The Journal of Society for e-Business Studies (한국전자거래학회지)

Society for e-Business Studies (한국전자거래학회)
권호 표지
DOI QR코드

DOI QR Code

Correlation Analysis in Information Security Checklist Based on Knowledge Network

지식 네트워크에 근거한 정보보호 점검기준 관계분석

  • Jin, Chang Young (CIST(Center for Information Security and Technologies), Korea University) ;
  • Kim, Ae Chan (CIST(Center for Information Security and Technologies), Korea University) ;
  • Lim, Jong In (CIST(Center for Information Security and Technologies), Korea University)
  • Received : 2014.04.05
  • Accepted : 2014.05.17
  • Published : 2014.05.31
Download PDF
⟨ Previous Next ⟩

Abstract

As the emerged importance and awareness for information security, It is being implemented by each industrial sector to protect information assets. In this paper, we analyze the information security checklists or security ratings criteria to derive similarity and difference in context which used to knowledge network analysis method. The analyzed results of all checklists (ISMS, PIMS, 'FSS', 'FISS', 'G') are as follows : First, It is common factors that the protection of information systems and information assets, incident response, operations management. Second, It deals with relatively important factors that IT management, the adequacy of audit activities in the financial IT sector including common factors. Third, the criteria of ISMS contains the majority of the contents among PIMS, 'FSS', 'FISS'and 'G'.

정보보안 인식과 중요성이 시대적으로 고조됨에 따라 각 산업부문별로 조직의 정보자산을 보호하기 위해 정보보호 점검기준을 기반으로 한 정보보호 평가 인증 등의 제도가 마련되어 시행되고 있다. 본 논문은 정보보호 점검기준 간의 문맥적인 유사성과 차이점에 대해 규명하기 위하여 지식네트워크를 이용하여 분석한 결과로 ISMS와 PIMS, 금융 IT부문 경영실태평가, 금융 IT부문 보호업무 모범규준, 정보보안 관리실태 평가 상에 나타난 점검기준간의 관계는 다음과 같이 설명할 수 있다. 첫째, 본 논문에서 연구된 정보보호 점검기준은 공통적으로 정보시스템 및 정보통신망에서의 정보자산의 보호와 침해대응, 운영통제에 관한 부분을 다루고 있다. 둘째, 금융권에서는 앞선 공통부분 외에도 IT 경영 및 감사활동에 관한 적정성을 상대적으로 중요하게 다루고 있다. 셋째, ISMS의 점검기준은 PIMS, 금융 IT부문 경영실태평가, 금융 IT부문 보호업무 모범규준, 정보보안 관리실태 평가의 대부분의 내용을 포함하고 있는 것으로 확인된다.

Keywords

References

  1. Choi, Y. C. and Park, S. J., "Trend Analysis on Public Administration Research : Applications of Network Text Analysis methods," The Journal of Korea Public Administration, Vol. 45, No. 1, pp. 123-139, 2011.
  2. Jang, S. O. and Lim, J. I., "Developing key Performance Indicators for Financial IT Security," The Journal of Society for e-Business Studies, Vol. 18, No. 3, pp. 125-142, 2013. https://doi.org/10.7838/jsebs.2013.18.3.125
  3. Jeong, J. H. and Kim, D. W., "A research on the methods and target of privacy risk in smart social," Korea Journal of Local Information Society, Vol. 16, No. 3, pp. 113-136, 2013.
  4. Kim, A. C., Lee, S. M., and Lee, D. H., "Compliance Risk Assessment Measures of Financial Information Security using System Dynamics," IJSIA(International Journal of Security and Its Applications), Vol. 6, No. 4, pp. 191-200, 2012.
  5. Kim, K. C. and Kim, S. J., "Evaluation Criteria for Korean Smart Grid based on K-ISMS," Journal of The Korea Institute of Information Security and Cryptology, Vol. 22, No. 6, pp. 1375-1391, 2012.
  6. Kim, K. C., Heo, O., and Kim, S. J., "A Security Evaluation Criteria for Korean Cloud Computing Service," Journal of The Korea Institute of Information Security and Cryptology, Vol. 23, No. 2, pp. 251-265, 2013. https://doi.org/10.13089/JKIISC.2013.23.2.251
  7. Kim, Y. H., Yoon, J. R., Cho, H. S., and Kim, Y. J., "Structure of Collaboration Network among Korean Scientists-'Small World' and Position Effect," Korea Journal of Sociology, Vol. 41, No. 4, pp. 68-103, 2007.
  8. Lee, S. S., Network Analysis Methodology. Social Science Research Institute, Pusan National University Studies series, Vol. 2, Seoul, 2012.
  9. NIST, SP 800-53, Recommended Security Controls for Federal Information Systems, Oct 2003.
  10. Park, H. W. and Loet Leydesdorff., "Kr-Kwic for Korean content analysis and understanding of the applicable program," Journal of the Korean Data Analysis Society, Vol. 6, No. 5, pp. 1377-1387, 2004.
  11. Popping, R., Computer-assisted Text Analysis. London, Sage Publications, 2000.
  12. Shim, J. S. and Kim, J. S., "Understanding Conflict Frames about a Nuclear Power Plant : Focusing on the Effect of the Fukushima Nuclear Accident," The Journal of Korea Public Administration, Vol. 45, No. 3, pp. 173-202, 2011.
  13. TTA, TTAK.KO-12.0093, A Guide to Establishing Information Security Policies of Organization, Dec 2008.
  14. White, H. D., "Pathfinder networks and author cocitation analysis : A remapping of paradigmatic information scientists," Journal of the American Society for Information Science and Technology, Vol. 54, No. 5, pp. 423-434, 2003. https://doi.org/10.1002/asi.10228
  15. Wi, C. K., Kim, H. J., and Lee, S. J., "A Study on Detection Technique of Anomaly Signal for Financial Loan Fraud Based on Social Network Analysis," Journal of The Korea Institute of Information Security and Cryptology, Vol. 22, No. 4, pp. 851-868, 2012.
  16. Won, D. K. et al., Development and implementation of knowledge Map in academic social science research area, Korea Institute of Science and Technology Information Research Report, 2009.
  17. Wikipedia, "Power law," http://en.wikipedia.org/wiki/Power_law.
  18. Wikipedia, "NIACAP," http://en.wikipedia.org/wiki/NIACAP.

Cited by

  1. Padding Oracle Attack on Block Cipher with CBC|CBC-Double Mode of Operation using the BOZ-PAD vol.20, pp.1, 2015, https://doi.org/10.7838/jsebs.2015.20.1.089
  2. A Study on Design Direction of Industry-Centric Security Level Evaluation Model through Analysis of Security Management System vol.20, pp.4, 2015, https://doi.org/10.7838/jsebs.2015.20.4.177
  3. 소셜 네트워크 분석(SNA)을 이용한 실과(기술·가정)교육 분야 연구 동향 분석 vol.56, pp.6, 2018, https://doi.org/10.6115/fer.2018.043
  4. 소셜 네트워크 분석(SNA)을 이용한 실과(기술·가정)교육 분야 연구 동향 분석 vol.56, pp.6, 2018, https://doi.org/10.6115/fer.2018.043