• Title/Summary/Keyword: ISMS

Search Result 180, Processing Time 0.024 seconds

Study of Problem Based Learning for Information Security Consultant and its Analysis (정보보호 컨설턴트 양성을 위한 PBL 교육방안 적용 및 효과성 분석)

  • Oh, Changhyun;Park, Yongsuk
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.21 no.12
    • /
    • pp.2325-2332
    • /
    • 2017
  • Consulting projects such as diagnosis of vulnerabilities of major information and telecommunication infrastructure are increasing, mandatory public information infrastructure assessment (PIA) for public institutions and ISMS (Information Security Management System) The demand for information protection consulting is continuously increasing as the field obeys the law, but the lack of information security consultant is not improving. One reason is that information security consultants are not being developed to meet the increasing demand for information protection consulting. In this paper, we present the case of information protection consulting as a scenario for studying and educating the duty of information security consultant by studying overseas case and domestic case based on standardization and standardization. We propose a problem-based learning (PBL) training method. In addition, we analyze the effectiveness of the PBL - based learning method.

Correlation Analysis in Information Security Checklist Based on Knowledge Network (지식 네트워크에 근거한 정보보호 점검기준 관계분석)

  • Jin, Chang Young;Kim, Ae Chan;Lim, Jong In
    • The Journal of Society for e-Business Studies
    • /
    • v.19 no.2
    • /
    • pp.109-124
    • /
    • 2014
  • As the emerged importance and awareness for information security, It is being implemented by each industrial sector to protect information assets. In this paper, we analyze the information security checklists or security ratings criteria to derive similarity and difference in context which used to knowledge network analysis method. The analyzed results of all checklists (ISMS, PIMS, 'FSS', 'FISS', 'G') are as follows : First, It is common factors that the protection of information systems and information assets, incident response, operations management. Second, It deals with relatively important factors that IT management, the adequacy of audit activities in the financial IT sector including common factors. Third, the criteria of ISMS contains the majority of the contents among PIMS, 'FSS', 'FISS'and 'G'.

A Study on the Improvement of Personal Information Protection in Small and Medium-sized Medical Institutions (중소형 의료기관의 개인정보 보안실태 및 개선방안)

  • Shin, Min ji;Lee, Chang Moo;Cho, Sung Phil
    • Convergence Security Journal
    • /
    • v.19 no.4
    • /
    • pp.123-132
    • /
    • 2019
  • Rapid developments of IT technology has been creating new security threats. There have been more attacks to get patients' sensitive personal information, targeting medical institutions that are relatively insufficient to prevent and defend against such attacks. Although the government has required senior general hospitals to get the ISMS certification since 2016, such a requirement has been burdensome for small and medium-sized medical institutions. Therefore, this study was designed to draw measures to identify and improve the privacy status of the medical institution by dividing it into management, physical and cyber areas for small and medium-sized medical institutions. The results of this study showed that the government should provide financial support and managerial supervision for the improvement of personal information protection of small and medium-sized medical institutions. They also suggested that the government should also provide medical security specialists, continuous medical security education, disaster planning, reduction of medical information management regulations not suitable for small and medium sized institutions.

Research of Improvement, and System of the Information Security Management Evaluation (보안관리수준 평가 체계에 대한 분석 및 개선안 연구)

  • Min, Byung-Gil;Lee, Do-Hoon
    • Convergence Security Journal
    • /
    • v.6 no.4
    • /
    • pp.101-112
    • /
    • 2006
  • It will not be able to guarantee the secure operation for the information and communication systems with only technical security. So, ISMS(Information Security Management System) research and standardization are active going on. Korea published "The national cyber security management regulation" and "The national cyber security manual" in 2005. According to the regulation and manual, the government organ and public institution must accomplish the security management assessment to itself for systematic management of an information security. We studied related standards and security management systems of the Australia and the USA, and analyzed the security management evaluation system in "The national cyber security manual" in efficient security management focus. We presented the improvement direction of national security evaluation system through the research. We propose the additional control, selective control set and improvement of the evaluation process for efficient security management. Proposed system possible composition of suitable to each organ and flexible adaptation of rapidly changed information environment.

