Browse > Article
http://dx.doi.org/10.15683/kosdi.2021.6.30.375

Cyber Risk Management of SMEs to Prevent Personal Information Leakage Accidents  

So, Byoung-Ki (Department of Disaster and Safety Management, Soongsil University)
Cheung, Chong-Soo (Department of Disaster and Safety Management, Soongsil University)
Publication Information
Journal of the Society of Disaster Information / v.17, no.2, 2021 , pp. 375-390 More about this Journal
Abstract
Purpose: Most of cybersecurity breaches occur in SMEs. As the existing cybersecurity framework and certification system are mainly focused on financial and large companies, it is difficult for SMEs to utilize it due to lack of cybersecurity budget and manpower. So it is necessary to come up with measures to allow SMEs to voluntarily manage cyber risks. Method: After reviewing Cybersecurity market, cybersecurity items of financial institutions, cybersecurity framework comparison and cybersecurity incidents reported in the media, the criticality of cybersecurity items was analyzed through AHP analysis. And cybersecurity items of non-life insurers were also investigated and made a comparison between them. Result: Cyber risk management methods for SMEs were proposed for 20 major causes of cyber accidents. Conclusion: We hope that the cybersecurity risk assessment measures of SMEs in Korea will help them assess their risks when they sign up for cyber insurance, and that cyber risk assessment also needs to be linked to ERM standardization.
Keywords
Risk Management; Cyber Security; Personal Information Leakage; Cyber Insurance;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 Kim, D.-C., Kim, I.-S. (2018). "A study on cybersecurity regulation for financial sector: Policy suggestion based on New York's cybersecurity regulation(23 NYCRR 500)." Journal of Society for e-Business Studies, Vol. 23, No. 4, pp. 87-107.   DOI
2 AON (2016). Cyber, the Fast Moving Target. (http://www.aon.com/attachments/risk-services/cyber/2016-CaptiveCyber-Survey-Interactive.pdf)
3 NIST (2016). NISTIR 7621, Small Business Information Security: The Fundamentals. (https://doi.org/10.6028/NIST.IR.7621r1)
4 Deloitte (2017). Cybersecurity and the Role of Internal Audit.
5 Korea Insurance Development Institute (2015). A Study on Introduction of Government Reinsurance System in Environment Impairment liability Insurance. Research & Service Report by Minister of Environment.
6 Kim, S.-H. (2019). A Study on the Improvement of Vulnerability Checklist for Enhanced PC Security. Master Thesis, Konkuk University
7 Kim, S.-Y. (2009). Korea Financial Telecommunications & Clearings Institute, Payment, Clearance and Information Technology, Vol. 38, pp. 34-62.
8 Oh, H.-G. (2019). "Countermeasure of Unmanned Aerial Vehicle(UAV) against terrorist's attacks in South Korea for the public crowded places." Journal of The Korea Society of Disaster Inforrmation, Vol. 12, No. 1, pp. 49-66.
9 Namu.Wiki (2021). (https://namu.wiki/w/개인정보%20유출사태)
10 NIST CSF (2018). Framework for Improving Critical Infrastructure Cybersecurity.
11 International Security Exhibition & Conference (2019). Exhibition items for participation in the International Security Exhibition(Cybersecurity Field). (https://www.seconexpo.com/2019/kor/exhibit/sub02.asp)
12 Cho, B.-J., Yun, J.-H., Lee, K.-H. (2015). "Study of effectiveness for the network separation policy of financial companies." Journal of The Korea Institute of Information Security & Cryptology, Vol. 25, No. 1, pp. 181-195.   DOI
13 Cho, S.-K., Jun, M.-S. (2012). "Privacy leakage monitoring system design for privacy protection." Journal of The Korea Institute of Information Security & Cryptology, Vol. 22, No. 1, pp. 99-106.   DOI
14 Financial Services Commission (2019). Regulation of Supervision on Electronic Financial.
15 Jung, H.-C. (2017). A Study on Security Technology for Enhancing Security of Small and Medium Enterprises by using Open Source. Master Thesis, Soongsil University.
16 Kim, J-G., Lee, D-S., Cho, J-Y., Han, S-G., Kim, T-H. (2016). "Introduction of perpcetion on ICT to respond social disaster." Journal of The Korea Society of Disaster Inforrmation, Vol. 12, No. 3, pp. 249-260.   DOI
17 Korea Communications Commission & KISA (2010). Guide for Information Security Management System.
18 Kim, J.-H., Cho, J.-H. (2010). "Security threats in cyber environments." Journal of The Korea Institute of Information Security & Cryptology, Vol. 20, No. 4, pp. 11-20.
19 Kim, K.-R. (2019). A Study on the Cyber Risk Item Disclosure for Cyber Insurance Subsidiary. Master Thesis, Sangmyung University.
