Review of KIISC (정보보호학회지)

Korea Institute of Information Security and Cryptology (한국정보보호학회)
권호 표지

효과적인 정보보호 교육 및 훈련을 위한 프레임워크 개발

  • 오창규 (부산외국어대하교 국제통상연구소) ;
  • 김종기 (부산대학교 경영학부)
  • Published : 2003.04.01
Download PDF
⟨ Previous Next ⟩

Abstract

오늘날의 정보시스템 환경에서는 물리적인 접근 통제나 정보보호기술 측면에서의 통제만으로 정보자원을 효과적으로 보호하기 어렵다. 흔히 정보보호는 기술보다는 관리의 문제라고 한다. 따라서 효과적인 정보보호는 조직 구성원의 정보보호 중요성에 대한 인식을 전제로 하며, 인식을 높이기 위해서는 적절한 교육과 훈련이 수반되어야 한다. 본 연구에서는 사회심리학 관점으로부터 의사결정과정 측면과 교육 및 훈련의 효과성 측면에서 정보보호에 대한 사용자의 실제 행동과 내면화 과정을 규명하였다. 이를 토대로 조직 구성원이 지속적인 정보보호 실제 행동을 할 수 있는 정보 보호 교육 및 훈련 프레임워크를 제안하고, 구성요소별 전략과 프로그램의 실행 단계를 소개하였다.

Keywords

References

  1. Computers and Security v.20 no.6 Information Security-A Multidimensional Discipline B.Solms https://doi.org/10.1016/S0167-4048(01)00608-3
  2. Computer Fraud and Security Bulletin Information Security A-wareness Raising Methods C,C.Wood
  3. Unpublished Ph.D. Dissertation Image Theory Decision Making Biases Applied to the Technology Acceptance Model E.Klein
  4. OMEGA v.10 Measuring User Attitudes in MIS Research: A Review E.B.Swanson https://doi.org/10.1016/0305-0483(82)90050-0
  5. MIS Quarterly v.13 no.3 Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology F.D.Davis https://doi.org/10.2307/249008
  6. Journal of Experimental Social Psychology v.22 Prediction of Goal-Directed Behavior: Attitudes. Intentions. and Perceived Behavioral Control I.Ajzen;T.J.Madden https://doi.org/10.1016/0022-1031(86)90045-4
  7. Behavior in Organizations J.Greenberg;R.A.Baron
  8. Establishing and Managing an Information Assurance Program K.Peters
  9. NIST Special Publication Information Technology Security Training Requirements : A Role- and Performance-Based Model M.Wilson;S.I.Pitcher;J.D.Tressler;J.B.Ippolito
  10. Building an Information Security Awareness Program M.B.Desman
  11. Information Management and Computer Security v.6 no.4 Information Security Awareness: Educating Your Users Effectively M.E.Thomson;R.solms https://doi.org/10.1108/09685229810227649
  12. Information Management and Computer Security v.8 no.1 A Conceptual Foundation for Organizational Information Security Awareness M.T.Siponen https://doi.org/10.1108/09685220010371394
  13. NIST Special Publication An Introduction to Computer Security: The NIST Handbook NIST
  14. National Security Telecommunications and Information Systems Security, NSTISSD No. 500 Information Systems Security (INFOSEC) Education. Training, and Awareness NSTISS
  15. Information Management and Computer Security v.3 no.2 Promoting Security Awareness and Commitment P.Spurling https://doi.org/10.1108/09685229510792988
  16. Psychological Review v.86 no.5 Models of Attitude-Behavior Relations P.M.Bentler;G.Speckart
  17. Computers and Security v.18 no.8 Computer Cirme and Abuse: A Survey of Public Attitudes and Awareness P.S.Dowland;S.M.Furnell;H.M.Illingworth;P.L.Leynolds https://doi.org/10.1016/S0167-4048(99)80135-7
  18. Journal of Personality and Social Psychology v.41 no.4 Attitudes, Intentions, and Behavior: A Test of Some Key Hypotheses R.P.Bagozzi https://doi.org/10.1037/0022-3514.41.4.607
  19. Proceedings of the 1996 IEEE Symposium on Security and Privacy Computer Security Training and Education: A Needs Analysis S.F.Barnett