  • PDF

A Design and Implementation of Information Security Management and Audit System for Government Agencies (공공기관의 정보보호관리체계 감사시스템의 설계 및 구현)

  • Jun, Yong-Joon;Cho, Gi-Hwan;Kim, Won-Kyu
    • Journal of Internet Computing and Services
    • /
    • v.7 no.5
    • /
    • pp.81-93
    • /
    • 2006
  • Recently, information technology is considered as a basement of management for industries as well as administrations. Especially, government agencies deal with more high sensitive and Important data than other businesses, so, their security managements should be fair and efficient. At present, most government agencies possess and operate their own information security systems, but apply them for the sake of formality only, even do not adapt an audit system for management polices. This paper presents a design and implementation of an automated audit system which is suitable for the operation environment in government agencies, using the audit system based on the BS7799. The. proposed system aims to objectively, numerically and daily control the ISMS (Information Security Management System) for different level of government agencies. In addition, it permits to design and implement an adaptive audit tool, in order to meet a given condition of audit organization and guard the personal relationship between the auditor and its counterpart.

  • PDF

An Evaluation of the Necessity of Security Management of Personal Information Consignees : using Privacy Policy and ISMS data (개인정보 수탁사의 보안관리 대상 식별 방안 연구 : 개인정보처리방침 및 정보보호인증 데이터 이용)

  • Choi, Won-Nyeong;Kook, Kwang-Ho
    • Convergence Security Journal
    • /
    • v.20 no.3
    • /
    • pp.79-88
    • /
    • 2020
  • Business consignment using personal information is increasing for the operating profit and work efficiency of Internet companies. If the personal information leakage accident occurs at the consignee, the consigner who provided personal information will be damaged greatly. The purpose of this study is to analyze the business attributes of consignee using consigned personal information and present a model that can be used to select companies with high risk of personal information leakage by considering the importance of the involved personal information. For this, personal information consignment relations, consignment services, and personal information items used were analyzed. Social network analysis and cluster analysis were applied to select companies with high network centrality that are advisable to obtain information security certification. The results of this study could be used to establish information protection strategies for private or public enterprises that manage companies using personal information.

The framework to develop main criteria for a DDoS correspondence (DDoS 대응 지표 프레임워크 개발)

  • Lee, Yeon-Ho;Kim, Beom-Jae;Lee, Nam-Yong;Kim, Jong-Bae
    • Journal of Digital Contents Society
    • /
    • v.11 no.1
    • /
    • pp.79-89
    • /
    • 2010
  • The government and companies build a DDoS correspondence system hastily to protect assets from cyber threats. It has become more and more intelligent and advanced such as DDoS attack. However, when outbreaks of the social incidents such as 7.7 DDoS attack(2009.7.7) or cases of the direct damage occurred, information security systems(ISS) only become the issue in the short term. As usual, sustained investment about ISS is a negative recognition. Since the characteristic of ISS is hard to recognize the effectiveness of them before incidents occurs. Also, results of incidents occurred classify attack and detection. Detailed and objective measurement criterion to measure effectiveness and efficiency of ISS is not existed. Recently, it is progress that evaluation and certification about for the information security management system(ISMS). Since these works propose only a general guideline, it is difficult to utilize as a result of ISMS improvement for organization. Therefore, this paper proposes a framework to develop main criteria by a correspondence strategy and process. It is able to detailed and objective measurements.

