• Title/Summary/Keyword: Information security management system

Search Result 1,902, Processing Time 0.025 seconds

Improvement of Information Security Management System Evaluation Model Considering the Characteristics of Small and Medium-Sized Enterprises (중소기업의 특성을 고려한 정보보호 관리체계 평가 모델 개선)

  • Kim, Yi Heon;Kim, Tae-Sung
    • Journal of Information Technology Services
    • /
    • v.21 no.1
    • /
    • pp.81-102
    • /
    • 2022
  • Although more than 99% of all Korean companies are small and medium-sized enterprises (SMEs), which accounts for a large part of the national economy, they are having difficulties in securing information protection capabilities due to problems such as budget and manpower. On the other hand, as 97% of cyber incidents are concentrated in SMEs, it is urgent to strengthen the information protection management and response capabilities of SMEs. Although the government is promoting company-wide information security consulting for SMEs, the need for supplementing it's procedures and consulting items is being raised. Based on the results of information security consulting supported by the government in 2020, this study attempted to derive improvement plans by interviewing SME workers, information security consultants, and system operators. Through the research results, it is expected to create a basis for SMEs to autonomously check the information security management system and contribute to the reference of related policies.

Design and Implementation of Enterprise Information Security Portal(EISP) System for Financial Companies (금융회사를 위한 기업 정보보호 포털(EISP) 시스템의 설계 및 구현)

  • Kim, Do-Hyeong
    • Convergence Security Journal
    • /
    • v.21 no.1
    • /
    • pp.101-106
    • /
    • 2021
  • To protect financial information, financial companies establish strategies and plans for information security, operate information security management systems, establish and operate information security systems, check vulnerabilities, and secure information. This paper aims to present an information security portal system for financial companies that can gain visibility into various information security activities being undertaken by financial companies and can be integrated and managed. The information security portal system systemizes the activities of the information security department, providing an integrated environment for information security activities to participate from CEOs to executives and employees, not just from the information security department. Through this, it can also be used as information security governance that can be used by top executives to reflect information security in corporate management.

Personal Information Management System (PIMS) improvement research using cloud computing security (개인정보관리체계계(PIMS)를 이용한 클라우드컴퓨팅 개인정보 보안 개선 방안 연구)

  • Jeong, Hyein;Kim, Seongjun
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.12 no.3
    • /
    • pp.133-155
    • /
    • 2016
  • Recently, in the adoption of cloud computing are emerging as locations are key requirements of security and privacy, at home and abroad, several organizations recognize the importance of privacy in cloud computing environments and research-based transcription and systematic approach in progress have. The purpose of this study was to recognize the importance of privacy in the cloud computing environment based on personal information security methodology to the security of cloud computing, cloud computing, users must be verified, empirical research on the improvement plan. Therefore, for existing users of enhanced security in cloud computing security consisted framework of existing cloud computing environments. Personal information protection management system: This is important to strengthen security for existing users of cloud computing security through a variety of personal information security methodology and lead to positive word-of-mouth to create and foster the cloud industry ubiquitous expression, working environments.

Advanced Information Security Management Evaluation System

  • Jo, Hea-Suk;Kim, Seung-Joo;Won, Dong-Ho
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.5 no.6
    • /
    • pp.1192-1213
    • /
    • 2011
  • Information security management systems (ISMSs) are used to manage information about their customers and themselves by governments or business organizations following advances in e-commerce, open networks, mobile networks, and Internet banking. This paper explains the existing ISMSs and presents a comparative analysis. The discussion deals with different types of ISMSs. We addressed issues within the existing ISMSs via analysis. Based on these analyses, then we proposes the development of an information security management evaluation system (ISMES). The method can be applied by a self-evaluation of the organization and an evaluation of the organization by the evaluation committee. The contribution of this study enables an organization to refer to and improve its information security levels. The case study can also provide a business organization with an easy method to build ISMS and the reduce cost of information security evaluation.

A Study on Enterprise and Government Information Security Enhancement with Information Security Management System (정보보호관리체계를 통한 기업 및 정부 정보보안 강화 방안에 관한 연구)

  • Park, Chung-Soo;Lee, Dong-Bum;Kwak, Jin
    • Journal of Advanced Navigation Technology
    • /
    • v.15 no.6
    • /
    • pp.1220-1227
    • /
    • 2011
  • According to the development of IT technology, life itself is becoming the change to Knowledge-based systems or information-based systems. However, the development of IT technology, the cyber attack techniques are improving. And DDoS a crisis occurs frequently, such as cyber terrorism has become a major data leakage. In addition, the various paths of attack from malicious code entering information in the system to work for your company for loss and damage to information assets is increasing. In this environment, the need to preserve the organization and users of information assets to perform ongoing inspections risk management processes within the organization should be established. Processes and managerial, technical, and physical systems by establishing an information security management system should be based. Also, we should be introduced information security product for protecting internal assets from the threat of malicious code incoming to inside except system and process establishment. Therefore we proposed enterprise and government information security enhancement scheme through the introduction of information security management system and information security product in this paper.

