Internet environment and innovative ICT(information and communication technology) have brought about big changes to our lifestyle and industrial structure. In spite of the convenience of Internet, various cyber incidents such as malicious code infection, personal information leakage, smishing(sms + phishing), and pharming have frequently occurred. Information security must be recognized as a key and compulsory element for surviving in a global economy. Strategic roles of information security have recently been increasing, but effective implementation of information security is still a major challenge to organizations. Our study examines the influencing factors of information security and investigates the causal relationship between information security maturity level and organizational performance through an empirical survey. According to the results of our study, personal, organizational, technical, and social factors affect organizations‘s information security maturity level altogether. This result suggests that when dealing with security issues, the holistic and multi-disciplinary approaches should be required. In addition, there is a causal relationship between information security maturity level and organizational performance, and organizations aim to establish the efficient and effective ways to enhance information security maturity level on the basis of the results of this study.

1 임채호, "효과적인 정보보호인식제고 방안" 16 (16): 30-36, 2006

2 백민정, "중소규모 조직구성원의 정보보안인식과 행동이 정보보안성과에 미치는 영향에 관한 연구" 한국중소기업학회 33 (33): 113-132, 2011

3 김인재, "조직성과에 미치는 SPI 영향요인에 관한 연구 :조직 성숙도의 조절효과 관점에서" 한국정보시스템학회 19 (19): 97-118, 2010

4 김경규, "정보자산보호성과가 조직성과에 미치는 영향에 관한 연구: 관리활동과 통제활동을 중심으로" 한국과학기술정보연구원 40 (40): 61-77, 2009

5 최명길, "정보보호정책의 성숙도에 영향을 미치는 요인에 관한 연구" 한국정보보호학회 18 (18): 131-142, 2008

6 "전자금융거래법 시행령 제 11조의2"

7 한국정보보호진흥원, "인터넷 침해사고 피해액산출모형 개발에 관한 연구" 2006

8 김상현, "위치기반서비스 사용에 영향을 미치는 프라이버시 염려감소 선행요인, 신뢰 그리고 개인혁신성의 조절효과" 한국정보시스템학회 21 (21): 73-96, 2012

9 윤재욱, "소프트웨어 프로세스 개선활동이 조직성과에 미치는 영향" 한국경영과학회 31 (31): 37-53, 2006

10 금융위원회, "금융회사 정보기술 보호업무 모범규준"

11 금융보안연구원, "금융IT 보안컴플라이언스"

12 배병렬, "구조방정식모델 이해와 활용" 도서출판 대경 2011

13 송정석, "공공기관 정보보호 거버넌스 수준에 영향을 미치는 요인에 관한 연구" 한국전자거래학회 16 (16): 133-151, 2011

14 "Underlying Technical Models for Information Technology Security"

15 Trist, E., "The evolution of socio-technical systems" Wiley 1981

16 Dzazali, S., "Social Factors Influencing the Information Security Maturity of Malaysian Public Service Organisation:An Empirical Analysis" 103-, 2006

17 Schneier, B., "Secret and Lies –Digital Security in a Networked World" Wiley Computer Publishing 2002

18 Bulgurcu,B.H., "Roles of Information Security Awareness and Perceived Fairness in Information Security Policy Compliance" 419-, 2009

19 Tashi, I., "Regulatory Compliance and Information Security Assurance" 670-674, 2009

20 Koufteros, X., "Product development Practices and performan ce : A structural equation modeling-based multi-group analysis" 103 (103): 286-307, 2006

21 Chang, S.E., "Organizational factors to the effectiveness of implementing information security management" 106 (106): 345-361, 2006

22 Beznosov, K., "On the imbalance of the security problem space and its expected consequences" 15 (15): 420-431, 2007

23 Goldsmith, R. E., "Measuring Consumer Innovativeness" 19 (19): 209-221, 1991

24 Choi, N., "Knowing is doing" 16 (16): 484-501, 2008

25 Midgley, D., "Innovativeness : The Concept and Its Measurement" 4 (4): 229-242, 1978

26 Eloff, J. H. P., "Information security policy—what do international information security standards say?" 21 (21): 402-409, 2002

27 Thomson, K., "Information security obedience : a definition" 24 : 69-75, 2005

28 Doddrell, G. R., "Information security and the internet" 6 (6): 5-9, 1996

29 Knapp, K. J., "Information security : management’s effect on culture and policy" 14 (14): 24-36, 2006

30 Bassellier, G., "Information Technology Competence of Business Managers : A Definition and Research Model" 17 (17): 159-182, 2001

31 Peltier, T.R., "Information Security Risk Analysis" Auerbach Publications 2001

32 "Information Security Handbook: A Guide for Managers"

33 Hagen, J.M., "Implementation and effectiveness of organizational information security measures" 16 (16): 377-397, 2008

34 Hall, J. H., "Impacts of organizational capabilities in information security" 19 (19): 155-176, 2011

35 Kowalski, S., "IT Insecurity: A Multi-disciplinary Inquiry. Diss. The Royal Institute of Technology" Department of Computer and Systems Science Stockholm Univ. 1994

36 ISO27001, "ISO/IEC 27001-2005(E): Information Technology-Security Techniques-Information Security Management Systems-Requirements"

37 "Guide for Conducting Risk Assessment"

38 Fornell, C., "Evaluating structural equation models with unobservable variables and measurement error" 18 : 39-50, 1981

39 Solms, R., "Driving safely on the information superhighway" 5 (5): 20-22, 1997

40 Rogers, E. M., "Diffusion of Innovation" The Free Press 2003

41 Young, R.F, "Defining the Information Security Posture : An Empirical Examination of Structure and Managerial Effectiveness" University of North Texas 2008

42 Dhillon, G., "Current direction in IS security research: toward socio-technical perspectives" 11 (11): 127-153, 2001

43 Steven J. Ross, "Creating a culture of Security"

44 "Computer Security Incident Handling Guide"

45 "COBIT(Control Objectives for Information and Related Technology) 5"

46 Dzazali, S., "Assessment of information security maturity : An exploration study of Malaysian public service organizations" 14 (14): 23-57, 2012

47 Stanton, J.M., "Analysis of end user security behaviors" 24 (24): 124-133, 2005

48 Kankanhalli, A., "An integrative study of information systems security effectiveness" 23 : 139-154, 2003

49 Werlinger, R., "An integrated view of human, organizational and technological challenges of IT security management" 17 (17): 4-19, 2009

50 Alder, M. P., "A unified approach to information security compliance" 41 (41): 46-48, 2006

51 Bostrom, R.P., "A socio-technical perspective. PartⅠ:The causes" 1 (1): 17-32, 1977

52 Smith, S., "A financial Management Approach for Selecting Optimal, Cost-Effective Safeguards Upgrades for Computer and Information Security Risk Management" 14 (14): 28-29, 1995

53 Alshawaf, A. H., "A benchmarking framework for information systems management issues in Kuwait" 12 (12): 30-44, 2005

54 Yngström, L., "A Systemic- Holistic Approach to Academic Programmes in IT Security" University of Stockholm and the Royal Institute of Technology 1996

55 Agarwal, R., "A Conceptual and Operational Definition of Personal Innovativeness in the Domain of Information Technology" 9 (9): 204-215, 1998