• Title/Summary/Keyword: ISMS

Search Result 180, Processing Time 0.022 seconds

A Study on Selection of Core Services for Deciding ISMS Scope

  • Kang, Hyunsik;Kim, Jungduk
    • Journal of the Korea Society of Computer and Information
    • /
    • v.22 no.2
    • /
    • pp.51-57
    • /
    • 2017
  • The first thing to be prioritized is to set the scope of the management system when establishing an information security management system for systematic and effective information security management. It is important to set the scope for an organization's information security goals due to the scope affects the organization's overall information security activities. If the scope is set incorrectly, it might become impossible to protect important services and therefore, the scope of the management system should be determined in consideration of the core business services of the organization. We propose a core service selection model based on the organization's mission-critical service and high risk service in order to determine the effective information security management system scope in this paper. Core service selection criteria include the type of service, contribution to sales, socio-economic impact, and linkage with other services.

정보통신망법 개정에 따른 기업 정보보호 제도 현황 및 정보보호 관리체계의 인증기준 비교

  • Kim, Hwan Kuk;Ko, Kym Man;Lee, Jae Il
    • Review of KIISC
    • /
    • v.23 no.4
    • /
    • pp.53-58
    • /
    • 2013
  • 최근 사이버공격은 지능화, 대규모화되고 있는 반면, 경기침체 등으로 인해 기업의 정보보호 투자가 저조하고 인터넷 침해사고 예방활동이 미흡한 실정이다. 정부는 취약한 기업의 정보보호 환경을 개선하기 위해 정보보호 안전진단 제도를 폐지하고 정보보호 관리체계(ISMS) 인증제도로 일원화하였으며, ISMS 인증기업을 대상으로 한 정보보호 관리등급제, 정보보호 사전점검, 임원급 정보보호 최고책임자(CISO) 지정 등 신설하였다. 본 고에서는 개정 정보통신망법에 따라 신설 보완된 기업 정보보호 관련 제도현황과 변경된 정보보호 관리체계 인증기준에 대해 소개하고자 한다.

ISM Application Tool, A Contribution to Address the Barrier of Information Security Management System Implementation

  • Chandra, Nungky Awang;Sadikin, Mujiono
    • Journal of information and communication convergence engineering
    • /
    • v.18 no.1
    • /
    • pp.39-48
    • /
    • 2020
  • Information-security management systems (ISMSs) are becoming very important, even for micro, small, and medium enterprises (MSMEs). However, implementing an ISMS is not an easy task. Many obstacles must be overcome, e.g., complexity, document tracking, competency management, and even changing cultures. The objective of our study is to provide ISMS application tools, based on ISO 27001:2013 ISM frameworks. The application was developed on the Odoo Open Enterprise Resource Planning platform. To validate its feasibility for future improvement, the application was implemented by an MSME company. For this implementation, information-security-related users gave their feedback through a questionnaire. The distributed feedback questionnaire consists of nine assessment parameters, covering topics from the application's technical aspects to users' experiences. Based on the questionnaire feedback, all users of the application were satisfied with its performance.

Association Study Between Genetic Polymorph isms in Interleukin-1 Gene Family and Adult Periodontitis in Korean

  • Kang, ByungYong;Kang, Chin Yang;Lee, Kang Oh
    • Toxicological Research
    • /
    • v.20 no.4
    • /
    • pp.299-305
    • /
    • 2004
  • Adult periodontitis (AP) is a chronic inflammatory disease whose etiology is not well defined. Some studies suggested that the clinical characteristics of this disease may be in part explained by genetic factors, and some attempts to find genetic markers for this disease were successful. The interleukin-1 (IL-1) gene family as one of genetic factors may influence the expression of adult periodontitis. The aim of present study is to investigate the frequencies of genetic polymorphisms in the IL-1 gene family encoding three genes (IL-1A, IL-1B and IL-1RN) in Korean AP patients and periodontically healthy controls. There were no significant differences in genotype and allele frequencies of these polymorph isms between two groups, respectively. However, -511 polymorphism of IL-1 B gene was significantly associated with mean pocket depth (MPD, mm) value in AP patients (P<0.05). Therefore, our results suggest that -511 polymorphism in the IL-1B gene may be useful as a genetic marker for the severity of AP in Koreans.

