Journal of the Korea Institute of Information and Communication Engineering (한국정보통신학회논문지)

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지
DOI QR코드

DOI QR Code

Job Assignment basis on Assistant-staff for The Information security improvement of Public Institution

공공기관 정보보안수준 향상을 위한 분임담당자 중심 업무분장 개선에 관한 연구

  • Kim, Sang-Kyoon (Graduate School for Information Security, Korea University) ;
  • Kim, In-Seok (Graduate School for Information Security, Korea University)
  • Received : 2016.09.22
  • Accepted : 2016.09.28
  • Published : 2016.11.30
Download PDF
⟨ Previous Next ⟩

Abstract

It was found to have hacking attempts totaling 115,000 to target the public sector since 2011 to 2015. National Intelligence Service was conducting survey information security management states of a wide range of national-public institutions up to 800 including government agencies in the 2012, while instructing to complement shortcomings. However, there is still going to occur invasions, such as Korea Hydro & Nuclear Power hacking. Even though KHNP's security personnel was only 53 people, in the total 20,000 workforces, got the almost perfect score in the 2013 and 2014 related to information security personnel. Through them, we can confirm that between the organizational response to information security incidents and something theoretical is very far. In this paper, we suggest solutions not using the professional staff management but the non-professional staff management to upgrade the level of public agencies information security.

지난 2011년부터 2015년까지 공공기관 대상 해킹시도가 총 11만 5천 건에 달하는 것으로 밝혀졌다. 이에 국정원은 지난 2012년에는 준정부기관을 대상에 포함시키는 등 현재는 최대 800여개의 국가 공공기관을 광범위하게 평가하면서 미흡한 점을 보완하도록 지시하고 있다. 하지만 여전히 한수원 해킹과 같은 정보보안 침해사고가 일어나고 있다. 한수원은 전체 인력 2만여 명 중 전산 및 보안 인력이 53명에 불과했음에도 불구하고 2013년, 2014년 내부인원 관련 거의 완벽에 가까운 점수를 받았다. 이를 통해 우수한 평가를 받는 것과 정보보안사고 발생 시 조직적으로 대응하는 것은 별개라는 것을 확인할 수 있다. 본 논문에서는 정보보안 인력 확충이라는 공감대적인 문제에서 벗어나 공공기관의 전사적인 보안수준 향상이라는 과제를 현실화하기 위한 방편으로서 주로 비 전담 분임 인력을 효과적으로 운영할 수 있는 업무분장 개선안을 제시하고자 한다.

Keywords

References

  1. D. K. Choi, M. S. Song, J. I. Im, K. H. Lee, "Study the role of information security personnel have on an organization's information security level," Journal of the Korea Institute of Information Security and Cryptology, vol. 25, no. 1, pp. 197-362, Feb. 2015. https://doi.org/10.13089/JKIISC.2015.25.1.197
  2. S. S. Jang, S. J. Lee, B. N. Noh, "The effects of the operation of an information security management system on the performance of information security," Journal of the Korea Institute of Information Security and Cryptology, vol. 22, no. 5, pp. 1123-1132, Oct. 2012.
  3. TTAS.KO-10.0089/R1, GUIDELINES ON IT SECURITY POLICY FOR PUBLIC INSTITUTIONS AND ORGANIZATIONS, TTA(Telecommunications Technology Association), 1999.
  4. J. S. Song, M. J. Jeon, M. G. Choi, "A Study on Factors Affecting the Level of Information Security Governance in Korea Government Institutions and Agencies," The Journal of Society for e-Business Studies, vol. 16, no. 1, pp. 133-151, Feb. 2011.
  5. J. S. Kim, S. Y. Lee, J. I. Lim, "Comparison of The ISMS Difference for Private and Public Sector," Journal of the Korea Institute of Information Security and Cryptology, vol. 20, no. 2, pp. 117-129, Apr. 2010.
  6. S. H. Ryu, D. R. Jeong, H. K. Jung, "Ways to establish public authorities information security governance utilizing E-government information security management system (G-ISMS)," Journal of the Korea Institute of Information and Communication Engineering, vol. 17, no. 4, pp. 769-774, Apr. 2013. https://doi.org/10.6109/jkiice.2013.17.4.769