For most organizations, a security infrastructure to protect company’s core information and their technology is becoming increasingly important. So various approaches to information security have been made but many security accidents are still taking place. In fact, for many Korean companies, information security is perceived as an expense, not an asset. In order to change this perception, it is very important to recognize the need for information security and to find a rational approach for information security. The purpose of this study is to present a framework for information security strategies of companies. The framework classifies companies into eight types so company can receive help in making decisions for the development of information security strategy depending on the type of company it belongs to. To develope measures to classify the types of companies, 12 information security professionals have done brainstorming, and based on previous studies, among the factors that have been demonstrated to be able to influence the information security of the enterprise, three factors have been selected. Delphi method was applied to 29 security experts in order to determine sub items for each factor, and then final items for evaluation was determined by verifying the content validity and reliability of the components through the SPSS analysis. Then, this study identified characteristics of each type of eight companies from a security perspective by utilizing the developed sub items, and summarized what kind of actual security accidents happened in the past.

1. 서 론
 2. 선행 연구와 이론적 배경
  2.1 정보보안에서 조직과 기업 유형 분류의 필요성
  2.2 주요 정보보호 관리체계 프레임워크 구성과문제점
  2.3 정보보안 영향요인에 관한 연구
 3. 연구방법
 4. 연구결과
  4.1 제1라운드 평가
  4.2 제2라운드 평가
  4.3 제3라운드 평가
  4.4 평가 종합
 5. 정보보호 관점 기업 유형 분류 프레임워크
 6. 결 론
 References

• 김희올(한양대학교 일반대학원 경영컨설팅학과) | Hee-Ohl Kim
• 백동현(한양대학교 경상대학 경영학부) | Dong-Hyun Baek Corresponding Author