DOI QR코드

DOI QR Code

중소기업 정보보호 컨설팅 개선을 위한 방법론 비교 분석

Comparative Analysis of Methodology for Improving Information Security Consulting for SMEs in Korea

  • 투고 : 2020.03.24
  • 심사 : 2020.08.20
  • 발행 : 2020.08.28

초록

정부는 중소기업 정보보호 활동의 어려움을 해결하고자 정보보호 컨설팅 지원 사업을 수행하고 있으나, 중소기업에 적용하는 정보보호 컨설팅 방법론이 주요정보통신기반시설(CIIP), ISMS, ISO27001 등과 같은 검증된 방법론을 적용하지 않고 컨설팅 수행업체별 다양한 방법을 적용하다 보니 중소기업 형태, 규모 등 조직 상황에 따라 적절한 대응이 어렵다는 것이다. 이러한 중소기업 정보보호 컨설팅의 문제점을 개선하고 보다 효과적이고 실효적이며 표준적인 방법론을 개선하기 위하여 현행 제도에서 적용하고 있는 정보보호 컨설팅 방법론을 비교 분석하여 중소기업에 적합한 정보보호 체계를 구축하는 정보보호 컨설팅이 될 수 있도록 하고자 하였다. 본 연구에서 제시한 중소기업 정보보호 컨설팅 방법 개선 방안을 통해 중소기업 규모나 사업 형태에 상관없이 모든 기업에 적합한 정보보호 컨설팅이 가능하여 컨설팅 품질 제고에 이바지하고 중소기업이 정보보호 활동에 만족하고 지속해서 이행되기를 기대한다.

The government is carrying out information security consulting support projects to solve the difficulties of SME information protection activities. Since the information security consulting methodology applied to SMEs does not apply the proven methodology such as the critical information and communication infrastructure(CIIP), ISMS, ISO27001, etc. It applies various methods for each consulting provider. It is difficult to respond appropriately depending on the organizational situation such as the type and size of SMEs. In order to improve such problems of SME information security consulting and to improve more effective, effective and standard methodology, the information security consulting methodology applied in the current system was compared and analyzed. Through the improvement plan for SME information security consulting method suggested in this study, it is possible to provide information security consulting suitable for all enterprises regardless of SME size or business type.

키워드

참고문헌

  1. H. Y. Ahn. (2001). Information Security Consulting Methodology and Application. Korea Institute of Information Security And Cryptology. 11(3), 49-56.
  2. S. T. Park, W. S. Yi & B. N. Noh. (2009). SME Vulnerability Analysis and Assessment to Project for Critical Information Infrastructure Protection Management Plan. Korea Institute of Information Security And Cryptology. 19(6), 32-40.
  3. T. S. Kim. (2019). SME information protection performance measurement model and method development. Naju : KISA.
  4. H. Y. Ahn. (2020). Effective Management of Personal Information & Information Security Management System(ISMS-P) Certification. Korea Academy Industrial Cooperation Society, 21(1), 634-640. DOI : 10.5762/KAIS.2020.21.1.634
  5. Ministry of Science and ICT(MSIT), (2017), Notification on Preliminary Check of Information Security. Public Notice 2017-7. Sejong.
  6. Korea Information Security Industry Association(KISIA). (2020). 2019 Survey of Information Security Industry in Korea. Seoul.
  7. Ministry of Science and ICT(MSIT). (2013). Critical Notification on Information Infrastructure Protection Vulnerability Analysis and Assessment Standard. Public Notice 2013-37. Sejong.
  8. Ministry of Science and ICT(MSIT), (2018), Notification on Certification of Personal and Information Security Management System. Public Notice 2018-80. Sejong.
  9. https://www.kisa.or.kr
  10. Korea Internet and Security Agency(KISA), (2018), SME Information Security Consulting Support Report. 2018,
  11. Korea Internet and Security Agency(KISA), (2019), SME Information Security Consulting Support Report. 2019
  12. Ministry of Science and ICT. (2020). Information Security Survey 2019. Sejong.
  13. Korea Internet and Security Agency. (2020). 2019 SME Information Protection Consulting Result Report. Naju : KISA.