Browse > Article
http://dx.doi.org/10.9708/jksci.2017.22.02.051

A Study on Selection of Core Services for Deciding ISMS Scope  

Kang, Hyunsik (Dept. of Security Convergence, Chung-Ang University)
Kim, Jungduk (Dept. of Industrial Security, Chung-Ang University)
Abstract
The first thing to be prioritized is to set the scope of the management system when establishing an information security management system for systematic and effective information security management. It is important to set the scope for an organization's information security goals due to the scope affects the organization's overall information security activities. If the scope is set incorrectly, it might become impossible to protect important services and therefore, the scope of the management system should be determined in consideration of the core business services of the organization. We propose a core service selection model based on the organization's mission-critical service and high risk service in order to determine the effective information security management system scope in this paper. Core service selection criteria include the type of service, contribution to sales, socio-economic impact, and linkage with other services.
Keywords
The Scope of ISMS; Information Security Task; Core services; Mission-critical Service; High risk service;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 KISA, "A Guide for the Certification of Information Security Management System", KISA, Mar 2016.
2 ISO/IEC JTC 1/SC 27, "ISO/IEC 27003:2010 Information security management systems implementation guidance", ISO/IEC, Feb 2010.
3 Ray Bernard, "Information Lifecycle Security Risk Assessment: A tool for closing security gaps", computers & security, Vol.26, No.1, pp.26-30, Feb 2007.   DOI
4 J. K. Lee, "Diagnosis and evaluation of non-core businesses in Public enterprise", Public institution research focus, Vol.0, No.0, pp. 113-138, Apr 2013.
5 Handa junichi, "Centennial company", New proposal Publishers, Mar 2004.
6 J. H. Yang and K. Y. Choi, "Service, Marketing", INITIAL COMMUNICATIONS Corp, Feb 2011.
7 ISO/IEC JTC 1/SC 27, "ISO/IEC 27000:2016 Information security management systems: Overview and vocabulary", ISO/IEC, Feb 2016.
8 NIST, "FIPS PUB 199: Standards for Security Categorization of Federal Information and Information Systems", NIST, Feb 2004.
9 Ministry of Science, "ICT and Future Planning, Guidelines for Designation Criteria for Major IT Infrastructure Facilities", Ministry of Science, Mar 2015.
10 N. H. Kim and D. Y. Maeng, "Criteria for calculating the importance of information security in E-government public service", Internet & security focus, Vol.3, No.0, pp.47-59, Mar 2014.
11 J. H. Eom, M. J. Kim, "Effect of Information Security Incident on Outcome of Investment by Type of Investors: Case of Personal Information Leakage Incident", Journal of The Korea Institute of Information Security & Cryptology, Vol.26, No.2, pp.463-474, Apr 2016.   DOI
12 Kang, M. A., Son, J. Y. and Kim, H. J., "Exploratory research on applicability of integrated research methods: Integrated application of survey and focus group method to community opinion survey for local health policy decision", Korean Public Administration Review, Vol. 41, No.4, pp. 415-437, Dec 2007.
13 David L. Morgan, "Focus Groups", Annual Review of Sociology, Vol.22, No.1, pp.129-152, Aug 1996.   DOI
14 Krueger, R. A. & Casey, M. A., "Focus Groups: A Practical Guide for Applied Research", SAGE Publications, Oct 2008.
15 Derek Cabrera, James T.Mandel, Jason P. Andras and Mari L. Nydam, "What is the crisis? Defining and prioritizing the world's most pressing problems", Frontiers in Ecology and the Environment, Vol.6, No.9, pp.469-475, Nov 2008.   DOI
16 Ministry of Knowledge Economy, "Knowledge Economy Statistics Portal Information Strategy Planning",Ministry of Knowledge Economy, Mar 2012.
17 J. Hue, "A Study on New Methodology for Designating Core Information Infrastructure", Internet & Security Focus, Vol.9, No.1, pp.26-35, Sep 2013.
18 ISO/IEC JTC 1/SC 27, "ISO/IEC 27001:2013 Information security management systems Requirements", ISO/IEC, Sep 2013.
19 Telecommunications Technology Association, "A Guide for Establishing the Scope of Information Security Management System", TTAK.KO, Dec 2012.