• Korean Security Journal
• /
• no.12
• /
• pp.245-269
• /
• 2006

The suggestions that follow are about the device to assure the effectiveness of administrational regulation and supervision in Korean private security. First, government clearance should be reinforced. For this it is necessary that the qualification for security dealer-careers and academic backgrounds with security etc.- should be elucidated in Security Law. Also it should be achieved to increase the capital fund and to keep security guards for insuring substitutional manpower. Second, after legal permission governmental supervision should be done in quality by means of setting up the competent institutions independently. Third, the punishment for obtaining security license mendaciously, carrying out illegal or unfair task and assigning Security Guard Supervisors expediently should be strengthened. Also to prevent expedient acts it is necessary to prescribe illegal or unfair acts in the concrete in Security Law and violators should be legally responsible. Fourth, to lay the foundation for security industry itself and make up for perfunctory governmental direct System for Professional License (of private security guard) should come into effect.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.5
• /
• pp.79-92
• /
• 2006

Computer virus is one of the most common information security problems in the information age. This study investigates the difference of users' perception of security elements between large companies and small-and-medium companies on the subject of computer virus. Based on t-test, no significant difference is found in users' perception on security threat and security risk While users satisfy with the level of security policy, there is a significant difference on the level of security policy recognition between the two sizes of companies. Moreover, there are significant differences on information assets, security vulnerability and security effectiveness, which implies difference in the users' perception on importance of assets, exposure to threats and computer virus prevention efforts between large and small-and-medium companies.

• Korean Security Journal
• /
• no.48
• /
• pp.9-33
• /
• 2016

The purpose of the present study was to find out cause-and-effect relationship between job requirements and job resources, with job burnout as a mediator variable, and the effects of these variables on organizational effectiveness. The population in the present study was private security guards employed by 13 private security companies in Seoul and Gyeonggi-do areas, and a survey was conducted on 500 security guards selected using purposive sampling technique. Out of 460 questionnaires distributed, 429 responses, excluding 31 outliers or insincere responses, were used for data analysis. For analysis, data were coded and entered into SPSS 18.0 and AMOS 18.0, which were used to analyze the data. Descriptive analyses were performed to find out sociodemographic characteristics of the respondents. The exploratory factor analysis (EFA) and confirmatory factor analysis (CFA) were used to test the validity of the measurement tool, and the Cronbach's Alpha coefficients were calculated to test the reliability. To find out the significance of relationships among variables, Pearson's correlation analysis was performed. Covariance Structure Analysis (CSA) was performed to test the relationship among latent factors of a model for job requirements, job resources, job burnout, and organizational effectiveness of the private security guards, and the fitness of the model analyzed with CSA was determined by the goodness-of-fit index ($x^2$, df, p, RMR, GFI, CFI, TLI, RMSEA). The level of significance was set at .05, and the following results were obtained. First, even though the effect of job requirements on job burnout was not statistically significant, it had a positive influence overall, and this result can be considered such that the higher the perception of job requirements by the member of the organization, the higher the perception of job burnout. Second, the influence of job resources on job burnout was negative, which can be considered that the higher the perception of job resources, the lower the perception of job burnout. Third, even though the influence of job requirements on organizational effectiveness was statistically nonsignificant, it had a negative influence overall, and this result can be considered that the higher the perception of job requirements, the lower the perception of organizational effectiveness. Fourth, job resources had a positive influence on organizational effectiveness, and it can be considered that the higher the perception of job resources, the higher the perception of organizational effectiveness. Fifth, the results of the analysis between job burnout and organizational effectiveness revealed that, even though the influence of job burnout on organizational effectiveness was statistically nonsignificant, it had partial negative influences on sublevels of organizational effectiveness, and this may suggest that the higher the perception of job burnout by the organization members, the lower the organizational effectiveness. Sixth, the analysis of mediating role in the relationship between job requirements and organizational effectiveness, job burnout was taking partial mediating role between job requirements and organizational effectiveness. These results suggest that reducing job burnout by managing job requirements, organizational effectiveness that leads to job satisfaction, organizational commitment, and turnover intention can be maximized. Seventh, the analysis of mediating role in the relationship among job requirements, job resources, and organizational effectiveness, job burnout was assuming a partial mediating role in the relationships among job requirements, job resources, and organizational effectiveness. These results suggest that organizational effectiveness can be maximized by either lowering job requirements or burnout management through reorganizing job resources.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.465-472
• /
• 2019

In recent years, the cyber attack has become a universal phenomenon, and the attacks in cyberspace are regarded as a kind of war, cyber-warfare. However, cyber-warfare is difficult to identify the damage caused by the attack. In order to effectively evaluate the damage to the attack that may occur in the cyber-warfare, this paper describes the damage evaluation simulation of the cyber-warfare based on DEVSim++, which can calculate the damage to the cyber attack using the MOCE (Measure of Cyber Effectiveness). Also, in order to help the commander in the cyber Command&Control phase, the number of victims by attack classification is expressed in the form of Venn diagram.

