Informatization Policy 2023 KCI Impact Factor : 4.08
-
pISSN : 1598-3498
- https://journal.kci.go.kr/nia
KJCKorea
Journal Central
An Exploratory Study on the Information Security Culture Indicator
- Informatization Policy
- Abbr : 정보화정책
- 2008, 15(3), pp.100-119
- Publisher : NIA
- Research Area : Social Science > Public Policy
1서울시립대학교
2(재)한국조달연구원
Accredited
ABSTRACT
The purpose of this paper is to develop the information security culture indicator. In this paper, we suggest that the information security indicator should be considered the attribute of culture than that of technology in the information security assessment for enhancing the information security capability. The concept of information security culture is reconstructed through the literature review and classified the dimension of Information Security Culture Indicator(ISCI) into three categories for measuring the information security. The ISCI consists of the measurement object, the person’s recognized level and the dimension for information security.
The measurement object is divided into ‘Individual’, ‘Organization’and ‘Inter-organization’. The person’s recognized level is focused on‘ Understanding’,‘ Knowledge’and‘ Behavior’in the cognitive level. The dimension for information security falls into three categories of‘ Technology’,‘ Management’and‘ Institution’. 107 items of ISCI are developed by the experts’examination of the framework and indicator appropriateness. As a result, the framework for measuring information security and information security culture indicator is proposed from the perspective of culture.
Statistics
-
272 Viewed
-
2 Downloaded
Tools
Issue List
Citation status
* References for papers published after 2023 are currently being built.
[book]
김정덕
/ 1998
/ 정보보호지표 항목개발 및 계량화 연구
/ 한국정보보호센터
[confproc]
김현곤
/ 2003
/ 전자정부 전략과 정보보호
/ 제8회 정보보호 심포지움
/ 한국정보보호진흥원
[journal]
서진완
/ 2008
/
A Study on Information Protection of the Local Governments
/ 한국행정연구
17(1)
: 221~245
[thesis]
신영진
/ 2005
/ 정보보호정책의 국제비교연구: 정책지표개발과 전략적 우선순위분석을 중심으로
/ 박사
/ 성균관대학교
[journal]
신영진
/ 2005
/
정보보호정책의 지표개발과 국가간 수준비교
/ 한국행정논집
17(1)
: 131~163
[journal]
오창규
/ 2003
/ 효과적인 정보보호 교육 및 훈련을 위한 프레임워크 개발
/ 정보보호학회지
13(2)
: 59~69
[book]
이미정
/ 2005
/ 정보보호문화지표의 개발에 관한 연구
/ 서울시립대학교 전자정부연구소
[confproc]
임채호
/ 2003
/ 효과적인 정보보호인식 제고방안
/ 제8회 정보보호 심포지움
/ 한국정보보호진흥원
[book]
정보통신부
/ 2002
/ 중장기 정보보호 기본계획(안)
/ 정보통신부
[book]
정보통신부
/ 2005
/ 중장기 정보보호 로드맵
/ 정보통신부
[other]
정익재
/ 2006
/ “ 정보사회 위험관리로서 정보보안의 정책논리.”한국행정학회 추계학술대회. http://www.kapa21.or.kr/data/data_view.php?did=2058&page=1&year=&pdiv=& writer=정익재&subject=# (검색일: 2006. 05. 01)
[book]
한국정보보호진흥원
/ 2004
/ 국가 정보보호수준 평가방법 및 평가지수 개발
/ 한국정보보호진흥원
[report]
한국정보보호진흥원
/ 2005
/ 일본의 차세대 정보보호 정책방향과 최근 동향 In: 해외 정보보호 정책동향보고서
/ 한국정보보호진흥원
[journal]
황철증
/ 2006
/
Development of National Information Security Index
/ 정보화정책
13(3)
: 121~135
[book]
Atkinson, P.
