Journal of the Korea Academia-Industrial cooperation Society (한국산학기술학회논문지)

The Korea Academia-Industrial cooperation Society (한국산학기술학회)
권호 표지
DOI QR코드

DOI QR Code

Estimating The Economic Value of Information Security Management System (ISMS) Certification by CVM

조건부가치측정법(CVM)을 이용한 정보보호 관리체계(ISMS) 인증의 경제적 가치 추정 연구

  • Received : 2014.05.28
  • Accepted : 2014.09.11
  • Published : 2014.09.30
Download PDF
⟨ Previous Next ⟩

Abstract

Since 2002, many domestic companies have been certified for ISMS. On the other hand, certification, such as the need for ost-effectiveness evaluation, is not specifically enforced. Therefore, for more than 10 years, the ISMS implementation and certification system has been used for performance and cost effective business management. In this study, a model for analyzing the effect of certification organizations, ISMS development, and an analysis of the effect of a standardized system for the study was prepared. To this end, the existing maintenance organizations ISMS certification survey was conducted through an analysis of the economic effects. ISMS certification continues to expand or maintain the policy for improvement. The survey data collected by the analysis mechanism for the economic effects of CVM was analyzed.

국내 많은 기업들이 2002년부터 ISMS를 구축하고 인증을 받아 운영하고 있지만 인증 취득 필요성이나 경제적 효과성 등의 평가는 구체적으로 시행되고 있지 않다. 따라서 10년 이상 시행되고 있는 ISMS 인증 제도에 대해 어떠한 성과가 있고 기업 경영에 어떤 경제적 효과가 있는지 검증할 필요가 있다. 본 연구에서는 인증 취득에 따른 효과분석 모델 개발과 인증의 경제적 가치를 측정하여 제시하고자 하였다. 이를 위하여, ISMS 인증유지 조직을 대상으로 개방형 질문법을 이용 설문조사와 조건부가치측정법(CVM)을 통해 분석한 결과 인증 기업당 매년 1억 7,130만원 상당의 경제적 가치가 있는 것으로 추정되었다. 본 연구 에서는 조건부가치측정법을 활용한 ISMS 인증 서비스의 경제적 가치를 추정하는 방법을 제시하였으며, 측정 지표와 방법을 통해 기업 스스로 인증의 경제적 가치를 추정해봄으로써 ISMS 운영의 실효성을 확보하고 최고경영진의 정보보호 투자 등 의사결정에 많은 도움이 될 것으로 보인다.

Keywords

References

  1. Ministry of Legislation, "Information and Communication Network Utilization and Information Security Act", 2013.
  2. Ministry of Science ICT and Future Planning , "Notice regarding Information Security Management System Certification", 2013.
  3. KISA, 'Guide for Information Security Management System Certification Scheme', 2013.
  4. KISA, 'Information Security Management System (ISMS) to build and operate training materials', 2013.
  5. KISA, 'Corporate Information Security Survey' 2013.
  6. Sinilsun, "The economic significance of information security Investigation", Information Security Review, Issue 1-1, pp.27-40. 2005.
  7. KISA, "Index calculated level of national information security study and promotion of internationalization", 2006.
  8. Gimjeongdeok, bakjeongeun, "ROI-based information security TCO (ROSI) for research", Digital Policy Institute, pp.251-261, 2003.
  9. Seonhangil, "Statement of local companies and organizations Influence Factors of Information Security", The Korea Society of Management Information Systems, pp.1087-1095, 2005.
  10. Gimjeongin, 'Economic Impact of Asian Dust Research Society (I)', National Institute of Environmental Research, 2008.
  11. Gwonmisu, "Methodology Services measuring the value of information", NIA, 2004.
  12. Ciriacy-Wantrup, "Capital Returns from Soil-Conservation Practices" American J. of Agricultural Economics Volume 29, Issue 4 Part II pp. 1181-1196. 1947.
  13. Devine and Marion, "The Influence of Consumer Price Information on Retail Pricing and Consumer Behavior" American J. of Agricultural Economics Volume 61, Issue 2 pp. 228-237. 1979. DOI: http://dx.doi.org/10.2307/1232747
  14. Gimcheolhoe, jomanhyeong, "Cost-benefit analysis of the national grid project - Empirical studies applying the contingent valuation method-, Korea Policy Research volume9-3, pp.1-16, 2009.
  15. Simjaewoo, gujahun, 'Contingent valuation method (CVM) to estimate the economic value types using business school gongwonhwa', Seoul City Research, volume7-3, pp.51-64, 2006.