This study was designed to empirically analyze the effect of control activities(physical, managerial and technical securities) of information protection on organizational effectiveness and the mediating effects of information application. The result was summarized as follows.
First, the effect of control activities(physical, technical and managerial securities) of information protection on organizational effectiveness showed that the physical, technical and managerial security factors have a significant positive effect on the organizational effectiveness(p ＜ .01).
Second, the effect of control activities(physical, technical and managerial securities) of information protection on information application showed that the technical and managerial security factors have a significant positive effect on the information application(p ＜ .01).
Third, the explanatory power of models, which additionally put the information protection control activities(physical, technical and managerial securities) and the interaction variables of information application to verify how the information protection control activities( physical, technical and managerial security controls) affecting the organizational effectiveness are mediated by the information application, was 50.6%～4.1% additional increase. And the interaction factor(β = .148, p ＜ .01) of physical security and information application, and interaction factor(β = .196, p ＜ .01) of physical security and information application among additionally-put interaction variables, were statistically significant(p ＜ .01), indicating the information application has mediated the relationship between physical security and managerial security factors of control activities, and organizational effectiveness.
As for results stated above, it was proven that physical, technical and managerial factors as internal control activities for information protection are main mechanisms affecting the organizational effectiveness very significantly by information application. In information protection control activities, the more all physical, technical and managerial security factors were efficiently well performed, the higher information application, and the more information application was efficiently controlled and mediated, which it was proven that all these three factors are variables for useful information application. It suggested that they have acted as promotion mechanisms showing a very significant result on the internal customer satisfaction of employees, the efficiency of information management and the reduction of risk in the organizational effectiveness for information protection by the mediating or difficulty of proved information application.

1 석호익, "통신, 방송의 통합 요인과 결과에 관한 연구" 성균관대학교 대학원 2001

2 박태완, "정보시스템 보안 감리" 10 : 815-837, 1997

3 이상준, "정보보호는 기업을 살리는 전략적 투자"

4 홍기향, "정보보호 통제와 활동이 정보보호 성과에 미치는 영향에 관한 연구" 국민대학교 대학원 2003

5 행정안전부, "정보보호 중기 종합계획"

6 한국정보보호산업협회, "정보보호 기술 동향 및 전망"

7 서보밀, "인지된 보안통제가 고객의 인터넷 뱅킹 수용에 미치는 영향" 한국전자거래학회 11 (11): 25-52, 2006

8 손달호, "웹거래의 신뢰성에 대한 보안요인의 영향에 관한 연구" 한국산업경영학회 20 (20): 1-27, 2005

9 선한길, "국내기업의 정보보호 정책 및 조직요인이 정보보호성과에 미치는 영향" 국민대학교 대학원 2005

10 한국정보사회진흥원, "국가정보화백서"

11 Holmes, D., "eGov : e-Business Strategy for Government" Nicholas Brealey Publishing 2001

12 Forte, S., "Vulnerability management : One problem, several potential approaches" 5 : 11-13, 2002

13 Hoo, K. S., "The Digital Security Debate : How to Manage Risk" Secure Business Quarterly, First Quarter 2002

14 Goodhue, D., "Security Concerns of System Users : A Study of Perception of the Adequacy of Security" 20 (20): 13-27, 1991

15 Taher, E., "Policy-Based Security" 2001

16 Pastore, M., "New Enterprise Focus : Building Securtiy Teams" eSecurtiy Planet 2003

17 Etzioni, A., "Modern Organization" Prentice Hall 1964

18 Cohen, F., "Managing Network Security-Security Education in the Informantion Age" 7-10, 1999

19 Post, G., "Management tradeoffs in anti-virus strategies" 37 : 13-24, 2000

20 Miles, R. H., "Macro-Organizational Behavior, Santa Monica, California" Goodyear Pub 1980

21 Wiant, T. L., "Information security policy’s impact on reporting security incidents" 24 : 448-459, 2005

22 Solms, R., "Information Securtiy Management: The Second Generation" 15 : 281-288, 1996

23 Hone, K., "Information Security policy-what do international information security standards say" 21 (21): 402-409, 2002

24 Kevin Soo Hoo, "How Much is Enough? A Risk-Management Approach to Computer" Security, working paper, CRISP 2000

25 Gerber, M., "Formalizing information security requirements" 9 (9): 32-37, 2001

26 Straub, D. W., "Discovering and Disciplining Computer Abuse in Organizations : A Field Study" 45-60, 1990

27 Solms, B., "Corporate Governance and Information Securtiy" 20 : 215-218, 2001

28 Straub, D. W., "Coping With Systems Risk : Security Planning Models for Management Decision Making" 22 (22): 441-460, 1998

29 Ariss, S. S., "Computer monitoring : Benefits and Pitfalls Facing Management" 1-6, 2001

30 국가정보원, "2008년 국정감사 법제사법위원회 제출자료"