기업 내 정보 시스템 보호를 위한 유형별 접근 방법에 대한 연구

김희올,백동현 대한산업공학회 2015 대한산업공학회 춘계학술대회논문집 Vol.2015 No.4

말콤 볼드리지 모형에 기반한 인터넷 쇼핑몰 평가모형

김희올,백동현 한국산업경영시스템학회 2010 한국산업경영시스템학회지 Vol.33 No.3

In this research, we proposed a quality evaluation standard model which is suitable for the internet shopping mall based on the Malcolm Baldrige National Quality Award model. A 7-Point Likert Scale was used based on the seven categories within the 2008 Ma

Study on development of framework of company classification in information security perspective.

김희올,백동현 한국산업경영시스템학회 2016 한국산업경영시스템학회 학술대회 Vol.2016 No.하계

대부분의 조직에서 핵심 자산으로 분류되는 정보와 기술을 보호하기 위한 보안 환경 구축과 이에 대한 운영 업무는 그 어떤 업무보다 중요해지고 있다. 이에 따라 다양한 방법으로 정보 보안에 대한 접근이 이루어지고 있지만, 보안 사고는 지속적으로 발생하고 있으며 그 빈도나 피해 규모 역시 줄어들지 않고 있다. 우리나라의 기업 정서상 정보 보안은 안정성을 유지하기 위한 투자 개념이 아닌 소모성 비용으로 인식되고 있는 것이 사실이다. 이러한 인식을 바꾸기 위해서는 정보 보안의 필요성에 대해 정확히 인지하고 최소한의 비용으로 최대의 효과를 얻을 수 있도록 합리적인 접근 방법을 찾는 것이 무엇보다 중요하다. 본 연구의 목적은 정 보 보안에 접근하고자 하는 기업의 상황에 맞는 전략 유형 틀을 제시하는데 있다. 이 프레임워크는 기업의 유형을 8가지로 분류하는데, 각 기업은 자사가 속한 유형에 따라 정보 보안 전략 수립 의사결정을 지원 받을 수 있다. 본 연구에서는 기업의 유형을 분류하기 위한 척도 개발을 위해 보안 관련 전문가 12명과 브레인스 토밍을 진행하고 선행 연구를 바탕으로 기업의 정보보안에 영향을 미칠 수 있다고 검증된 요인 가운데 양극의 영향 요인 3가지를 선정하였다. 그리고 각각의 요인 별로 세부 척도 항목을 다시 29명의 보안 관련 전문가를 대상으로 델파이(Delphi) 기법을 활용하여 개발한 후 SPSS 분석을 통해 구성 요인의 내용타당도 및 신뢰도를 검증하여 최종 평가를 위한 항목을 개발하였다. 그리고 개발된 항목을 활용하여 보안의 관점으로 본 8가지 기업의 유형은 각각 어떤 특징을 가지고 있으며, 주로 해당되는 기업과 실제 사고 사례에 대해 정리해 보았다. 본 연구의 결과는 처음 정보 보안에 접근하고자 하는 기업이나 새롭게 정보 보안 전략을 수립하고자 하는 기업에 기초가 될 자료로서 의사결정을 지원할 결과를 산출하는데 도움을 줄 것으로 기대한다.

기업 내 정보 시스템 보호를 위한 유형별 접근 방법에 대한 연구

김희올,백동현 한국경영과학회 2015 한국경영과학회 학술대회논문집 Vol.2015 No.4

기업 정보 보안 전략 수립 방안에 관한 연구

김희올,백동현 한국산업경영시스템학회 2016 한국산업경영시스템학회 학술대회 Vol.2016 No.추계

말콤볼드리지 모형에 기반한 인터넷 쇼핑몰 평가모형

김희올,백동현 한국산업경영시스템학회 2010 한국산업경영시스템학회 학술대회 Vol.2010 No.하계

In this research, we proposed a quality evaluation standard model which is suitable for the internet shopping mall based on the Malcolm Baldrige National Quality Award model. A 7-Point Likert Scale was used based on the seven categories within the 2008 Malcolm Baldrige Criteria: Leadership, Strategic Planning, Customer and Market Focus, Measurement Analysis and Knowledge Management, Workforce Focus, Process Management, and Result. Furthermore, we analysed the validity and causal relationship among the factors within the model. The goal of this research is to find a rational standard to evaluate internet shopping malls nationwide and help the structuring and the operation of these malls. The results may be used not only as a tool to evaluate internet shopping mall sites but also as a guideline to improve the quality of a internet shopping mall site that is under development.

