Journal of Information Technology Services (한국IT서비스학회지)

Korea Society of IT Services (한국IT서비스학회)
권호 표지

A Development of Evaluation Indicators for Information Security by Means of the Coincidence Analyses

부합성 분석을 통한 정보보안 평가지표 개발

  • 이영규 (중소기업기술정보진흥원) ;
  • 김상훈 (광운대학교 경영정보학과)
  • Published : 2008.09.30
Download PDF
⟨ Previous Next ⟩

Abstract

The wide spread of the Internet has become a momentum to promote informatization, and thus individuals, organizations, and government bodies are competitively participating in this kind of new wave. Informatization enables us not only to circulate and utilize information without any limitation but also to maximize users' benefits and convenience. On the other hand, it brings about negative effects-security incidents such as cyber terror, Internet fraud and technology leakage, etc. Evaluation on security level should precede over all the others in order to minimize damage by security incidents since it diagnoses current status on security as it is and can be used as a guideline for appropriate security management. In this study, evaluation domains, items and indicators of information security to evaluate information security are theoretically developed on the basis of critically reviewing the major existing research. And then the coincidence level(content validity, ease and reliability of evaluation) of each evaluation indicators are empirically analyzed through performing the field study of 83 information security experts.

Keywords

References

  1. 고일석, 김진영 외, 정보보호수준 평가 항목 및 방법론 개발, 한국정보보호 진흥원, 2002
  2. 김상훈, 최점기 외, '부합성 분석을 이용한 정보화지원사업 성과평가지표의 합리적 도출 방안', 한국데이타베이스학회, 제13권, 제3호(2006), pp.145-179
  3. 김정덕, '정보보호 분야의 평가방법론 및 지표 개발', 산업경영연구, 제12권, 제2호(2003), pp.21-39
  4. 김정덕, 김기윤, 정보보호지표 항목개발 및 계량화 연구, 한국정보보호센터, 1998
  5. 김정유, 이승아, 'IT 투자평가 방법론과 활용 방안', e-biz group working paper, 제28호(2001), pp.1-19
  6. 김현수, '정보보안수준 계량화 연구', 한국경영정보학회, 제9권, 제4호(1999), pp.181-201
  7. 안광호, 임병훈, SPSS를 활용한 사회 과학 조사방법론, 학현사, 2004
  8. 임용현, 정보보호 수준의 자가 평가 모델, 석사학위논문, 전남대학교, 2004
  9. 최점기, 정보화지원사업의 인과적 평가 모형 개발에 관한 실증적 연구, 박사학위논문, 광운대학교, 2006
  10. 중소기업청, 중소기업정보화경영원, 중소기업 정보화지원정책 성과평가체계 연구, 2005
  11. KISA(한국정보보호진흥원), 정보보호 관리 체계 인증규격, 2002
  12. British Standards Institution, BS7799-1: Code of Practice for Information Security Management, 2002
  13. British Standards Institution, BS7799-2: Specification for information security management systems, 2002
  14. Hatry, Harry P., Productivity and Motivation: A Review of State and Local Government Initiatives, Urban Institute Press, 1980
  15. ISO/IEC, ISO27001:Specification for information security management systems, 2005
  16. Lefrancois, R., 'A Challenge for the 1980s :Productivity-Oriented University Management', Cost and Management, Vol.58, No.1(1984), pp.55-59
  17. NIST, Guide for Assessing the Security Controls in Federal Information Systems, NIST Special Publication 800-53A, 2006
  18. Nunally, J. C., Psychometric Theory, New York, McGraw Hill, 1978
  19. Rosen, Ellen D., Improving Public Sector Productivity, London, Sage Publications, 1993