정부의 정보 보안 대책 법제화의 사전 효과성 분석 방법

Shim, Woohyun

  • 투고 : 2015.10.14
  • 심사 : 2015.11.24
  • 발행 : 2015.11.30


기업의 정보 보안을 보장하기 위해, 많은 정부가 다양한 보안 관련 대책을 의무화해오고 있다. 하지만 이러한 보안 대책의 실행에 앞서, 이의 잠재적 효과성을 분석하는 연구는 부족한 실정이다. 본 연구는 안전벨트의 착용 법제화가 자동차 사고 사망자 감소에 미치는 효과에 대한 연구를 응용하여, 정부의 다양한 보안 대책의 사전 효과성 평가가 가능한 모형을 개발하는 것을 목적으로 한다. 또한, 인터넷 진흥원의 정보보호실태조사(기업편) 데이터를 개발된 모형에 적용하여 어떠한 보안대책의 법제화가 사회 및 산업 전반의 보안위험을 줄이는데 효과적인지 사전평가를 시행하였다. 그 결과 보안교육의 법제화가 다른 보안대책에 비해 효과적임을 확인하였다.




  1. Bort, J., "Security Blogger Brian Krebs Is Trying To Track Down The Target Hacker By Talking To Suspected Credit Card Thieves," in Business Insider, ed. New York, NY: Business Insider Inc., 2013.
  2. Bratus, S., "Hacker curriculum: How hackers learn networking," IEEE Distributed Systems Online, Vol. 10, p. 2, 2007.
  3. Chipman, M. L., Li, J., and Hu, X., "The effectiveness of safety belts in preventing fatalities and major injuries among school-aged children," in Annual proceedings of the Association for the Advancement of Automotive Medicine, 1995, pp. 133-145.
  4. Colwill, C., "Human factors in information security: The insider threat-Who can you trust these days?," Information security technical report, Vol. 14, No. 4, pp. 186-196, 2009.
  5. D'Arcy, J., Hovav, A., and Galletta, D., "User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach," Information Systems Research, Vol. 20, No. 1, pp. 79-98, 2009.
  6. Eminagaoglu, M., Ucar, E., and Eren, S., "The positive outcomes of information security awareness training in companies-A case study," information security technical report, Vol. 14, No. 1, pp. 223-229, 2009.
  7. Evans, L., "Double pair comparison-a new method to determine how occupant characteristics affect fatality risk in traffic crashes," Accident Analysis & Prevention, Vol. 18, No. 3, pp. 217-227, 1986.
  8. Evans, L., "The effectiveness of safety belts in preventing fatalities," Accident Analysis & Prevention, Vol. 18, No. 3, pp. 229-241, 1986.
  9. Gordon, L. A., Loeb, M. P., Lucyshyn, W., and Sohail, T., "The impact of the Sarbanes-Oxley Act on the corporatedisclosures of information security activities," Journal of Accounting and Public Policy, Vol. 25, No. 5, pp. 503-530, 2006.
  10. Hoo, K. J. S., "How much is enough? A risk management approach to computer security," Consortium for Research on Information Security Policy (CRISP) Working Paper, Stanford University, 2000.
  11. Johnson, V. R., "Cybersecurity, Identity Theft, and the Limits of Tort Liability," South Carolina Law Review, Vol. 57, pp. 255-311, 2005.
  12. Kim, R., "Card firms may see over W1 tril. in losses," in The Korea Times, ed. Seoul, Korea: The Korea Times, 2014.
  13. KISA, "2007 Korean Information Security Survey," Korean Internet & Security Agency, Seoul, Korea, 2007.
  14. KISA, "2008 Korean Information Security Survey," Korean Internet & Security Agency, Seoul, Korea, 2008.
  15. Lee, C.-S. and Park, W., "Enhancing industrial security management system for multimedia environment," Forthcoming in Multimedia Tools and Applications.
  16. Merete Hagen, J., Albrechtsen, E., and Hovden, J., "Implementation and effectiveness of organizational information security measures," Information Management & Computer Security, Vol. 16, No. 4, pp. 377-397, 2008.
  17. Reich, P. C., "Cybercrime, Cybersecurity, and Financial Institutions Worldwide," in Cyberlaw for Global E-business: Finance, Payments and Dispute Resolution, Kubota, T., Ed., ed Hershey, PA: IGI Global, 2008.
  18. Robertson, L. S., "Estimates of motor vehicle seat belt effectiveness and use: implications for occupant crash protection," American Journal of Public Health, Vol. 66, No. 9, pp. 859-864, 1976.
  19. Schneier, B., "Computer security: It's the economics, stupid," in 1st Workshop on Economics of Information Security, Barkeley, CA, 2002.
  20. Shim, W., "Analysis of the Impact of Security Liability and Compliance on a Firm's Information Security Activities," The Journal of Society for e-Business Studies, Vol. 16, No. 4, pp. 53-73, 2011.
  21. Varian, H., "Managing online security risks," in New York Times, ed. New York, N.Y., 2000.
  22. Yonhap News, "Personal data of 12 million KT customers stolen: police," in Yonhap News, ed. Seoul, Korea: Yonhap News Agnecy, 2014.