Browse > Article
http://dx.doi.org/10.13089/JKIISC.2017.27.3.617

A Study for Enterprise Type Realtime Information Security Management System  

Noh, Shi-Yeong (SamsungSDS)
Lim, Jong-in (Graduate School of Information Security, Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.27, no.3, 2017 , pp. 617-636 More about this Journal
Abstract
Many businesses have adopted the standard security management structure such as ISO27001 and K-ISMS for strengthening business's security management structure to protect their core information assets and have acquired partial output from such effort. However, many risk factors such as recent advances in Information Technology and evolution of intrusion methods have increased exponentially requiring the businesses to response even more quickly with better accuracy. For such purpose, a study of 'Real Time Security Management Structure for Business' based on security management process optimization, defining a set of security index for managing core security area and calculation of risk indices for precognition of intrusion risk area has been made. Also, a survey on opinions of an expert panel has been conducted. The effectiveness of studied structure was analyzed using AHP method as well. Using this study, security personnels of a company can improve efficiency of the preemptive responsive and quicker measure from the current security management structure.
Keywords
Security; Lifecycle; Risk; Real time; Enterprise;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 PCworld, "Sony Sued Over PSN Data Breach, Failure to Disclose", http://www.pcworld.com/article/226478/sony_sued_over_psn_data_breach_failure_to_disclose.html, Apr 27, 2011
2 Seung-Ju Kim. "Have to lead the 'Creative Security' against industry", http://www.dt.co.kr/contents.htm?article_no=2011080902012251697035, Aug 8, 2011
3 KQA, "ISO/IEC 27001:2013 Framework overview", http://kqa.co.kr/main.php, Jun 15, 2017
4 KISA, "2017 ISMS certification system briefing session", https://isms.kisa.or.kr/main/isms/notice/?boardId=bbs_0000000000000001&mode=view&cntId=48&category=%EC%9E%90%EB%A3%8C&pageIdx=1, Apr 27, 2017
5 KISA, "Detail check list of ISMS certification", https://isms.kisa.or.kr/main/isms/notice/?boardId=bbs_0000000000000001&mode=view&cntId=36&category=%EC%9E%90%EB%A3%8C&pageIdx=2, May 15, 2013
6 Haider Abbas, Christer Magnusson, Louise Yngstrom and Ahmed Hemani, "Addressing dynamic issues in information security management", Information Management & Computer Security. 19, pp. 4, Jan. 2011
7 Sang-Eun Kwon, KAIST, "Research of Information Security Management Model for Real-Time Security Level Measurement", KOASAS(KAIST open access self archving system), pp.2, 2013
8 BCS, "Why ISO27001 is not enough?", http://www.bcs.org/content/ConWebDoc/26594, IT Research Lab, pp. 1-2, 2009
9 Hee-Myung Lee and Jong-In Lim, "A Study on the Development of Corporate Information Security Level Assessment Models", Journal of the Korean Institute of Information Security and Cryptology, pp. 165-169, Jul. 2008
10 Shin-beom Kang, "A Study on the Effective Countermeasures for Preventing Computer Security Incident", pp. 71-82, Feb. 2012
11 Yu-Chan Ko, "A Study on an Improvement of Information Security Management System (ISMS) Scheme- Flexible Application of Control Items", Research Information Sharing Service(RISS), pp.42, Dec, 2013
12 Kyung-Ho Lee, "Method and Apparatus for Measurement of Information-Security-Controlling Status", Patent No.10-1616989-0000, pp. 5-6, March, 2016
13 Symantec, "Internet Security Threat Report", Volume 21, pp. 2, 2016
14 ETnews, "1 Billion PCs At Risk As Windows Error Reporting Sends Reports In Clear(Original Title)", http://www.etnews.com/201401020348, Jan 2, 2014
15 Eun-Sung Kang, "The Information Security that CxOs have to know", Hanbit Media, Seoul, 296, 2015
16 Boannews, "Exposure of domestic gas measurement system information at Shodan", http://m.boannews.com/html/detail.html?idx=49636, Feb 17, 2016
17 ETnews, "The warning of Semiconductor hacking threats. Industries preparing counteasure.", http://www.etnews.com/201401160301, Jan 16, 2014
18 Yonhapnews, "'Hacking suspicion' Chinese PC, Withdraw from British intelligence agency", http://www.yonhapnews.co.kr/bulletin/2013/07/30/0200000000AKR20130730184900085.HTML, Jul 30, 2013
19 Spiegel Online, "Documents Reveal Top NSA Hacking Unit", http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969.html, Dec 29, 2013
20 Eun-Sung Kang, "The CISO Story of Eunsung Kang", i-News24 Opinion column, http://opinion.inews24.com/php/news_view.php?g_serial=835179&g_menu=042137, Jul 11, 2014
21 Il-Jun Moon(CEO of Bitscan Company), "Is the ISMS certification company safe from hacking?", http://www.dailysecu.com/?mod=news&act=articleView&idxno=3677, Jan 23, 2013
22 NIST. "Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations." Special Publication 800-137: https://www.nist.gov. Sep 2011
23 Chae-Ho Lim(The Former Professor of KAIST University), "The need of Total ISCM strategy for continuous security monitoring", http://www.boannews.com/media/view.asp?idx=49305, Jan 25, 2016
24 Dailysecu, "Possibility of Anonymous FTP attack for Domestic NAS servers.", http://www.dailysecu.com/?mod=news&act=articleView&idxno=5930, Dec 17, 2013
25 Russia Focus, "RussiaAmendment Law Enacted in September. -Russian personal information have to save at the domestic servers", https://russiafocus.co.kr/society/2015/04/10/9_46959, Apr 10, 2015
26 The KPI Institute, "New SmartKPIs.com Report Ranks The Top IT Security KPIs of 2011- 2012", https://news.kpiinstitute.org/new-smartkpis-com-report-ranks-the-top-it-security-kpis-of-2011-2012/, May 20, 2013
27 Jung-Sik Ryu(CEO of 'In Future' Company), "Give up the unconditional trust about KPI", http://www.infuture.kr/1444, Apr 14, 2014
28 KISA, "A Study on National Information Security Evaluation Indices and their Internationalization", R&D Report, 06-1. 2006
29 KISA, "Encryption action guide of the Privacy Informations", Jan, 2017
30 Yun-hyun Kim, Tae-Seung Lee(KISA), "Main Issues and the weakness analysis of Internat Cookies", INTERNET & SECURITY FOCUS, pp. 84-85, Aug, 2014
31 ITworld,''Europe approves new data protection law-European Parliament gives massive support to stronger data protection rules", http://www.itworld.com/article/2831822/it-management/europe-approves-new-data-protection-law.html, Mar 12, 2014
32 Juniper Networks, "The Economics of Defence", from RAND Corporation's "Defender's Dilemma: Charting a Course Toward Cybersecurity", pp. 9, Aug,. 2015
33 CONCERT, "Security Consumer Report- Information Security Performance Indicator", CONCERT Homepage, pp.4-6, Nov. 2013
34 KISA, "An Analysis of economic effectiveness on ISMS Certification", Internet & Security issue, pp. 30, Mar. 2010
35 Sang-su Jang, "The Effects of the Operation of an Information Security Management System on the Performance of Information Security", Journal of the KIISE, Information Networking, Vol. 40(1), pp. 58-69, Feb. 2013