Browse > Article
http://dx.doi.org/10.13089/JKIISC.2014.24.6.1309

A Study on Selection Factors of Consulting Company for the Certification of Information Security Management System  

Park, Kyeong-Tae (Graduate School of Information Security, KAIST)
Kim, Sehun (Graduate School of Information Security, KAIST)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.24, no.6, 2014 , pp. 1309-1318 More about this Journal
Abstract
In the past few years, data leakage of information assets has become a prominent social issue. According to the National Industrial Security Center in South Korea, 71 percent who suffer from technology leakage are small and medium sized enterprises. Hence, establishment and operation of ISMS (Information Security Management System) for small and medium sized enterprises become an important issue. Since it is not easy to obtain ISMS certification for a small or medium sized enterprise by itself, consultation with an expert firm in information security is necessary before the security implementation. However, how to select a proper security consulting company for a small or medium sized firm has not been studied yet. In this study, we analyze empirically the selection factors of ISMS certification consulting company for a small or medium sized firm through exploratory factor analysis (EFA). Our study identified the following four important factors in selecting a security consulting company: expertise of the staffs and human resource management proficiency, market leading capability, competence to make progress during the consultation, and the performance and the size of the physical assets and human resources.
Keywords
ISMS; Exploratory Factor Analysis; Selection Factors; Small and Medium-sized Enterprises;
Citations & Related Records
Times Cited By KSCI : 11  (Citation Analysis)
연도 인용수 순위
1 Gye Soo Kim, AMOS 18.0 Structure Equation Model Analysis, Hannarae, 2010.
2 27001 Academy, http://www.iso27001standard.com/blog/2013/03/25/5-criteria-for-choosing-a-iso-22301-iso-27001-consultant.
3 Bae, Y. S., "A study of Effect of Information Security Management System [ISMS] Certification on Organization Performance," Journal of academia-industrial technology, 13(9), pp. 4224-4233, Sep. 2012.
4 Baki, B., K. Cakar, "Determining the ERP package-selecting criteria: The case of Turkish manufacturing companies," Business Process Management Journal, vol.11, no.1, pp.75-86, 2005.   DOI
5 Chang, H. B., "The Design of Information Security Management System for SMEs Industry Technique Leakage Prevention," Journal of Korea Multimedia Society, 13(1), pp. 111-121. Jan. 2010.   과학기술학회마을
6 Cebi, F., D. Bayraktar, "An integrated approach for supplier selection," Logistics Information Management, vol. 16, no. 6, pp. 395-400, 2003.   DOI
7 Chae, J. W., J. H. Jeong, "Study on decision making for the industrial security management factor's priority," Journal of Security Engineering, 10(2), pp. 123-140, Apr. 2013.
8 Chang, B. Y., "The Analysis of the Factors Influencing Telecommunication Service Providers Selection on Purchase of Smart Phones," Journal of the Korea Society for Simulation, 22(2), pp.85-91, Jun. 2013   DOI
9 De Caluwe, L., and A. Stoppelenburg, "Developing Criteria for Effectiveness of Consultant's Work," 2nd International Conference on Management Consulting of MC Division of the AoM at Lausanne(2004).
10 Forbes, http://onforb.es/11SLpdu.
11 Geringer, J. M., "Strategic Determinants of Partner Selection Criteria in International Joint Ventures," Journal of International Business Studies, vol.22, no. 1, pp. 41-62, 1st Qtr., 1991.   DOI   ScienceOn
12 Kim, H. K., K. M. Ko, and J. I. Lee, "Comparison on the Policy on Company Information Security and Certification of ISMS from Regulation Revision of Information and Communications Network Law," Review of KIISC, 23(4), pp. 54-58, Aug. 2013.
13 Jang, S. S., B.N Noh, and S. J. Lee, "The Effects of the Operation of an Information Security Management System on the Performance of Information Security," Journal of the Korea Information Science Society, 40(1), pp. 58-69, Feb. 2013.   과학기술학회마을
14 Jang, S. S., H. B. Kim, and H. S. Lee, "Introduce and Directions for Certification of ISMS," Review of KIISC, 11(3), pp. 1-15, Jun. 2001.
15 Kang, Y. C., S. T. Rim, "The Necessity of Introducing ISMS(Focused on Patent Information Providers," Review of KIISC, 23(4), pp. 7-14, Aug. 2013.