Methodology to analyze insider risk for the prevention of corporate data leakage (기업 내 정보유출방지를 위한 내부자 위험도 분석 방법론 연구)

  • Shin, Hye-Won
    • Proceedings of the Korean Information Science Society Conference
    • /
    • 2012.06c
    • /
    • pp.295-297
    • /
    • 2012
  • 내부자에 의한 위협이 증가됨에 따라, 기업 내 핵심기술이 유출되어 큰 피해가 발생하고 있다. 내부자들이 합법적인 권한을 통한 불법적인 정보유출을 시도하는 위험을 예측 관리하기 위하여, 본 논문에서는 내부자들의 위험도를 평가하기 적합한 위험분석 방법론 ISMS-AIR(ISMS - Against Insider Risk)을 제안하였다. 내부자 위협의 정의와 위험도 평가를 위한 기존 위험분석 방법론들을 연구하였으며, 기존 자산 중심의 위험분석 방법론인 ISMS에 사용자 중심의 행위 모니터링을 강화하여 위험도 산출하는 방법을 제안하였다. 이를 위하여 사용자 행위에 따른 프로파일링 데이터와 이상징후 시나리오를 적용하여 내부자들의 위험도를 산출하고, 주요 모니터링 대상을 선정하여 내부자들의 불법적인 정보유출 시도행위를 모니터링 할 수 있다.

A Measures to Converge Manage an Efficient Information Security Management System for Information Security Experts Manpower (정보보호 인력양성을 위한 효율적인 정보보호관리체계의 융합 관리 방안)

  • Lee, Keun-Ho
    • Journal of the Korea Convergence Society
    • /
    • v.5 no.4
    • /
    • pp.81-86
    • /
    • 2014
  • The development in IT technology has brought about various services that are on offer based on a new service model. But such new services have increased security risks. The government is operating a program to foster experts in information security to protect assets from the threat of such risks, too. Society's awareness on the importance of information security has also grown, leading to various courses to train such personnel, including membership clubs for the fostering of such specialists. This study seeks to suggest a method that efficiently manages the convergence of running a curriculum on ISMS(information security management systems) and a club that focuses on information protection. Such converged information security courses are expected to contribute to a safer IT-based society.

A Security Evaluation Criteria for Korean Cloud Computing Service (한국형 클라우드를 위한 정보보호 관리체계 평가 기준)

  • Kim, Kichul;Heo, Ok;Kim, Seungjoo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.2
    • /
    • pp.251-265
    • /
    • 2013
  • Cloud computing provided as a service type by sharing IT resources cannot be activated unless the issue of information security is solved. The enterprise attempts to maximize the efficiency of information and communication resources by introducing cloud computing services. In comparison to the United States and Japan, however, cloud computing service in korea has not been activated because of a lack of confidence in the security. This paper suggests core evaluation criteria and added evaluation criteria which is removed the redundancy of the security controls from existing ISMS for Korean cloud computing through a comparative analysis between domestic and foreign security controls of cloud certification scheme and guidelines and information security management system. A cloud service provider certified ISMS can minimize redundant and unnecessary certification assessment work by considering added evaluation criteria.

The ISO the research also the ISMS security maturity of 27001 regarding a measurement modeling (ISO 27004 information security management measurement and metric system) (ISO 27001의 ISMS 보안성숙도 측정 모델링에 관한 연구 (ISO 27004 정보보호관리 측정 및 척도 체계))

  • Kim, Tai-Dal
    • Journal of the Korea Society of Computer and Information
    • /
    • v.12 no.6
    • /
    • pp.153-160
    • /
    • 2007
  • Recently, the demand against the system risk analysis and security management from the enterprises or the agencies which operate a information system is increasing even from domestic. The international against the standardization trend of information protection management system it investigates from the dissertation which it sees. It analyzed and against information property information protection management system integrated it will be able to manage a danger modeling it did it proposed. Having analyzed as well as compared the matureness of security-measurement models in regard to the global standard of proposal system, the administrative presentation for various IT technology resources. which have been managed singly so far, is now well applied under the united control of the company itself, and enabled the automated management of authentication support and renewal for ISO 27001, ISO 9000, ISO 14000, resulting in much advanced operation for both material and human resources.

  • PDF