Journal of the Korea Convergence Society (한국융합학회논문지)

Korea Convergence Society (한국융합학회)
권호 표지
DOI QR코드

DOI QR Code

Development of Measures of Information Security Policy Effectiveness To Maximize the Convergence Security

융합보안 강화를 위한 정보보안 정책 효과성 측정도구 개발

  • Received : 2014.09.22
  • Accepted : 2014.12.14
  • Published : 2014.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

The information security policy is one of the most important tools for organization to manage the implementation and ensure the organizational security. However, we do not have metrics for measuring its effectiveness. The ultimate purpose of this study is to develop the measures of information security policy effectiveness. To do this, this study review data quality and information quality literatures and investigate appropriate subfactors for information security policy. Rooted in these concepts, we suggest accuracy, completeness, interpretability, and relevance from content aspect and understandability, concise representation, and amount from form aspect as factors for information security policy effectiveness.

정보보안 정책은 산업융합의 흐름에 맞추어 융합보안시대가 가속화되어가고 있는 요즈음 조직의 보안을 실현하고 지속하는데 필요한 가장 중요한 도구 중 하나이다. 하지만, 지금까지도 정보보안 정책의 효과성을 측정하는 연구는 많이 부재한 실정이다. 본 연구의 목적은 정보보안 정책의 효과성을 측정할 수 있는 측정지표를 개발하는 것이다. 이를 위해 데이터 품질, 정보 품질에 관한 문헌을 기반으로 품질의 기반 요인들을 살펴보았다. 문헌 검토결과 내용 관점에서 정확성, 완전성, 해석의 용이성, 관련성 등을 그리고 형식 관점에서 이해의 용이성, 표현의 간결성, 그리고 적정성 등이 정보보안 정책의 품질을 측정하기 위해 중요한 구성요소라 판단된다.

Keywords

References

  1. B. Stvilia, L. Gasser, M. B. Twidale and L. C. Smith, "A Framework for Information Quality Assessment", Journal of the American Society for Information Science and Technology, Vol. 58, No. 12, pp. 1720-1733, 2007. https://doi.org/10.1002/asi.20652
  2. C. J. Park and M. S. Yim, "An Understanding of Impact of Security Countermeasures on Persistent Policy Compliance", Journal of Digital Convergence, Vol. 10, No. 4, pp. 23-35, 2012.
  3. D. M. Strong, Y. W. Lee and R. Y. Wang, "Data Quality in Context", Communications of the ACM, Vol. 40, No. 5, pp. 103-110, 1997.
  4. K. Hone and J. H. P. Eloff, "What Makes an Effective Information Security Policy?", Network Security, Issue 6, No. 1, pp. 14-16, 2002.
  5. L. L. Pipino, Y. W. Lee and R. Y. Wang, "Data Quality Assessment", Communications of the ACM, Vol. 45, No. 4ve, pp. 211-218, 2002. https://doi.org/10.1145/505248.506010
  6. M. Chan, I. Woon and A. Kankanhalli, "Perceptions of Information Security in the Workplace: Linking Information Security Climate to Compliant Behavior", Journal of Information privacy & Security, Vol. 1, No. 3, pp. 18-41, 2005. https://doi.org/10.1080/15536548.2005.10855772
  7. M. Chae, J. Kim, H. Kim and H. Ryu, "Information Quality for Mobile Internet Services: A Theoretical Model with Empirical Validation", Electronic Markets, Vol. 12, No. 1, pp. 38046, 2002.
  8. M. S. Yim, "A Path Way to Increase the Intention to Comply with Information Security Policy of Employees", Journal of Digital Convergence, Vol. 10, No. 10, pp. 119-128, 2012.
  9. M. Theoharidou, S. Kokolakis, M. Karyda and E. Kiountouzis, "The Insider Threat to Information Systems and the Effectiveness of ISO17799", Computers & Security, Vol. 24, pp. 472-484, 2005. https://doi.org/10.1016/j.cose.2005.05.002
  10. N. Gorla, T. M. Somers and B. Wong, "Organizational Impact of System Quality, Information Quality, and Service Quality", Journal of Strategic Information Systems, Vol. 19, pp. 207-228, 2010. https://doi.org/10.1016/j.jsis.2010.05.001
  11. R. Y. Wang and D. M. Strong, "Beyond Accuracy: What Data Quality Means to Data Consumers", Journal of Management Information Systems, Vol. 12, No. 4, pp. 5-34, 1996. https://doi.org/10.1080/07421222.1996.11518099
  12. S. Goel and I. N. Chengalur-Smith, "Metrics for Characterizing the Form of Security Policies", Journal of Strategic Information Systems, Vol. 19, pp. 281-295, 2010. https://doi.org/10.1016/j.jsis.2010.10.002
  13. S. Petter and E. R. McLean, "A Meta-Analytic Assessment of the DeLone and McLean IS Success Model: An Examination of IS Success at the Individual Level", Information & Security, Vol. 46, pp. 159-166, 2009.
  14. T. Herath and H. R. Rao, "Protection Motivation and Deterrence: A Framework for Security Policy Compliance in Organisations", European Journal of Information Systems, Vol. 18, pp. 106-125, 2009. https://doi.org/10.1057/ejis.2009.6
  15. T. S. Jeong, M. S. Yim and J. B. Lee, "A Development of Comprehensive Framework for Continuous Information Security", Journal of Digital Convergence, Vol. 10, No. 2, pp. 1-10, 2012.
  16. Trend Micro, "Vulnerabilities under Attack: Shedding Light on the Growing Attack Surface", $TrendLabs^{SM}$ 3Q 2014 Security Roundup, 2014.
  17. W. H. DeLone and E. R. McLean, "The DeLone and McLean Model of Information Systems Success: A Ten-Year Update", Journal of Management Information Systems, Vol. 19, No. 4, pp. 9-30, 2003. https://doi.org/10.1080/07421222.2003.11045748
  18. Y. W. Lee, D. M. Strong, B. K. Kahn and R. Y. Wang, "AIMQ: A Methodology for Information Quality Assessment", Information & Security, Vol. 40, pp. 133-146, 2002.
  19. Y. Wand R. Y. Wang, "Anchoring Data Quality Dimensions in Ontological Foundations", Communications of the ACM, Vol. 39, No. 11, pp. 86-95, 1996.

Cited by

  1. A Study on Construction of Optimal Wireless Sensor System for Enhancing Organization Security Level on Industry Convergence Environment vol.6, pp.4, 2015, https://doi.org/10.15207/JKCS.2015.6.4.139
  2. A Study for Secure the Reliability of Automated Warehouse System vol.14, pp.10, 2016, https://doi.org/10.14400/JDC.2016.14.10.253
  3. Relationships among Information Resources Use, Problem Solving Ability, Nursing Information Literacy Competency in General Hospital Nurses vol.14, pp.7, 2016, https://doi.org/10.14400/JDC.2016.14.7.289
  4. Convergence of Related Standard of CC and ISO for Security Evaluation of VPN vol.14, pp.5, 2016, https://doi.org/10.14400/JDC.2016.14.5.341
  5. The Convergence between Manufacturing and ICT: The Exploring Strategies for Manufacturing version 3.0 in Korea vol.14, pp.3, 2016, https://doi.org/10.14400/JDC.2016.14.3.219