• Title/Summary/Keyword: ISMS

Search Result 180, Processing Time 0.021 seconds

Comparative Analysis of Methodology for Improving Information Security Consulting for SMEs in Korea (중소기업 정보보호 컨설팅 개선을 위한 방법론 비교 분석)

  • Jang, Sang-Soo
    • Journal of Convergence for Information Technology
    • /
    • v.10 no.8
    • /
    • pp.1-6
    • /
    • 2020
  • The government is carrying out information security consulting support projects to solve the difficulties of SME information protection activities. Since the information security consulting methodology applied to SMEs does not apply the proven methodology such as the critical information and communication infrastructure(CIIP), ISMS, ISO27001, etc. It applies various methods for each consulting provider. It is difficult to respond appropriately depending on the organizational situation such as the type and size of SMEs. In order to improve such problems of SME information security consulting and to improve more effective, effective and standard methodology, the information security consulting methodology applied in the current system was compared and analyzed. Through the improvement plan for SME information security consulting method suggested in this study, it is possible to provide information security consulting suitable for all enterprises regardless of SME size or business type.

A Study on the Development of Corporate Information Security Level Assessment Models (기업의 정보보호수준 측정모델 개발에 관한 연구)

  • Lee, Hee-Myung;Lim, Jong-In
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.5
    • /
    • pp.161-170
    • /
    • 2008
  • Despite the recent growth in size and frequency of damages caused by illegal information breaches, current business counter-measures and precautionary systems are greatly limited. Some major companies have developed Information Security Management Systems (ISMS) to safeguard their vital information; however, such measures are largely based on the ISO27001 and lacks in many aspects to grasp the holistic corporate security level and reinforce precautionary measures. The information protection level evaluation model introduced in this paper is a pragmatic evaluative tool that can be utilized to devise effective corporate information security precautionary measures and countermeasures, based on the BSC (Balanced ScoreCard) method for an actual and realistic corporate information security level evaluation possible.

A Study on ISMS-P Controls for Hyper Scale Cloud (하이퍼 스케일 클라우드에 적합한 정보보호 및 개인정보보호 관리체계 인증 통제항목 연구)

  • Yong-Nyuo Shin
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.23 no.3
    • /
    • pp.19-26
    • /
    • 2023
  • Critical information infrastructure designations for cloud service providers continue to spread around the world as energy, financial services, health, telecommunications, and transportation sectors move to the cloud. In addition, in the case of Ukraine, the removal of restrictions on the use of cloud for national critical facilities and the rapid transition of critical data to the cloud enabled the country to effectively respond to cyberattacks targeting Russian infrastructure. In Korea, the ISMS-P is operated to implement a systematic and comprehensive information protection management system and to improve the level of information protection and personal information protection management in organizations. Control items considering the cloud environment have been modified and added to the audit of companies. However, due to the different technical levels of clouds between domestic and global, it is not easy to obtain information on the findings of cloud providers such as Microsoft for the training of domestic certification auditors on hyperscale scale. Therefore, this paper analyzes findings in hyperscale clouds and suggests ways to improve cloud-specific control items by considering the compatibility of hyperscale environments with ISO/IEC 27001 and SOC(System and Organization Control) security international standards.

Information Security Consultants' Role: Analysis of Job Ads in the US and Korea (정보보호 컨설턴트의 역할: 미국과 한국의 구인광고 분석)

  • Sang-Woo Park;Tae-Sung Kim;Hyo-Jung Jun
    • Information Systems Review
    • /
    • v.22 no.3
    • /
    • pp.157-172
    • /
    • 2020
  • The demand of information security consultants is expected to increase due to the emergence of ISMS-P incorporating ISMS and PIMS, the implementation of European Privacy Act (GDPR) and various security accidents. In this paper, we collected and analyzed advertisements of job advertisement sites that could identify firms' demand explicitly. We selected representative job advertisement sites in Korea and the United States and collected job advertisement details of information security consultants in 2014 and 2019. The collected data were visualized using text mining and analyzed using non-parametric methods to determine whether there was a change in the role of the information security consultant. The findings show that the requirements for information security consultants have changed very little. This means that the role does not change much over a five year time gap. The results of the study are expected to be helpful to policy makers related to information security consultants, those seeking to find employment as information security consultants, and those seeking information security consultants.

An Audit Model for Information Security of Hospital Information System (병원정보시스템에서의 정보보호를 위한 감리모형)

  • Yu, Wan Hee;Han, Ki Joon;Kim, Dong Soo;Kim, Hee Wan
    • Journal of Digital Convergence
    • /
    • v.12 no.7
    • /
    • pp.133-145
    • /
    • 2014
  • Recently, Hospital information systems have the large databases by wide range offices for hospital management, health care to improve the quality of care. However, hospital information systems for information security measures are insufficient. Therefore, when we construct the hospital information system, we have to audit the information security measures for them, and we have to manage the ISMS(Information Security Management System) to maintain the information protection level through the risk managements. In this paper, we suggested the hospital information security audit model for the protection of health information privacy by the current hospital information systems, information security management system(ISMS), and hospital information security requirements and threats. We derived the check items compared with ISO27799 reflected the characteristics of the hospital. We classified the security domains as the physical, technical, administrative domain, and derived the check items for information security. We also designed the check lists by mapping the ISO27799 risk management process to improve the security and efficiency simultaneously. Our model by the five-point scale survey of IT experts was verified the suitability with the average of 4.91 points.

