References
- 강병서, 조철호, SPSS와 AMOS 활용 연구조사방법론, 무역경영사, 2005
- 권영옥, 김병도, "정보보안 사고와 사고방지관련 투자가 기업가치에 미치는 영향," 정보시스템학회, 제9권 제1호, 2007, pp. 105-120
- 김종기, "정보시스템 보안의 효과성 모형에 관한 실증적 연구," 정보시스템연구, 제7권 제2호, 1998, pp. 91-108
- 김종기, 전진환, "컴퓨터 바이러스 통제를 위한 보안행위의도 모형," 정보화정책, 제13권 제3호, 2006, pp. 174-186
- 박성희, "효과적인 정보시스템 보안을 위한 통합적 모형의 연구," 경영교육논총, 제35집, 2004, pp. 271-298
- 박승배, 박설배, 강문설, "타인의 관찰에 의한 패스워드 노출로부터 안전한 패스워드 시스템," 정보처리학회논문지, 제10C권 제2호, 2003, pp. 141-144
- 이필중, 문희철, "패스워드 시스템의 보안에 관한 고찰," 한국통신정보보호학회지, 제1권 제1호, 1991, pp. 109-118
- 임채호, "효과적인 정보보호인식 제고 방안," 정보보호학회지, 제16권 제2호, 2006, pp. 30-36
- 정경수, 김기영, 박종필, "패스워드 이용과 관한 실증분석: 대학과 종합병원을 중심으로," 한국경영정보학회, 제30권 제1호, 2001, pp. 143-157
- 정보통신부, 2006 국가정보보호백서, 정보통신부, 2006
- 정보통신부, 패스워드 선택 및 이용가이드, 정보통신부, 2008
- 정해철, 김현수, "조직구성원의 정보보안 의식과 조직의 정보보안 수준과의 관계 연구," 정보기술과 데이터베이스저널, 제7권 제2호, 2000, pp. 117-134
- 최상수, 방영환, 최성자, 이강수, "보안관리 및 위험분석을 위한 분류체계, 평가기준 및 평가스케일의 조사연구," 정보보호학회지, 제13권 제3호, 2003, pp. 28-49
- KISA, "2006년 정보보호 실태조사 당신의 정보보호 수준은?," 정보보호 뉴스, 2007a, pp. 12-17
- KISA, "8월 개인정보침해 민원접수 현황 및 분석," 정보보호뉴스, 2007b, pp. 10- 11
- KISA, "당신의 패스워드, 얼마나 안전할까요?," 정보보호뉴스, 2007c, pp. 12-16
- KISA, "10월 개인정보침해 민원접수 현황 및 분석," 정보보호뉴스, 2008, pp. 12-13
- 홍승필, 김영철, 최신 이론과 경향으로 배우는 정보보호의 이해, 아이워크북, 2004
- 홍일유, 이종삼, "국내기업의 정보시스템 보안위협 인식에 관한 연구," 경영학회지, 제27권 제1호, 2000, pp. 157-185
- Adams, A., Sasse, M.A., and Lunt, P., "Making Passwords Secure and Usable," Proceedings of HCI on People and Computers XII, 1997, pp. 1-19
- Anderson, J. and Gerbing, D., "Structural Equation Modeling in Practice: A Review and Recommended Two-Step Approach," Psychological Bulletin, Vol. 103, No. 4, 1988, pp. 411-423 https://doi.org/10.1037/0033-2909.103.3.411
- Bob, L. and Jane, T.S., "Critical review of Queensland's Crime and Misconduct Commission Inquiry into abuse of children in foster care: Social work's contribution to reform," Australian Social Work, Vol. 58, No. 1, 2005, pp. 86-99 https://doi.org/10.1111/j.1447-0748.2005.00194.x
- Bagozzi, R. and Yi, Y., "On the Evaluation of Structural Equation Models," Journal of the Academy of Marketing Science, Vol. 16, 1988, pp. 74-97 https://doi.org/10.1007/BF02723327
- Baldwin, N.S. and Rice, R.E. "Information- Seeking Behavior of Securities Analysis: Individual Institutional Influences, Information Sources and Channels, and Outcomes," Journal of the American Society for Information Science, Vol. 48, No. 8, 1997, pp. 674-693 https://doi.org/10.1002/(SICI)1097-4571(199708)48:8<674::AID-ASI2>3.0.CO;2-P
- Barclay, D., Thompson, R., and Higgins, C., "The Partial Least Squares(PLS) Approach to Causal Modeling, Personal Computer Adoptiong and Use as Illustration," Technology Studies, Vol. 2, No. 2, 1995, pp. 285-324
- Baskerville, R., "Risk Analysis: An Interpretive Feasibility Tool in Justifying Information Security," European Journal of Information Systems, Vol. 1, No. 2, 1991, pp. 121-130 https://doi.org/10.1057/ejis.1991.20
- BSI, BS7799: Code of Practices for Information Security Management, United Kingdom, 1999
- BSI, Code of Practices for Information Security Management. London: British Standards Institution, 2005
- Chin, W., "Issues and Opinions on Structural Equation Modeling," MIS Quarterly, Vol. 22, No. 1, 1998, pp. 7-16
- CMU/SEI, Operationally Critical Threat, Asset, Vulnerability Evaluation(OCTAVE) Framework, Ver. 1.0, CMU/SEI-99-TR-017. Carnegie Mellon University/Software Engineering Institute, June 1999
- Crockford, N. An Introduction to Risk Management, Woodhead-Faulkner Limited, Cambridge, England, 1980
- CSE, Guide to Security Risk Management for IT Systems, Communications Security Establishment, Government of Canada, 1996
- Doherty, N.F. and Fulford, H., "Aligning the Information Security Policy with the Strategic Information Systems Plan," Computers & Security, Vol. 25, 2006, pp. 55-63 https://doi.org/10.1016/j.cose.2005.09.009