/ 1997
/ Creating Culture Change -Strategies for Success
/ Rushmer Wynne
[other]
Business Software Alliance
/ Information Security Governance: Toward a Framework for Action. BSA
[other]
Carnegie Mellon University
/ System Security Engineering Capability Maturity Model 2.0
[journal]
Chang, S. E.
/ 2007
/ Exploring Organizational Culture for Information Security Management
/ Industrial Management and Data Systems
107(3)
: 438~458
[other]
Chia, P. A.
/ 2001
/ A., Ruighaver, A. B. & Maynard, S. B. (2001). “Exploring Organizational Security Culture: Developing a Comprehensive Research Model.”http://www.dis.unimelb.edu.ac/staff/sean/research/ChiaCultyre Paper.pdf (검색일: 2006. 05. 01)
[other]
Chia, P. A.
/ 2002
/ “Understanding Organizational Security Culture.”Proceeding of PACIS 2002. Japan
[journal]
Da Veiga, A.
/ 2007
/ An Information Security Governance Framework
/ Information Systems Management
24
: 361~372
[journal]
Deter, J.
/ 2002
/ A Framework for Linking Culture and Improvement Initiatives in Organizations
/ The Academy of Management Review
25(4)
: 850~863
[book]
Festinger, L.
/ 1957
/ Theory of Cognitive Dissonance
/ Stanford University Press
[other]
Helokonnas, Tuija
/ 2003
/ “Information Security Culture in a Value Net.”International Engineering Management Conference. IEEE. 190-194
[book]
Holmes, Douglas
/ 2001
/ eGov
/ Nicholas Brealey Publishing
[other]
ITU
/ 2003
/ “Creating Trust in Critical Network Infrastructure.”ITU Newsmagazine
[book]
Kavanaugh, K.
/ 2001
/ Security Services
/ Focusing on User Needs. Gartner
[other]
Knapp, Kenneth J.
/ 2005
/ “Managerial Dimensions in Information Security: A Theoretical Model of Organizational Effectiveness.”MIS(Management Information Systems) Department. College of Business. Auburn University
[journal]
Knapp, Kenneth J.
/ 2006
/ Information Security: Management’s Effect on Culture and Policy
/ Information Management and Computer Security
14(1)
: 24~36
[other]
KPMG
/ 2002
/ Global Information Security Survey
[journal]
Kruger, H. A.
/ 2006
/ A Prototype for Assessing Information Security Awareness
/ Computer and Security
25
: 289~296
[book]
Layton Sr. Timothy P.
/ 2005
/ Information Security Awareness - The Psychology Behind the Technology
/ AuthorHouse Bloomington
[journal]
Luftman, J.
/ 2004
/ Key Issues for IT Executives
/ MIS Quarterly Executive
3(2)
: 89~104
[other]
Martins, A
/ 2006
/ “Information Security Culture.”http://etd.rau.ac.za/ theses/available/etd-04292004-110222/ restricted/SEC2002FinalVersion.pdf (검색일: 2006. 05. 01)
[other]
McCarthy, Brian
/ 2006
/ “Close the Security Disconnect between Awareness and Practice.”Electronic Design, 20
[other]
METI
/ 2005
/ Report of Research Group on Corporate Information Security Governance (overview). Ministry of Economy, Trade and Industry, Commerce and Information Policy Bureau. Japan
[book]
NIST(National Institute of Standard and Technology)
/ 1999
/ An Introduction to Computer Security: The NIST handbook
[other]
Ngo. L.
/ 2006
/ “Understanding Transition towards Information Security Culture Change.”http://scissec. scis.edu.au/wordpress/conference_proceeding/2005/asim/ngo.pdf. (검색일: 2006. 05. 01)
[other]
OECD
/ 2002
/ OECD Guidelines for the Security of Information Systems and Networks - Towards a Culture of Security
[other]
OECD
/ 2003
/ Working Party on Information Security and Privacy
[other]
Oost, Daniel
/ 2007
/ Investigating the Concept of Information Security Culture. UTS(University of Technology Sydney): School of Management Working Paper, 6
[other]
Rana, Vivek. S.
