Browse > Article
http://dx.doi.org/10.13089/JKIISC.2012.22.1.107

A Study on the Effective Countermeasures for Preventing Computer Security Incidents  

Kang, Shin-Beom (Korea University)
Lee, Sang-Jin (Korea University)
Lim, Jong-In (Korea University)
Abstract
The level of information protection is relatively low, in comparison with the informatisation in this country. The budget for information protection is also quite marginal at 5% of the entire information-related policy budget. The passive information protection practices by companies, which focus more on the aftermaths, lead to repeated expenses for risk management. The responses to the violation of information protection should be changed from the current aftermaths-oriented focus to prevention and early detection of possible violations. We should also realize that the response to a violation of protected information is not a responsibility of an individual but a joint responsibility of the nation and the industry. South Korea has been working towards to building a systematic foundation since 2004 when guidelines were announced regarding the information protection policy and the safety diagnosis. The current level of safety policies cannot provide a perfect protection against actual violation cases in administrative, technological and physical ways. This research evaluates the level of prevention that the current systematic protection policy offers, and discusses its limitation and possible ways for improvement. It also recommends a list effective measures for protection against information violation that companies can employ to maintain the actual target safety level.
Keywords
Cyber Criminal Threat; Computer Security Incident; Security Policy;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 한국인터넷진흥원, 인터넷 침해사고 동향 및 분석 월보, 2010년 12월
2 ITU-D, Measuring the Information Society, 2010
3 공희경, 기태성, 정보보호 투자효과에 대한 연구동향, 정보보호학회지 제17권 제4호, pp. 26-33, 2007년 8월.
4 한국인터넷진흥원, 정보보호 사전점검 제도 활성화에 관한 연구, 2010년 7월
5 방송통신위원회, 한국인터넷진흥원, 정보보호 안전진단 해설서, 2010년 3월
6 한국인터넷진흥원, 정보보호관리체(ISMS) 인증제도 소개, 2009년 2월
7 방송통신위원회, 한국인터넷진흥원, 정보보호관리체계(ISMS) 인증 모범사례, 2010년
8 장상수, 이호섭, 정보보호관리체계 인증심사 결함 사항 분석에 관한 연구, 정보보호학회지 제20권 제1호, pp. 31-38, 2010년 2월.
9 Susan W. Brenner, "Cybercrime: re-thinking crime control strategies", Crime Online, Willan Publishing,, pp. 15, 2007.