Browse > Article
http://dx.doi.org/10.22156/CS4SMB.2020.10.08.001

Comparative Analysis of Methodology for Improving Information Security Consulting for SMEs in Korea  

Jang, Sang-Soo (Korea Internet & Security Agency)
Publication Information
Journal of Convergence for Information Technology / v.10, no.8, 2020 , pp. 1-6 More about this Journal
Abstract
The government is carrying out information security consulting support projects to solve the difficulties of SME information protection activities. Since the information security consulting methodology applied to SMEs does not apply the proven methodology such as the critical information and communication infrastructure(CIIP), ISMS, ISO27001, etc. It applies various methods for each consulting provider. It is difficult to respond appropriately depending on the organizational situation such as the type and size of SMEs. In order to improve such problems of SME information security consulting and to improve more effective, effective and standard methodology, the information security consulting methodology applied in the current system was compared and analyzed. Through the improvement plan for SME information security consulting method suggested in this study, it is possible to provide information security consulting suitable for all enterprises regardless of SME size or business type.
Keywords
Critical Information Infrastructures Protection(CIIP); ISMS; ISO27001; Consulting; Information Security System; Security Threats; Methodology;
Citations & Related Records
연도 인용수 순위
  • Reference
1 H. Y. Ahn. (2001). Information Security Consulting Methodology and Application. Korea Institute of Information Security And Cryptology. 11(3), 49-56.
2 S. T. Park, W. S. Yi & B. N. Noh. (2009). SME Vulnerability Analysis and Assessment to Project for Critical Information Infrastructure Protection Management Plan. Korea Institute of Information Security And Cryptology. 19(6), 32-40.
3 T. S. Kim. (2019). SME information protection performance measurement model and method development. Naju : KISA.
4 H. Y. Ahn. (2020). Effective Management of Personal Information & Information Security Management System(ISMS-P) Certification. Korea Academy Industrial Cooperation Society, 21(1), 634-640. DOI : 10.5762/KAIS.2020.21.1.634
5 Ministry of Science and ICT(MSIT), (2017), Notification on Preliminary Check of Information Security. Public Notice 2017-7. Sejong.
6 Korea Information Security Industry Association(KISIA). (2020). 2019 Survey of Information Security Industry in Korea. Seoul.
7 Ministry of Science and ICT(MSIT). (2013). Critical Notification on Information Infrastructure Protection Vulnerability Analysis and Assessment Standard. Public Notice 2013-37. Sejong.
8 Ministry of Science and ICT(MSIT), (2018), Notification on Certification of Personal and Information Security Management System. Public Notice 2018-80. Sejong.
9 https://www.kisa.or.kr
10 Korea Internet and Security Agency(KISA), (2018), SME Information Security Consulting Support Report. 2018,
11 Korea Internet and Security Agency(KISA), (2019), SME Information Security Consulting Support Report. 2019
12 Ministry of Science and ICT. (2020). Information Security Survey 2019. Sejong.
13 Korea Internet and Security Agency. (2020). 2019 SME Information Protection Consulting Result Report. Naju : KISA.