조직의 정보보호정책 성숙도 수준과 정보보호정책 수립 요인간의 탐색 연구

As dependence on information systems grows, the necessity of protecting information assets should be increased. To establish a firm information security management systems, we have to introduce a high mature information security policy which describes goals, principles, and guidelines. Information security policy keep employees from conducting inadequate behaviors, elevates the recognition of employees to threats and attacks to the information assets. This study identifies factors affecting establishment of information security policy through factor analysis. This study suggests the four factors affecting establishment of information security policy. The four factors are as following; Organization's support for establishing information security policy, organizational compatibility for information security policy, technical compatibility, and perceived benefits. We divide organization to 3 level according to the maturity of information security policy. This study tries to explore the relation between the maturity level of organization and the suggested four factors. We find two factors which distinguish the features of high mature information security policy. The two factors are organizational support to information security and perceived benefits. The factors this study suggests would strengthen the security of organization and will be used for further study to identify factors affecting elevation of security in organization.