본문 바로가기

WARRENPAK

[KCI]중소기업 정보보호관리 모델의 개발: 실증 연구, 경영정보학연구, 2005 본문

WarrenPak 성과/KCI 논문들

[KCI]중소기업 정보보호관리 모델의 개발: 실증 연구, 경영정보학연구, 2005

가치를 만드는 지식 혁신가 2005. 5. 31. 17:47
728x90

초록close

This study is to develop an information security management model (ISMM) for small and medium sized enterprises (SMEs). Based on extensive literature review, a five-pillar twelve-component reference ISMM is developed. The five pillars of SME's information security are: centralized decision making, ease of management, flexibility, agility and expandability. Twelve components are: scope & organization, security policy, resource assessment, risk assessment, implementation planning, control development, awareness training, monitoring, change management, auditing, maintenance and accident management. Subsequent survey designed and administered to expose experts' perception on the importance of these twelve components revealed that five out of tweleve components require relatively immediate attention than others, especially in SME's context. These five components are: scope and organization, resource assessment, auditing, change management, and incident management. Other seven components are policy, risk assessment, implementation planning, control development, awareness training, monitoring, and maintenance. It seems that resource limitation of SMEs directs their attention to ISMM activities that may not require a lot of resources. On the basis of these findings, a three-phase approach is developed and proposed here as an SME ISMM. Three phases are (1) foundation and promotion, (2) management and expansion, and (3) maturity. Implications of the model are discussed and suggestions are made for further research.


키워드close

Small Businesses, Small and Medium Size Enterprises, Information Security, Information Security Management, Security Management Model