/ 2007
/ Information Security - a Governance Perspective. Asian Development Bank
[book]
Schein, E. H.
/ 1992
/ Organizational Culture and Leadership
/ Jossey-Bass
[book]
Schein, E. H.
/ 1999
/ Ten Corporate Culture Survival Guide
/ Jossey-Bass Publisher
[other]
Schlienger, Thomas
/ 2003
/ “Analyzing Information Security Culture: Increased Trust by an Appropriate Information Security Culture.” Proceeding of the 14th International Workshop on Database and Expert Systems Applications (DEXA)
[other]
Schlienger, Thomas
/ 2006
/ “ Information Security Culture from Analysis to Change.”http://icsa.cs.up.ac.za/issa/2003/publications/025.pdf. (검색일: 2006. 05. 01)
[book]
Schwartau, W.
/ 1996
/ Information Warfare: Chaos on the Electronic Superhighway
/ Thunder’s Mouth Press
[book]
Singer, Milton
/ 1968
/ Culture: The Concept of Culture In: International Encyclopedia of the Social Sciences
/ Macmillan
[journal]
Siponen, M. T.
/ 2000
/ A Conceptual Foundation for Organizational Information Security Awareness
/ Information Management and Computer Security
8(1)
: 31~41
[journal]
Straub, D.
/ 2002
/ Toward a Theory- Based Measurement of Culture
/ Journal of Global Information Management
10(1)
: 13~23
[journal]
Thomson, Kerry-Lynn
/ 2005
/ Information Security Obedience: a Definition
/ Computers and Security
24
: 69~75
[journal]
Thomson, Kerry-Lynn
/ 2006
/ Toward an Information Security Competence Maturity Model
/ Computer Fraud and Security
: 11~15
[journal]
Thomson, Kerry-Lynn
/ 2006
/ Cultivating an Organizational Information Security Culture
/ Computer Fraud and Security
: 7~11
[other]
UN ICT Taskforce
/ 2006
/ Toward a Universal Order of Cyberspace: Managing Threats from Cybercrime to Cyberwar. UN. http://www.unicttaskforce.org/perl/documents.pl?do=download;id=327 (검색일: 2006. 05. 01)
[other]
Van Niekerk, J.
/ 2008
/ An Holistic Framework for the Fostering of an Information Security Sub-culture in Organizations. http://icsa.cs.up.ac.za/issa/2005/proceedings/full/041_Article.pdf (검색일: 2008. 06. 23)
[journal]
Von Solms, B.
/ 2000
/ Information Security : The Third Wave
/ Computers and Security
19(7)
: 615~620
[journal]
Von Solms, B.
/ 2001
/ Information Security - A Multidimensional Discipline
/ Computers and Security
20(6)
: 504~508
[journal]
Von Solms, B.
/ 2006
/ Information Security - the Fourth Wave
/ Computers and Security
25
: 165~168
[journal]
Von Solms, S. H.
/ 2005
/ Information Security Governance-Compliance Management vs Operational Management
/ Computers and Security
24
: 443~447
[journal]
Vroom. C.
/ 2004
/ Towards Information Security Behavioural Compliance
/ Computers and Security
23
: 191~198
[book]
Wolfer, Arnold
/ 1962
/ Discord and Collaboration
/ John Hopkins University Press
[other]
Zakaria, O.
/ 2003
/ “A Conceptual Checklist of Information Security Culture.”Proceeding of the 2nd European Conference on Information Warfare and Security. UK
[other]
Zakaria. O.
/ 2004
/ “ Understanding Challenges of Information Security Culture: a Methodological Issue.”http://scissec.scis. edu.au/wordpress/ conference_proceeding/ 2004/asim/Zakaria. pdf (검색일: 2008. 06. 23)