20 Kim, S.-J., Kim, J.-D. (2017). "A study on developing assessment indicators for cyber resilience." Journal of Digital Convergence, Vol. 15, No. 8, pp.137-144.   DOI
21 Korea Internet & Security Agency (2020). Small and Medium Business Information Protection Practice Guide(1/2, 2/2).
22 Lee, K.-H., Yoon, J.-D. (2008). "A study on the measurement methods and cases of personal information leakage risk in private enterprises." Journal of The Korea Institute of Information Security & Cryptology, Vol. 18, No. 3, pp. 92-100.
23 Ministry of Knowledge Economy, IO Consulting Co., Ltd. (2010). Detailed Security Control Implementation Guidelines for Technology Protection for SMEs.
24 NASSTAR (2019). Cyber Security for SMEs: A Practical Guide to Protection Your Business. (https://www.nasstar.com/hubfs/Marketing-Material/white%20paper%20-%20cyber%20security.pdf)
25 Spinello, R. (2003). "Cyberethics: Morality and law in cyberspace." 2th Edition. Jones and Bartlett Learning, LLC., Jones and Bartlett Publishers, Inc, USA.
26 Symantec (2018). Cybersecurity for SMEs, a lightweight cybersecurity framework for thorough protection. (https://www.smesec.eu/doc/SMESEC_Flyer_A5_V2_2018-05-03_Singlepages.pdf)
27 Song, E.-J., Bae, B.-H., Oh, N.-H. (2018). "A comparative analysis on the calculation method of domestic and foreign information security market." Institute for Information & Communications Technology Promotion, Weekly ICT Trends, Vol. 1860, pp. 17-26.
28 Radanliev, P., De Roure, D., Nurse, J.R.C., Nicolescu, R., Huth, M., Cannady, S., Montalvo, R.M. (2019). Cyber Security Framework for the Internet-of-Things in Industry 4.0, University of Oxford, UK. (doi: 10.20944/preprints201903.0111.v1)
29 Radanliev, P., De Roure, D., Cannady, S., Montalvo, R.M., Nicolescu, R., Huth, M. (2018). "Analysing IoT cyber risk for estimating IoT cyber insurance." IET Conference Proceeding. (doi: 10.1049/cp.2018.0003)   DOI
30 Son, S.-S. (2014). The Study on the Improved Assessment Methodology for Information Security Level Using ISO 27001. Master Thesis, Sungkyunkwan University
31 Yang, D.-I. (2019). Introduction to Information Security(3rd E.). Hanbit Academy, Seoul, Korea.
32 Yoon, J.-G. (1990). "Application of AHP and its limitation." Management & Economics review, Vol. 7, pp. 75-92.
33 Kim, K.-Y. (1997). "Risk management and crisis management: Disaster recovery for information system." Journal of Risk Management, pp. 291-315.
34 Australian Small Business and Family Enterprise Ombudsman (2017) Cybersecurity: The Small Business Best Practice Guide (https://www.asbfeo.gov.au/sites/default/files/documents/ASBFEO-cyber-security-research-report.pdf)
35 Jeong, Y.-C. (2018). "Finance industry and cybersecurity policy." Journal of Financial Regulation and Supervision, Vol. 5, No. 2, pp. 89-122.
36 Kim, K.-C., Kim, S.-J. (2012). "Evaluation criteria for Korean smart grid based on K-ISMS." Journal of The Korea Institute of Information Security & Cryptology, Vol. 22, No. 6, pp. 1375-1391.   DOI
37 Kinosita, E., Ooya, T. (Kwon, J.-H., Trans.) (2012) Strategic Decision Making Techniques, AHP. Cheongram Press, Seoul, Korea.
38 Korea Information Security Agency (2003). A Study on the Development of Certification System for Information Protection Management System.
39 Korea Internet & Security Agency (2012). Information Security Guide for Small and Medium IT Service Companies(III), Information Security management for working-level officials.
40 Lee, K.-H. (2017). "A study on ERM standardization and insurance linkage scheme to promote corporate risk management." The Journal of Risk Management, Vol. 28, No. 3, pp. 43-79.   DOI
41 Lee, K.-S. (2006). "The problem and policy alternatives for cyber security in the networking age." Journal of Korea Association for Regional Information Society, Vol. 9, No. 1, pp. 109-128.
42 Min, B.-G., Lee, D.-H. (2006). "Research of improvement and system of the information security management evaluation." Journal of Convergence Security, Vol. 6, No. 4, pp. 101-112.
43 Wikipedia, Korea (2021). (https://ko.wikipedia.org/wiki/대한민국의_정보_보안_사고_목록)
44 Kim, H.-W., Lee, K.-S., Kim, S.-H. (2005). "Website security evaluation for electronic commerce." Joint Spring Conference between The Korean Operations Research and Management Science Society/Korean Institute of Industrial Engineers, Chungbuk University, pp. 340-347.
45 Park, J.-T. (2020). A Study on the Establishment of IT-based Joint Disaster Recovery Center for Business Continuity Management System of Small and Medium Business. Ph.D. Dissertation, Hansei University
46 Park, J.-H., Cho, N.-W., Lee, K.-H., Choi, I.-H. (2008). " Development of Security System on Personal Information in custody internally in Corporates." Journal of The Korea Institute of Information Security & Cryptology, Vol. 18, No. 6, pp.28-34.