{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T17:26:14Z","timestamp":1754155574079,"version":"3.41.2"},"reference-count":18,"publisher":"Emerald","issue":"1","license":[{"start":{"date-parts":[[2015,1,12]],"date-time":"2015-01-12T00:00:00Z","timestamp":1421020800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015,1,12]]},"abstract":"<jats:sec>\n               <jats:title content-type=\"abstract-heading\">Purpose<\/jats:title>\n               <jats:p> \u2013 The purpose of this paper is to provide a model for quantitatively analyzing the security profile of an organization\u2019s IT environment. The model considers the security risks associated with stored data, as well as services and devices that can act as channels for data leakages. The authors propose a sensitive information (SI) leakage vulnerability model. <\/jats:p>\n            <\/jats:sec>\n            <jats:sec>\n               <jats:title content-type=\"abstract-heading\">Design\/methodology\/approach<\/jats:title>\n               <jats:p> \u2013 Factors identified as having an impact on the security profile are identified, and scores are assigned based on detailed criteria. These scores are utilized by mathematical models that produce a vulnerability index, which indicates the overall security vulnerability of the organization. In this chapter, the authors verify the model result extracted from SI leakage vulnerability weak index by applying the proposed model to an actual incident that occurred in South Korea in January 2014. <\/jats:p>\n            <\/jats:sec>\n            <jats:sec>\n               <jats:title content-type=\"abstract-heading\">Findings<\/jats:title>\n               <jats:p> \u2013 The paper provides vulnerability result and vulnerability index. They are depends on SI state in information systems. <\/jats:p>\n            <\/jats:sec>\n            <jats:sec>\n               <jats:title content-type=\"abstract-heading\">Originality\/value<\/jats:title>\n               <jats:p> \u2013 The authors identify and define four core variables related to SI leakage: SI, security policy, and leakage channel and value of SI. The authors simplify the SI leakage problem. The authors propose a SI leakage vulnerability model.<\/jats:p>\n            <\/jats:sec>","DOI":"10.1108\/k-05-2014-0106","type":"journal-article","created":{"date-parts":[[2015,1,13]],"date-time":"2015-01-13T05:41:38Z","timestamp":1421127698000},"page":"77-88","source":"Crossref","is-referenced-by-count":4,"title":["Study on sensitive information leakage vulnerability modeling"],"prefix":"10.1108","volume":"44","author":[{"given":"Sung-Hwan","family":"Kim","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nam-Uk","family":"Kim","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tai-Myoung","family":"Chung","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","reference":[{"key":"key2020122701102161100_b3","doi-asserted-by":"crossref","unstructured":"Alberts, C.\n               , \n                  Dorofee, A.\n               , \n                  Stevens, J.\n                and \n                  Woody, C.\n                (2003), \n                  Introduction to the OCTAVE Approach\n               , Carnegie Mellon University, Pittsburgh, PA.","DOI":"10.21236\/ADA634134"},{"key":"key2020122701102161100_b2","unstructured":"Alberts, C.J.\n                and \n                  Dorofee, A.\n                (2002), \n                  Managing Information Security Risks: The OCTAVE Approach\n               , Addison-Wesley Longman Publishing Co. Inc., Boston, MA."},{"key":"key2020122701102161100_b1","doi-asserted-by":"crossref","unstructured":"Anderson, R.\n                (2001), \u201cWhy information security is hard-an economic perspective\u201d, Computer Security Applications Conference, ACSAC 2001. Proceedings 17th Annual 2001, IEEE, pp. 358-365.","DOI":"10.1109\/ACSAC.2001.991552"},{"key":"key2020122701102161100_b4","unstructured":"Beigi, M.\n               , \n                  Devarakonda, M.\n               , \n                  Jain, R.\n               , \n                  Kaplan, M.\n               , \n                  Pease, D.\n               , \n                  Rubas, J.\n               , \n                  Sharma, U.\n                and \n                  Verma, A.\n                (2005), \u201cPolicy-based information lifecycle management in a large-scale file system, Policies for Distributed Systems and Networks\u201d, Sixth IEEE International Workshop on 2005, IEEE, pp. 139-148."},{"key":"key2020122701102161100_b5","unstructured":"Blakley, B.\n               , \n                  Mcdermott, E.\n                and \n                  Geer, D.\n                (2001), \n                  Information Security is Information Risk Management, Proceedings of the 2001 Workshop on New Security Paradigms\n               , ACM, Cloudcroft, New Mexico, pp. 97-104."},{"key":"key2020122701102161100_b6","doi-asserted-by":"crossref","unstructured":"Cavusoglu, H.