• Title/Summary/Keyword: ISMS

Search Result 180, Processing Time 0.019 seconds

Perceptual Differences between Managers and Practitioners on Competencies of Information Security Consultants (정보보호컨설턴트 역량에 대한 관리자와 실무자의 인식차이)

  • Kim, Se-Yun;Kim, Tae-Sung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.1
    • /
    • pp.227-235
    • /
    • 2016
  • As various measures of law observance obligations such as mandatory obligation of privacy impact assessment (PIA) for public institutions and authorization of information security management system (ISMS) are put into practice, increase in demand for information security consulting and securement of information security consultants are emerging as a major issue. The purpose of this study is to empirically investigate what core competencies information security consultants should possess and how much they actually possess them. By analyzing the differences in perception between practitioners and managers on core competencies, this study understands difference of views between the two groups and suggests ideas for cultivation of information security consultants.

Framework for assessing responsiveness to personal data breaches based on Capture-the-Flag

  • Oh, Sangik;Kim, Byung-Gyu;Park, Namje
    • Journal of Multimedia Information System
    • /
    • v.7 no.3
    • /
    • pp.215-220
    • /
    • 2020
  • Many state agencies and companies collect personal data for the purpose of providing public services and marketing activities and use it for the benefit and results of the organization. In order to prevent the spread of COVID-19 recently, personal data is being collected to understand the movements of individuals. However, due to the lack of technical and administrative measures and internal controls on collected personal information, errors and leakage of personal data have become a major social issue, and the government is aware of the importance of personal data and is promoting the protection of personal information. However, theory-based training and document-based intrusion prevention training are not effective in improving the capabilities of the privacy officer. This study analyzes the processing steps and types of accidents of personal data managed by the organization and describes measures against personal data leakage and misuse in advance. In particular, using Capture the Flag (CTF) scenarios, an evaluation platform design is proposed to respond to personal data breaches. This design was proposed as a troubleshooting method to apply ISMS-P and ISO29151 indicators to reflect the factors and solutions to personal data operational defects and to make objective measurements.

A Study on Analysing Framework of Information Security Management Systems for Managing Business Risk (비즈니스 위험관리를 위한 정보보호제도 분석 프레임웍에 관한 연구)

  • Kim, Min-Sun
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.11 no.2
    • /
    • pp.703-708
    • /
    • 2010
  • Various information sources and the increasing vulnerabilities of information systems could increase the risks of a business. The successful management of business risks depends on appropriate level of risks in business. Business risk management would be conducted in terms of financial risk management and information security management. The financial management and the information security management could not achieve an integrated business risk management. For developing the integrated business risk management, this study analyzes the various information security management systems such as ISMS, EA, ISO27001, COBIT, SPICE, Auditing. This study analyzes information security systems, which could be utilized in developing business risk management.

Strengthening Security on the Internal Cloud Service Certification (국내 클라우드서비스 인증에서 보안 강화방안 연구)

  • Lee, Gangshin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.6
    • /
    • pp.1231-1238
    • /
    • 2013
  • In the background of rapidly increasing domestic cloud service demand, worries about security and privacy incidents can hinder the promotion of cloud service industry. Thus, it is crucial that the independent 3rd party assures the reliability for using the cloud service. This paper compares several external and internal cloud service certification cases, for example CSA certification, FedRAMP certification, KCSA certification, and concludes that insufficient security and privacy controls are prevailing. As a consequence, several enhanced countermeasures by using ISO/IEC 27017, KISA's ISMS considering manageability and expertise are proposed in the cloud service certification system.

Analyses of Single Nucleotide Polymorphisms and Haplotype Linkage of the Human ABCB1 (MDR1) Gene in Korean

  • Ryu, Ho-Cheol;Kwon, Hyog-Young;Choi, Il-Kuen;Rhee, Dong-Kwon
    • Archives of Pharmacal Research
    • /
    • v.29 no.12
    • /
    • pp.1132-1139
    • /
    • 2006
  • Single nucleotide polymorph isms (SNPs) in the MDR1 gene that are responsible for drug efflux can cause toxicity. Therefore, this study determined the SNPs of the Korean MDR1 gene, and analyzed the haplotypes and a linkage disequilibrium (LD) of the SNPs determined. The frequency of 9 SNPs from the MDR1 gene was determined by PCR-RFLP analyses of 100 to 500 healthy individuals. The frequcies of the SNPs were C3435T (47.7%), G2677T (37.6%), G2677A (4.4%), T1236C (21.7%), T129C (8%), A2956G (2.5%), T307C (1.5%), A41aG (9.2%), C145G (0%), and G4030C (0%). Analyses of the haplotype structure and an estimation of the LD of the combined polymorph isms demonstrated that the frequency of the 1236T-2677G-3435T haplotype is much higher in Koreans (14.1%) than in Chinese and western black Africans and the C3435T SNP in Koreans appears to have LD with T129C in Koreans for the first time. These results provide insight into the genetic variation of MDR1 in Koreans, and demonstrated the possibility of a new LD in this gene.

