The Journal of the Korea Contents Association (한국콘텐츠학회논문지)

The Korea Contents Association (한국콘텐츠학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on the Priority of Complementary Measures about Deficiencies on the PIMS Certification

PIMS 인증결함의 보완조치 우선순위에 관한 연구

  • 강다연 (동명대학교 국제물류학과) ;
  • 전진환 (신한데이타시스템 정보보호본부 정보보안기획팀) ;
  • 황종호 (동명대학교 경영정보학과)
  • Received : 2018.01.31
  • Accepted : 2018.04.06
  • Published : 2018.04.28
Download PDF
⟨ Previous Next ⟩

Abstract

Most of the privacy officers of organizations are hard to think of the corrective action about deficiencies of the PIMS(Personal Information Management Systems) certification. Because, it is difficult to define the priority of the complementary measures due to the unique characteristics and procedures of personal information protection for each organization. The purpose of this study is to evaluate the priority of the complementary measures using the Analytic Hierarchy Process(AHP). According to the results, it is important to comply with the legal requirements in the first tier. The second tier, PIMS experts answered that dedicated organization, password management, and agreement of the subject are important. Above all, agreement of the subject was found the highest priority for complementary measures about PIMS's deficiencies.

대다수의 국내 기업 개인정보보호 담당자는 방송통신위원회가 인정하는 개인정보보호 관리체계(PIMS) 인증 취득에 난이도가 존재한다고 판단한다. 이는 사업자마다 개인정보취급에 대한 고유한 특성과 업무절차가 반영되어 정형화된 업무를 규정하기 힘들고, 인증취득을 위해 거치는 여러 과정에서 인증컨설턴트, 인증심사원의 경험에 상당부분 의존할 수밖에 없기 때문이다. 결과적으로 인증취득 실무경험이 부족한 담당자는 PIMS 인증 초기에 무엇을 우선적으로 이행하고 준비해야 하는지에 많은 난관에 부딪히게 된다. 본 연구에서는 계층적 의사결정 기법(AHP)을 통해 인증취득 실무담당자의 PIMS 인증결함의 보완조치 우선순위를 살펴봄으로서 향후 PIMS 인증취득을 원하는 기업이나 인증결함에 따른 보완조치 시 담당자가 우선적으로 선행할 부분을 검토하고자 한다.

Keywords

References

  1. J. H. Jeon and K. R. Cho, "Major changes in the PIMS certification in accordance with the amended public notification," Review of KIISC, Vol.23, No.5, pp.20-23, 2013.
  2. http://isms.kisa.or.kr
  3. Ministry of Government Legistration, Act on Promotion of Information and Communications Network Utilization and Information Protection, 2015.
  4. Korea Communications Commission, Enacted Public Notification for Certification of Personal Information Management System(PIMS), 2013.
  5. D. H. Park, S. N. Yoo, and H. Y. Youm, "Development of Information System Operational Audit Checklist for Personal Information Protection in Public Organizations," Journal of Security Engineering, Vol.12, No.1, pp.47-64, 2015. https://doi.org/10.14257/jse.2015.02.02
  6. K. T. Park and S. H. Kim, "A Study on the Preference Analysis of Personal Information Security Certification Systems: Focused on SMEs and SBs," Korea Institute of Information Security and Cryptology, Vol.24, No.5, pp.911-918, 2014. https://doi.org/10.13089/JKIISC.2014.24.5.911
  7. D. H. Park and K. H. Han, "A Study on PIMS Controls for Pll Outsourcing Management under the Cloud Service Environment," Korea Institute of Information Security and Cryptology, Vol.23, No.6, pp.1267-1276, 2013. https://doi.org/10.13089/JKIISC.2013.23.6.1267
  8. G. S. Cha, H. H. Han, and Y. T. Shin, "An Effective Personal Information Management System to Ensure Self-imposed Control on Personal Information Protection Act," Journal of KISS: Information networkings, Vol.39, No.3, pp.276-281, 2012.
  9. K. Hone and J. H. P. Eloff, "Information security policy-what dointernational information security standards say?," Computers & Security, Vol.21, No.5, pp.402-409, 2002. https://doi.org/10.1016/S0167-4048(02)00504-7
  10. M. Siponen and R. Willison, "Information security management standards: Problems and solutions," Information & Management, Vol.46, No.5, pp.267-270, 2009. https://doi.org/10.1016/j.im.2008.12.007
  11. 신동석, "분산 콘텐츠 기반의 머천트: 개인정보 통합콘텐츠관리 시스템 개발," 한국콘텐츠학회논문지, 제6권, 제5호, pp.113-121, 2006.
  12. 김희완, 유재성, 김동수, "정보시스템 감리에서 개인정보 영향평가를 통한 개인 정보보 보호," 한국콘텐츠학회논문지, 제11권, 제3호, pp.84-99, 2011. https://doi.org/10.5392/JKCA.2011.11.3.084
  13. T. L. Saaty, "How to make a decision: The analytic hierarchy process," European Journal of Operation Research, Vol.48, No.1, pp.9-26, 1990. https://doi.org/10.1016/0377-2217(90)90057-I
  14. O. S. Vaidya and S. S. Kumar, "Analytic hierarchy process: An overview of applications," European Journal of Operational Research, Vol.169, pp.1-29, 2004.
  15. G. T. Cho, Y. G. Cho, and H. S. Kang, Leading the lader's hierarchy decision making, Dong-Hyun Publish, Seoul, 2003.
  16. KISA, 개인정보보호 관리체계(PIMS) 인증의 주요 결함 사례, Privacy Global Edge 2014-CPO 포럼, 2014.
  17. J. G. Yoon, "A Comparison of 3 Statistical Technique for Evaluation MIS Sucess Factor = Application Efeects and Limitations of AHP as a Research Methodology," Journal of the Korean Operations Research and Management Science Society, Vol.21, No.3, pp.109-124, 1996.