• Title, Summary, Keyword: Information Security

Search Result 14,244, Processing Time 0.083 seconds

Effects of Information Security Education on the Practice of Information Security for the Youth (정보보호 교육이 청소년의 정보보호 실천에 미치는 영향)

  • Kang, Min-Seong;Kim, Tae-Sung;Kim, Taek-Young
    • Journal of Information Technology Applications and Management
    • /
    • v.26 no.2
    • /
    • pp.27-40
    • /
    • 2019
  • As reliance on information and communication becomes widespread, a variety of information dysfunctions such as hacking, viruses, and the infringement of personal information are also occurring. Korean adolescents are especially exposed to an environment in which they are experiencing information dysfunction. In addition, youth cybercrimes are steadily occurring. To prevent cybercrime and the damage caused by information dysfunction, information security practices are essential. Accordingly, the purpose of this study is to discuss the factors affecting the information security practices of Korean youths, considering information security education, perceived severity, and perceived vulnerability as leading factors of the theory of planned behavior. A questionnaire survey was administered to 118 middle and high school students. Results of the hypothesis test show that information security education affects perceived behavior control, and perceived severity affects attitude. Subjective norms, information security attitudes, and perceived behavioral control were found to influence adolescents' practices of information security. However, perceived vulnerabilities did not affect youths' information security attitudes. This study confirms that information security education can help youths to practice information security. In other words, information security education is important, and it is a necessary element in the information curriculum of contemporary youth. However, perceived vulnerability to youth information security threats did not affect information security attitudes. Consequently, we suggest that it is necessary to strengthen the contents of the information security education for Korean youths.

Market Reaction to IT Security Investment Announcements (기업의 정보보호 공시가 기업가치에 미치는 영향)

  • Park, Jaeyoung;Jung, Woo-Jin
    • Knowledge Management Research
    • /
    • v.20 no.4
    • /
    • pp.39-55
    • /
    • 2019
  • Although Firms have been increasing their information security significantly to handle increased security risks, the effects of information security were not well understood. This study aims to investigate the market value of information security by employing the event study methodology. Our research also explores how market responses vary depending on the type of information security announcements. We collected 177 firm-level information security announcements between 2001 and 2017 in South Korea. For all samples, our results indicate that the stock market positively reacts to information security announcements. We also conducted subsample analysis and found that while information security certification announcement has a positive impact on the stock market, information security activities (e.g. award, information security system) announcement had no impact on the stock market. Our study adopted a novel approach (i.e. event study) for investigating the effects of information security and found that information security investment positively affects firm value. Our results allow managers to measure the effects of information security investment and help them make right decisions on information security investment.

Design of Financial Information Security Model based on Enterprise Information Security Architecture (전사적 정보보호 아키텍처에 근거한 금융 정보보호 모델 설계)

  • Kim, Dong Soo;Jun, Nam Jae;Kim, Hee Wan
    • Journal of the Korea Society of Digital Industry and Information Management
    • /
    • v.6 no.4
    • /
    • pp.307-317
    • /
    • 2010
  • The majority of financial and general business organizations have had individual damage from hacking, worms, viruses, cyber attacks, internet fraud, technology and information leaks due to criminal damage. Therefore privacy has become an important issue in the community. This paper examines various elements of the information security management system and discuss about Information Security Management System Models by using the analysis of the financial statue and its level of information security assessment. These analyses were based on the Information Security Management System (ISMS) of Korea Information Security Agency, British's ISO27001, GMITS, ISO/IEC 17799/2005, and COBIT's information security architecture. This model will allow users to manage and secure information safely. Therefore, it is recommended for companies to use the security management plan to improve the companies' financial and information security and to prevent from any risk of exposing the companies' information.

The Influence of Information Security Behaviors on Information Security Performance in Shipping and Port Organization (해운항만조직의 정보보안이행이 정보보안성과에 미치는 영향)

  • Kang, Da-Yeon;Chang, Myung-Hee
    • Journal of Navigation and Port Research
    • /
    • v.40 no.4
    • /
    • pp.213-222
    • /
    • 2016
  • Recently, as cases of organizations' information disclosure occur continuously, it is urgent to manage security of information and establish measures to enhance security of information by an organization itself. Especially, members of an organization should be prepared with measures for information security, and an organization should do its efforts to raise its members' awareness toward information security. I set a research model to verify what effects an organization's fulfillment of regulations to secure information brings to performance of information security and selected members from maritime and port organizations and financial and insurance institutes as sample. Results of the analysis to identify factors affecting information security performance among members of maritime and port organizations are as follows. Firstly, I found that the factors affecting information security awareness are information security attitude and information security standards. Secondly, the factor giving influence on information security policy of an organization was found to be information security standards. In contrast, information security punishments and information security training were verified not to give influence on compliance of information security policy. Thirdly, information security awareness was identified to give significant influence on compliance of information security policy, information security competence and information security behavior. Fourthly, compliance of information security policy was verified to be those factors that give influence on information security competence and information security behavior. Lastly, information security competence and information security behavior were found to be such factors that give influence on information security performance.

Optimization of Information Security Investment Considering the Level of Information Security Countermeasure: Genetic Algorithm Approach (정보보호 대책 수준을 고려한 정보보호 투자 최적화: 유전자 알고리즘 접근법)

  • Lim, Jung-Hyun;Kim, Tae-Sung
    • Journal of Information Technology Services
    • /
    • v.18 no.5
    • /
    • pp.155-164
    • /
    • 2019
  • With the emergence of new ICT technologies, information security threats are becoming more advanced, intelligent, and diverse. Even though the awareness of the importance of information security increases, the information security budget is not enough because of the lack of effectiveness measurement of the information security investment. Therefore, it is necessary to optimize the information security investment in each business environment to minimize the cost of operating the information security countermeasures and mitigate the damages occurred from the information security breaches. In this paper, using genetic algorithms we propose an investment optimization model for information security countermeasures with the limited budget. The optimal information security countermeasures were derived based on the actual information security investment status of SMEs. The optimal solution supports the decision on the appropriate investment level for each information security countermeasures.