Ways to establish public authorities information security governance utilizing E-government information security management system (G-ISMS) (전자정부 정보보호관리체계(G-ISMS)를 활용한 공공기관 정보보호 거버넌스 수립방안)

  • Ryu, Seung-Han;Jeong, Dae-Ryeong;Jung, Hoe-Kyung
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.17 no.4
    • /
    • pp.769-774
    • /
    • 2013
  • In order to strengthen the protection of information, public institutions have introduced information security governance system. Public institutions recognizes the importance of information security governance system, and have striven to establish information security governance by establishing institutions and making policies. In this paper, in order to investigate ways that will be the basis for the establishment of information security governance in public institutions, we studied the necessity and model of information security governance. Also, by studying the government policies and cases, we proposed the direction of the policy.

Improvements of Information Security Level in Electronic Financial Infrastructure(By Analyzing Information Security Management Level) (전자금융기반시설 정보보호 수준강화 방안 (정보보호 관리수준 분석을 통한))

  • Park, Keun-dug;Youm, Heung-youl
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.6
    • /
    • pp.1605-1618
    • /
    • 2016
  • In recent years, security incidents - such as personal information leakage, homepage hacking, DDoS and etc. - targeting finance companies(banks, securities companies, credit card companies, insurance companies and etc.) have increased steadily. In this paper, we analyze problems of information security management level in the existing electronic financial infrastructure from perspective of compliance and information security certification system and propose improvements to enable sustainable high level of information security activities under a comprehensive management system for the financial sector characteristics using ISMS, SECU-STAR and CNIVAM system.

Comparing Qualifications of Korea and US Information Security Consultants: Focused on Job Ads (한국과 미국의 정보보호 컨설턴트의 자격요건 비교: 구인광고를 중심으로)

  • Lim, Jae-Jung;Kim, Ha-Young;Kim, Tae-Sung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.5
    • /
    • pp.1157-1166
    • /
    • 2017
  • Demand for information security consulting is increasing as the number of major information infrastructure facilities in the country is increasing and the subject of ISMS mandatory certification is expanded. The demand for manpower also increases, but the manpower to meet the needs of industry is scarce. In order to cultivate the manpower that meets the demand, the demand of the industry should be grasped first. Therefore, this study collected and analyzed job advertisements in Korea and the United States in order to grasp the needs of industry. This will contribute to the development of policy to cultivate human resources of consultants in accordance with the future demand of the enterprise, and ultimately it will be able to solve the quality disparity of security consulting personnel.

Security Management Model for Protecting Personal Information for the Customer Contact Center (컨택센터의 고객 개인정보 보호 모델)

  • Kwon, Young-Kwan;Youm, Heung-Youl
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.19 no.2
    • /
    • pp.117-125
    • /
    • 2009
  • In this paper, we analyze the Contact Center's specific-security characteristics, including the threat model and weakness and study effective security measures focussing on protecting customer's personal information. Also, we establish the information security management system to reduce the possibility of information leakage from the internal employee in advance. As a result, we propose the "Security management model for protecting personal information for customer Contact Center" that complies with current ISO/IEC JTC 1 ISMS 27000 series standards.

Outcome and Enhancement of ISO 27001(ISMS) in National R&D Information Management Environment (국가R&D정보관리 환경에서 ISO 27001(ISMS) 성과 및 개선 방향)

  • Lee, Byeong-Hee;Yeo, Il-Yeon;Kim, Jae-Soo
    • Annual Conference of KIPS
    • /
    • 2011.04a
    • /
    • pp.823-825
    • /
    • 2011
  • R&D에 관한 주요 국가 및 산업기술의 정보 유출이 문제가 되고 있다. 2009년 11월 국가과학기술지식정보서비스(NTIS)는 영국표준협회(BSI)로부터 ISO 27001에 대한 11개 도메인, 133개 보안 통제항목의 정보보호관리체계((Information Security Management System) 인증을 획득하였고 이후 사후인증 심사를 받고 있다. 본 논문에서는 정보보호 국제 표준인증인 ISO 27001과 관련하여 NTIS의 정보보호관리체계에 대하여 국가R&D정보관리의 경영적 관점에서 실증적 현황 및 성과와 향후 개선 및 발전 방향에 대하여 검토한다. ISO 27001 도입 후 133개 통제항목 중에서 적용율이 증가하였고 중부적합/경부적합/개선권고 사항이 크게 감소하였으나 정보자산 및 개인정보 관리는 지속적인 관심과 개선이 필요함을 알 수 있었다.