With the growing importance of information security due to the arrival of information society and the spread of the internet, information security is emerging as a tool to guarantee competitive advantage and is at the same time an indispensable requirement for stable business execution for companies and organizations. Additionally, the value of tangible and intangible assets that need to be protected as components of corporate assets are on the rise, where the importance of efficient and effective information asset management and information security investment is increasing for the organizations and companies managing them. However, despite an increase in the information security investment of an organization, there is a lack of systematic methodology pertaining to performance appraisals, which makes decision-making activities and determining means of improvement difficult. The existing financially focused information security investment is inadequate for systematic analyses and understanding due to the opportunity cost type characteristics of information security investment and the difficulty involved in presenting future strategic direction. This paper, considering the characteristics of the effects of information security investment, analyzes from a balanced score card perspective information security investment strategies and performance relationships. In short, critical success factors and key performance indicators are initially obtained from previous research related to information security investment, and the data collected through surveys at related companies and organizations are empirically analyzed utilizing the structural equation model.
Nowadays the importance of information security has been increased because there are many benefits and threats like information leakage caused by rapid growth of information technology. It is important to apply technical solution, however enhancing security capability is more important to respond evolving security threats. Information security education is one of typical way to enhance security capability and there are various efforts at the dimension of nation, company and academic community. However it is required to analyze previous research until now and derive future research direction for long-term development plan. In this study, we analyzed a publication status about 177 papers related to information security, training and awareness from 4 foreign journals and 2 Korean journals. Additionally, we analyzed in detail about 70 papers related to information security education. As a result, the most part of study is about curriculum, and in the future, it is required to expand educational area as well as study about effectiveness measurement of information security education by experimental research.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations鈥揷itations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.