기업 정보보안 전략 수립 방안에 관한 연구

김희올,백동현 한국산업경영시스템학회 2016 한국산업경영시스템학회 학술대회 Vol.2016 No.추계

정보보호 관점의 기업 유형 분류 프레임워크 개발에 관한 연구

김희올(Hee-Ohl Kim),백동현(Dong-Hyun Baek) 한국산업경영시스템학회 2016 한국산업경영시스템학회지 Vol.39 No.3

For most organizations, a security infrastructure to protect company’s core information and their technology is becoming increasingly important. So various approaches to information security have been made but many security accidents are still taking place. In fact, for many Korean companies, information security is perceived as an expense, not an asset. In order to change this perception, it is very important to recognize the need for information security and to find a rational approach for information security. The purpose of this study is to present a framework for information security strategies of companies. The framework classifies companies into eight types so company can receive help in making decisions for the development of information security strategy depending on the type of company it belongs to. To develope measures to classify the types of companies, 12 information security professionals have done brainstorming, and based on previous studies, among the factors that have been demonstrated to be able to influence the information security of the enterprise, three factors have been selected. Delphi method was applied to 29 security experts in order to determine sub items for each factor, and then final items for evaluation was determined by verifying the content validity and reliability of the components through the SPSS analysis. Then, this study identified characteristics of each type of eight companies from a security perspective by utilizing the developed sub items, and summarized what kind of actual security accidents happened in the past.

쌍대비교를 활용한 기업 유형 분류에 따른 보안 전략 우선순위 결정

김희올(Hee-Ohl Kim),백동현(Dong-Hyun Baek) 한국산업경영시스템학회 2016 한국산업경영시스템학회지 Vol.39 No.4

As information system is getting higher and amount of information assets is increasing, skills of threatening subjects are more advanced, so that it threatens precious information assets of ours. The purpose of this study is to present a strategic direction for the types of companies seeking access to information security. The framework classifies companies into eight types so company can receive help in making decisions for the development of information security strategy depending on the type of company it belongs to. Paired comparison method survey conducted by a group of information security experts to determine the priority and the relative importance of information security management elements. The factors used in the security response strategy are the combination of the information security international certification standard ISO 27001, domestic information protection management system certification K-ISMS, and personal information security management system certification PIMS. Paired comparison method was then used to determine strategy alternative priorities for each type. Paired comparisons were conducted to select the most applicable factors among the 12 strategic factors. Paired comparison method questionnaire was conducted through e-mail and direct questionnaire survey of 18 experts who were engaged in security related tasks such as security control, architect, security consulting. This study is based on the idea that it is important not to use a consistent approach for effective implementation of information security but to change security strategy alternatives according to the type of company. The results of this study are expected to help the decision makers to produce results that will serve as the basis for companies seeking access to information security first or companies seeking to establish new information security strategies.

기업 정보보안 전략 수립을 위한 보안 사고 유형 분류에 관한 연구

김희올(Hee Ohl Kim),백동현(Dong Hyun Baek) 한국산업경영시스템학회 2015 한국산업경영시스템학회지 Vol.38 No.4

Corporation's valuable intelligent asset is being threatened from the skills of threatening subject that has been evolved along with the growth of the information system and the amount of the information asset. Domestically, attempts of various private information attacks, important information extortion, and information damage have been detected, and some of them have abused the vulnerability of security of information system, and have become a severe social problem that generates security incident. When accessing to the security, most of companies used to establish a strategy with a consistent manner and a solution plan. However, this is not a proper way. The order of priorities vary depending on the types of business. Also, the scale of damage varies significantly depending on the types of security incidents. And method of reaction and critical control point vary depending on the types of business and security incidents. In this study, I will define the security incidents by their types and preponderantly examine how one should react to those security incidents. In this study, analyzed many types of security accidents that can occur within a corporation and an organization considering various factors. Through this analysis, thought about factors that has to be considered by corporations and organizations when they intend to access to the information security. This study focuses on the response methodology based on the analysis of the case analysis of the leakage of industrial secret and private secret other than the conceptual response methodology that examines the way to prevent the leakage of the industry security systems and the industry information activities. And based on these factors, want to be of help for corporations to apply a reasonable approach when they establish a strategy to information security.