Browse > Article
http://dx.doi.org/10.17662/ksdim.2010.6.4.307

Design of Financial Information Security Model based on Enterprise Information Security Architecture  

Kim, Dong Soo ((주)키삭)
Jun, Nam Jae (신한데이터시스템 SSC)
Kim, Hee Wan (삼육대학교 컴퓨터학부)
Publication Information
Journal of Korea Society of Digital Industry and Information Management / v.6, no.4, 2010 , pp. 307-317 More about this Journal
Abstract
The majority of financial and general business organizations have had individual damage from hacking, worms, viruses, cyber attacks, internet fraud, technology and information leaks due to criminal damage. Therefore privacy has become an important issue in the community. This paper examines various elements of the information security management system and discuss about Information Security Management System Models by using the analysis of the financial statue and its level of information security assessment. These analyses were based on the Information Security Management System (ISMS) of Korea Information Security Agency, British's ISO27001, GMITS, ISO/IEC 17799/2005, and COBIT's information security architecture. This model will allow users to manage and secure information safely. Therefore, it is recommended for companies to use the security management plan to improve the companies' financial and information security and to prevent from any risk of exposing the companies' information.
Keywords
Information Security Management System; Information Security Architecture; Information Security Risk Management Plan; Security Service;
Citations & Related Records
연도 인용수 순위
  • Reference
1 이지용.김동수.김희완, "정보시스템 감리에서의 정보보호 감리모형 설계," 디지털산업정보학회논문지, 제6권, 제2호, 2010, pp. 233-245.
2 한국정보보호진흥원, 정보보호 거버넌스 개념 도입을 위한 정보보호 관리체계(ISMS) 발전 방안 연구, 2009.
3 한국정보사회진흥원, 공공부문 정보보호 아키텍처 구성 방안 연구, 2004.
4 한국정보사회진흥원, 정보시스템 보안/통제 감리 지침 연구, 1998.
5 ISO/IEC 27001, International standard - Information technology - Security techniques - Information security management systems – Requirements, 2005.
6 ISO, ISO/IEC TR 13335-1, Information technology - Guidelines for the management of IT Security - Part1 : Concepts and models for IT Security, 1996
7 ISO, ISO/IEC TR 13335-1, Information technology - Guidelines for the management of IT Security - Part2 : Managing and planning IT Security, 1997
8 ISO, ISO/IEC TR 13335-1, Information technology - Guidelines for the management of IT Security - Part3 : Techniques for the management of IT Security, 1998.
9 ISO, ISO/IEC TR 13335-1, Information technology - Guidelines for the management of IT Security - Part4 : Selection of safeguards, 2000
10 ISO, ISO/IEC TR 13335-1, Information technology - Guidelines for the management of IT Security - Part5 : Management guidance on network security, 2001
11 ISO, ISO/IEC 27001:(FDS) Information Security Management System Requirements, 2005.
12 ISACA Korea chapter, CoBIT 4.0 한글판, 2006.
13 한국정보사회진흥원, 전사적 아키텍처 프레임웍 실무지침 - 포괄적 개념중심, 2004.
14 정보통신연구진흥원, 정보보호 수준 평가 적정화 방안 연구, 2008.