Journal of Information Technology Services (한국IT서비스학회지)

Korea Society of IT Services (한국IT서비스학회)
권호 표지
DOI QR코드

DOI QR Code

A Linkage Analysis of ISMS-P and GDPR; Focused on Personal Information Protection

ISMS-P와 GDPR의 개인정보보호 부문 연계 분석

  • 박민정 (이화여자대학교 일반대학원 경영학과 경영정보시스템) ;
  • 유지은 (이화여자대학교 일반대학원 빅데이터분석학) ;
  • 채상미 (이화여자대학교 경영학과)
  • Received : 2019.02.09
  • Accepted : 2019.06.03
  • Published : 2019.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

The importance of the personal information has been increased, there have been a lot of efforts to establish a new policy, certification or law for administrating personal information more effectively and safely. Korean government has operated ISMS and PIMS certification system to assess whether an organization has established and managed appropriate information security system or not. However, it has been addressed the needs for revising and modifying of PIMS and ISMS. It is evaluated there are a few overlapped criteria to assess information management system in both ISMS and PIMS. ISMS-P certification, combining with ISMS and PIMS, is, finally, suggested, in the recent. GDPR is established having an aim of primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. This study compares GDPR and ISMS-P, focusing on "personal information". It can be expected to contribute as followings. This study can be a criterion for self-evaluation of possibility to violate of GDPR of a firm in preparation for ISMS-P. Second, this study also aims to increase the understanding of the role of ISMS-P and GDPR, among various certifications with the purpose of assessment of the information security management system, by reducing the costs required to obtain the unnecessary certification and alleviating the burden. Third, it contributes to diffusion of ISMS-P newly implemented in Korea.

Keywords

Certification Criteria of ISMS-P

OTSBB9_2019_v18n2_55_t0001.png 이미지

Framework for Analysis

OTSBB9_2019_v18n2_55_t0002.png 이미지

ISMS-P and GDPR

OTSBB9_2019_v18n2_55_t0003.png 이미지

ISMS-P and GDPR(Continued)

OTSBB9_2019_v18n2_55_t0004.png 이미지

References

  1. Cha, G.S., H.Y. Han, and Y.T. Shin, "An Effective Personal Information Management System to Ensure Self-imposed Control on Personal Information Protection Act", Journal of Computing Science and Engineering, Vol.39, No.2, 2012, 276-281.
  2. Cho, S.Y., "A Study on Privacy Protection in the EU's GDPR and Korea's Personal Information Protection Act", Kyungpook National University Law Journal, Vol.61, 2018, 117-148. https://doi.org/10.17248/knulaw..61.201804.117
  3. Choi, B.M., S.M. Chai, M.K. Kim, and Y.J. Kang, "A Study of Development Plan Regarding Personal Information Management System and International Standardization : GDPR Perspective", The Journal of Korean Institute of Communications and Information Sciences, Vol.43, No.2, 2018, 416-426. https://doi.org/10.7840/kics.2018.43.2.416
  4. Jang, J.Y., T.H. Park, and B.S. Kim, "The life cycle model considering legal and technical", Journal of Society for e-Business Studies, Vol.17, No.3, 2012, 43-60. https://doi.org/10.7838/jsebs.2012.17.3.043
  5. Jang, S.S. and H.S. Lee, "A Study on Analysis of Defects in Information Security Management System (ISMS) Certification Examination", Journal of the Korea Institute of Information Security & Cryptology, Vol.20, No.1, 2010, 31-38.
  6. Jang, S.S., H.B, Kim, and H.S. Lee, "Information Security Management System Certification System Introduction and Direction", Journal of the Korea Institute of Information Security and Cryptology, Vol.11, No.3, 2001, 1-15.
  7. Kang, H.S., "An Analysis of Information Security Management System and Certification Standard for Information Security", Journal of Security Engineering, Vol.11, No.6, 2014, 455-468. https://doi.org/10.14257/jse.2014.12.04
  8. KISA, EU General Privacy Act(GDPR) Guidebook for Korean Companies, 2018.
  9. Moon, S.J., "An International Trends in On-l ine Individual Information Protection-Focusing on American System", Journal of Comparative Law, Vol.3, 2004, 57-81.
  10. Oh, K.H., "Information security management system according to international standards", Journal of The Korea Institute of Information Security & Cryptology, Vol.28, No.6, 2018, 96-102.
  11. Park, E.Y., J.W. Choi, and T.E. Cho, "Personal Information Protection Management System Certification System Case Study," Journal of The Korea Institute of Information Security & Cryptology, Vol.21, No.5, 2011, 27-36.
  12. Park, J.Y., W.J. Jung, and B.S. Kim, "The Effect of Information Security Certification Announcement on the Market Value of Firms", Journal of Information Technology Services, Vol.15, No.3, 2016, 51-69. https://doi.org/10.9716/KITS.2016.15.3.051
  13. Park, K.T. and S.H. Kim, "An Empirical Study on Expectation Factors and Certification Intention of ISMS", Journal of The Korea Institute of Information Security & Cryptology, Vol.25, No.2, 2015, 375-381. https://doi.org/10.13089/JKIISC.2015.25.2.375
  14. Park, M.J., S.M. Chai, and M.J. Lee, "Legal Issues of Blockchain in Personal Information Protection : Based on GDPR and Personal Information Protection Act", Journal of Information Technology Applications & Management, Vol.25, No.2, 2018, 133-146. https://doi.org/10.21219/JITAM.2018.25.2.133
  15. Pfleeger, S.L. and C.P. Pfleeger, "Harmonizing privacy with security principles and practices", IBM Journal of Research and Development, Vol.53, No.2, 2009, 6-11.
  16. Ryu, S.K., "The Finally Agreed EU General Data Protection Regulation", Journal of Law & Economic Regulation, Vol.9, No.1, 2016, 265-268.
  17. Tikkinen-Piri, C., A. Rohunen, and J. Markkula, "EU general data protection regulation : Changes and implications for personal data collecting companies", Computer Law and Security Rev, Vol.34, No.1, 2017, 1-20. https://doi.org/10.1016/j.clsr.2018.01.001
  18. Von Solms, B., "Information security-a multidimensional discipline", Computers & Security, Vol.20, No.6, 2001, 504-508. https://doi.org/10.1016/S0167-4048(01)00608-3