컴퓨터 바이러스는 정보화 시대에 사용자들이 가장 흔하게 경험하는 정보보안 문제 중 하나이다. 본 연구에서는 컴퓨터 바이러스를 대상으로 대기업과 중소기업간 보안요소에 대한 사용자의 인지도 차이를 분석하였다. 설문지를 이용하여 수집된 자료에 대하여 t-test를 이용하여 기업규모별 인지차이를 분석한 결과 보안위협과 위험을 인지하는데 별다른 차이가 없는 것으로 나타났으며, 컴퓨터 바이러스에 대한 위협과 피해를 심각하게 고려하는 것으로 확인되었다. 또한, 사용자들은 전반적으로 소속된 조직의 보안정책 수준에 대해 만족하고 있으나 보안정책을 인지하는데 차이가 있으며 기업규모별 보안정책 집행의 효과에 차이가 있음을 확인하였다. 또한 바이러스에 대한 정보자산, 보안취약성, 보안효과를 인지하는데 차이가 있는 것으로 나타나 기업규모별 자산의 중요도와 위협의 노출정도, 바이러스 감염방지 노력의 결과가 상이한 것으로 분석되었다.

Computer virus is one of the most common information security problems in the information age. This study investigates the difference of users' perception of security elements between large companies and small-and-medium companies on the subject of computer virus. Based on t-test, no significant difference is found in users' perception on security threat and security risk. While users satisfy with the level of security policy, there is a significant difference on the level of security policy recognition between the two sizes of companies. Moreover, there are significant differences on information assets, security vulnerability and security effectiveness, which implies difference in the users' perception on importance of assets, exposure to threats and computer virus prevention efforts between large and small-and-medium companies.

• 요약
• ABSTRACT
• Ⅰ. 서론
• Ⅱ. 정보보안 요소
• Ⅲ. 실증분석
• Ⅳ. 분석결과 논의
• Ⅴ. 결론
• 참고문헌
• 〈著者紹介〉

1 김세헌, "정보보호 관리 및 정책" 생능 2002

2 김종기,, "전자상거래환경에서 위험분석방법론의 타당성에 대한 연구" 14 (14): 61-71, 2004

3 한국정보보호진흥원, "새로운 사이버 위협: 피싱 - 피싱에 따른 기술, 사회, 법제적 대응 및 시사점" 한국정보보호진흥원 (05-6K) : 2005

4 채서일, "사회과학조사방법론" 학현사 2003

5 최운호, "대규모 컴퓨터 바이러스/웜의 공격시 종합침해사고대응시스템에서의 자동화된 역추적 절차" 15 (15): 50-60, 2005

6 Venkatesh, V, "Why Don't Men Ever Stop to Ask For Direction? Gender, Social Influence, ad Their Role in Technology Acceptance and Usage Behavior" 24 (24): 115-139, 2000

7 Loch, K, "Threats to Information Systems: Today's Reality, Yesterday's Understanding" 16 (16): 173-186, 1992

8 Cannon, C, "The Real Computer Virus" 28-35, 2001

9 David, J, "The New Face of the Virus Threat," 15 (15): 13-16, 1996

10 Szor, P, "The Art of Computer Virus Research and Defense" Addison-Wesley, 2005

11 Agarwal, R, "The Antecedents and Consequents of User Perceptions in Information Technology Adoption" 22 (22): 15-29, 1998

12 Hoffer, J., "The 9 to 5 Underground: Are You Policing Computer Crimes?" 30 (30): 35-43, 1989

13 Poston, R, "Spyware: A View from the (Online) Street" 48 (48): 96-99, 2005

14 Bissett, A, "Some Human Dimensions of Computer Virus Creation and Infection" 52 : 899-913, 2000

15 Gogan, J, "Should "Personal" Computers Be Personally Allocated?" 7 (7): 91-106, 1991

16 Frank, J, "Security-related Behavior of PC Users in Organizations" 21 (21): 127-135, 1991

17 Jung, B, "Security Threats to Internet: A Korean Multi-Industry Investigation" 38 (38): 487-498, 2001

18 Goodhue, D, "Security Concerns of System Users: A Study of Perception of the Adequacy of Security" 20 (20): 13-27, 1991