- Drevin, L., Kruger, H.A., and Steyn, T., "Value-Focused Assessment of ICT Security Awareness in an Academic Environment," Computers & Security, Vol. 26, 2007, pp. 36-43 https://doi.org/10.1016/j.cose.2006.10.006
- Fornell, C. and Bookstein, F.L., "Two Structural Equation Models: LISREL and PLS Applied to Consumer Exit-Voice Theory," Journal of Marketing Research, Vol. 19, No. 4, 1982, pp. 440-452 https://doi.org/10.2307/3151718
- Frank, J., Shamir, B., and Briggs, W., "Security- related Behavior of PC Users in Organizations," Information & Management, Vol. 21, No. 3, 1991, pp. 127-135 https://doi.org/10.1016/0378-7206(91)90059-B
- Furnell, S., "An Assessment of Website Password Practices," Computers & Security, Vol. 26, 2007, pp. 445-451 https://doi.org/10.1016/j.cose.2007.09.001
- Gefen, D., "Assessing Unidimensionality through LISREL: An Explanation and Example," Communications of the Association for Information Systems, Vol. 12, No. 2, 2003, pp. 23-47
- Gilbert, I.A., "Risk Analysis: Concepts and Tools," Datapro Reports on Information Security, 1991, pp. 101-112
- Goodhue, D. and Straub, D., "Security Concerns of System Users: A Study of Perception of the Adequacy of Security," Information & Management, Vol. 20, No. 1, 1991, pp. 13-27 https://doi.org/10.1016/0378-7206(91)90024-V
- Haller, S.C., "PRIVACY: What Every Manager Should Know," The Information Management Journal, 2002, pp. 33-40
- Highland, H., "Changing Passwords," Computers & Security, Vol. 16, No. 3, 1997, pp. 183-184
- ISO/IEC, Guidelines for the Management of IT Security (GMITS), International Organization for Standardization/International Electrotechnical Commission, 2005
- ISO/IEC, Guidelines for the Management of IT Security (GMITS) TR 13335-5, International Organization for Standardization/International Electrotechnical Commission, 2001
- Jackson, K.M. and J. Hruska, "British Library Cataloging in Publication Data," Computer Security Reference Book, 1992, pp. 227-263
- Jarvenpaa, S., Tractinsky, N., and Vitale, M., "Consumer trust in an Internet store," Information Technology and Management, Vol. 1, 2000, pp. 45-71 https://doi.org/10.1023/A:1019104520776
- Jeffrey, M.S., Kathryn, R.S., M.P., and Jeffrey, J., "Analysis of End User Security Behaviors," Computers & Security, Vol. 24, 2005, pp. 124-133 https://doi.org/10.1016/j.cose.2004.07.001
- Jobusch, D.L. and Oldhoeft, A.E., "A Survey of Password Mechanisms: Weakness and Potential Improvements, Part 1," Computers & Security, Vol. 8, No. 7, 1989, pp. 587-604 https://doi.org/10.1016/0167-4048(89)90051-5
- Juang, W., "Efficient Password Authenticated Key Agreement Using Smart Cards," Computers & Security, Vol. 23, 2004, pp. 167-173 https://doi.org/10.1016/j.cose.2003.11.005
- Karyda, M., Kiountouzis, E., and KoKolakis, S., "Information System Security Policies: A Contextual Perspective," Computers & Security, Vol. 24, 2005, pp. 246-260 https://doi.org/10.1016/j.cose.2004.08.011
- Kim, D., Song, Y., Braynov, S., and Rao, R., "A B-To-C Trust Model for On-Line Exchange," Proceedings of Seventh Americas Conference on Information Systems, 2001, pp. 784- 787
- King, R.C. and Xia, W., "Media Appropriateness: Effects of Experience on Communication Media Choice," Decision Sciences, Vol. 28, No. 4, 1997, pp. 877-910 https://doi.org/10.1111/j.1540-5915.1997.tb01335.x
- Kruger, H.A. and Kearney, W.D., "A Prototype for Assessing Information Security Awareness," Computers & Security, Vol. 25, 2006, pp. 289-296 https://doi.org/10.1016/j.cose.2006.02.008
- Leach, J., "Improving User Security Behavior," Computers & Security, Vol. 22, No. 8, 2003, pp. 685-692 https://doi.org/10.1016/S0167-4048(03)00007-5
- Lee, S.M., Kim, Y.R., and Lee, J., "An Empirical Study of the Relationships among End-User Information Systems Acceptance, Training, and Effectiveness," Journal of Management Information Systems, Vol. 12, No. 2, 1995, pp. 189-202 https://doi.org/10.1080/07421222.1995.11518086