16 Kim, H.M., S. H. Han, "A Study on the Deduction of the Partner Selection Factors in International LNG Plant Joint Venture," Proceedings of Korea Institute of Construction Engineering and Management, pp. 227-228. Nov. 2011.
17 Lee, J. W., "Understanding and Issues about ISMS," Journal of Payment & Settlement, Vol. 50, pp. 58-83. 2012.
18 Kim, I. K., J. M. Park, and J. Y. Jeon, "An Study on the Effects of ISMS Certification and the Performance of Small and Medium Enterprises," The Journal of digital policy & management, 11(1), pp. 47-60, Jan. 2013.
19 Kim, J. H., "A Study of Developing Evaluation Items for Selecting Global IT Outsourcing Vendors Using AHP," M.S. Thesis, Ewha Womans University, 2008.
20 Kwon, H. I., S. Yoon, and E.-H. Lee, "A Study on E-Marketplace Solution Selection Factors," Journal of Korea Multimedia Society, 5(6), pp. 712-729, Dec. 2012.
21 Na, K. S., "A Comparative Study of the International and Korean ISMS," Journal of Science & Culture, 8(1), pp. 23-36, Feb. 2011.
22 Missouri Department of Transportation, Consultant Selection and Contract Implementation Procedures for Professional Services Contracts, 2002.
23 Moon, S. C., "A Descriptive Study of IT Outsourcing Risk Factors in the Korean Company," Journal of Korea Society of IT Services, 8(3), pp. 135-143, Sep. 2009.   과학기술학회마을
24 Moon, Y. E., "The Effect of Strategic Recognition and Risks of IT Outsourcing on the Degree of Outsourcing," Journal of the Korean OR an MS Society, 27(3), pp. 21-40, Sep. 2002.   과학기술학회마을
25 Park, C. S., D. B. Lee, and J. Kwak, "A Study on Information Security Management System for Security Enhancement of Enterprise," Proceedings of Korea Information Processing Society, 18(1), pp. 800-803, May. 2011.
26 Park, K. T., M. S. Shin, "An Empirical Study on the Obstacles to the Adoption of Cloud Computing Services of Companies in Korea," Proceedings of Korea Society of IT Services, pp. 323-334, 2012.
27 Schneider, A., Cloud Hosting Awareness Survey, RackSpace Hosting, 2010
28 Sporrong, J., "Criteria in Consultant Selection: Public Procurement of Architectural and Engineering Services," Australasian Journal of Construction Economics and Building, vol. 11, no. 4, pp. 59-76, 2011.   DOI
29 Tam, M. C. Y., V.M. Rao Tummala, "An application of the AHP in vendor selection of a telecommunication system," Omega, vol.29, no. 2, pp. 171-182, Apr. 2001.   DOI   ScienceOn
30 Ministry of Information and Communication, "Information Security Expert Company Designation. Re-Designation Guide," 2004
31 Markham. C., "Developing consulting skills," Consulting to Management, vol. 16, no. 4, pp. 33-37, 2005.
32 Ting, S. C., D. I. Cho, "An integrated approach for suppplier selection and purchasing decisions," Supply Chain Management: An International Journal, Vol. 13, No. 2, pp. 116-127, 2008.   DOI   ScienceOn
33 TwinStara Inc., A Snapshot into Cloud Storage Adoption, 2012.
34 Wei, C. C., C. F. Chien, and M. J. J. Wang, "An AHP-based approach to ERP system selection," International Journal of Production Economics, vol. 96, no. 1, pp. 47-62, Apr. 2005.   DOI
35 Kang, H., "A Guide on the Use of Factor Analysis in the Assesment of Construct Validity," Journal of Korean Academy of Nursing, 43(5), pp. 587-594, Oct. 2013.   DOI   ScienceOn
36 Lee, M. and Kim, Y., Social Science Statistics using SPSS, CommunicationBooks, 2014.
37 K.D. Joshi, Kristine M. Kuhn, "What it takes to succeed in information technology consulting: Exploring the gender typing of critical attributes," Information Technology & People, vol. 20, no.4, pp. 400-424, 2007.   DOI   ScienceOn
38 Jang, S. S., H. S. Lee, "A Study on Defect Analysis of Certification of ISMS," Review of KIISC, 20(1), pp. 31-38, Feb. 2010.