19 Stonburner, G, "Risk Management Guide for Information Technology Systems : NIST SP" National Institute of Standard and Technology 800-830, 2001

20 Tedeschi, B, "Protect Your Identity" 107-112, 2004

21 CMU/SEI, "Operationally Critical Threat, Asset, Vulnerability Evaluation (OCTAVE) Framework, Ver. 1.0" CMU/SEI 1999

22 White, S, "Open Problems in Computer Virus Research," IBM Thomas J. Watson Research Center, NY USA, 1998

23 Barsanti, C, "Modern Network Complexity Needs Comprehensive Security" 36 (36): 65-, 1999

24 Post, G, "Management Tradeoffs in Anti-Virus Strategies" 37 (37): 13-24, 2000

25 Skoudis, E, "Malware: Fighting Malicious Code" Prentice Hall 2003

26 Lee, Y, "Investigating Factors Affecting the Adoption of Anti-Spyware Systems" 48 (48): 72-77, 2005

27 Wen, H, "Internet Computer Virus Protection Policy" 6 (6): 66-71, 1998

28 Peltier, T, "Information Security Risk Analysis" Auerbach 2001

29 Pipkin, D, "Information Security - Protecting the Global Enterprise," Hewlett-Packard Professional Books 2000

30 Whitman, M, "In Defense of the Realm: Understanding the Threats to Information Security" 24 (24): 43-57, 2004

31 CSI, "IPAK: Information Protection Assessment Kit," Computer Security Institute 1997

32 Mtembu, K, "How to Manage and Reduce Computer Crime" 6 : 27-31, 1997

33 ISO/IEC, "Guidelines for the management of IT security (GMITS)-Part 1: Concepts and models of IT security," ISO/IEC JTC1 2000

34 CSE, "Guide to Security Risk Management for IT Systems, Communications Security Establishment" Government of Canada 1996

35 Coursen, S, "Financial Impact of Viruses" 6 (6): 64-70, 1997

36 CSI, "Eighth Annual CSI/FBI Computer Crime and Security Survey" Computer Security Institute 2005

37 Straub, D, "Effective IS Security: An Empirical Study" 1 (1): 255-276, 1990

38 Straub, D., "Discovering and Disciplining Computer Abuse in Organizations: A Field Study" 14 (14): 45-60, 1990

39 Sherif, J, "Deployment of Anti-Virus Software: A Case Study" 11 (11): 5-10, 2003

40 Hubbard, J, "Computer Viruses: How Companies Can Protect Their Systems" 98 (98): 12-16, 1998

41 Wack, J, "Computer Viruses and Related Treats: A Management Guide," National Institute of Standards and Technology, 1989

42 Nachenberg, C, "Computer Virus-Anti Virus Coevolution" 40 (40): 46-51, 1997

43 Russell, D, "Computer Security Basics" O'Reilly & Associates 1991

44 BSI, "Code of Practices for information Security Management" United Kingdom 1999

45 Gasser, M, "Building a Secure Computer Systems," Van Nostrand Rienhold Company, 1988

46 Gordineer, J, "Blended Threats: A New Era in Anti-Virus Protection" 12 (12): 45-47, 2003

47 McGraw, G, "Attacking Malicious Code: A Report to the Infosec Research Council" 17 (17): 33-41, 2000

48 Gordon, S, "Application Program Security Fighting Spyware and Adware in the Enterprise" 14 (14): 14-17, 2005

49 Kankanhalli, A, "An Integrative Study of Information Systems Security Effectiveness" 23 (23): 139-154, 2003

50 Lee, S, "An Integrative Model of Computer Abuse Based on Social Control and General Deterrence Theories" 41 (41): 707-718, 2004

51 Thatcher, J, "An Empirical Examination of Individual Traits as Antecedents to Computer Anxiety and Computer Self-Efficiency" 26 (26): 381-396, 2002

52 Lee, J, "A Holistic Model of Computer Abuse within Organizations" 10 (10): 57-63, 2002

53 Highland, H., "A History of Computer Viruses: The Famous Trio" 16 (16): 416-429, 1997

54 Finne, T, "A Conceptual Framework for Information Security Management" 17 (17): 303-307, 1998