Browse > Article
http://dx.doi.org/10.5762/KAIS.2020.21.1.634

Effective Management of Personal Information & Information Security Management System(ISMS-P) Authentication systems  

Hong, Sung Wook (Department of Financial Technology Convergence, Soongsil University)
Park, Jae-Pyo (Graduate School of Information Science, Soongsil University)
Publication Information
Journal of the Korea Academia-Industrial cooperation Society / v.21, no.1, 2020 , pp. 634-640 More about this Journal
Abstract
The information security management system (ISMS) and the personal information management system (PIMS) have been integrated into a personal information & information security management system (ISMS-P) certification scheme in response to requests to reduce the time and cost to prepare certification schemes. Integration of the certification system has made it possible for the system operator to gain the advantage of easy management of the ISMS-P certification system, and the certification target organization can enjoy the advantage of easy acquisition and maintenance of certification. However, ambiguity in the application criteria of the target organization, and ambiguity in the certification criteria control items require the target organization to operate an excessive management system, and the legal basis to be applied to the certification target organization is ambiguous. In order to improve these problems, this paper uses case studies to identify the types of certification bodies that apply the certification criteria, and to change the control items applied during certification audits based on the types of certification bodies. Institutions that wish to obtain only ISMS certification have proposed three solutions, excluding controls covered by the ISMS-P. This paper suggests ways to operate an efficient certification system, and can be used as a basis for improving problems in the ISMS-P certification system.
Keywords
ISMS-P; Personal Information; Information Security; Management System; Integration;
Citations & Related Records
연도 인용수 순위
  • Reference
1 KISA. ISMS-P Introduction of KISA ISMS-P Certification System[Internet]. KISA, c2019[cited July, 28, 2019], https://isms.kisa.or.kr(Accessed July, 28, 2019)
2 ISO Association. Introducing ISO27001[Internet]. ISO.org, c2019, [cited July, 28, 2019], https://www.iso.org/isoiec-27001-information-security.html(Accessed July, 28, 2019)
3 PCI Security Standards Committee, Introduction to PCI-DSS[Internet]. Payment Card Industry Security Standards Council, c2019, [cited July, 28, 2019], https://www.pcisecuritystandards.org(Accessed July, 28, 2019)
4 BSI Group, Introduction to BS10012[Internet]. BSI group, c2019, [cited July, 28, 2019], https://www.bsigroup.com/ko-KR/BS_10012(Accessed July, 28, 2019)
5 EU GDPR.ORG, Introduction to GDPR[Internet]. Payment Card Industry Security Standards Council, c2019, [cited July, 28, 2019], http://eugdpr.org/the-regulation(Accessed July, 28, 2019)
6 KISA, Cloud Security Certification[Internet]. KISA, c2019, [cited July, 28, 2019], https://isms.kisa.or.kr (Accessed July, 28, 2019)
7 KISA, Introduction to Information Security Management Grade[Internet]. KISA, c2019, [cited July, 28, 2019], https://isms.kisa.or.kr(Accessed July, 28, 2019)
8 National Law Information Center, Introduction to law[Internet]. Law Information Service, c2019, [cited July, 28, 2019], https://www.law.go..kr(Accessed July, 28, 2019)
9 Information Protection Mark Certification Committee, Introduction to ePrivacy[Internet]. Information Protection Mark Certification Committee, c2019, [cited July, 28, 2019], http://www.eprivacy.or.kr (Accessed July, 28, 2019)
10 KISA, Introduction to PIMS[Internet]. KISA, c2019, [cited July, 28, 2019], https://isms.kisa.or.kr(Accessed July, 28, 2019)
11 Types of PIMS Applicants, PIMS Certification Scheme, pp.17
12 ISMS certification audit control item, Detailed inspection items of ISMS-P certification standard, pp.2