Information Industry Security : An Ecological Point of View

Menggang Li,Xiaolan Guan 보안공학연구지원센터 2015 International Journal of Security and Its Applicat Vol.9 No.9

There is great similarity between the information industry security and ecosystem of information industry. Therefore, using the theory and methods of ecology and system science, we studied the issue of information industry security in detail based on the theory of ecosystem from the level of individual, cluster, and so on, and take China’s information industry security as an example of empirical research, then provided a range of effective policy suggestions for relevant Chinese government departments to control and guide China's information industry security.

Evolution Mechanism of Information Industry Ecological Security

Xiaolan Guan,Menggang Li,Shugang Zhang 보안공학연구지원센터 2015 International Journal of Security and Its Applicat Vol.9 No.8

The Information Industry Ecological Security is a combination of security and dynamic development. This paper analyzes the evolution mechanism of Information Industry Ecological Security from the perspective of evolution driving force, evolution process and so on using the theories and methods of Ecology and Synergetics systematically, and take China’s Information Industry Ecological Security as an example of empirical research, then provided a range of effective policy suggestions for relevant Chinese government departments to control and guide China's Information Industry Ecological Security.

국방정보보호산업 관련 중부권 연구기관 활용방안

엄정호,Eom, Jung-Ho 대전대학교 군사연구원 2011 군사학연구 Vol.9 No.-

This study is presented a scheme that information security research institutions located within the central area can be participated actively m national defense information security industry. The many of information security company are located in the central region(Daejeon) and there are many research institutes. However, the participation rate of the Defense Information Security Industry is not high compared to other provinces. Although a variety of reasons, there are no the Defense Privacy Office that could have a role in protocol and the information about the industry. In addition, the Department of Defense related to national defense information security industry have not information about research institutions in the central region and are not well to identify the characteristics of institutional technology and research. So in this paper we presented some of the alternatives. 1) Building Pool involved in information security research according to the characteristics of each agency 2) Constitute the research community between Research institutions and the company 3) Build the technology cooperation between research institutions and the defense research institutes 4) Utilization of industry/university/research institutes related to Information Security Industry 5) Make strategic alliances among research institutes based on technical expertise.

정보보호 추진체계 및 거버넌스의 현황과 개선방안 ― 안전한 지능정보사회의 구축을 위한 검토 ―

안동인 행정법이론실무학회(行政法理論實務學會) 2019 행정법연구 Vol.- No.56

This study looked at the current status of the information security implementation system and related governance in response to the necessity and the request of the countermeasure in the face of the change in the era of entry into the intelligence information society, and examined the potential problems with it. Based on this, some improvement measures were suggested. This review was largely conducted in two directions: improvement of the legal system and improvement of the organization. First of all, in terms of the legal system, this study pointed out that it is necessary to define more clearly the subject to regulation of the information security related statutes, namely, information and information security. Furthermore, this study suggested that it is necessary to construct a (partial) integrated legislative system rather than individual regulatory system currently adopted by our information law system. In addition, this study suggested that there is a need to improve the legal basis for the public sector information security implementation system in that it is constituted according to the 「National Cyber Security Management Regulations」 which is only presidential directive. Next, this study examined the proposal for the establishment of '(tentative named) Intelligence information society information security committee' as a suggestion to complement the limit of the sector-specific governance such as the current one in relation to organization of information security governance. In addition, this study examined whether a new general organization for information security such as the committee should be formed as a collegiate administrative agency. This review remains a proposal that has not yet been fully addressed. However, we can not overlook the request and necessity of new regulation and implementation of information security in the entry into the intelligence information society that we have not experienced before. In this case, a timely response is needed. We need to clarify the advantages/disadvantages and problems of the existing legal system and governance structure for information security, and then build an integrated information security implementation system and governance that can be more flexibly applied based on this. 본 연구는 지능정보사회로의 진입이라는 시대적 변화에 직면하여 그에 대한 대응의 필요성과 요청에 따라서 정보보호의 추진체계 및 관련 거버넌스의 현황을 살펴보고 그에 대하여 잠재되어 있는 문제점을 검토한 후, 이를 바탕으로 일정한 개선방안까지 제시해 보았다. 그리고 이러한 검토는 크게 법제도와 조직의 개선 두 가지 방향에서 진행되었다. 먼저 법제도의 측면에서는 현재 정보보호 관련 법령의 규율대상인 정보 및 정보보호에 대하여 보다 명확하게 규정할 필요성이 있음을 지적하였고, 나아가 정보보호에 대하여 현재 우리 정보법제가 채택하고 있는 개별적 규율체계보다는 (부분적) 통합법제의 구축이 필요함을 피력하였다. 또한 현재 공공부문 정보보호 추진체계가 대통령훈령에 불과한 「국가사이버안전관리규정」에 따라 구성되어 있는 점에 대한 문제점을 지적하면서 이에 대한 법적 근거의 정비가 필요함을 제시하였다. 다음으로 정보보호 거버넌스의 조직과 관련하여, 현행과 같은 분야별 대응 거버넌스의 한계를 보완할 수 있는 제안으로서 ‘(가칭) 지능정보사회 정보보호위원회’의 설치를 제안하고 있는 견해를 살펴보았다. 그리고 당해 위원회와 같은 정보보호에 대한 새로운 총괄기관을 구성할 경우 이를 합의제 행정기관으로 구성할지, 아니면 독임제 행정기관으로 구성할지 여부에 대해서 검토하였다. 이와 같은 검토는 아직 충분히 무르익지 않은 하나의 제언 단계에 머물러 있는 것이다. 그러나 우리가 일찍이 겪어보지 못하였던 지능정보사회로의 진입에 즈음하여 정보보호에 대한 새로운 규율과 추진에 대한 요청과 필요성이 있음을 간과할 수 없고, 이 경우 무엇보다 시의적절한 대응이 필요하다 할 것이다. 우리는 정보보호에 대한 기존의 법체계와 거버넌스 구조의 장・단점 및 문제점을 명확하게 파악한 후, 이를 바탕으로 보다 탄력적으로 적용할 수 있는 통합적인 정보보호 추진체계와 거버넌스를 구축하는 것을 검토하여야 할 것이다.

