Journal of Convergence for Information Technology (융합정보논문지)

Convergence Society for SMB (중소기업융합학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on Establishment of Small and Medium Business Information Security Plan under Resource Restrictions

자원 제약하의 중소기업 정보보안계획 수립방안 연구

  • Kwon, Jang-Kee (Dept. of MIS, Korea National University Grauduate School Of Transportation) ;
  • Kim, kyung-Ihl (Dept. of MIS, Korea National University Of Transportation)
  • 권장기 (한국교통대학교 대학원 경영정보학과) ;
  • 김경일 (한국교통대학교 경영정보학과)
  • Received : 2017.03.07
  • Accepted : 2017.04.03
  • Published : 2017.04.28
Download PDF
⟨ Previous Next ⟩

Abstract

Information is a valuable asset regardless of the size of the enterprise and information security is an essential element for the survival and prosperity of the enterprise. However, in the case of large corporations, Security is ensured through rapid introduction of information security management system. but In the case of SMEs, security systems are not built or construction is delayed due to complex factors such as budget constraints, insufficient security guidelines, lack of security awareness. In this paper, we analyze the actual situation of information security management of SMEs through questionnaires, and We would like to suggest a comprehensive security plan for SMEs in free or inexpensive ways. We believe that by applying the method presented in this paper, SMEs will be able to implement the lowest cost basic information security and will benefit SMEs who plan to establish an information security plan.

정보는 기업의 규모와 무관하게 소중한 자산이며 정보보안은 기업의 생존과 번영을 위해 필수적인 요소이다. 하지만 대기업의 경우 정보보안경영시스템(ISMS)의 신속한 도입을 통해 안전을 확보해 나가지만, 중소기업의 경우는 예산 제약, 보안 지침의 미흡, 보안에 대한 인식 부족 등, 복합적인 요인들로 인해 보안시스템이 구축되지 않거나 구축이 지체되고 있다. 본 논문에서는 중소기업의 정보보안 관리 실태를 설문조사를 통하여 문제점을 분석하고, 중소 기업을 위한 무료 또는 저렴한 방법으로 종합적인 보안계획 수립 방안을 제시하고자 한다. 본 논문이 제시하는 방법을 적용해 중소기업들은 최저 비용의 기본적인 정보보안을 구현할 수 있을 것이며, 정보보안 계획을 수립하고자 하는 중소기업들에 도움이 될 것이라고 믿는다.

Keywords

References

  1. M. S. Todd1 and S. M. Rahman, "Complete Network Security Protection For SME'S Within Limited Resources," International Journal of Network Security & Its Applications (IJNSA), Vol. 5, No. 6, pp. 1-13, Nov. 2013. DOI: 10.5121/ijnsa.2013.5601
  2. K. I. Kim, G. S. Jeon and G. S. Chae, “NFC Payment System for Security Privacy and Location Information of User,” Journal of Convergence Society for SMB, Vol. 6, No. 2, pp. 21-26, June. 2015. DOI: 10.22156/CS4SMB.2015.6.2.021
  3. Y. S. Jeong, “Design of Prevention Model according to a Dysfunctional of Corporate Information,” Journal of Convergence Society for SMB, Vol. 4, No. 3, pp. 7-13, June. 2016. DOI: 10.22156/CS4SMB.2016.4.3.007
  4. J. K. Kwon and J. T. Lee, "An Empirical Study on the factors Information Protection Policy of Employee's Compliance Intention," Journal of Convergence Society for SMB, Vol. 4, No. 3, pp. 7-13, Aug. 2014. DOI: 10.22156/CS4SMB.2014.4.3.007
  5. Y. S. Jeong, "Design of Security Model for Service of Company Information," Journal of Convergence Society for SMB, Vol. 2, No.2, pp. 43-49, Nov. 2012. DOI: 10.22156/CS4SMB.2012.2.2.043
  6. M. S. MCS, "Business continuity planning: best practices for your organization," Retrieved from http://www.mcsmanagement.com/WhitepapersUpload, 2007.
  7. https://www.ultari.go.kr/portal/psi/techPrtcManual.do
  8. https://www.tradesecret.or.kr/bbs/standard.do
  9. https://it.smplatform.go.kr/prSysCnstc/intrcnView?bsns-ClCodeSe=0000002G
  10. K. Ojdana, and A. Watmore, "Getting physical with network security," Retrieved from http://www.molexpn.com/Media/docs/Getting-Physical-with-Network-Security-cb5ed721-977d-4f7d-a4c5-995b6524d3aa.pdf, 2010. 10.
  11. P. Oppenheimer, "Developing network security strategies," Retrieved from http://www.ciscopress.com/articles/article.asp?p=1626588&seqNum=2. 2010. 10.
  12. Microsoft. "Applying the principle of least privilege to user accounts on windows xp," Retrieved from http://technet.microsoft.com/en-us/library/bb456992.aspx, 2006. 01.
  13. S. Motiee, K. Hawkey and K. Beznosov, "Do windows users follow the principle of least privilege? investigating user account control practices. Symposium on Usable Privacy and Security (SOUPS)," Retrieved from http://cups.cs.cmu.edu/soups/2010/proceedi ngs/a1_motiee.pdf, 2010.
  14. FireEye, "The advanced cyber attack landscape," Retrieved from http://www2.fireeye.com/rs/fireye/images/fireeye-advanced-cyber-attack-landscapereport.pdf?mkt_tok=3RkMMJWWfF9wsRogs63NZKXonjHpfsX57O4kXqO%2BlMI%2F0ER3fOvrPUfGjI4ETcFlI%2FqLAzICFpZo2FFeE%2FKQZYU%3D. 2013.
  15. P. Oppenheimer, "Developing network security strategies," Retrieved from http://www.ciscopress.com/articles/article.asp?p=1626588&seqNum=2, 2010.
  16. K. Scarfone and P. M. Mell, Guide to intrusion detection and prevention systems, NIST SP, No. 800-94, 2007.
  17. J. Lazauskas, "the-3-biggest-cybersecurity-threats-of-2014-and-how-the-federal-government-plans-stop-them," http://www.forbes.com/sites/centurylink/, 2014. 10.