The Journal of Society for e-Business Studies (한국전자거래학회지)

Society for e-Business Studies (한국전자거래학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on Design Direction of Industry-Centric Security Level Evaluation Model through Analysis of Security Management System

보안관리체계 분석을 통한 산업중심 보안수준평가 모형 설계 방향 연구

  • Bae, Je-Min (Department of MIS, Catholic Kwandong University) ;
  • Kim, Sanggeun (Division of Computer Engineering, Sungkyul University) ;
  • Chang, Hangbae (Department of Industrial Security, Chung-Ang University)
  • Received : 2015.10.16
  • Accepted : 2015.11.16
  • Published : 2015.11.30
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, the necessity of systematic security management system that consider company' character and environment has appeared because of increasing security accident continuously in domestic companies. However, most of companies has applied to only K-ISMS which is existing information security management system, although They are different from object, purpose and way of security level evaluation by companies. According to this situation, Many experts have questioned that there are many problems with effectiveness of introducing security management system. In this study, We established definition of information security management system, industrial security management system and research security management system through analysis of previous study and developed evaluation item which can implement security in whole industry comparing and analyzing the control items of them. Also, we analyzed existing security level evaluation and suggest design direction of industry-centric security level evaluation model considering character of industry.

최근 국내 기업에서 보안사고가 지속적으로 증가함에 따라 기업의 특성과 환경을 고려한 체계적인 보안관리체계의 필요성이 대두되고 있다. 그러나 기업별 보안수준 측정의 대상, 목적, 방법 등이 다름에도 불구하고 현재 다수의 기업이 기존의 정보보호 관리체계인 K-ISMS를 단편 일률적으로 적용하고 있는 것이 실정이며, 이에 따른 보안관리체계 도입에 대한 실효성에 대해서도 많은 문제가 제기되어지고 있다. 본 논문에서 선행연구 분석을 통해 정보보호, 산업보안, 연구보안에 대한 개념을 정립하고, 정보보호 관리체계, 산업보안관리체계, 연구보안관리 체계의 통제항목을 비교 분석하여 산업 전반의 보안을 수행할 수 있는 보안수준 평가항목 개발하였다. 또한 세부적으로 기 존재하는 보안수준평가 모형을 분석하여, 산업의 특성을 고려한 산업 중심의 보안수준평가 모형 설계 방향성을 제시하였다.

Keywords

References

  1. Bae, S. T. and Kim, J. H., "A Study on Development of the Evaluation Model about Level of Security in National R&D Program," The Journal of Korean Association of Computer Education, Vol. 16, No. 1, pp. 73-80, 2012.
  2. Chang, S. E. and Ho, C. B., "Organizational factors to the effectiveness of implementing information security management", Industrial Management and Data Systems, Vol. 106, No. 3, pp. 345-361, 2006. https://doi.org/10.1108/02635570610653498
  3. Choi, J. W. and Jung, J. H., "Study on Building Security Controls Framework for The Industrial Security Management System," Korean Academy of Public Safety and Criminal Justice, Vol. 22, No. 1, pp. 295-337, 2013.
  4. Choi, J. and Nazareth, D. L., "System Dynamics Model for Information Security Management," Information and Management, Vol. 52, No. 1, pp. 123-134, 2014. https://doi.org/10.1016/j.im.2014.10.009
  5. Jin, C. Y., Kim, A. C., and Lim, J. I., "Correlation Analysis in Information Security Checklist Based on Knowledge Network," The Journal of Society for e-Business Studies, Vol. 19, No. 2, pp. 109-124, 2014. https://doi.org/10.7838/jsebs.2014.19.2.109
  6. Jo, M. K., Kim, S. C., Hwang, J. M., and Kim, S. C., "A Study on the Effect of Institutionalization of the Security Education: Survey of National R&D Projects," The Journal of Korean Association of Computer Education, Vol. 17, No. 2, pp. 21-29, 2014.
  7. Kang, H. S., "An Analysis of Information Security Management System and Certification Standard for Information Security," Journal of Security Engineering, Vol. 11, No. 6, pp. 445-468, 2014.
  8. Kim, C. H. and Yoo, J. H., "Priority of the Government Policy to support Industrial Security-Focus on a companies' demand and efficiency of policy," The Journal of Korean Security Science Association, Vol. 42, pp. 155-178, 2015.
  9. Kim, Y. H. and Chang, H. B., "The Industrial Security Management Model for SMBs in Smart Work," Journal of Intelligent Manufacturing, Vol. 25, No. 2, pp. 319-327, 2012. https://doi.org/10.1007/s10845-012-0651-8
  10. Lee, C. S. and Kim, Y. H., "An Analysis of Relationship between Industry Security Education and Capability: Case Centric on Insider Leakage," The Journal of Society for e-Business Studies, Vol. 20, No. 2, pp. 27-36, 2015. https://doi.org/10.7838/jsebs.2015.20.2.027
  11. Park, C. S., Lee, D. B., and Kwak, J., "A Study on Enterprise and Government Information Security Enhancement with Information Security Management System," The Journal of Korea Navigation Institute, Vol. 15, No. 6, pp. 1220-1227, 2011.
  12. The Korean Association for Research of Industrial Security, "A Study on the Conceptual Definition of Industrial Security," The Journal of Korean Association for Industry Security, Vol. 2, No. 1, pp. 73-90, 2011.

Cited by

  1. A Study for Enhancing Necessity of Certain Industrial Security Charge Department through Investigating Domestic Industrial Security Organization vol.21, pp.2, 2016, https://doi.org/10.7838/jsebs.2016.21.2.121
  2. 7S Model for Technology Protection of Organizations vol.13, pp.13, 2015, https://doi.org/10.3390/su13137020