security'. There can be no two opinions on this matter. Therefore, it can be supposed that the improvement of operational quality of 'Electronic Security System' is an important factor to accomplish security services. 'Security Alarm System' is one of the 'Electronic Security System'. The critical problems in operating 'Security Alarm system' are unnecessary response by false alarm and nuisance alarm. To reduce the problems, it is suggested that security specialist officially licensed should improve security planning, installation and maintenance, and the 'Alarm Verification System' should be introduced with appropriate facilities.

• 시큐리티연구
• /
• 제29호
• /
• pp.87-113
• /
• 2011

한국 경비산업이 출범한지 반세기가 지났으며, 급속하게 발전하고 있다. 민간경비 산업의 영역은 생활안전뿐 아니라 국가안보에도 미치고 있으며, 그 영역은 계속 확장되고 있다. 경비업법은 경비산업과 밀접한 관계가 있으며, 민간경비 산업의 발전과 깊은 연관성이 있다. 1976년에 제정된 한국 경비업법은 일본 경비업법을 모델로 제정되었으나, 이제는 일본에 못지않게 체계를 갖추고 있다고 평가할 수 있다. 그러나 한국 경비업법은 지난 10년간의 경비산업의 수요를 반영하지 못한 채 정체되어 있다. 현행 경비업법의 문제점으로는 많은 사항이 논의되고 있지만, 경비산업의 발전과 직결되는 것으로 크게 네 가지를 들 수 있다고 판단된다. 첫째로, 교통유도경비업무와 같은 새로운 경비업무를 창출해야 한다는 점, 둘째로 과도하게 느슨한 허가기준을 강화시켜야 한다는 점, 셋째로 경비원의 교육체계를 대폭 개선해야 한다는 점, 넷째로 경비지도사 시험제도를 개선해야 한다는 점이다. 이에 이 네 가지를 중심으로 문제점을 도출하는 한편, 그에 대한 개선방안을 제시해 보기로 한다. 학계는 물론 업계 모두가 경비업법의 개정에 관심을 가져야 하며, 본고가 그 작은 계기가 되기를 희망한다.

• 융합보안논문지
• /
• 제16권1호
• /
• pp.39-48
• /
• 2016

경비업법이 제정된지 40년이 되었다. 그동안 시큐리티정책에 많은 변화가 있었으며 시큐리티 환경도 급변하였다. 경찰과 더불어 생활안전의 한 축을 담당하는 민간경비를 활성화시키고 지원하는 방향에서 전면적인 개정을 할 때가 되었다. 첫째, 시큐리티 환경를 변화를 반영하여 경비업법의 법명과 용어를 재정립할 필요가 있다. 즉, 시큐리티 컨설팅, 플랜너, 민간조사, 융합보안 등을 수용할 수 있도록 적절한 경비업무 범위 등을 확대할 필요가 있다. 둘째, 경비업법령의 오류를 시정하여 개정할 필요가 있다. 셋째, 경비업법령 중에서 불합리한 내용을 지닌 조항을 적절하게 개정할 필요가 있다. 넷째, 경비지도사의 선발, 교육, 선임 중에서 불합리한 문제를 시정하는 방향으로 개정할 필요가 있다.

• 정보보호학회논문지
• /
• 제8권1호
• /
• pp.23-37
• /
• 1998

This paper considers the design and management of security MIB for EDI system. EDI system has to establish various securety wervices and mechanisms to protect against security threats. Hence, the EDIsystem requires appropriate security management to monitor and control the security obhects for its security services and mechanisms. In this paper, I identify security objects for management of secueity services defined in the EDIsystem, and propose the design of a security MIB and describe the use of SNMPnetwork management protocol in its management.

• 지식경영연구
• /
• 제20권4호
• /
• pp.39-55
• /
• 2019

Although Firms have been increasing their information security significantly to handle increased security risks, the effects of information security were not well understood. This study aims to investigate the market value of information security by employing the event study methodology. Our research also explores how market responses vary depending on the type of information security announcements. We collected 177 firm-level information security announcements between 2001 and 2017 in South Korea. For all samples, our results indicate that the stock market positively reacts to information security announcements. We also conducted subsample analysis and found that while information security certification announcement has a positive impact on the stock market, information security activities (e.g. award, information security system) announcement had no impact on the stock market. Our study adopted a novel approach (i.e. event study) for investigating the effects of information security and found that information security investment positively affects firm value. Our results allow managers to measure the effects of information security investment and help them make right decisions on information security investment.

• 정보보호학회논문지
• /
• 제8권3호
• /
• pp.63-78
• /
• 1998

Recently, to use the evaluated firewall is recognized as a solution to achieve the security and reliability for government and organizarions in Korea. Results of firewall evaluation using ITSEC(Information Technology Security Evaluation Criteria) and CCPP(Common Criteria Protection Peofile)have been announced. Because there are problems to apply ITSECor CCPP for the firewall evaluation in korea environment, korea government and korea Information security Agency (KISA) decided to develop our own security dvaluation critrtia fir firewalls.As a result of the efforts, Korea firewall security evaluation criteria has been published on Feb. 1998. In this paper, we introduce Korea security evaluation criteria for firewalls. The ceiteria consists of functional and assurance requirements that are compatible with CC Evaluation Assurance Levels(EALs)