A Study on Policy for cost estimate of Security Sustainable Service in Information Security Solutions (정보보안솔루션 보안성 지속 서비스 대가 산정 정책 연구)

  • Jo, Yeon-ho;Lee, Yong-pil;Lim, Jong-in;Lee, Kyoung-ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.4
    • /
    • pp.905-914
    • /
    • 2015
  • Once information security solution is implemented, it requires many services other than just general user management, such as malicious code analysis and security updated for consistent security against external threats or attacks, analysis of threat and attack, effectivity management of obtained security assurance, and advisory activities of security technical professionals. However, even if information security solutions provide those extra services, they are not properly treated in real market. Thus, for the security sustainable services, this study analyzes the service status of domestic information security, and suggest policy measure of price which could reflected the characteristics of information security solutions.

Relationship between Information Security Activities of Enterprise and Its Infringement : Mainly on the Effects of Information Security Awareness (기업의 정보보호 활동과 정보침해 사고 간의 관계: 정보보호 인식의 매개효과를 중심으로)

  • Moon, Kunwoong;Kim, Seungjoo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.4
    • /
    • pp.897-912
    • /
    • 2017
  • This paper focuses on how the protection of information security incident is effective in via Information security awareness when conducting information security activities of enterprises. Research models have theorized that the information security activity and the information security awareness will reduce the incidence of information security. The general characteristics of analysis targets have been carried out in the frequency analysis, and the reliability of the measuring tool has been utilized to calculate the coefficient of Cronbach's information protection. Evidence has been demonstrated regarding the relationship between information security activities and information security awareness and information security incidents.

The Correspondence Competence of Information Accident by Firms Experienced in Confidential Information Leak (기밀정보 유출 경험을 가진 기업들의 정보사고 대응역량 강화에 관한 연구)

  • Jung, Byoungho
    • Journal of the Korea Society of Digital Industry and Information Management
    • /
    • v.12 no.2
    • /
    • pp.73-86
    • /
    • 2016
  • The purpose of this study is to examine a security investment for firms experienced in confidential information leak. Information security is an apparatus for protection of secret information. The competence of information security is a competitiveness to avoid information leakage in changing business environment. The type of information security is divided into administrative security, technical security and physical security. It is necessary to improve the incident correspondence competence through information security investment of the three types. Therefore, the investment of information security is to enhance information-asset protection of firms. To reinforce accident response competence, an organization discussed an establishment, security technology development, expand investment and legal system of the security system. I have studied empirically targeting the only information leak of firms. This data is a technical security competence and technology leakage situation of firms happened in 2010. During recovery of the DDos virus damage on countries, company and individual, the collected data signify a reality of information security. The data also identify a security competence of firms worrying information security management. According to the study, the continuous investment of information security has a high competence of accident correspondence. In addition, the most of security accidents showed a copy and stealing of paper and computer files. Firm on appropriate security investment is an accident correspondence competence higher than no security investment regardless of a large, small and medium-sized, and venture firm. Furthermore, the rational security investment should choose the three security type consideration for firm size.

A Case Study on the Information Security Management System for Major Korean Businessn Groups (국내주요그룹의 정보보안관리 체계에 관한 사례 연구)

  • Sun, Han-Gil;Han, In-Goo
    • Asia pacific journal of information systems
    • /
    • v.8 no.2
    • /
    • pp.105-119
    • /
    • 1998
  • As the first step to information security, the security policy and organizational control need to be established. The purpose of this study is to investigate the policy and management of information security of five major Korean business groups. The results of case study on five giant groups can be summarized as follows. There exists a basic policy for information security. But it is outdated and not realistic in the present. The security audit and education need to be upgraded. It is also necessary to use security tools actively. The security level is low in companies which do not have independent information security divisions. Therefore, it is desirable to build information security teams. The number of security personnel is not enough for the task although there exist an information security team in the company. It is important to check if the team has the ability of perform information security task. The interview with security managers reveals that the total security management should be integrated with physical and computer security. It is suggested that an Information Security Center play the major role for information security. The study on the information security management for industry level is expected to be performed in the future.

  • PDF

Security Evaluation Criteria for Firewalls in Kirea

  • Lee, Cheol-Won;Hong, Ki-Yoong;Kim, Hak-Beom;Oh, Kyeong-Hee;Kwon, Hyun-Jo;Sim, Joo-Geol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.8 no.3
    • /
    • pp.63-78
    • /
    • 1998
  • Recently, to use the evaluated firewall is recognized as a solution to achieve the security and reliability for government and organizarions in Korea. Results of firewall evaluation using ITSEC(Information Technology Security Evaluation Criteria) and CCPP(Common Criteria Protection Peofile)have been announced. Because there are problems to apply ITSECor CCPP for the firewall evaluation in korea environment, korea government and korea Information security Agency (KISA) decided to develop our own security dvaluation critrtia fir firewalls.As a result of the efforts, Korea firewall security evaluation criteria has been published on Feb. 1998. In this paper, we introduce Korea security evaluation criteria for firewalls. The ceiteria consists of functional and assurance requirements that are compatible with CC Evaluation Assurance Levels(EALs)

  • PDF