Abstract
In the area of public information service, information leakage through an insider is occurring frequently in recent. Considering the difficulty in tracking security breach incidents upon using cutting-edge technology instead of technology-centered security measure, establishing fundamental solution strategy is essential since the era of intelligence all-things environment is approaching which is referred to as future information & communications convergence environment. However, existing studies on the prevention of personal information leakage & misuse through insider have been centered on technical approach but security studies on managerial factor, especially, on identifying the possibility of information leakage in connection to work process have been very lacking. This study proposed ways to improve public information service for the social information security of individuals such as personal or policy information that are dealt with in public information service. It examined vulnerabilities in managerial, technical and operating environment areas for the purpose of preventing personal information leakage and misuse by selecting 8 representative public information services. For the purpose of solving such vulnerabilities, public information service strategy was deduced for preventing personal information leakage and misuse by referring to both domestic and international studies and cases on personal information protection.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Tsohoua, A., Kokolakis, S., Karyda, M., & Kiountouzis, E. (2008). Investigating information security awareness: Research and practice gaps. Information Security Journal: A Global Perspective, 17(5–6), 207–227.
Taylor, D. G., Davis, D. F., & Jillapalli, R. (2009). Privacy concern and online personalization: The moderating effects of information control and compensation. Electronic Commerce Research, 9(3), 203–223.
ISO/IEC 27002:2005 (2005). Information technology Security techniques Code of practice for information security management.
Jahyun Goo, C., & Huang, D. (2008). Facilitating relational governance through service level agreements in IT outsourcing: An application of the commitment-trust theory. Decision Support Systems, 46(1), 216–232.
Kaufman, J. H., Edlund, S., Ford, D. A., & Powers, C. (2005). The social contract core. Electronic Commerce Research, 5(1), 141–165.
Da Veiga, A., & Eloff, J. H. P. (2010). A framework and assessment instrument for information security culture. Computers and Security, 29(2), 196–207.
Baggett, W. O. (2003). Creating a culture of security. The Internal Auditor, 3(60), 37–41.
Von Solms, R. (2000). Driving safely on the information superhighway. Information Management & Computer Security, 5(1), 20–22.
D’Arcy, J., Hovav, A., & Galletta, D. (2009). User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach. Information Systems Research, 20(1), 79–98.
Da Veiga, A., & Eloff, J. H. P. (2007). An information security governance framework. Information Systems Management, 24(4), 361–372.
Richards, N. (2002). The critical importance of information security to financial institutions. Business Credit, 104(9), 35–36.
Smith, R., & Shao, J. (2007). Privacy and e-commerce: A consumer-centric perspective. Electronic Commerce Research, 7(2), 89–116.
Weber, R. H. (2010). Internet of things—new security and privacy challenges. Computer Law & Security Review, 26(1), 23–30.
Ruighaver, A. B., Maynard, S. B., & Chang, S. (2007). Organisational security, culture: Extending the end-user perspective. Computers and Security, 26, 56–62.
Mattern, F., & Floerkemeier, C. (2010). From the internet of computers to the internet of things. Lecture Notes in Computer Science, 6462, 242–259.
Chang, H., HyukjunKwon, J. K., & Kim, Y. (2011). A case study on intelligent service design in ubiquitous computing. Computing and Informatics, 30, 513–529.
Pham, H., Ye, Y., & Nguyen, V. (2003). Autonomous mapping of e-business demands and supplies via invisible internet agents. Electronic Commerce Research, 3(3–4), 365–395.
Hellriegel, D., Slocum Jr., J. W., & Woodman R. W. (1998). Organizational behavior, Eighth edition, South-Western College Publishing.
Mackenzie, K., Buckby, S., & Irvine, H. (2009). A framework for evaluating business lead users’ virtual reality innovations in second life. Electronic Commerce Research, 9(3), 183–202.
Kruger, H. A., & Kearney, W. D. (2006). A prototype for assessing information security awareness. Computers and Security, 25(4), 289–296.
Dlamini, M. T., Eloff, J. H. P., & Eloff, M. M. (2009). Information security: The moving target. Computers & Security, 28(3–4), 189–198.
Jaeger, P. T., & Thompson, K. M. (2004). Social information behavior and the democratic process: Information poverty, normative behavior, and electronic government in the United States. Library & Information Science Research, 26(1), 94–107.
Cappelli, D., Moore, A., Shimeall, T. J., & Trzeciak, R. (2006). Common sense guide to prevention and detection of insider threats. Pittsburgh: Carnegie Mellon University CyLab.
Liu, D., Wang, X. F., & Jean Camp, L. (2009). Mitigating inadvertent insider threats with incentives. Financial Cryptography and Data Security, 5628, 1–16.
Donaldson, W. H., & U.S., (2005). Capital markets in the post-Sarbanes-Oxley world: Why our markets should matter to foreign issuers. London School of Economics and Political Science: U.S. Securities and Exchange Commission.
Vroom, C., & Von Solms, R. (2004). Towards information security behavioural compliance. Computers and Security, 23(3), 191–198.
Regner, T., Barria, J. A., Pitt, J. V., & Neville, B. (2010). Governance of digital content in the era of mass participation. Electronic Commerce Research, 10(1), 99–110.
Verton, D. (2000). Companies aim to build security awareness. Computerworld, 34(48), 24.
Von Solms, S. H. (2000). Information security governance-compliance management vs. operational management. Computers and Security, 24(6), 443–447.
Yeats, D., Cadle, J. (1996). Project management for information systems (2nd ed.). London: Pearson Professional.
Martins, A. (2002). Information security culture. Master’s dissertation, Rand Afrikaans University, Johannesburg.
Martins, A., Eloff, J. H. P. (2002). Information security culture, IFIP/SEC2002. In: Security in the information society (pp. 203–14). Boston: Kluwer Academic.
Robbins, S., Odendaal, A., Roodt, G. (2003). Organisational behaviour - global and southern African perspectives. Cape Town: Pearson Education South Africa.
Acknowledgments
This research was supported by a 2013 Research Grant from Sangmyung University.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Yoo, J., Chang, H. Public IT service strategy for social information security in the intelligence all-things environment. Electron Commer Res 14, 293–319 (2014). https://doi.org/10.1007/s10660-014-9155-2
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10660-014-9155-2