Developing key Performance Indicators for Financial IT Security (금융IT 보안조직 역량강화를 위한 핵심성과지표(KPI) 도출에 관한 연구)

  • Jang, Sung Ok;Lim, Jong In
    • The Journal of Society for e-Business Studies
    • /
    • v.18 no.3
    • /
    • pp.125-142
    • /
    • 2013
  • As a reinforcing strategic-alignment of IT business, Financial Service becomes more rely on IT systems. It needs to continuous information security activities to provide a secure and reliable finance service. Performance measurement of information security activities can be useful for decision and management support. The purpose of this study is to derive CSF(Critical Success Factor) and KPI(Key Performance Indicator) based on K-ISMS, Financial IT Information Security Standards. Providing a rationale can be used to determine key performance indicators, which are utilized as basic data for establishing security policies for financial IT security competency.

Economic impact of the technical security utilizing the inter-industry relations table (산업연관표를 활용한 기술보안의 경제적 효과)

  • Lim, Heon-Wook;Shim, Jae-Young
    • Journal of Convergence for Information Technology
    • /
    • v.7 no.1
    • /
    • pp.99-106
    • /
    • 2017
  • Research on technology security has been limited to technology leakage prevention. Companies recognize technology security as an investment. so It is a passive situation for recruitment and equipment installation. Therefore, the amount of damage caused by the technology leakage is regarded as profit, The purpose of this study is to investigate the effect of technology security on the domestic economy by using the inter-industry relations table. The inter-industry relations table was created by Vasily Leontiyev. In 1960, the Bank of Korea made it for the first time in Korea. Korea introduced the ISMS in 2001 and conducted a study on the technology security economy. Through this study, we hope that technology security will be recognized as income, not investment.

Study on Plans to Improve Small and Medium Corporations' Technological Protections Using Information Security Management System (ISMS) (정보보호관리체계(ISMS)를 이용한 중소기업 기술보호 개선방안 연구)

  • Kim, Jungeun;Kim, Seongjun
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.12 no.3
    • /
    • pp.33-54
    • /
    • 2016
  • In the modern society based on information and communication, which is exposed to the risks of a lot of information security breaches, corporate information assets may be an economical scale in a country. Most of damages derived from corporate technological information leak often occur in small and medium corporations. Although many information security managers in corporations have focused on certification systems such as information security management system, small and medium corporations are poorly aware of the information security, and their environments surrounding it should be also improved. In addition, it is difficult to expect spontaneous participations in it, since the sustainable information security management systems are often not forced to be certified. Thus, the purpose of this study is to examine plans to improve small and medium corporations' technological protections by using some component of the information security management system. On the basis of this examination, it also attempts to discuss some methods for effective and efficient information security in the small and medium corporations' technological protections.

Phylogenetic Analysis of Mitochondrial DNA Control Region in the Swimming Crab, Portunus trituberculatus

  • Cho, Eun-Min;Min, Gi-Sik;Kanwal, Sumaira;Hyun, Young-Se;Park, Sun-Wha;Chung, Ki-Wha
    • Animal cells and systems
    • /
    • v.13 no.3
    • /
    • pp.305-314
    • /
    • 2009
  • The control region of mitochondrial DNA (13516-14619) is located between srRNA and $tRNA^{lle}$ gene in swimming crab, Portunus trituberculatus. The present study was investigated the genetic polymorph isms of the control region in samples of P. trituberculatus collected at coastal waters of the Yellow Sea in Korea. A total of 300 substitution and indel polymorphic sites were identified. In addition to SNPs and indel variation, a hypervariable microsatellite motif was also identified at position from 14358 to 14391, which exhibited 10 alleles including 53 different suballeles. When the hypervariable microsatellite motif was removed from the alignment, 95 haplotypes were identified (93 unique haplotypes). The nucleotide and haplotype diversities were ranged from 0.024 to 0.028 and from 0.952 to 1.000, respectively. The statistically significant evidence for geographical structure was not detected from the analyses of neighbor-joining tree and minimum-spanning network, neither. This result suggest that population of P. trituberculatus are capable of extensive gene flow among populations. We believed that the polymorph isms of the control region will be used for informative markers to study phylogenetic relationships of P. trituberculatus.

Analysis of Personal Information Protection System in Korea - Focus on Certification & Evauation System and Personal Identification Number - (우리나라의 개인정보 보호제도 분석 - 인증 및 평가제도와 개인식별번호를 중심으로 -)

  • Kim, Min-Chen
    • Informatization Policy
    • /
    • v.23 no.4
    • /
    • pp.38-58
    • /
    • 2016
  • The ever-evolving Internet environment along with changes in the mass media has been creating a new way of communicating in the virtual cyber world. The Internet users have more services at their disposal to communicate with ease. Such a new way of communication styles, however, makes them vulnerable to personal information leakage, increasing the concerns of cyber security. A thorny issue is how we can control the disclosure of personal information. Lately, the Korean government implemented privacy policies to resolve and prevent personal information leakage incidents that incur social problems. Here, we seek to identify problems in the privacy policies for better solutions.