The Journal of Society for e-Business Studies (한국전자거래학회지)

Society for e-Business Studies (한국전자거래학회)
권호 표지
DOI QR코드

DOI QR Code

An Analysis of Relationship between Industry Security Education and Capability: Case Centric on Insider Leakage

보안교육과 보안관리 역량의 상관관계 분석: 인가된 내부자 기밀유출사례를 중심으로

  • Lee, Chi-Seok (Department of Knowledge Information Security Management, SangMyung University) ;
  • Kim, Yanghoon (Department of Cyber Security, Far east University)
  • Received : 2015.03.11
  • Accepted : 2015.04.10
  • Published : 2015.05.31
Download PDF
⟨ Previous Next ⟩

Abstract

Current leakage of industrial technologies with revealing state secret against nation is gradually increasing and scope of the spill is diversified from technology-oriented leakage to new economic security sector like information and communication, electrical and electronic, defense industry, illegal export of strategic material, economic order disturbance by foreign country, infringement of intellectual property, etc. So the spill damage can affect not only leaked company but also national interests and entire domestic industry. According to statistics from National Industrial Security Center of National Intelligence Service, a major cause of technology leakage is not only by external things about hacking and malignant code, but internal leakage of former and current employees account for about 80%. And technology leakage due to temptation of money and personal interests followed by technology leakage of subcontractor is steadily increased. Most studies in the field of security have tended to focus on measuring security capability of company in order to prevent leakage core assets or developing measurement Indicators for management rather than security activities of the company members that is most important. Therefore, this study analyzes the effect of most underlying security education in security activities on security capabilities of enterprise. As a result, it indicates that security education have a positive(+) correlation with security capabilities.

국가 상대로 한 국가기밀유출과 더불어 최근 산업 기술유출은 점점 늘어가고 유출의 범위가 기술유출 중심에서 정보통신, 전기전자, 방위산업, 전략물자 불법수출, 외국의 경제 질서교란, 지식재산침해 등 신 경제안보 분야로 다양화되는 추세로 유출 피해는 유출된 기업에 피해를 줄 뿐만 아니라 국가의 이익과 국내 산업 전반에 영향을 끼칠 수 있다. 국가정보원 산업기밀 보호센터 통계에 따르면, 기술유출의 주된 원인은 해킹과 악성코드와 같이 외부에 의한 것뿐 아니라 전 현직직원 등 내부유출이 약 80%를 차지하며, 협력업체 의한 기술유출이 뒤를 이어 금전유혹과 개인의 이익으로 인한 기술유출이 계속해서 꾸준히 증가하고 있다. 그러나 그간의 연구들은 핵심자산 유출을 방지하기 위하여 기업의 보안역량을 측정하거나, 관리를 위한 측정지표를 개발하는 연구가 주를 이루고 있었으며, 가장 핵심이 되는 기업구성원들의 보안활동에 대한 기초연구가 미흡한 상황이다. 따라서, 본 연구에서는 보안 활동에 가장 기초가 되는 보안교육이 기업의 보안역량에 미치는 영향에 대해 분석하였다. 그 결과, 보안교육은 보안역량에 양(+)의 상관관계를 나타내는 것으로 분석되었다.