Study on IT security audit system for e-commerce private information protection (전자상거래 개인정보보호를 위한 IT보안감사체계 연구)

  • Lee, Eun-kyoung;Park, Byoung-woo;Jang, Seok-eun;Lee, Sang-joon
    • Proceedings of the Korean Society of Computer Information Conference
    • /
    • 2018.01a
    • /
    • pp.179-182
    • /
    • 2018
  • 최근 여기어때, 인터파크 등 전자상거래 기업을 대상으로 발생한 개인정보 해킹사고 사례를 보면, 사람의 취약점을 노리는 지능화지속위협(APT) 공격과 알려진 해킹 기술이 복합적으로 이루어지고 있다. 해킹사고가 발생한 기관은 한국인터넷진흥원(KISA) 정보보호관리체계(ISMS) 의무대상 기관으로써 정보보호관리체계를 유지 관리하고 있었다. 그럼에도 불구하고 대형의 개인정보 유출사고가 발생한 주요 원인은 정보보호관리체계가 적용되지 않았던 정보시스템과 인력을 대상으로 해킹이 이루어졌기 때문이다. 해킹 위협의 변화에 따라 전자상거래 보안 수준도 변화해야 하는데, 개인정보보호 관련 규제 준수도 전자상거래 기업에서는 힘든 상황이다. 고객의 개인정보 유출 사고는 일반인을 매출 기반으로 서비스하고 있는 전자상거래 기업에서는 치명적이다. 안전한 전자상거래 플랫폼 기반에서 고객에게 서비스를 제공하기 위해서는 무엇보다도 중요 자산인 고객의 개인정보보호를 위해 역량을 집중해야 한다. 한정된 예산과 자원으로 안전한 서비스를 제공하기 위해서는 기존에 구축된 정보보호관리체계를 기반으로 IT보안감사체계를 전사적으로 확대하여 지속적으로 모니터링 할 필요가 있다. 이에 본 연구에서는 최신 사이버 보안 위협 동향과 전자상거래 기업 대상으로 발생한 최근 개인정보유출사고 사례를 분석을 통해 시사점을 도출하여 전자상거래 개인정보 보호를 위한 IT보안감사체계를 제시하였다.

  • PDF

A Study for Enterprise Type Realtime Information Security Management System (기업의 상시 보안관리 체계 연구)

  • Noh, Shi-Yeong;Lim, Jong-in
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.3
    • /
    • pp.617-636
    • /
    • 2017
  • Many businesses have adopted the standard security management structure such as ISO27001 and K-ISMS for strengthening business's security management structure to protect their core information assets and have acquired partial output from such effort. However, many risk factors such as recent advances in Information Technology and evolution of intrusion methods have increased exponentially requiring the businesses to response even more quickly with better accuracy. For such purpose, a study of 'Real Time Security Management Structure for Business' based on security management process optimization, defining a set of security index for managing core security area and calculation of risk indices for precognition of intrusion risk area has been made. Also, a survey on opinions of an expert panel has been conducted. The effectiveness of studied structure was analyzed using AHP method as well. Using this study, security personnels of a company can improve efficiency of the preemptive responsive and quicker measure from the current security management structure.

A PIM/PSM Component Modeling Technique Based on 2+1 View Integrated Metamodel (2+1 View 통합 메타모델 기반 PIM/PSM 컴포넌트 모델링 기법)

  • Song, Chee-Yang;Cho, Eun-Sook
    • The KIPS Transactions:PartD
    • /
    • v.16D no.3
    • /
    • pp.381-394
    • /
    • 2009
  • As a technique to enhance reusability for the created artifacts in software modeling process, the model driven method such like MDA has been applied. Unfortunately, the hierarchical and systematic MDA based development technique using UML is poor yet. This causes the problem that the MDA modeling with high consistency and reusability based on MDA metamodel is not being realized. To solve this problem, this paper proposes a MDA (PIM/PSM) component modeling technique using 2+1 view integrated metamodel. At first, the meta-architecture view model which can represents development process view and MVC view is defined. Then, the hierarchical integrated metamodels per view are addressed separately for modeling process and MVC at metamodel level on the hierarchy of the defined meta-architecture view model. These metamodels are defined hierarchically by layering the modeling elements in PIM and PSM pattern for UML models and GUI models. Appling the proposed metamodel to an ISMS application system, it is shown as a component modeling case study based on MDA. Through this approach, we are able to perform a component model with consistency and hierarchy corresponding to development process and MVC way. Accordingly, this may improve more independence and reusability of model.