기업의 개인정보 보호에 대한 사용자 인식 연구: 다차원 접근법(Analytic Hierarch Process)을 활용한 정보보안 속성 평가 및 업종별 비교

박종화,한승민,정윤혁 한국경영정보학회 2023 Information systems review Vol.25 No.4

The increasing integration of intelligent information technologies within organizational systems has amplified the risk to personal information security. This escalation, in turn, has fueled growing apprehension about an organization's capabilities in safeguarding user data. While Internet users adopt a multifaceted approach in assessing a company's information security, existing research on the multiple dimensions of information security is decidedly sparse. Moreover, there is a conspicuous gap in investigations exploring whether users' evaluations of organizational information security differ across industry types. With an aim to bridge these gaps, our study strives to identify which information security attributes users perceive as most critical and to delve deeper into potential variations in these attributes across different industry sectors. To this end, we conducted a structured survey involving 498 users and utilized the analytic hierarchy process (AHP) to determine the relative significance of various information security attributes. Our results indicate that users place the greatest importance on the technological dimension of information security, followed closely by transparency. In the technological arena, banks and domestic portal providers earned high ratings, while for transparency, banks and governmental agencies stood out. Contrarily, social media providers received the lowest evaluations in both domains. By introducing a multidimensional model of information security attributes and highlighting the relative importance of each in the realm of information security research, this study provides a significant theoretical contribution. Moreover, the practical implications are noteworthy: our findings serve as a foundational resource for Internet service companies to discern the security attributes that demand their attention, thereby facilitating an enhancement of their information security measures.

공간정보산업 활성화를 위한 공간정보 보안관리체계의 개선전략- 공간정보의 생산 ․ 관리 ․ 보급 기관을 중심으로 -

정인훈,박홍기,김영단,최윤수 대한공간정보학회 2013 Spatial Information Research Vol.21 No.6

개방과 공유에 기초한 정부 3.0이라는 새로운 패러다임이 국정전반에 확산되고 있다. 공간정보산업의 발전이라는 장기적인 관점에서 볼 때 항공사진의 공개해상도 등 공간정보 보안규제는 합리적으로 개선되어야 한다. 그러나 공간정보 보안관리체계가 합리적으로 확립되지 않은 상태에서의 규제 철폐는 자칫 국가안보와 같은 또 다른 문제를 야기할 수도 있다. 본 연구의 목적은 현행 국가 공간정보 보안정책과 공간정보산업 등 시대적 여건 변화를 고려하여, 보안규제의 완화를 위해 필요한 공간정보 보안관체계의 개선방안을 제시하는 것이다. 분석의 관점으로써 법제도적 측면, 운영․관리적인 측면, 기술․시스템 측면을 종합적으로 검토하였으며, 특히 공간정보 보안관리의 통합적 관점을 유지하였다. 공간정보 보안체계의 문제점과 함께 해외 공간정보 보안규제 정책을 검토한 후, 이를 토대로 합리적인 보안관리 개선 방안을 법제도적 측면, 운영․관리적인 측면, 기술․시스템 측면으로 나누어 제시하였으며 장기적인 보안규제의 완화를 위한 3단계 보안관리체계의 개선방안을 제시하였다. In a long-term perspective of development of spatial information industry, security regulation, such as limiting public picture resolution of aerial photographs, needs a rational improvement. However, unplanned deregulation of spatial information could lead problematic results such as national security issues because its present security management system is not established in reasonable manner. The main purpose of this research is to suggest the improvement plan of spatial information security management system to meet the reducing security regulation in accordance with changes of political and economic condition including current national spatial information security polices and spatial information industry. From an analytical standpoint, we examined the overall aspects of legal, operation management, and technical system while we maintained especially integrated perspective of spatial information security management. Followed by investigation of spatial information security issues, as well as its regulation and policies in overseas, rational improvement plan of security management is proposed in the aspects of legal, operation management, and technical system. It is also suggested the three-step improvement plan of reducing regulation of security management system.