Global Recovery Management Protocol for Heterogeneous System in Security Environments (보안환경에서 이질형 시스템의 전역 복구 관리 프로토콜)

  • Jeong, Hyun Cheol
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.5 no.4
    • /
    • pp.51-59
    • /
    • 2009
  • Many failures are due to incorrectly programmed transactions and data entry errors. System failure causes the loss or corruption of the contents of volatile storage. Although global processing protects data values to detect direct or indirect information effluence, security environments are very important in the recovery management of heterogeneous systems. Although transaction can't control system fault, the restart for the system can cause information effluence by low bandwith. From various faults, it is not easy to maintain the consistency and security of data. This paper proposes recovery management protocols to assure global multilevel secure one-copy quasi-serializability in security environments of heterogeneous systems with replicated data and proves its correctness. The proposed secure protocols guarantee the reliability and security of system when the system fault is happened.

A Coherent Model in Upholding General Deterrence Theory and Impact to Information Security Management

  • Choi, Myeong-Gil;Ramos, Edwin R.;Kim, Man-Sig;Kim, Jin-Soo;Whang, Jae-Hoon;Kim, Ki-Joo
    • Journal of Information Technology Applications and Management
    • /
    • v.16 no.3
    • /
    • pp.73-86
    • /
    • 2009
  • To establish an effective security strategy, business enterprises need a security benchmarking tool. The strategy helps to lessen an impact and a damage in any threat. This study analyses many aspects of information security management and suggests a way to deal with security investments by considering important factors that affect security manager's decision. To address the different threats resulting from a major cause of accidents inside an enterprise, we investigate an approach that followed ISO17799. We unfold a criminology theory that has designated many measures against the threat as suggested by General Deterrence Theory. The study proposes a coherent model of the theory to improve the security measures especially in handling and protecting company assets and human lives as well.

  • PDF

A Continuous Evaluation Processes for Information Security Management

  • Choi, Myeonggil
    • Journal of Information Technology Applications and Management
    • /
    • v.23 no.3
    • /
    • pp.61-69
    • /
    • 2016
  • Growing information threats have threatened organization to lose information security controls in these days. Many organizations have accepted the various information security management systems does mention necessity of a continuous evaluation process for the executions of information security management in a theoretical aspect. This study suggests a continuous evaluation process for information security management reflecting the real execution of managers and employees in organizations.

Design and Performance Analysis of Security Network Management Architecture for Auto-managing Security Systems (보안 시스템의 자동 관리를 위한 보안 네트워크 관리 구조의 설계 및 성능 분석)

  • Ahn Gae-Il
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.30 no.8B
    • /
    • pp.525-534
    • /
    • 2005
  • This paper proposes the architecture and the methods of security network management for auto-configuration of security systems by extending the existing policy-based network management architecture. The architecture and the methods proposed in this paper enable a security management sewer to automatically decide the best-suited security policy to apply to a security system and the most effective and efficient security system to perform security policy rule, based on the role and capability information of security systems and the role and time information of security policy. For integrated control of network system and security system, this paper also proposes SNMP protocol based security network topology map generator. To show the excellence of the proposed architecture and methods, we simulate and evaluate the automatic response against attacks.

Research Trends Analysis of Information Security using Text Mining (텍스트마이닝을 이용한 정보보호 연구동향 분석)

  • Kim, Taekyung;Kim, Changsik
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.14 no.2
    • /
    • pp.19-25
    • /
    • 2018
  • With the development of IT technology, various services such as artificial intelligence and autonomous vehicles are being introduced, and many changes are taking place in our lives. However, if secure security is not provided, it will cause many risks, so the information security becomes more important. In this paper, we analyzed the research trends of main themes of information security over time. In order to conduct the research, 'Information Security' was searched in the Web of Science database. Using the abstracts of theses published from 1991 to 2016, we derived main research topics through topic modeling and time series regression analysis. The topic modeling results showed that the research topics were Information technology, system access, attack, threat, risk management, network type, security management, security awareness, certification level, information protection organization, security policy, access control, personal information, security investment, computing environment, investment cost, system structure, authentication method, user behavior, encryption. The time series regression results indicated that all the topics were hot topics.