• Information Systems Review
• /
• v.22 no.3
• /
• pp.157-172
• /
• 2020

The demand of information security consultants is expected to increase due to the emergence of ISMS-P incorporating ISMS and PIMS, the implementation of European Privacy Act (GDPR) and various security accidents. In this paper, we collected and analyzed advertisements of job advertisement sites that could identify firms' demand explicitly. We selected representative job advertisement sites in Korea and the United States and collected job advertisement details of information security consultants in 2014 and 2019. The collected data were visualized using text mining and analyzed using non-parametric methods to determine whether there was a change in the role of the information security consultant. The findings show that the requirements for information security consultants have changed very little. This means that the role does not change much over a five year time gap. The results of the study are expected to be helpful to policy makers related to information security consultants, those seeking to find employment as information security consultants, and those seeking information security consultants.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.227-235
• /
• 2016

As various measures of law observance obligations such as mandatory obligation of privacy impact assessment (PIA) for public institutions and authorization of information security management system (ISMS) are put into practice, increase in demand for information security consulting and securement of information security consultants are emerging as a major issue. The purpose of this study is to empirically investigate what core competencies information security consultants should possess and how much they actually possess them. By analyzing the differences in perception between practitioners and managers on core competencies, this study understands difference of views between the two groups and suggests ideas for cultivation of information security consultants.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.5
• /
• pp.1157-1166
• /
• 2017

Demand for information security consulting is increasing as the number of major information infrastructure facilities in the country is increasing and the subject of ISMS mandatory certification is expanded. The demand for manpower also increases, but the manpower to meet the needs of industry is scarce. In order to cultivate the manpower that meets the demand, the demand of the industry should be grasped first. Therefore, this study collected and analyzed job advertisements in Korea and the United States in order to grasp the needs of industry. This will contribute to the development of policy to cultivate human resources of consultants in accordance with the future demand of the enterprise, and ultimately it will be able to solve the quality disparity of security consulting personnel.

• Journal of Information Technology Services
• /
• v.21 no.1
• /
• pp.81-102
• /
• 2022

Although more than 99% of all Korean companies are small and medium-sized enterprises (SMEs), which accounts for a large part of the national economy, they are having difficulties in securing information protection capabilities due to problems such as budget and manpower. On the other hand, as 97% of cyber incidents are concentrated in SMEs, it is urgent to strengthen the information protection management and response capabilities of SMEs. Although the government is promoting company-wide information security consulting for SMEs, the need for supplementing it's procedures and consulting items is being raised. Based on the results of information security consulting supported by the government in 2020, this study attempted to derive improvement plans by interviewing SME workers, information security consultants, and system operators. Through the research results, it is expected to create a basis for SMEs to autonomously check the information security management system and contribute to the reference of related policies.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.12
• /
• pp.2325-2332
• /
• 2017

Consulting projects such as diagnosis of vulnerabilities of major information and telecommunication infrastructure are increasing, mandatory public information infrastructure assessment (PIA) for public institutions and ISMS (Information Security Management System) The demand for information protection consulting is continuously increasing as the field obeys the law, but the lack of information security consultant is not improving. One reason is that information security consultants are not being developed to meet the increasing demand for information protection consulting. In this paper, we present the case of information protection consulting as a scenario for studying and educating the duty of information security consultant by studying overseas case and domestic case based on standardization and standardization. We propose a problem-based learning (PBL) training method. In addition, we analyze the effectiveness of the PBL - based learning method.

• Asia pacific journal of information systems
• /
• v.15 no.1
• /
• pp.45-61
• /
• 2005

This study develops the evaluation model for e-Business company using analytic hierarchy process. As the first step of this study, we derived the appraisal standards based on the previous literature and the knowledge of experts from venture capitalists, security companies, credit evaluation companies, and consulting firms. In order to validate the evaluating factors in the models, this study was supported by analysts of top ranked venture capitalists in Korea. Through their assistance, this study can determine necessary evaluating factors that refined and deepened the models. Four expert groups, such as venture capitalists, credit analysts, analysts of security company and e-Business consultants, provide their knowledge for the determination of the weights of evaluating factors in the hierarchical model through the questionnaires and interviews. The results show that the weights of the evaluating factors differed by the maturity of e-Business company.

• Journal of Distribution Science
• /
• v.13 no.11
• /
• pp.123-130
• /
• 2015

Purpose - Due to highly elevated levels of competition, many companies today have to face the problem of decreasing profits even when their actual sales volume is increasing. This is a common phenomenon that is seen occurring among companies that focus heavily on quantitative growth rather than qualitative growth. These two aspects of growth should be well balanced for a company to create a sustainable business model. For supply chain management (SCM) planners, the optimized, quantified flow of resources used to be of major interest for decades. However, this trend is rapidly changing so that managers can put the appropriate balance between sales volume and sales quality, which can be evaluated from the profit margin. Profit optimization is a methodology for companies to use to achieve solutions focused more on profitability than sales volume. In this study, we attempt to provide executional insight for companies considering implementation of the profit optimization system to enhance their business profitability. Research design, data, and methodology - In this study, we present a comprehensive explanation of the subject of profit optimization, including the fundamental concepts, the most common profit optimization logic algorithm -linear programming -the business functional scope of the profit optimization system, major key success factors for implementing the profit optimization system at a business organization, and weekly level detailed business processes to actively manage effective system performance in achieving the goals of the system. Additionally, for the purpose of providing more realistic and practical information, we carefully investigate a profit optimization system implementation case study project fulfilled for company S. The project duration was about eight months, with four full-time system development consultants deployed for the period. To guarantee the project's success, the organization adopted a proven system implementation methodology, supply chain management (SCM) six-sigma. SCM six-sigma was originally developed by a group of talented consultants within Samsung SDS through focused efforts and investment in synthesizing SCM and six-sigma to improve and innovate their SCM operations across the entire Samsung Organization. Results - Profit optimization can enable a company to create sales and production plans focused on more profitable products and customers, resulting in sustainable growth. In this study, we explain the concept of profit optimization and prerequisites for successful implementation of the system. Furthermore, the efficient way of system security administration, one of the hottest topics today, is also addressed. Conclusion - This case study can benefit numerous companies that are eagerly searching for ways to break-through current profitability levels. We cannot guarantee that the decision to deploy the profit optimization system will bring success, but we can guarantee that with the help of our study, companies trying to implement profit optimization systems can minimize various possible risks across various system implementation phases. The actual system implementation case of the profit optimization project at company S introduced here can provide valuable lessons for both business organizations and research communities.

• The Journal of Society for e-Business Studies
• /
• v.19 no.4
• /
• pp.135-150
• /
• 2014

As the collection and use of personal information increases, the accidents that abuse and leak personal information are continuously increasing. The nation has established new laws and strengthened related laws for the prevention of the mass leakage of personal information and the secondary damage due to the leaked personal information. The nation also established the guidelines that need to be implemented by the institutions handling personal information for the safety of the personal information. For the efficient implementation of guidelines under the limited time and resources, it is necessary to establish the priorities between guidelines. This paper compares the relative importance of the guidelines by AHP (Analytic Hierarchy Process) technique. We performed the analysis on two expert groups, the group of consultants working in information security consulting company and the group of information security staffs handling personal information directly in the company. We compared the differences between groups and recommended the relative importances of the guidelines.