Journal of Korea Society of Digital Industry and Information Management (디지털산업정보학회논문지)

Korea Society of Digital Industry and Information Management (디지털산업정보학회)
권호 표지
DOI QR코드

DOI QR Code

Design of Financial Information Security Model based on Enterprise Information Security Architecture

전사적 정보보호 아키텍처에 근거한 금융 정보보호 모델 설계

  • Received : 2010.11.09
  • Accepted : 2010.11.30
  • Published : 2010.12.30
Download PDF
⟨ Previous Next ⟩

Abstract

The majority of financial and general business organizations have had individual damage from hacking, worms, viruses, cyber attacks, internet fraud, technology and information leaks due to criminal damage. Therefore privacy has become an important issue in the community. This paper examines various elements of the information security management system and discuss about Information Security Management System Models by using the analysis of the financial statue and its level of information security assessment. These analyses were based on the Information Security Management System (ISMS) of Korea Information Security Agency, British's ISO27001, GMITS, ISO/IEC 17799/2005, and COBIT's information security architecture. This model will allow users to manage and secure information safely. Therefore, it is recommended for companies to use the security management plan to improve the companies' financial and information security and to prevent from any risk of exposing the companies' information.

Keywords

References

  1. 이지용.김동수.김희완, "정보시스템 감리에서의 정보보호 감리모형 설계," 디지털산업정보학회논문지, 제6권, 제2호, 2010, pp. 233-245.
  2. 한국정보보호진흥원, 정보보호 거버넌스 개념 도입을 위한 정보보호 관리체계(ISMS) 발전 방안 연구, 2009.
  3. 한국정보사회진흥원, 공공부문 정보보호 아키텍처 구성 방안 연구, 2004.
  4. 한국정보사회진흥원, 정보시스템 보안/통제 감리 지침 연구, 1998.
  5. ISO/IEC 27001, International standard - Information technology - Security techniques - Information security management systems – Requirements, 2005.
  6. ISO, ISO/IEC TR 13335-1, Information technology - Guidelines for the management of IT Security - Part1 : Concepts and models for IT Security, 1996
  7. ISO, ISO/IEC TR 13335-1, Information technology - Guidelines for the management of IT Security - Part2 : Managing and planning IT Security, 1997
  8. ISO, ISO/IEC TR 13335-1, Information technology - Guidelines for the management of IT Security - Part3 : Techniques for the management of IT Security, 1998.
  9. ISO, ISO/IEC TR 13335-1, Information technology - Guidelines for the management of IT Security - Part4 : Selection of safeguards, 2000
  10. ISO, ISO/IEC TR 13335-1, Information technology - Guidelines for the management of IT Security - Part5 : Management guidance on network security, 2001
  11. ISO, ISO/IEC 27001:(FDS) Information Security Management System Requirements, 2005.
  12. ISACA Korea chapter, CoBIT 4.0 한글판, 2006.
  13. 한국정보사회진흥원, 전사적 아키텍처 프레임웍 실무지침 - 포괄적 개념중심, 2004.
  14. 정보통신연구진흥원, 정보보호 수준 평가 적정화 방안 연구, 2008.