Keywords

References

  1. Ahn, J. H., Park, J. H., Sung, K. M., and Lee, J. H., "Impacts of Punishment and Ethics Training on Information Security Compliance: Focus on the Moderating Role of Organizational Type," Information Systems Review, Vol. 12, No. 1, pp. 23-42, 2010.
  2. Albrechtsen, E., "A qualitative study of users' views on information security," Computers and Security, Vol. 26, No. 4, pp. 276-289, 2007. https://doi.org/10.1016/j.cose.2006.11.004
  3. Bae, Y. S. and Chang, H. B., "A Qualitative Research on ICT Policy Design for Small and Medium Business," The Journal of Society for e-Business Studies, Vol. 18, No. 1, pp. 57-70, 2013. https://doi.org/10.7838/jsebs.2013.18.1.057
  4. Cha, I. H., "Development of Personnel Security Management for Protection against threat," The Journal of The Korea Institute of Electronic Communication Sciences, Vol. 3, No. 4, pp. 221-232, 2008.
  5. Chang, H. B. and Kim, K. K., "Design of Inside Information Leakage Prevention System in Ubiquitous Computing Environment," Lecture Notes in Computer Science, Vol. 3483, pp. 128-137, 2005.
  6. Cho, M. K., Kim, S. C., Hwang, J. M., and Kim, S. C., "A Study on the Effect of Institutionalization of the Security Education: Survey of National R&D Projects," The Journal of Korean Association of Computer Education, Vol. 17, No. 2, pp. 21-29, 2014.
  7. Choi, J. H., "A Study on the Institutional Improvement Directions of Industrial Security Programs: Focused upon Policies and Practices in the U.S," Korea Security Science Association, Vol. 22, pp. 197-230, 2010.
  8. Choi, M. G., Jeong, J. H., and Kim, J. H., "A Study on the Effects of the Security Perceptions of Top Managers and the Education on the Business Performances," Asia Pacific Journal of Small Business, Vol. 36, No. 2, pp. 209-226, 2014.
  9. Choi, S. T. and Yu, H. C., "A Study on the Establishment of Industrial Security Education Programs in Korea," Korea Security Science Association, Vol. 25, pp. 185-208, 2010.
  10. Kang, J. G., Lim, J. H., Lee, H. J., and Chang, H. B., "A Study on Classification of Information Asset Considering Business Process Characteristics for Small IT Service Organization," The Journal of Society for e-Business Studies, Vol. 16, No. 4, pp. 97-108, 2011. https://doi.org/10.7838/jsebs.2011.16.4.097
  11. Kim, Y. H. and Chang, H. B., "Human centric security policy and management design for small and medium business," Security and Communication Networks, Vol. 7, No. 10, pp. 1622-1632, 2014.
  12. Kim, Y. H., Moon, J. W., Hwang, S. H. Chang, H. B., "A study on Method of Security Management in the ICT Outsourcing Environment," Review of Korea Institute of Information Security and Cryptology, Vol. 24, No. 1, pp. 23-31, 2014.
  13. Moon, H. J., "A study on the system and problems of educational training for developing competency of small & medium enterprise in Korea," Review of Korea Institute of Information Security and Cryptology, Vol. 19, No. 1, pp. 29-39, 2009.
  14. National Intelligence Service, "Industrial technology protection: trace for 5 years gone by," High Industrial Technology Trend, Vol. 9, pp. 8-145, 2008.
  15. No, M. S. and Lee, S. Y., "Explaining Industrial Security of SMEs in Korea: An Ordered Logit Analysis," The Journals of Korean Public Administration Review, Vol. 44, No. 3, pp. 239-259, 2014.
  16. Yoo, J. H. and Chang, H. B., "Public IT service strategy for social information security in the intelligence all-things environment," Electronic Commerce Research, Vol. 14, No. 3, pp. 293-319, 2014. https://doi.org/10.1007/s10660-014-9155-2

Cited by

  1. A Study on Design Direction of Industry-Centric Security Level Evaluation Model through Analysis of Security Management System vol.20, pp.4, 2015, https://doi.org/10.7838/jsebs.2015.20.4.177
  2. Security Knowledge Classification Framework for Future Intelligent Environment vol.20, pp.3, 2015, https://doi.org/10.7838/jsebs.2015.20.3.047
  3. The rating model of corporate information for economic security activities pp.1743-4645, 2019, https://doi.org/10.1057/s41284-019-00171-z
  4. 중소기업 기술 유출에 대한 조기경보시스템 개발에 대한 연구 vol.23, pp.1, 2017, https://doi.org/10.13088/jiis.2017.23.1.143
  5. The Effect of Security Awareness Training on the Use of Biometric Authentication: Focusing on the Protection Motivational Behaviors vol.27, pp.2, 2015, https://doi.org/10.21219/jitam.2020.27.2.001