Research on Security Evaluation of Modern Information Service Industry in China

Li Menggang,Chen Fenfei 보안공학연구지원센터 2016 International Journal of Security and Its Applicat Vol.10 No.7

With the development of economy and society, more and more attention has been paid to security of modern information service industry. This paper set up a security evaluation index system which is made up of 23 indexes from three perspectives of domestic environment, international competitiveness and external dependence of the industry. Besides, it also conducted a preliminary evaluation on security of China’s modern information service industry from 2007 to 2011 by adopting the method of principal component analysis. The composite scores are -3.66, -1.56, -1.09, 1.95 and 4.37 respectively while results of the varimax rotation show that important factors influencing security of China’s modern information service industry in recent years include return on sales, capital efficiency, labor productivity, macro environment and market demand growth rate. Therefore, from now on, we should promote security and development of modern information service industry through actively enhancing the domestic industrial environment and industrial competitiveness and effectively exerting control on the industry.

정보보호 기업의 경영성과에 미치는 영향 분석: 조직 및 혁신 역량의 매개 효과의 관점에서

신현민 ( Hyunmin Shin ),김인재 ( Injai Kim ) 한국지식경영학회 2021 지식경영연구 Vol.22 No.4

정보보호 기업은 1990년도 후반에서 2000년도 초반에 설립되었는데 다른 주요한 기반 산업에 비하면 그 역사가 휠씬 짧다. 그럼에도 불구하고 정보보호 산업은 급속하게 발전하고 있다. 4차 산업혁명과 관련한 첨단 기술의 발전에 힘입어 정보보호 산업의 비중은 점점 크질 것으로 예상된다. 2019년에 발생한 COVID-19가 2020년 전세계로 확산되면서 비대면 서비스와 디지털 전환 가속되었다. 이용자에 대한 사이버 위협도 증가되고 있어 분야별 차별화된 보안이 필요한 상황이다. 하지만 정보보호 인력의 부족, 국내 기업의 보안 역량의 미흡, 국내 정보보호 시장 협소 등으로 인하여 새로운 사이버보안 위협을 대응하기에는 한계가 있다. 본 연구는 정보보호 기업의 외부 환경 요인인 정부의 정보보호 제도의 운영, 정부의 영향력, 정부의 지원, 정보보호 기업간 파트너십 등과, 내부 환경 요인인 최고경영층의 지원, 재무상태, 인적자원 등이 조직 역량, 혁신 역량에 미치는 영향을 분석하였다. 또한 조직 역량, 혁신 역량이 재무적 성과와 비재무적 성과에 영향을 미치는지를 실증 데이터를 이용하여 분석하였다. 본 연구의 결과는 정보보호 정책과 시사점을 제시하고 정보보호 산업의 경쟁력을 강화하는 기초자료로 활용될 수 있을 것이다. Information security companies were established in earnest from the mid-late 1990s to early 2000s, far shorter than other national key industries. Nevertheless, the information security industry has made rapid progress. It is expected that the proportion of the information security industry will increase rapidly with the development of advanced technology along with the 4th industrial revolution. As COVID-19, which occurred at the end of 2019, spreads around the world in 2020, non-face-to-face services and digital transformation are accelerating, and cyber threats to users are also increasing. However, there are limitations in responding to new Cyber Security threats due to the shortage of information protection manpower, insufficient security capabilities of domestic companies, and the narrow domestic information protection market. This study examines the external environmental factors of information security companies such as government information protection system operation, government influence, government support, partnership between information security companies, and internal environmental factors such as top management support, financial status, human resources, organizational capability, This study was conducted using empirical data to analyze whether it affects innovation capability and whether organizational capability and innovation capability affect financial and non-financial performance. The results of this study can be used as basic data to suggest policies and implications for information security, and to strengthen the competitiveness of the information security industry.

