Journal of Information Technology Services (한국IT서비스학회지)

Korea Society of IT Services (한국IT서비스학회)
권호 표지
DOI QR코드

DOI QR Code

Exploring the Strategy for Acquiring ISMS Certification through Probit Regression: Focusing on Organizational Characteristics

Probit 회귀분석을 통한 ISMS 인증 취득 전략 탐색: 조직 특성을 중심으로

  • SunJoo Kim ;
  • Tae-Sung Kim
  • 김선주 (충북대학교 대학원 융합보안협동과정) ;
  • 김태성 (충북대학교 경영정보학과)
  • Received : 2023.12.15
  • Accepted : 2024.01.24
  • Published : 2024.02.29
Download PDF
⟨ Previous Next ⟩

Abstract

In the field of information security management systems, one of the representative certifications in Korea is ISMS-P certification, and internationally, ISO/IEC 27001 certification is recognized. When companies acquire both ISMS-P (or ISMS) and ISO/IEC 27001 certifications, budget and manpower are duplicated in similar areas. Therefore, it is necessary for the company to choose and invest in a certification that is suitable for its conditions. This paper proposes a strategy for obtaining information security management system certification that is suitable for the characteristics of the company, allowing for effective information security management based on the company's conditions. To achieve this, data were collected from the Ministry of Science and ICT's Information Security Disclosure System (ISDS), the Korea Internet & Security Agency (KISA), and the Financial Supervisory Service's Data Analysis, Retrieval and Transfer System (DART), and Probit regression analysis was conducted. During the Probit regression analysis, the relationships between seven independent variables and five cases of ISMS-P (or ISMS) acquisition, ISMS-P acquisition, ISMS acquisition, ISO/IEC 27001 acquisition, and both ISMS-P (or ISMS) and ISO/IEC 27001 acquisition were analyzed. The analysis results revealed the relationship between company characteristics, including industry, and certification acquisition in the ISMS field. Through this, strategies for certification acquisition based on company types could be suggested.

Keywords

References

  1. 김동현, 이윤호, "보안 7대 위협을 이용한 ISMS-P 인증효과에 관한 연구: 기업규모와 경력 중심으로", 한국정보기술학회논문지, 제18권, 제4호, 2020, 109-119.
  2. 박혁규, 강완석, 신광성, "정보보호 및 개인정보보호 관리체계(ISMS-P) 인증 제도에서 중소기업 기반 평가항목 도출에 관한 연구", 한국정보통신학회 종합학술대회 논문집, 2021, 578-579.
  3. 신용녀, "하이퍼 스케일 클라우드에 적합한 정보보호 및 개인정보보호 관리체계 인증 통제항목 연구", 한국인터넷방송통신학회논문지, 제23권, 제3호, 2023, 19-26.
  4. 한국인터넷진흥원 정보보호 공시 종합 포털, "정보보호 공시 현황", https://isds.kisa.or.kr/kr/publish/list.do?menuNo=204942, 2023년 10월 17일 접속.
  5. 한국인터넷진흥원, 정보보호 및 개인정보보호 관리체계(ISMS-P) 인증제도 안내서, 2021.
  6. 한국인터넷진흥원 정보보호 공시 종합 포털, "제도안내", https://isds.kisa.or.kr/kr/subPage.do?menuNo=204924, 2024년 1월 6일 접속.
  7. 홍성욱, 박재표, "정보보호 및 개인정보보호 관리체계(ISMS-P) 인증제도의 효과적인 운영방안", 한국산학기술학회논문지, 제21권, 제1호, 2020, 634-640.
  8. Hsu, C. W., "Frame misalignment: Interpreting the implementation of information systems security certification in an organization," European Journal of Information Systems, Vol.18, No.2, 2009, 140-150.
  9. Nikita, E. and Nikitas, P., "Sex estimation: a comparison of techniques based on binary logistic, probit and cumulative probit regression, linear and quadratic discriminant analysis, neural networks, and naive Bayes classification using ordinal variables," International Journal of Legal Medicine, Vol.134, No.3, 2020, 1213-1225.
  10. ISO, ISO/IEC 27001:2013, ISO, 2013, https://www.iso.org/obp/ui/#iso:std:iso-iec:27001:ed2:v1:en, 2023년 10월 15일 접속.
  11. ISO, ISO Survey 2021 results - Number of certific ates and sites per country and the number of sector overall, ISO, 2023년 10월 15일, https://www.iso.org/the-iso-survey.html, 2022년 10월 17일 접속.
  12. Line, M.B., Tondel, I.A., and Jaatun, M.G., "Current practices and challenges in industrial control organizations regarding information security incident management - Does size matter? Information security incident management in large and small industrial control organizations," International Journal of Critical Infrastructure Protection, Vol.12, 2016, 12-26.
  13. Heidt, M., Gerlach, J.P., and Buxmann, P., "Investigating the Security Divide between SME and Large Companies: How SME Characteristics Influence Organizational IT Security Investments", Information Systems Frontiers, Vol.21, No.6, 2019, 1285-1305.
  14. Mirtsch, M., Kinne, J., and Blind, K., "Exploring the Adoption of the International Information Security Management System Standard ISO/IEC 27001: A Web Mining-Based Analysis," IEEE Transactions on Engineering Management, Vol.68, No.1, 2021, 87-100.
  15. Mirtsch, M., Blind, K., Koch, C., and Dudek G., "Information security management in ICT and non-ICT sector companies: A preventive innovation perspective", Computers & Security, Vol.109, 2021.
  16. Jalayer, M., Shabanpour, R., Pour Rouholamin, M., Golshani, N., and Zhou, H., "Wrong way driving crashes: A random-parameters ordered probit analysis of injury severity", Accident Analysis and Prevention, Vol.117, 2018, 128-135.
  17. Siponen, M. and Willison, R., "Information security management standards: Problems and solutions", Information & Management, Vol.46, No.5, 2009, 267-270.
  18. O'Brien, R.M., "A caution regarding rules of thumb for variance inflation factors", Quality & Quantity, Vol.41, No.3, 2007, 673-690.