A Safe Operating Strategy for Information System of Small and Medium Enterprises

여상수; HWANG SU CHEOL

Journal of The Korea Society of Computer and Information

Abbr : JKSCI
2009, 14(7), pp.105-112
Publisher : The Korean Society Of Computer And Information
Research Area : Computer Science

여상수 ¹ , HWANG SU CHEOL ²

¹ 목원대학교
² 인하공업전문대학

ABSTRACT

Small and medium enterprises have more dependency on their information technology than large enterprises have, but they can't pay much for information technology and information security due to financial restrictions, limited resources, and lack of know-how. So there are many vulnerabilities in small and medium enterprises and these would make many security incidents. Security managers of small and medium enterprises think that information security in their company is simply equivalent to updating the antivirus solutions, managing firewall, and patching systems regularly. However, security policies, prevention of information theft, business continuity, access controls, and many other information security issues should be considered for mitigating security incidents. In this context, we redefined security countermeasures and strategies which are only appropriate to large enterprises, for making them appropriate on a secure operating for information system of small and medium enterprises, and we investigate information security issues in the four views of information system and company, and finally we present information security strategies for each view, in this paper.
KEYWORDS

Information system , information technology , security
REFERENCES (12)

[book] 인터넷침해사고대응지원센터(KrCERT) / 2000 / 인터넷침해사고 동향 및 분석 월보

[confproc] E. Weippl / 2006 / Implementing IT Security for Small and Medium Enterprises / Information Science reference : 2970~2985

[journal] 김종기 / 2006 / Comparison of Users' Perception of Information Security Elements on Computer Virus Between Large and Small-and-Medium Companies / 정보보호학회논문지 / 한국정보보호학회 16 (5) : 79~92

[journal] 문현정 / 2009 / 우리나라 중소기업의 정보 보호 역량 강화를 위한 교육 훈련 현황과 문제점 / 정보보호학회지 19 (1)

[thesis] 김인중 / 2006 / 정보통신 기반시설에 대한 위험 분석 및 피해 산정 연구 / 박사 / 성균관대학교 대학원

[book] D. L. Pipkin / 2000 / Information Security: Protecting the Global Enterprise / Prentice Hall PTR

[book] R. Anderson / 2008 / Security Engineering: A Guide to Building Dependable Distributed Systems 2nd Ed / John Wiley & Sons

[journal] A. Avizienis / 2004 / Basic Concepts And Taxonomy Of Dependable And Secure Computing / IEEE Transactions of Dependable and Secure Computing 1 (1) : 11~33

[report] D. Bell / 1975 / Secure computer system: Unified exposition and multics interpretation / Mitre Corporation

[journal] D. Bell / 1996 / Secure computer system / Journal of Computer Security 4 (2) : 239~263

[report] K. J. Biba / 1977 / Integrity considerations for secure computer systems / Mitre Corporation

[confproc] D. Brewer / 1989 / The Chinese wall security policy / In Proceedings of IEEE Symposium on Security and Privacy
KCI Citation (8)

KJC Korea
Journal Central

Statistics

Tools