• Knowledge Management Research
• /
• v.20 no.3
• /
• pp.91-106
• /
• 2019

In the era of the 4th Industrial Revolution, the importance of information protection is increasing day by day with the advent of the 'hyper-connection society', and related government financial investment is also increasing. The source of the government's fiscal investment projects is taxpayers' money. Therefore, the government needs to evaluate the effectiveness and feasibility of the project by comparing the public benefits created by the financial investment projects with the costs required for it. At present, preliminary feasibility study system which evaluates the feasibility of government financial investment projects in Korea has been implemented since 1994, but most of them have been actively carried out only in some fields such as large SOC projects. In this study, we discuss the feasibility evaluation of public projects for the purpose of information security. we introduce the case study of the personal information protection program of Korean public institutions and propose a cost-effectiveness analysis method that can be applied to the feasibility study of the information protection field. Finally, we presented the feasibility study and criteria applicable in the field of information security.

• Journal of the Korea Convergence Society
• /
• v.9 no.9
• /
• pp.69-81
• /
• 2018

The ultimate intention of this research is to identify the factors that have a significant effect on the perceived importance of information security as the antecedent of intention to information security policy compliance. We found that the effectiveness of information security training program did not have statistically significant effect on the perceived cost of policy compliance. Second, the effectiveness of information security policy has significant influence on the perceived cost of policy compliance. Third, perceived vulnerability has a significant effect on the perceived cost of policy compliance. Fourth, perceived cost of policy compliance has a significant effect on perceived importance of information security. Fifth, supervisor's attitude toward information security silence has a significant effect on employee silent behavior towards information security. Sixth, communication opportunities towards information security has a significant influence on employee silent behavior towards information security. Finally, it was shown that employee silent behavior towards information security had a significant influence on the perceived importance of information security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.687-704
• /
• 2017

As Korea's industrial competitiveness and technological prowess increase, collaboration and technical exchanges with contracting companies are increasing. In an environment where cooperation with the contracting company is unavoidable ordering companies are also striving to prevent leakage of technologies through various security systems, policy-making and security checks. However, although the contracting companies were assessed to have a high level of security management the leakage of technical datas are steadily increasing. Issues are being raised about the effectiveness of the security management assessment and the actual security management levels. Therefore, this study suggested a security management system model to improve security management efficiency in the general contract structure. To prove this, analyze the efficiency of 36 contractor companies for the technical datas security management system using the DEA model. The results of the analysis are reflected in the assessment results. Lastly, suggestions for improving the effectiveness of the technical datas security system are proposed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.1
• /
• pp.103-111
• /
• 2009

Recently, cyber attacks against public communications networks are getting more complicated and varied. Moreover, in some cases, one country could make systematic attacks at a national level against another country to steal its confidential information and intellectual property. Therefore, the issue of cyber attacks is now regarded as a new major threat to national security. The conventional way of operating individual information security systems such as IDS and IPS may not be sufficient to cope with those attacks committed by highly-motivated attackers with significant resources. As a result, the monitoring and control of cyber security, which enables attack detection, analysis and response on a real-time basis has become of paramount importance. This paper discusses how to improve efficiency and effectiveness of national cyber security monitoring and control services. It first reviews major threats to the public communications network and how the responses to these threats are made and then it proposes a new approach to improve the national cyber security monitoring and control services.

• Journal of Intelligence and Information Systems
• /
• v.17 no.1
• /
• pp.71-90
• /
• 2011

This study was designed to empirically analyze the effect of control activities(physical, managerial and technical securities) of information protection on organizational effectiveness and the mediating effects of information application. The result was summarized as follows. First, the effect of control activities(physical, technical and managerial securities) of information protection on organizational effectiveness showed that the physical, technical and managerial security factors have a significant positive effect on the organizational effectiveness(p < .01). Second, the effect of control activities(physical, technical and managerial securities) of information protection on information application showed that the technical and managerial security factors have a significant positive effect on the information application(p < .01). Third, the explanatory power of models, which additionally put the information protection control activities(physical, technical and managerial securities) and the interaction variables of information application to verify how the information protection control activities( physical, technical and managerial security controls) affecting the organizational effectiveness are mediated by the information application, was 50.6%~4.1% additional increase. And the interaction factor(${\beta}$ = .148, p < .01) of physical security and information application, and interaction factor(${\beta}$ = .196, p < .01) of physical security and information application among additionally-put interaction variables, were statistically significant(p < .01), indicating the information application has mediated the relationship between physical security and managerial security factors of control activities, and organizational effectiveness. As for results stated above, it was proven that physical, technical and managerial factors as internal control activities for information protection are main mechanisms affecting the organizational effectiveness very significantly by information application. In information protection control activities, the more all physical, technical and managerial security factors were efficiently well performed, the higher information application, and the more information application was efficiently controlled and mediated, which it was proven that all these three factors are variables for useful information application. It suggested that they have acted as promotion mechanisms showing a very significant result on the internal customer satisfaction of employees, the efficiency of information management and the reduction of risk in the organizational effectiveness for information protection by the mediating or difficulty of proved information application.

• Journal of Information Technology Services
• /
• v.18 no.5
• /
• pp.155-164
• /
• 2019

With the emergence of new ICT technologies, information security threats are becoming more advanced, intelligent, and diverse. Even though the awareness of the importance of information security increases, the information security budget is not enough because of the lack of effectiveness measurement of the information security investment. Therefore, it is necessary to optimize the information security investment in each business environment to minimize the cost of operating the information security countermeasures and mitigate the damages occurred from the information security breaches. In this paper, using genetic algorithms we propose an investment optimization model for information security countermeasures with the limited budget. The optimal information security countermeasures were derived based on the actual information security investment status of SMEs. The optimal solution supports the decision on the appropriate investment level for each information security countermeasures.