DOI QR코드

DOI QR Code

A Study on Selection of Core Services for Deciding ISMS Scope

  • Kang, Hyunsik (Dept. of Security Convergence, Chung-Ang University) ;
  • Kim, Jungduk (Dept. of Industrial Security, Chung-Ang University)
  • Received : 2016.12.27
  • Accepted : 2017.01.31
  • Published : 2017.02.28

Abstract

The first thing to be prioritized is to set the scope of the management system when establishing an information security management system for systematic and effective information security management. It is important to set the scope for an organization's information security goals due to the scope affects the organization's overall information security activities. If the scope is set incorrectly, it might become impossible to protect important services and therefore, the scope of the management system should be determined in consideration of the core business services of the organization. We propose a core service selection model based on the organization's mission-critical service and high risk service in order to determine the effective information security management system scope in this paper. Core service selection criteria include the type of service, contribution to sales, socio-economic impact, and linkage with other services.

Keywords

References

  1. KISA, "A Guide for the Certification of Information Security Management System", KISA, Mar 2016.
  2. Telecommunications Technology Association, "A Guide for Establishing the Scope of Information Security Management System", TTAK.KO, Dec 2012.
  3. ISO/IEC JTC 1/SC 27, "ISO/IEC 27001:2013 Information security management systems Requirements", ISO/IEC, Sep 2013.
  4. ISO/IEC JTC 1/SC 27, "ISO/IEC 27003:2010 Information security management systems implementation guidance", ISO/IEC, Feb 2010.
  5. Ray Bernard, "Information Lifecycle Security Risk Assessment: A tool for closing security gaps", computers & security, Vol.26, No.1, pp.26-30, Feb 2007. https://doi.org/10.1016/j.cose.2006.12.005
  6. J. K. Lee, "Diagnosis and evaluation of non-core businesses in Public enterprise", Public institution research focus, Vol.0, No.0, pp. 113-138, Apr 2013.
  7. Handa junichi, "Centennial company", New proposal Publishers, Mar 2004.
  8. J. H. Yang and K. Y. Choi, "Service, Marketing", INITIAL COMMUNICATIONS Corp, Feb 2011.
  9. ISO/IEC JTC 1/SC 27, "ISO/IEC 27000:2016 Information security management systems: Overview and vocabulary", ISO/IEC, Feb 2016.
  10. NIST, "FIPS PUB 199: Standards for Security Categorization of Federal Information and Information Systems", NIST, Feb 2004.
  11. Ministry of Science, "ICT and Future Planning, Guidelines for Designation Criteria for Major IT Infrastructure Facilities", Ministry of Science, Mar 2015.
  12. N. H. Kim and D. Y. Maeng, "Criteria for calculating the importance of information security in E-government public service", Internet & security focus, Vol.3, No.0, pp.47-59, Mar 2014.
  13. J. H. Eom, M. J. Kim, "Effect of Information Security Incident on Outcome of Investment by Type of Investors: Case of Personal Information Leakage Incident", Journal of The Korea Institute of Information Security & Cryptology, Vol.26, No.2, pp.463-474, Apr 2016. https://doi.org/10.13089/JKIISC.2016.26.2.463
  14. J. Hue, "A Study on New Methodology for Designating Core Information Infrastructure", Internet & Security Focus, Vol.9, No.1, pp.26-35, Sep 2013.
  15. Kang, M. A., Son, J. Y. and Kim, H. J., "Exploratory research on applicability of integrated research methods: Integrated application of survey and focus group method to community opinion survey for local health policy decision", Korean Public Administration Review, Vol. 41, No.4, pp. 415-437, Dec 2007.
  16. David L. Morgan, "Focus Groups", Annual Review of Sociology, Vol.22, No.1, pp.129-152, Aug 1996. https://doi.org/10.1146/annurev.soc.22.1.129
  17. Krueger, R. A. & Casey, M. A., "Focus Groups: A Practical Guide for Applied Research", SAGE Publications, Oct 2008.
  18. Derek Cabrera, James T.Mandel, Jason P. Andras and Mari L. Nydam, "What is the crisis? Defining and prioritizing the world's most pressing problems", Frontiers in Ecology and the Environment, Vol.6, No.9, pp.469-475, Nov 2008. https://doi.org/10.1890/070185
  19. Ministry of Knowledge Economy, "Knowledge Economy Statistics Portal Information Strategy Planning",Ministry of Knowledge Economy, Mar 2012.