Browse > Article
http://dx.doi.org/10.13089/JKIISC.2014.24.5.919

A comparative study on the priorities between perceived importance and investment of the areas for Information Security Management System  

Lee, Choong-Cheang (Graduate School of Information, Yonsei University)
Kim, Jin (Samjong KPMG)
Lee, Chung-Hun (Graduate School of Information, Yonsei University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.24, no.5, 2014 , pp. 919-929 More about this Journal
Abstract
Recently, organizational efforts to adopt ISMS(Information Security Management System) have been increasingly mandated and demanded due to the rising threat and the heavier cost of security failure. However there is a serious gap between awareness and investment of information security in a company, hence it is very important for the company to control effectively a variety of information security threats within a tight budget. To phase the ISMS, this study suggests the priorities based on evaluating the Importance of 13 areas for the ISMS by the information security experts and then we attempt to see the difference between importance and investment through the assessment of the actual investment in each area. The research findings show that intrusion incident handling is most important and IT disaster recovery is the area that is invested the most. Then, information security areas with the considerable difference between priorities of importance and investment are cryptography control, information security policies, education and training on information security and personnel security. The study results are expected to be used in making a decision for the effective investment of information security when companies with a limited budget are considering to introduce ISMS or operating it.
Keywords
Information Security Management System; Information Security Priorities; Information Security Importance; Information Security Investment;
Citations & Related Records
Times Cited By KSCI : 6  (Citation Analysis)
연도 인용수 순위
1 Dong-yeup Lee, Tae-ho An and Yong-su Hwang, "Analysis of the priorities of the major science and technology areas in the national R&D investment by AHP method," Journal of Technology Innovation, 10(1), pp. 83-97, Jul. 2002.
2 Jeong-woo Chae and Jin-hong Jeong, "Study on decision making for the industrial security management factor's priority," Journal of Security Engineering, 10(2), pp. 123-140, Apr. 2013.
3 Jin-kyu Kang and Byong-chan Min, AHP Theory and Practice, INTERVISION, 2008.
4 Ji-sook Kim, Soo-yeun Lee and Jong-in Lim, "Comparison of The ISMS Difference for Private and Public Sector," Journal of the Korea Institute of Information Security and Cryptology, 20(2), pp. 117-129, Apr. 2010.   과학기술학회마을
5 Keun-tae Cho, Yong-kon Cho and Hyun-su Kang, Analytic Hierarchy Process of ahead leaders, DongHyeon Inc, 2003.
6 Keun-tae Cho, Seoung-joon Kim, Dae-sik Kim, Young-woo Cho and Jong-in Lee, "Priority Setting for Future Core Technologies using the AHP; With Major Fields in Rural Development and Resources," Journal of Korean Society of Rural Planning, 9(3), pp. 41-46, Aug. 2003.   과학기술학회마을
7 Ki-chul Kim and Seung-joo Kim, "Evaluation Criteria for Korean Smart Grid based on K-ISMS," Journal of the Korea Institute of Information Security and Cryptology, 22(6), pp. 1375-1391, Dec. 2012.   과학기술학회마을
8 Korea Internet & Security Agency, A handbook on ISMS certification system, Jun 2013.
9 Korea Internet & Security Agency, 2013 Research on the actual condition of the information security, Dec. 2013.
10 Korea Internet & Security Agency, http://imsm.kisa.or.kr
11 Kyong-sik Kim and Min-hyuk Kwon, "The Development and Application of the Scale on the Participation Constraints of Sport for All," Korean Journal of Societegy of Sport, 20(2), pp. 159-173, Jun 2007.
12 Subrata Biswas, Jin-ho Yoo and Chul-yong Jung, "A Study on Priorities of the Components of Big Data Information Security Service by AHP," Journal of Society for e-Business Studies, 18(4), pp. 301-314, Nov. 2013.
13 T. L. Saaty, The Analytic Hierarchy Process, McGraw-Hill Inc, 1980.
14 T. L. Saaty, "Priority Setting in Complex Problem," IEEE Transaction on Engineering Management, 30(3), pp. 140-155, Aug. 1983.
15 T. L. Saaty, Decision-Making for Leaders: The Analytical Hierarchy Process for Decisions in a Complex World, RWS Publications, 1995.
16 Tae-sung Kim and Hyo-jung Jun, "Analysis on Information Security Manpower Policy by the Analytic Hierarchy Process," Journal of the Korea Institute of Information Security and Cryptology, 31(5B), pp. 486-493, May 2006.   과학기술학회마을
17 Young-sik Bae, "A study Effect of Information Security Management System[ISMS] Certification on Organization Performance," Journal of the Korea Academia-Industrial, 13(9), pp. 4224-4233, Sep. 2012.   과학기술학회마을   DOI