The Journal of Society for e-Business Studies (한국전자거래학회지)

Society for e-Business Studies (한국전자거래학회)
권호 표지
DOI QR코드

DOI QR Code

Analysis of the Impact of Security Liability and Compliance on a Firm's Information Security Activities

보안책임과 규제가 기업의 보안활동에 미치는 영향 분석

  • Received : 2011.10.17
  • Accepted : 2011.11.11
  • Published : 2011.11.30
Download PDF
⟨ Previous Next ⟩

Abstract

Many governments have tried to develop a liability and compliance law that can improve cyber security in a sustainable way. This paper explores whether a liability and compliance law is effective in motivating firms' information security activities. In particular, I empirically investigate the impact of the 2007 Electronic Financial Transaction Act (EFTA), a liability and compliance law in Korea, on the information security activities of financial institutions and services providers. In spite of various criticisms of the effectiveness of EFTA, the empirical findings of this study clearly show that EFTA is having a positive impact on information security activities. From these findings, this article concludes that a liability and compliance law is likely to contribute to a certain degree to the achievement of sustainable development of cyber security.

각종 정보보안 관련 사고의 증가에 따라, 세계 각국에서는 지속가능한 정보보호를 위한 다양한 보안책임 및 규제에 관한 법률들을 발전시켜왔다. 본 연구에서는 이러한 정책의 실효성을 분석하기 위하여 2007년 제정된 전자금융거래법이 기업의 정보보안 활동에 미치는 영향에 대한 실증적인 분석을 실시하였다. 연구 결과에 따르면, 전자금융거래법의 실효성에 대한 다양한 비판에도 불구하고, 이러한 법률의 제정이 기업의 정보보안 활동의 증가에 긍정적인 영향을 미치는 것으로 나타났다. 즉, 본 연구는 정보보호를 위한 보안책임 및 규제에 관한 법률이 정보보안의 지속적인 발전에 공헌한다는 것을 밝혀냈다.

Keywords

References

  1. Acquisti, A., Friedman, A., and Telang, R., "Is there a cost to privacy breaches? An event study," in 5th Workshop on the Economics of Information Security, Cambridge, England, 2006.
  2. Anderson, J., "Why We Need a New Definition of Information Security," Computers and Security, Vol. 22, pp. 308-313, 2003. https://doi.org/10.1016/S0167-4048(03)00407-3
  3. Baker, W. H. and Wallace, L., "Is information security under control? : Investigating quality in information security management," Security and Privacy, IEEE, Vol. 5, pp. 36-44, 2007. https://doi.org/10.1109/MSP.2007.11
  4. Campbell, K., Gordon, L., Loeb, M., and Zhou, L., "The economic cost of publicly announced information security breaches : empirical evidence from the stock market," Journal of Computer Security, Vol. 11, pp. 431-448, 2003. https://doi.org/10.3233/JCS-2003-11308
  5. Christie, A. A., "Aggregation of test statistics : An evaluation of the evidence on contracting and size hypotheses," Journal of Accounting and Economics, Vol. 12, pp. 15-36, 1990. https://doi.org/10.1016/0165-4101(90)90039-7
  6. Gordon, L. and Loeb, M., "The economic of information security investment," in Economics of Information Security, Camp, L. and Lewis, S., Eds., pp. 105-127, Boston : Kluwer Academic Publishers, 2004.
  7. Gordon, L., Loeb, M., Lucyshyn, W., and Richardson, R., "CSI/FBI computer crime and security survey," COMPUTER SECURITY JOURNAL, Vol. 20, pp. 33-51, 2004.
  8. Gordon, L., Loeb, M., Lucyshyn, W., and Richardson, R., "CSI/FBI computer crime and security survey," Computer Security Institute, 2005.
  9. Gordon, L., Loeb, M., Lucyshyn, W., and Richardson, R., "CSI/FBI Computer crime and security survey," Computer Security Institute, 2006.
  10. Gordon, L. A., Loeb, M. P., Lucyshyn, W., and Sohail, T., "The impact of the Sarbanes-Oxley Act on the corporate disclosures of information security activities," Journal of Accounting and Public Policy, Vol. 25, pp. 503-530, 2006. https://doi.org/10.1016/j.jaccpubpol.2006.07.005
  11. Hoo, K. J. S., "How Much Security is Enough : A Risk Management Approach to Computer Security," Ph. D. Dissertation, Stanford University, Stanford, California, 2000.
  12. Johnson, V. R., "Cybersecurity, Identity Theft, and the Limits of Tort Liability," South Carolina Law Review, Vol. 53, pp. 255-311, 2005.
  13. Korean Internet and Security Agency, "Korean Information Security Survey," Korean Internet and Security Agency, Seoul, Korea, 2007.
  14. Korean Internet and Security Agency, "2008 Korean Information Security Survey," Korean Internet and Security Agency, Seoul, Korea, 2008.
  15. Kunreuther, H. and Heal, G., "Interdependent security," Journal of Risk and Uncertainty, Vol. 26, pp. 231-249, 2003. https://doi.org/10.1023/A:1024119208153
  16. Liu, W., Tanaka, H., and Matsuura, K., "Empirical-analysis methodology for information-security investment and its application to reliable survey of Japanese firms," Information and Media Technologies, Vol. 3, pp. 464-478, 2008.
  17. Majuca, R. P., "Three essays on the law and economics of information technology security," University of Illinois at Urbana-Champaign, 2006.
  18. National Information Society Agency, "Information Society Statistics," National Information Society Agency, Seoul, Korea, 2006.
  19. Ogut, H., Menon, N., and Raghunathan, S., "Cyber insurance and IT security investment : Impact of interdependent risk," University of Texas at Dallas, 2005.
  20. Reich, P. C., "Cybercrime, Cybersecurity, and Financial Institutions Worldwide," in Cyberlaw for Global E-business : Finance, Payments and Dispute Resolution, Kubota, T., Ed., ed Hershey, PA : IGI Global, 2008.
  21. Richardson, R., "CSI computer crime and security survey," Computer Security Institute, 2007.
  22. Richardson, R., "CSI Computer Crime and Security Survey," Computer Security Institute, 2008.
  23. Schneier, B., "Computer security : Itʼs the economics, stupid," in 1st Annual Workshop on Economics of Information Security, Barkeley, CA, 2002.
  24. Statistics Korea, "Korean Census on Basic Characteristics of Establishments," Statistics Korea, Daejon, Korea, 2006.
  25. Tanaka, H., Matsuura, K., and Sudoh, O., "Vulnerability and information security investment : An empirical analysis of elocal government in Japan," Journal of Accounting and Public Policy, Vol. 24, pp. 37-59, 2005. https://doi.org/10.1016/j.jaccpubpol.2004.12.003
  26. Varian, H., "Managing Online Security Risks," in The New York Times, ed, 2000.
  27. Wooldridge, J., Introductory econometrics : A modern approach, 2nd ed. Mason, OH : Thomson South-Western, 2003.
  28. Zhao, X., "Economic analysis on information security and risk management," Ph. D. Dissertation, The University of Texas at Austin, Texas, 2007.

Cited by

  1. An Ex Ante Evaluation Method for Assessing a Government Enforced Security Measure vol.20, pp.4, 2015, https://doi.org/10.7838/jsebs.2015.20.4.241