The Journal of the Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회논문지)

The Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회)
권호 표지
DOI QR코드

DOI QR Code

Needs and considerrations of corporate security assessment (Focusing on financial companies)

기업 보안평가 공시제도의 필요성 및 구현방안 (금융회사 중심으로)

  • Kim, Bo (Dept. of Cyber Defense, Korea University) ;
  • Lim, Jong-In (Dept. of Cyber Defense, Korea University)
  • 김보 (고려대학교 정보보호학과) ;
  • 임종인 (고려대학교 정보보호학과)
  • Received : 2014.11.07
  • Accepted : 2014.12.12
  • Published : 2014.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, it was occurred in the nation's largest Information spill about 140 million cases of credit card customers' personal and credit information. As such, it was rapidly to increase in consumer complaints about the privacy of personal information in accordance with outflow of financial companies increased accident. But it is still not clear precaution. Therefore, in financial customer position, it is possible to confirm and determine in advance whether or not superior to the security company. In addition, It is time to be required institutional device that can be a real effort to equip a good security company. This report is considered a model of "Disclosure of corporate security assessment " of these devices institutional study. And We study in realistic and objective stance about why do we need this policy.

최근 신용카드사가 보관중인 고객의 개인 및 신용 정보가 약 1억4천만 건 유출되는 국내 최대 규모의 정보유출 사고가 발생했다. 이렇게 금융회사의 개인정보 유출사고는 증가하고, 소비자의 개인정보에 대한 민원이 급속히 증가하고 있지만 아직도 뚜렷한 예방책이 없는 것이 현실이다. 따라서 금융소비자 입장에서 기업의 보안 우수성 여부를 사전에 확인 및 판단할 수 있고, 기업은 우수한 보안성을 갖추기 위해 실질적인 노력을 할 수 있는 제도적 장치가 필요한 시점이다. 본 연구는 이러한 제도적 장치를 "기업 보안평가 공시제도"라는 모델로 보고 이 제도가 왜 필요한가에 대하여 현실적이고, 객관적 입장에서 연구하고자 한다.

Keywords

References

  1. Annual Status of Privacy Complaint Counseling, From personal Information Protection Commission
  2. Yeon-Ju Lee, The factors of the School of Information Disclosure,influencing enhance confidence in public education, Dec. 2013
  3. Jae-Geun Lee "An Estimation Model of the Personal Information Protection Performance Level using the Privacy Policy Disclosure Data", Dec. 2013
  4. http://www.fss.or.kr/fss/kr/bbs/list.jsp?bbsid=1207396397643&url=/fss/kr/1207396397643
  5. http://isms.kisa.or.kr/kor/notice/dataList.jsp?p_No=48&b_No=48
  6. http://www.iso.org/iso/home/standards/management-standards/iso27001.htm
  7. Hyo-Jung Jun, "A Feasibility Study on Introduction of Information Security Disclosure", Dec. 2012
  8. http://www/sec.gov/diisions/corpfin/guidance/cfguidance-topic2.htm (SEC "Guidance concerning cyber incident disclosure)
  9. https://www.pcisecuritystandards.org/security_standards
  10. http://www.fss.or.kr/fss/kr/bbs/list.jsp?bbsid=1207396397643&url=/fss/kr/1207396397643, July. 2014
  11. Woo-Jun Kang. "2014 An Efficient Privacy Preserving Method based on Semantic Security Policy Enforcement", Dec. 2013

Cited by

  1. A Study on Threat Analysis of PC Security and Countermeasures in Financial Sector vol.15, pp.6, 2015, https://doi.org/10.7236/JIIBC.2015.15.6.283