Browse > Article
http://dx.doi.org/10.13089/JKIISC.2018.28.6.1585

A Study on the Method of Checking the Level of Information Security Management Using Security Maturity Model  

Lee, Sang-kyu (Graduate School of Information Security, Korea University)
Kim, In-seok (Graduate School of Information Security, Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.28, no.6, 2018 , pp. 1585-1594 More about this Journal
Abstract
In recent years The importance of information security management for securing information collection and analysis, production and distribution is increasing. Companies are assured of confidence in information security through authentication of information Security Management System. However, level assessment and use of domains that make up the management system is limited. On the other hand, the security maturity model is able to diagnose the level of information protection of the enterprise step by step. It is also possible to judge the area to be improved urgently. It is a tool to support goal setting according to the characteristics and level of company. In this paper, C2M2, which is an example of security maturity model, is compared and analyzed with Korea Information Security Management System certification. Benchmark the model to check the level of information security management and derive the priority among the items that constitute the detailed area of information security measures of ISMS certification. It also look at ways to check the level of information security management step by step.
Keywords
Information Security; Information Security Management System; ISMS; Security Maturity Model; C2M2;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 Tai-dal Kim, "The ISO the research also the ISMS security maturity of 27001 regarding a measurement modeling", Journal of The Korea Society of Computer and Information, 12(6), pp. 153-160, Dec. 2007
2 Dong-ho Seo, "A Study on Reclassification the Information Security Management System(ISMS) control Items by Company Type", Korea University, 2017
3 http://news.mt.co.kr/mtview.php?no=2018070916531927530, Money Today, 2018. 7. 9
4 U.S Department of Energy(DOE), Cybersecurity capability maturity model, 2014
5 http://www.tutorialspoint.com/cmmi/cmmi-representations.htm, 2018. 5. 30
6 Sung-moon Kwon, "Cyber Security Framework for Critical Infrastructure", Journal of The Korea Institute of information Security & Cryptology, 27(2), Apr. 2017
7 Katie Stewart, Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure, Carnegie Mellon University, 2015
8 Choong-Cheang Lee, Jin Kim, ChungHun Lee, "A comparative study on the priorities between perceived importance and investment of the areas for Information Security Management System", Journal of the Korea Institute of information Security & Cryptology, 24(5), pp. 919-929, Oct. 2014   DOI
9 Su-min Sin, "A study on the impact of the project management knowledge area on the ISMS Project Performance : The Case of ISMS project", Dongguk University, 2016
10 FSC, "Comprehensive plan for data utilization and information protection in Financial sector", Mar 2018
11 Seng-sik Son, "The Study on the Improved Assessment Methodology for Information Security Level Using 27001", Sungkyunkwan university, 2014
12 Young-Sik Bae, "A Study of Effect of Information Security Management System[ISMS] Certification on Organization Performance", Korea Academy Industrial Cooperation Society, 13(9), pp.4224-4233, 2012   DOI
13 Kwon-suk Lee, "A Information Security Management Model using Balanced Scorecard", Dongguk University, 2013
14 KISA, Information Security Management System Certification Guide, 2017
15 KISA, Information Security Management System Certification Plan, 2017