Browse > Article
http://dx.doi.org/10.5762/KAIS.2012.13.9.4224

A study of Effect of Information Security Management System [ISMS] Certification on Organization Performance  

Bae, Young-Sik (Department of law doctor course, Dongguk University)
Publication Information
Journal of the Korea Academia-Industrial cooperation Society / v.13, no.9, 2012 , pp. 4224-4233 More about this Journal
Abstract
As Internet usage is rapidly spreading, tasks that were only possible offline are now available in cyber space but at the same time, new security threats such as hacking and viruses have also increased. For that reason, Comprehensive and methodical information security systems are therefore required in enterprises and organizations. Consequently, the Information Security Management System certification system has been in effect in Korea since July 2001. As of December 2012, 130 enterprises have been certified, and more than 120 ISO27001 certifications have been issued. As such, since the introduction of the ISMS certification system in Korea, the demand for the certification has been steadily increasing, and it is now recognized as an integral part of maintaining the competitiveness in an enterprise. However, the qualitative aspects of certification regarding the effectiveness of ISMS have been continuously questioned by actual customers. In order to clarify the situation and remove such doubts, this study will substantiate the fact that development and certification of ISMS positively affect the business performance of enterprises so that they will recognize the effect of obtaining ISMS certification and eventually prevent security accidents and improve their business performance by developing ISMS.
Keywords
Information Security Management System [ISMS]; ISMS Certification; Benefits of Information Security; performance measurement; Measurement Method; Economic Effects on the Information Security Industry;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Shin Seung‐ho, "Study of Effect of BSC Operation to Public Agency Performance", PhD Dissertation, Dankuk University, pp.65‐89, 2007.
2 Hong Gi‐hyang, "Study of Effect of Information Security Control and Activities to Information Security Performance", PhD Dissertation, Kukmin University, pp.68‐138 2003
3 Kim Jeong‐deok and Park Jeong‐eun, "Study of Return on Investment of TCO Based Information Security (ROSI)", Korea Society of Digital Policy Foundation Conference Proceeding, pp.251‐261, 2003.
4 Seon Han‐gil, "Effect of Koran Enterprises' Information Security Policy and Organization Factors on Information Security", Korea Society of Management Information Systems, Spring Conference Proceeding, pp.1087‐1095, 2005.
5 Shin Il‐sun, "Exploratory Study of Economic Significance of Information Security", Information Security Review, Vo. 1, No. 1, pp.27‐40, 2005.
6 Goh Hyeon‐u and Jeong Young‐bae, "The Effect of ISO 9001:2000 Quality Management System's Requirement on Business Performance" Journal of Society of Korea and Systems Engineering Vol, 30, No. 3, pp.135‐149, September 2007.
7 Nah Jung‐su and Jeon Seong‐hyeon, "Study of Effect of Information System Auditor's Competency on Auditing Performance", Informatization Policy, Vol. 14, No. 2, Summer 2007, pp.3-8.
8 Ekenberg, L., Subhash Oberol, & Istvan Orci, " A cost model for managing information security hazards", Computer Security, Vol. 14, pp.707-717, 1995.   DOI
9 Frank, J., Boas Shamir, & Warren Briggs, "Security-related behavior of PC users in organizations", Information & Management Vol. 21, pp.127-135, 1991.   DOI
10 Legal Knowledge Information System, Act for Information and Communication Network Usage Promotion, Information Security, etc., 2011.
11 KISA, "2008 Information Security Status Survey - Enterprises", 2008.
12 Kim In‐ho, Gu Tae‐yong and Choe Geol‐seong, "An Empirical Suudy on the Firm Performance of Quality", Management System (ISO9001/00)
13 Kim Yu‐jin, "Study of Information Security Process Model Development", Joongang University, 2000.
14 KISA, "Study of Information Security Governance Standardization for Information and Communication Enterprises", 2008.
15 KISA, "Development of Enterprise Information Security Level Evaluation Methodology", 2008.
16 KISA, "Study of Enhancement of Information Security Safety Diagnosis System Operation", 2009.
17 KISA, "Study of Information Security Management System Development to Introduce Information Security Governance Concept", 2009.
18 KISA, "Development of Information Security Level Evaluation Items and Methodology", 2002.
19 KISA, "Calculation of National Information Security Level Evaluation Index and Study of Drive for Globalization", 2006.
20 KISA, "2011 Information Security Status Survey - Enterprises", 2011.
21 ISO/IEC27001: Information technology - Security techniques - Information security management systems - Requirements, 2005.
22 ISO/IEC27002: Information technology - Security techniques - Code of practice for information security management, 2005.