중소기업 정보보호관리 모델의 개발: 실증 연구
Developing Information Security Management Model for SMEs: An Empirical Study
Asia Pacific Journal of Information Systems
약어 : APJIS
2005, vol.15, no.1, pp. 115-133 (19 pages)
발행기관 : 한국경영정보학회
연구분야 : 사회과학 > 경영학
1연세대학교
2연세대학교
3
초록
This study is to develop an information security management model (ISMM) for small and medium sized enterprises (SMEs). Based on extensive literature review, a five-pillar twelve-component reference ISMM is developed. The five pillars of SME's information security are: centralized decision making, ease of management, flexibility, agility and expandability. Twelve components are: scope & organization, security policy, resource assessment, risk assessment, implementation planning, control development, awareness training, monitoring, change management, auditing, maintenance and accident management. Subsequent survey designed and administered to expose experts' perception on the importance of these twelve components revealed that five out of tweleve components require relatively immediate attention than others, especially in SME's context. These five components are: scope and organization, resource assessment, auditing, change management, and incident management. Other seven components are policy, risk assessment, implementation planning, control development, awareness training, monitoring, and maintenance. It seems that resource limitation of SMEs directs their attention to ISMM activities that may not require a lot of resources. On the basis of these findings, a three-phase approach is developed and proposed here as an SME ISMM. Three phases are (1) foundation and promotion, (2) management and expansion, and (3) maturity. Implications of the model are discussed and suggestions are made for further research.
키워드
Small Businesses, Small and Medium Size Enterprises, Information Security, Information Security Management, Security Management Model
'WarrenPak 성과 > KCI 논문들' 카테고리의 다른 글
[KCI]정보기술(IT) 역량의 유형에 관한 연구 : 혁신, 지원 그리고 관리,주관성연구, 2011 (0) | 2011.06.30 |
---|---|
[KCI]소기업 정보시스템의 성공적 도입에 영향을 미치는 요인들에 관한 실증 연구,기업가정신과 벤쳐연구, 2011 (0) | 2011.06.14 |
[KCI]IT프로젝트 관리자의 리더십 역량 : 팀 내 사회적 자본 관점에서, IT서비스학회지, 2011 (0) | 2011.05.31 |
[KCI]IT서비스에 있어서 서비스 품질이 지식공유의도에 미치는 영향에 관한 연구 - 정보시스템 연구, 2010.09 (0) | 2010.05.31 |
[KCI]IT서비스품질과 관계품질이 지식공유 활동에 미치는 영향에 관한 연구 - 콘텐츠학회논문지.2010.8 (0) | 2010.05.14 |
댓글