Studies on the effect of information security investment executive
정보보호의 투자 집행 효과에 관한 연구

Seong-Hoon Jeong, Joon-Sub Yoon, Jong-In Lim, Kyung-Ho Lee
2014 Journal of the Korea Institute of Information Security and Cryptology  
This paper classifies technical, administrative and physical areas of defects and advices made by an external audit (ISO27001) and internal audit (performed by a security team) in a company which has the management system of information security. With the classified data it finds the correlation between the budget and investment of information security, and analyze the correlation. As a result of the analysis, it has been found that as time goes on there is a consistent correlation between a
more » ... inistrative area and technical area of security. Specially, it has been confirmed that the relation between the scale of the budget which is not executed and the number of the defects and advices made by the audit is in direct proportion. Therefore, in this paper, so as to provide a model that can be used for validating the effectiveness of the protective investment information by statistically calculating the similarity based on the results of correlation analysis. This research is intended to help that a company makes a precise decision when it establishes a policy of information security and systematic methodology of the investment in information security.
doi:10.13089/jkiisc.2014.24.6.1271 fatcat:3ypxnwpk7fdqliba67dxboe2nu