Browse > Article
http://dx.doi.org/10.13089/JKIISC.2014.24.5.951

An Empirical Study on the Obstacle Factors of ISMS Certification Using Exploratory Factor Analysis  

Park, Kyeong-Tae (Graduate School of Information Security, KAIST)
Kim, Sehun (Department of Industrial and Systems Engineering, KAIST)
Abstract
In the past few years, data leakage of information assets has become a prominent issue. According to the National Intelligence Service in South Korea, they found 375 cases of data leakage from 2003 to 2013, especially 49 of cases have been uncovered in 2013 alone. These criminals are increasing as time passes. Thus, it constitutes a reason for establishment and operation of ISMS (Information Security Management System) even for private enterprises. But to be ISMS certified, there are many exposed or unexposed barriers, moreover, sufficient amount of studies has not been conducted on the barriers of ISMS Certification. In this study, we analyse empirically through exploratory factor analysis (EFA) to find the obstacle factors of ISMS Certification. The result shows that there are six obstacle factors in ISMS Certification; Auditing difficulty and period, Consulting firm related, Certification precedence case and consulting qualification, Internal factor, CA reliability and auditing cost, Certification benefit.
Keywords
ISMS; Exploratory Factor Analysis; Obstacle Factors;
Citations & Related Records
Times Cited By KSCI : 10  (Citation Analysis)
연도 인용수 순위
1 Hwan Kuk Kim, Kyu Man Ko, and Jae Il lee, "Comparison on the Policy on Company Information Security and Certification of ISMS from Regulation Revision of Information and Communications Network Law," Review of KIISC, Vol. 23, No. 4, pp. 54-58, Aug. 2013
2 Junwon Lee, "Understanding and Issues about ISMS," Journal of Payment & Settlement, Vol. 50, pp. 58-83, Oct. 2012
3 Youngsik Bae, "A study of Effect of Information Security Management System [ISMS] Certification on Organization Performance," Journal of academia-industrial technology, Vol.13, No. 9, pp. 4224-4233, 2012
4 Sang-Su Jang, Ho-Seop Lee, "A Study on Defect Analysis of Certification of ISMS," Review of KIISC, Vol. 20, No. 1, pp. 31-38, Feb. 2010
5 Hangbae Chang, "The Design of Information Security Management System for SMEs Industry Technique Leakage Prevention," Journal of Korea Multimedia Society , Vol. 13, No. 1, pp. 111-121, Jan. 2010   과학기술학회마을
6 Na Kwan-Sik, "A Comparative Study of the International and Korean ISMS," Journal of Science & Culture, Vol.8, No. 1, pp. 23-36, Feb. 2011
7 Sangsoo Jang, Hak-Beom Kim, and Hongsub Lee, "Introduce and Directions for Certification of ISMS," Review of KIISC, Vol. 11, No. 3, pp. 1-15, Jun. 2001
8 Sangsoo Jang, Bongnam Noh, and Sangjoon Lee, "The Effects of the Operation of an Information Security Management System on the Performance of Information Security," Journal of the Korea Information Science Society, Vol. 40, No. 1, pp. 58-69, Feb. 2013   과학기술학회마을
9 Jeong-Woo Chae, Jin-Hong Jeong, "Study on decision making for the industrial security management factor's priority," Journal of Security Engineering, Vol. 10, No. 2, pp. 123-140, Apr. 2013
10 ChungSoo Park, Dongbum Lee, Jin Kwak, "A Study on Information Security Management System for Security Enhancement of Enterprise," Proceedings of Korea Information Processing Society, Vol. 18, No. 1, pp. 800-803, May 2011
11 Youn-Chul Kang, Seongtaek Rim, "The Necessity of Introducing ISMS(Focused on Patent Information Providers," Review of KIISC, Vol. 23, No. 4, pp. 7-14, Aug. 2013
12 In-Kwan Kim, Jaemin Park, and JoongYang Jeon, "An Study on the Effects of ISMS Certification and the Performance of Small and Medium Enterprises," The Journal of digital policy & management , Vol. 11, No. 1, pp. 47-60, Jan. 2013
13 Byeong-Yun Chang, "The Analysis of the Factors Influencing Telecommunication Service Providers Selection on Purchase of Smart Phones," Journal of the Korea Society for Simulation, Vol. 22, No. 2, pp.85-91, Jun. 2013   과학기술학회마을   DOI
14 Jae Hyun Kim, "A Study of Developing Evaluation Items for Selecting Global IT Outsourcing Vendors Using AHP," M.S. Thesis, Ewha Womans University, Aug. 2008
15 Hyeog-In Kwon, Shim Yoon, and Eun-hyung Lee, "A Study on E-Marketplace Solution Selection Factors," Journal of Korea Multimedia Society, Vol. 5, No. 6, pp. 712-729, Dec. 2012   과학기술학회마을
16 Kyeong Tae Park, Min Soo Shin, "An Empirical Study on the Obstacles to the Adoption of Cloud Computing Services of Companies in Korea," Proceedings of Korea Society of IT Services, pp. 323-334, 2012
17 Song-Chul Moon, "A Descriptive Study of IT Outsourcing Risk Factors in the Korean Company," Journal of Korea Society of IT Services, Vol. 8, No. 3, pp. 135-143, 2009   과학기술학회마을
18 Chun-Chin Wei, Chen-Fu Chien, and Mao-Jiun J. Wang, "An AHP-based approach to ERP system selection," International Journal of Production Economics, Vol. 96, No. 1, pp. 47-62, Apr. 2005   DOI
19 Maggie C.Y. Tam, V.M.Rao Tummala, "An application of the AHP in vendor selection of a telecommunication system," Omega, Vol.29, No. 2, pp. 171-182, Apr. 2001   DOI   ScienceOn
20 Birdogan Baki, Kemal Cakar, "Determining the ERP package-selecting criteria: The case of Turkish manufacturing companies," Business Process Management Journal, Vol.11, No.1, pp.75-86, 2005   DOI
21 Song Chul Moon, Yeon S. Ahn, "The Risk Factors of IT Outsourcing Decision in the Korean Firms," Journal of Digital Contents Society, Vol. 10, No.2, pp.341-348, Jun. 2009
22 Park, Kyeong-Tae, Shin, Min-Soo, "An Empirical Study on The Obstacles to the Adoption of Cloud Computing Services of Companies in Korea by use of Conjoint Analysis," Proceedings of KORMS, pp.1103-1106, 2012
23 Moo-Seok Lee, Jung-Hoon Lee, Jong-Sung Park, "A Descriptive Study of IT Outsourcing Risk Factors in the Korean Financial Industry," Journal of the Korea Society of IT Services, Vol. 7, No. 1, 2008
24 Lee, Moo Suk, "The Descriptive Study of IT Outsourcing Risk Factors: A Study for the Korean Financial Industry," Yonsei University, 2007
25 Yong Eun Moon, You Jin Park, "The Effect of Risks and Strategic Recognition on the Degree of IT Outsourcing," Journal of Information Systems, Vol. 11, No. 1, pp. 1-28, 2002   DOI