산업연관분석을 이용한 정보보호 산업의 경제 파급효과 분석

정은희(Eun-Hee Jeong) 한국정보전자통신기술학회 2020 한국정보전자통신기술학회논문지 Vol.13 No.1

인공지능, IoT 등의 4차 산업의 등장으로 정보화는 가속화됨에 따라 정보보호 산업의 중요성과 시장의 규모가 증가하고 있다. 본 논문에서는 증가하는 정보보호 산업이 국내 경제에 미치는 영향을 산업연관표를 이용하여 분석하였다. 본 논문에서는 산업부문을 정보보호 제품산업과 정보보호 서비스 산업을 분류한 후에, 35개의 산업으로 산업연관표를 재분류하였고, 생산유발계수, 부가가치유발계수, 고용유발계수 등을 산출하였다. 정보보안 제품산업과 정보보안 서비스 산업의 생산유발계수는 각각 1.571, 1.802이고, 부가가치유발계수는 각각 0.632, 0.997이고, 고용유발계수는 각각 2.494, 7.361이다. 정보보호 서비스 산업의 부가가치유발계수만이 전체 산업보다 다소 높고, 나머지 유발계수는 모두 전체 산업보다 낮게 나타났다. 그리고 정보보호 제품산업에는 전․후방연쇄효과가 없고, 정보보호 서비스 산업에는 후방연쇄효과는 없으나 전방연쇄효과는 있는 것으로 나타났다. 정보보호 산업의 경제적 파급효과를 분석한 결과, 생산유발액은 359.9조원, 부가가치유발액은 164.8조원에 달하고, 803천명의 고용을 유발하는 것으로 나타났다. The information security industry is increasing in importance and market size due to the development of the fourth industry such as artificial intelligence, IoT and etc. This paper was analyzed the impact of the increasing information security industry on the domestic economy by using the Input-Output table. It was classified industrial sectors into information security products and information security services industries, and then reclassified the Input-Output table into 35 industries. And it was estimated the production inducement coefficient, the value-added inducement coefficient, employment inducement coefficient, and etc. The production inducement coefficients of the information security product and service industry are each 1.571, 1.802, and the value-added inducement coefficients of them are each 0.632, 0.997, and the employment inducement coefficients of them are each 2.494, 7.361. Only the value-added inducement coefficient of the information security service industry is slightly higher than the total industry, and the remaining inducement coefficients are all lower than the total industry. In addition, the information security product industry has no the forward and backward linkage effect, and the information security service industry has no the backward linkage effect. But it has the forward linkage effect. As a result of analyzing the economic ripple effect of the information security industry, the production inducement amounted to 359.9 trillion won, value-added inducement amounted to 164.8 trillion won, and employment inducement amounted to 803 thousand people.

보안관리체계 분석을 통한 산업중심 보안수준평가 모형 설계 방향 연구

배제민,김상근,장항배 한국전자거래학회 2015 한국전자거래학회지 Vol.20 No.4

Recently, the necessity of systematic security management system that consider company’ character and environment has appeared because of increasing security accident continuously in domestic companies. However, most of companies has applied to only K-ISMS which is existing information security management system, although They are different from object, purpose and way of security level evaluation by companies. According to this situation, Many experts have questioned that there are many problems with effectiveness of introducing security management system. In this study, We established definition of information security management system, industrial security management system and research security management system through analysis of previous study and developed evaluation item which can implement security in whole industry comparing and analyzing the control items of them. Also, we analyzed existing security level evaluation and suggest design direction of industry-centric security level evaluation model considering character of industry 최근 국내 기업에서 보안사고가 지속적으로 증가함에 따라 기업의 특성과 환경을 고려한체계적인 보안관리체계의 필요성이 대두되고 있다. 그러나 기업별 보안수준 측정의 대상, 목적, 방법 등이 다름에도 불구하고 현재 다수의 기업이 기존의 정보보호 관리체계인 K-ISMS를단편 일률적으로 적용하고 있는 것이 실정이며, 이에 따른 보안관리체계 도입에 대한 실효성에대해서도 많은 문제가 제기되어지고 있다. 본 논문에서 선행연구 분석을 통해 정보보호, 산업보안, 연구보안에 대한 개념을 정립하고, 정보보호 관리체계, 산업보안관리체계, 연구보안관리체계의 통제항목을 비교․분석하여 산업 전반의 보안을 수행할 수 있는 보안수준 평가항목개발하였다. 또한 세부적으로 기 존재하는 보안수준평가 모형을 분석하여, 산업의 특성을 고려한산업 중심의 보안수준평가 모형 설계 방향성을 제시하였다.