JOURNAL BROWSE
Search
Advanced SearchSearch Tips
The Correspondence Competence of Information Accident by Firms Experienced in Confidential Information Leak
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
 Title & Authors
The Correspondence Competence of Information Accident by Firms Experienced in Confidential Information Leak
Jung, Byoungho;
  PDF(new window)
 Abstract
The purpose of this study is to examine a security investment for firms experienced in confidential information leak. Information security is an apparatus for protection of secret information. The competence of information security is a competitiveness to avoid information leakage in changing business environment. The type of information security is divided into administrative security, technical security and physical security. It is necessary to improve the incident correspondence competence through information security investment of the three types. Therefore, the investment of information security is to enhance information-asset protection of firms. To reinforce accident response competence, an organization discussed an establishment, security technology development, expand investment and legal system of the security system. I have studied empirically targeting the only information leak of firms. This data is a technical security competence and technology leakage situation of firms happened in 2010. During recovery of the DDos virus damage on countries, company and individual, the collected data signify a reality of information security. The data also identify a security competence of firms worrying information security management. According to the study, the continuous investment of information security has a high competence of accident correspondence. In addition, the most of security accidents showed a copy and stealing of paper and computer files. Firm on appropriate security investment is an accident correspondence competence higher than no security investment regardless of a large, small and medium-sized, and venture firm. Furthermore, the rational security investment should choose the three security type consideration for firm size.
 Keywords
Security Accident;Correspondence Competence;Confidential Information Leak;Information Security;
 Language
Korean
 Cited by
 References
1.
정병호.김병초, "중소기업의 IT 투자에 따른 정보품질과 프로세스 개선에 관한 연구," 중소기업연구, 제36권, 제4호, 2014b, pp. 47-71.

2.
정병호.권태형, "소셜 미디어는 캐즘(Chasm)과 구매 가치에 얼마나 영향을 미치는가? 채택 집단 간 정보력 및 신뢰도 효과," 한국IT서비스학회지, 제13권, 제1호, 2014, pp. 221-251.

3.
Nosworthy, Julie D., "Implementing Information Security In The 21 st Century-Do You Have the Balancing Factors?," Computers & security, Vol. 19, No. 4, 2000, pp. 337-347. crossref(new window)

4.
Stoneburner, G., Goguen, A., & Feringa, "A. Risk Management Guide for Information Technology Systems (Special Publication 800-30)," Gaithersburg, MD: National Institute of Standards and Technology, 2002.

5.
이정환.정병호.김병초, "기업 보안 유형에 따른 보안사고 대응역량: 사회기술시스템 이론 관점에서," 한국IT서비스학회지, 제12권, 제1호, 2013, pp. 289-208.

6.
Kotulic, Andrew G., and Jan Guynes Clark., "Why there aren't more information security research studies," Information & Management, Vol. 41 No. 5, 2004, pp. 597-607. crossref(new window)

7.
Ifinedo Princely., "Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory," Computers & Security, Vol. 31, No. 1, 2012, pp. 83-95. crossref(new window)

8.
Anderson, Evan E., and Joobin Choobineh., Enterprise information security strategies, Computers & Security, Vol. 27, No. 1, 2008, pp. 22-29. crossref(new window)

9.
최재영, "IT 투자 정당화 요인에 관한 연구," 디지털정보산업학회지, 제11권, 제4호, 2015, pp. 177-187.

10.
Mattord, Herbert, and Michael Whitman., "Regulatory Compliance in Information Technology and Information Security," AMCIS 2007 Proceedings, 2007.

11.
Merkow, Mark S., and Jim Breithaupt., Information security: Principles and practices. Pearson Education, 2014.

12.
신현조.이경복.박태형, "인적 및 직무특성과 보안교육 이수율 및 사이버테러 대응과의 연관성 분석," 디지털산업정보학회지, 제10권, 제4호, 2014, pp. 97-107.

13.
Fred, C., "Managing network security - Part 5: Risk management or risk analysis," Network Security, Vol. 1997, No, 4, 1997, pp 15-19.

14.
Clegg, Chris W., Sociotechnical principles for system design, Applied ergonomics, Vol. 31, No. 5, 2000, pp. 463-477. crossref(new window)

15.
Heller, Frank., Socio-technology and the environment, Human Relations, Vol. 50, No. 5, 1997, pp. 605-624.

16.
Seni, Dan Alexander., The sociotechnology of sociotechnical systems: Elements of a theory of plans, Studies on Mario Bunge's Treatise, 1990, pp. 431-454.

17.
Trist, E., "The evolution of socio-technical systems," a conceptual framework and an action research program, Occasional paper, 1981.

18.
Guo, Ken H., Security-related behavior in using information systems in the workplace: A review and synthesis, Computers & Security, Vol. 32, 2013, pp. 242-251. crossref(new window)

19.
Yeh, Quey-Jen, and Arthur Jung-Ting Chang., "Threats and countermeasures for information system security: A cross-industry study," Information & Management, Vol. 44, No. 5, 2007, pp. 480-491. crossref(new window)

20.
Vacca, John R., Computer and information security handboo,. Newnes, 2012.

21.
NIST, Information Security Handbook: A Guide for Managers, 2006.

22.
Pugh, Derek S., and David J. Hickson., Writers on organizations, Penguin UK, 2007.

23.
Baskerville, Richard, and Mikko Siponen., An information security meta-policy for emergent organizations, Logistics Information Management, Vol. 15.5, No. 6, 2002, pp. 337-346. crossref(new window)

24.
Hsu, Jack Shih-Chieh, et al., "The Role of Extra-Role Behaviors and Social Controls in Information Security Policy Effectiveness, Information Systems Research," Vol. 26, No. 2, 2015, pp. 282-300. crossref(new window)

25.
Von Solms, Basie, Corporate governance and information security, Computers & Security, Vol. 20, No. 3, 2001, pp. 215-218. crossref(new window)

26.
Hu, Qing, et al., "Managing employee compliance with information security policies: the critical role of top management and organizational culture," Decision Sciences, Vol. 43, No. 4, 2012, pp. 615-660. crossref(new window)

27.
Ifinedo, Princely., "Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition," Information & Management, Vol. 51, No. 1, 2014, pp. 69-79. crossref(new window)

28.
Post, Gerald, and Albert Kagan, "Management tradeoffs in anti-virus strategies," Information & Management, Vol. 37, No. 1, 2000, pp. 13-24. crossref(new window)

29.
Whitman, Michael, and Herbert Mattord., Management of information security, Nelson Education, 2013.

30.
중소기업청, "보안 컨설턴트용 실무가이드북," 중소기업기술정보진흥원, 2007.

31.
Vance, Anthony, Mikko Siponen, and Seppo Pahnila., "Motivating IS security compliance: insights from habit and protection motivation theory," Information & Management, Vol. 49, No. 3, 2012, pp. 190-198. crossref(new window)

32.
정병호.김병초, "IT 프로젝트 모방 투자 유형에 따른 성과 차이 연구," 한국IT서비스학회지, 제11권, 제3호, 2012, pp. 205-225.

33.
Hair, Joseph F., Multivariate data analysis, 2010.