Journal of Society for e-Business Studies

This paper is to analyze how the information security leadership of top management affects controls of information security. Controls of information security include the activity related to making information security policy, the activity related to making up information security organizational structure and job responsibilities, the activity related to information security awareness and training, the activity related to technical measures installation and operation, and the activity related to emergency response, monitering and auditing. Additionally we will analyze how Internet incidents affect controls of information security and find implications.

ISO/IEC 27001, Information technology-Security techniques-Information security management systems-Requirements, 2005.

Solms, Basie von, “Information Security-The Fourth Wave,” Computers and Security, Vol. 25, pp. 165-168, 2006.

Veiga, A. D. and Eloff, J. H. P., “An Information Security Governance Framework,” Information System Management, Vol. 24, pp. 361-372, 2007.

Wiant, T. L., “Information security policy’s impact on reporting security incidents,” Computers and Security, Vol. 24,

No. 6, pp. 448-459, September 2005.

Solms, Basie von, “Information Security-A Multidimensional Discipline,” Computers and Security, Vol. 20, pp. 504-508, 2001.

Aron, J. L., Gove, R. A., Azadegan, S., and Schneider, M. C., “The Benefits of a Notification Process in Addressing the Worsening Computer Virus Problem : Results of a Survey and a Simulation Model,” Computers and Security, Vol. 20, No. 8, pp. 693-714, 2001.

Wei, H., Frincke, D., Carter, O., and Ritter, C., “Cost-benefit analysis for network intrusion detection systems,” CSI 28th Annual Computer Security Conference, pp. 29-31 October, Washington DC, USA, 2001.

Solms, Basie von, “Information Security Governance-Compliance management vs. operational Management,” Computers and Security, Vol. 24, No. 6, pp. 443-447, 2005.

Vroom, C. and Von Solms, R., “Towards information security behavioural compliance,” Computers and Security, Vol. 23, No. 33, pp. 191-198, 2004.

Caminada, M., Riet, R. V. D., Zanten, A. V., and Doorn, L. V., “Internet Security Incidents, a Survey Within Dutch Organizations,” Computers and Security, Vol. 17, No. 5, pp. 417-433, 1998.

Joshi, K., “The measurement of fairness or equity perceptions of management information systems users,” MIS Quarterly, Vol. 13, No. 3, pp. 343-358, 1989.

Choi, M. G., “An Exploring Study on Relation Between Maturity Levels of Organizations and Factors Affecting Information Security Policy,” Journal of Korean Academic Association of Business Administration, Vol. 22, No. 3, pp. 1729-1748, 2009.

Huh, M., Understanding of Statistical Consulting, Jayu Academy, 1993.

Kim, K. and Chun, M., SAS Discriminant and Classification Analysis, Jayu Academy, 1990. 1.

Song, J. S., Jeon, M. J., and Choi, M. G., “A Study on Factors Affecting the Level of Information Security Governance in Korea Government Institutions and Agencies,”

The Journal of Society for e-Business Studies, Vol. 16, No. 1, pp. 133-151, 2011.

Kim, H. J. and Ahn, J. H., “An Empirical Study of Employeeʼs Deviant Behavior for Improving Efficiency of Information Security Governance,” The Journal of Society for e-Business Studies, Vol. 18, No. 1, pp. 147-164, 2013.