- Loch, K., Carr, H., and Warkentin, M., "Treats to Information Systems: Today's Reality, Yesterday's Understanding," MIS Quarterly, Vol. 16, No. 2, 1992
- Menkus, B., "Understanding the Use of Passwords," Computers & Security, Vol. 7, No. 2, 1988, pp. 132-136 https://doi.org/10.1016/0167-4048(88)90325-2
- Miller, H.E. and Engemann, K.J., "A Methodology for Managing Information-Based Risk," Information Resources Management Journal, Spring, 1996, pp. 17-24
- NIST, Risk management Guide for Information Technology Systems Recommendations of the Institute of Standards and Technology, NIST SP 800-30, 1998
- NIST, Risk management Guide for Information Technology Systems, Special Publication 800- 30, 2001
- O'Gorman, L., Bagga, A., and Bentley, J., "Query-Directed Passwords," Computers & Security, Vol. 24, 2005, pp. 546-560 https://doi.org/10.1016/j.cose.2005.06.006
- Parker, D.B., Computer Security Management, Reston Publishing Co., Reston, VA, 1981
- Peltier, T., Information Security Risk Analysis, Auerbach, 2001
- Peyravian, M. and Zunic, N., "Methods for Protecting Password Transmission," Computers & Security, Vol. 19, No. 5, 2000, pp. 466-469 https://doi.org/10.1016/S0167-4048(00)05032-X
- Post, G.V. and Kagan, A., "Evaluating Information Security Tradeoffs: Restricting Access Can Interfere With User Tasks," Computers & Security, Vol. 26, 2007, pp. 229-237 https://doi.org/10.1016/j.cose.2006.10.004
- Pounder, C., "Security with Unfortunate Side Effects," Computers & Security, Vol. 22, No. 2, 2003, pp. 115-118 https://doi.org/10.1016/S0167-4048(03)00206-2
- Rainer, R., Snyder, C., and Carr, H., "Risk Analysis for Information Technology," Journal of Management Information System, Vol. 8, No. 1, 1991, pp. 129-147 https://doi.org/10.1080/07421222.1991.11517914
- Ronald, C., Curtis, C., and Aaron, J., "Phishing for User Security Awareness," Computers & Security, Vol. 26, 2007, pp. 73-80 https://doi.org/10.1016/j.cose.2006.10.009
- Russell, D. and Gangemi, G., Computer Security Basics, O'Reilly and Associates, 1991
- Salisbury, D., Pearson, R., Pearson, A., and Miller, D., "Perceived security and World Wide Web purchase intention," Industrial Managemet and Data Systems, Vol. 101, No. 4, 2001, pp. 165-176 https://doi.org/10.1108/02635570110390071
- Smith, H.J., Milberg, S.J., and Burke, S.J., "Information Privacy: Measuring Individuals Concerns about Organizational Practices," MIS Quarterly, Vol. 20, 1996, pp. 165-195
- Stanton, J.M., Stam, K.R., Mastrangelo, P., and Jolton, J., "Analysis of End User Security Behaviors," Computers & Security, Vol. 24, 2005, pp. 124-133 https://doi.org/10.1016/j.cose.2004.07.001
- Straub, D., "Effective IS Security: An Empirical Study," Information System Research, Vol. 1, No. 3, 1990, pp. 255-276 https://doi.org/10.1287/isre.1.3.255
- Torkzadeh, G. and Dhillon, G., "Measuring Factors that Influence the Sucess of Internet Commerce," Information Systems Research, Vol. 13, No. 2, 2002, pp. 187-204 https://doi.org/10.1287/isre.13.2.187.87
- Tregear, J., "Risk Assessment," Information Security Technical Report, Vol. 6, No. 3, 2001, pp. 19-27
- Urban, G., Sultan, F., and Qualls, W., "Placing Trust at the Center of Your Internet Strategy," Sloan Management Review, Fall, 2000, pp. 39-69
- Whitaker, R., The End of Privacy: How Total Surveillance is becoming a Reality, NY: New Press, 1999
- Wiant, T.L., "Information Security Policy's Impact on Reporting Security Incidents," Computers & Security, Vol. 24, 2005, pp. 448-459 https://doi.org/10.1016/j.cose.2005.03.008
- Wood, C., "Effective Information System Security with Password Controls," Computers & Security, Vol. 2, No. 1, 1983, pp. 5-10 https://doi.org/10.1016/0167-4048(83)90028-7
- Zviran, M. and Haga, W., "Password Security: An Empirical Study," Journal of Management Information Systems, Vol. 15, No. 4, 1999, pp. 161-185 https://doi.org/10.1080/07421222.1999.11518226