\n                (2004), \n                  Economics of it Security Management. Economics of Information Security\n               , Springer, AH Dordrecht, pp. 71-83.","DOI":"10.1007\/1-4020-8090-5_6"},{"key":"key2020122701102161100_b7","unstructured":"Chen, Y.\n                (2005), \u201cInformation valuation for information lifecycle management\u201d, Autonomic Computing, ICAC 2005. Proceedings. Second International Conference on 2005, IEEE, pp. 135-146."},{"key":"key2020122701102161100_b102","doi-asserted-by":"crossref","unstructured":"Denning, D.E.\n                and \n                  Denning, P.J.\n                (1979), \u201cData security\u201d, \n                  ACM Computing Surveys (CSUR)\n               , Vol. 11 No. 3, pp. 227-249.","DOI":"10.1145\/356778.356782"},{"key":"key2020122701102161100_b8","doi-asserted-by":"crossref","unstructured":"Dhillon, G.\n                and \n                  Torkzadeh, G.\n                (2006), \u201cValue-focused assessment of information system security in organizations\u201d, \n                  Information Systems Journal\n               , Vol. 16 No. 3, pp. 293-314.","DOI":"10.1111\/j.1365-2575.2006.00219.x"},{"key":"key2020122701102161100_b9","unstructured":"Gordon, L.\n               , \n                  Loeb, M.\n                and \n                  Lucyshyn, W.\n                (2003), \u201cInformation security expenditures and real options: a wait-and-see approach\u201d, \n                  Computer Security Journal\n               , Vol. 19 No. 2, pp. 1-7."},{"key":"key2020122701102161100_b10","doi-asserted-by":"crossref","unstructured":"Gordon, L.A.\n                and \n                  Loeb, M.P.\n                (2002), \u201cThe economics of information security investment\u201d, \n                  ACM Transactions on Information and System Security (TISSEC)\n               , Vol. 5 No. 4, pp. 438-457.","DOI":"10.1145\/581271.581274"},{"key":"key2020122701102161100_b11","unstructured":"Korea Credit Bureau\n                (2014), \u201cCompany Overview\u201d, available at: www.koreacb.com\/kr\/introduction\/summary\/ (accessed February 20, 2014)."},{"key":"key2020122701102161100_b12","unstructured":"Korea Financial Supervisory Service\n                (2014), \u201cIncident overview and measures to prevent recurrence\u201d, available at: www.fss.or.kr\/fss\/kr\/promo\/bodobbs_view.jsp?seqno=17530&no=10362&s_title=&s_kind=&page=31 (accessed February 20, 2014)."},{"key":"key2020122701102161100_b13","unstructured":"National Institute Standards and Technology (NIST)\n                (2013), \n                  Glossary of Key Information Security Terms, NISTIR 7298 Revision 2\n               , NIST, Gaithersburg, MD."},{"key":"key2020122701102161100_b14","unstructured":"Reiner, D.\n               , \n                  Press, G.\n               , \n                  Lenaghan, M.\n               , \n                  Barta, D.\n                and \n                  Urmston, R.\n                (2004), Information Lifecycle Management: The EMC Perspective, Data Engineering, 2004. Proceedings. 20th International Conference on 2004, IEEE, pp. 804-807."},{"key":"key2020122701102161100_b15","doi-asserted-by":"crossref","unstructured":"Siponen, M.T.\n                and \n                  Oinas-Kukkonen, H.\n                (2007), \u201cA review of information security issues and respective research contributions\u201d, \n                  ACM Sigmis Database\n               , Vol. 38 No. 1, pp. 60-80.","DOI":"10.1145\/1216218.1216224"},{"key":"key2020122701102161100_b16","doi-asserted-by":"crossref","unstructured":"Sokolowski, J.A.\n                and \n                  Banks, C.M.\n                (2012), \n                  Handbook of Real-World Applications in Modeling and Simulation\n               , John Wiley & Sons, Hoboken, NJ.","DOI":"10.1002\/9781118241042"},{"key":"key2020122701102161100_b17","doi-asserted-by":"crossref","unstructured":"Tsiakis, T.\n                and \n                  Stephanides, G.\n                (2005), \u201cThe economic approach of information security\u201d, \n                  Computers & Security\n               , Vol. 24 No. 2, pp. 105-108.","DOI":"10.1016\/j.cose.2005.02.001"}],"container-title":["Kybernetes"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/K-05-2014-0106","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/K-05-2014-0106\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/K-05-2014-0106\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,24]],"date-time":"2025-07-24T21:48:07Z","timestamp":1753393687000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/k\/article\/44\/1\/77-88\/272960"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,1,12]]},"references-count":18,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2015,1,12]]}},"alternative-id":["10.1108\/K-05-2014-0106"],"URL":"https:\/\/doi.org\/10.1108\/k-05-2014-0106","relation":{},"ISSN":["0368-492X"],"issn-type":[{"type":"print","value":"0368-492X"}],"subject":[],"published":{"date-parts":[[2015,1,12]]}}}