A Building Method of Designing National Cyber Security Governance Model Through Diagnosis of Operational Experience

정보보안체계 운영경험 진단을 통한 국가 사이버보안 거버넌스 모델 연구 방법

  • 방기천 (남서울대학교 멀티미디어학과)
  • Received : 2018.04.25
  • Accepted : 2018.06.20
  • Published : 2018.06.28


This Study aims to propose a new information security governance model design method for streamlining security governance at national strategic level. The research method of this study is to diagnose our operational experience and to derive a new model design method. In the meantime, national information security activities were perceived to be focused on knowledge transfer, and motivation of activities and securing of executive power were weak. As a result, security blind spots and frequent occurrence of large security incidents have become unresolved challenges. National cyber security governance should be grouped together as a whole systematically from the upper policy to the lower level of performance under the responsibility of the national leader. Based on this approach, this study presented the comprehensive framework of Korean security governance model and embodied it into four architectural designs such as vision, goal, process, and performance, thus deriving the foundation for future national governance model design. Further research is needed to diagnose problems in life cycle flow, security policies based on environmental changes, and new frameworks in which all subjects participate.


Information Security System;Operational Experience;Diagnosis;National Cyber Security;Governance Model


  1. YSC Research and Business Foundation. (2015). A Comparative Law Study on the Cybersecurity Response System. Naju:KISA.
  2. E. H. Kim & J. I. Lee. (2011. 8). Net Focus - US Obama Government's Cyber Security Key Policies and Measure. Internet & Security Issue, Naju:KISA, 5-30.
  3. S. C. Kim. (2014). Cyber Security Law of Germany. The Journal of Cyber Security Law, 1, 1-22.
  4. J. Miller, L. Candler & H. Wald. (2009. 11). Information Security Government., Technology, 5.
  5. K. T. Hwang. (2005). Basic concept of IT governance. Local Informatization, 32, 106-109.
  6. D. H. Kim. (2017). The Study on Corporate Information Security Governance Model for CEO. Jouranl of Information and Security, 17(1), 39-44.
  7. S. K. Kang, H. S. Yoon, Y. W. Park, M. H. Kim, H. Y. Kwan, D. S. Kim & K. B .Kim. (2010). A Study on the Construction, Korean Institute of Criminology.
  8. Korea Communications & Commission. (2011. 8. 8). Government, Establishment of "National Cyber Security Master Plan" - Establishment of blueprints for the protection of national cyber space. Seoul:KCC.
  9. ISACA. (2012). COBIT 5, 14.
  10. Information Week. (2014. 6. 13). FCC Wants More Cybersecurity Collaboration. Less Regulation.
  11. Media & Future Institute. (2012). International cyber space forum strategy study, Seoul:KCC.
  12. TechCrunch. (2014. 6. 12). FCC Chairman Tom Wheeler Outlines New Cybersecurity Paradigm Led By Private Sector.
  13. National Intelligence Service, Ministry of Science, ICT and Future Planning, Korea Communications Commission &, Ministry of Government Administration and Home Affairs. (2015). 2015 National Informatization White Paper.
  14. National Information Society Agency. (2014. 7). ICT Issues Weekly, 463, 1-5.
  15. Wall Street Cheat Sheet. (2014. 6. 12). What the FCC's 'New Regulatory Paradigm' Means for Network Providers.
  16. Office for Government Policy Coordination. (2015. 3. 17). Strengthen National Cyber Security Stance Capacity.