• The Journal of Society for e-Business Studies
• /
• v.20 no.2
• /
• pp.167-174
• /
• 2015

Information security organization has normally been organized under the IT department. However, as the importance of information security has gradually increased, the way of information security organized for enterprise security management has become a noteworthy issue. The need for separation of Information security organization from IT department is growing, such as restriction on the concurrent positions in CIO and CISO. Nowadays there are many studies about Information security organization while relatively there has been minimal research regarding a departmentalization. For these reasons this study proposes a Information Security Departmentalization Model which is based on business risk and reliance on the IT for effectively organizing Information security organization, using Contingency theory. In addition, this study classified the position of Information security organization into Planning & Coordination, Internal Control, Management and IT and analyze the strengths and weaknesses of each case.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.923-939
• /
• 2012

In the information society, to serve the normal economic activity and to delivery the public service is to secure the privacy information. The government endeavors to support with the privacy protection laws and public organizations. This paper is to study the privacy protection policy in the major countries by analyzing the laws and organizations. At last, The study is to examine the policy tasks to support the privacy protection policy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.197-209
• /
• 2015

The issue of information security within an organization began to be recognized as risk of the organization. Because of this, not only ISO(Information Security Officer) but an executive or CEO were forced to resign. In addition, it brought about heavy financial damage to the company and made the company difficult to restore trust to customers. At a time when inadvertent disclosure of personal information has become accepted as a matter of survival because of having a bad effect within an organization, how the information security specialist causes influence on information protection level of the organization. For these reasons, targeting the information security specialists of various industry sectors, we'll analyse how task performance rate of the information security specialist within an organization cause influence to the information security level. The goal of this study is for the company to raise the task proportion of information security specialist and to improve the information protection level of the organization.

• Journal of Korean Society for Geospatial Information Science
• /
• v.19 no.1
• /
• pp.45-52
• /
• 2011

This study aims to provide improvement directions of related laws system to protect U-City infrastructure facilities. For this, the study analyzes oversea infrastructure protection systems and domestic U-City laws system. Then, this indicates problems considering U-City infrastructure protection through Industrial-University-Institute experts' survey. Based on this survey, this study proposes improvement guideline of laws system to protect U-City infrastructure facilities, including enactment the Guideline of U-City Infrastructure Protection, obligation of U-City Infrastructure Protection, revision method of related laws system for protecting intelligent facilities, and Management System of U-City Infrastructure Facilities.

• Journal of Korea Multimedia Society
• /
• v.13 no.1
• /
• pp.111-121
• /
• 2010

Since SMEs have recognized needs for industrial technique leakage prevention, they tend to construct information security system causing huge consumption of budget, yet they cannot organize information security team to operate integrated information security management system with consistency and it is fact that there only occur instant introductions of certain system. In this study, we designed information security management system for SMEs' industrial technique leakage prevention which is differentiated from those of large enterprises based on current status of SMEs' industrial technique leakage. Specifically we analyzed current status and vulnerability of SMEs' industrial technique leakage and we designed industrial technique leakage prevention management system for SMEs. Then we applied Delphi method to validate appropriateness of study result. We strongly believe that SMEs may estimate a appropriate level of investment on information security and develop countermeasures for control by utilizing this study result.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.379-390
• /
• 2012

This study is to consider political implication of indicators to measure personal information security in public sector studied by Ministry of Public Adminstration and Security from 2008 to 2011. The study analyzed the priority of personal information security policy dividing into personal information security infrastructure, personal information management with life cycle, correspondence of information infringement by scholars, experts, and chargers. As the results, to progress personal information security policy is important to management of personal identification information on web site; specially institutional infrastructure as responsible organization, exclusive manpower, and security budget; personal information security infrastructure. As like the results, it would be reflected in the progress of personal information security policy and tried to provide systematic management program with improving safe information distribution and usefulness.

• The Journal of Bigdata
• /
• v.3 no.2
• /
• pp.1-10
• /
• 2018

In the field of smart water management, there is an increasing demand for strengthening competitiveness through big data analysis. As a result, systematic management (Governance) of big data is becoming an important issue. Big data governance is a systematic approach to evaluating, directing and monitoring data management, such as data quality assurance, privacy protection, data lifetime management, data ownership and clarification of management rights. Failure to establish big data governance can lead to serious problems by using low quality data for critical decisions. In addition, personal privacy data can make Big Brother worry come true, and IT costs can skyrocket due to the neglect of data age management. Even if these technical problems are fixed, the big data effects will not be sustained unless there are organizations and personnel who are dedicated and responsible for data-related issues. In this paper, we propose a method of building data governance for smart water data management based on big data.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1271-1284
• /
• 2014

This paper classifies technical, administrative and physical areas of defects and advices made by an external audit (ISO27001) and internal audit (performed by a security team) in a company which has the management system of information security. With the classified data it finds the correlation between the budget and investment of information security, and analyze the correlation. As a result of the analysis, it has been found that as time goes on there is a consistent correlation between a administrative area and technical area of security. Specially, it has been confirmed that the relation between the scale of the budget which is not executed and the number of the defects and advices made by the audit is in direct proportion. Therefore, in this paper, so as to provide a model that can be used for validating the effectiveness of the protective investment information by statistically calculating the similarity based on the results of correlation analysis. This research is intended to help that a company makes a precise decision when it establishes a policy of information security and systematic methodology of the investment in information security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.3
• /
• pp.507-522
• /
• 2014

Domestic CERTs are carrying out monitoring and response against cyber attacks using security devices(e.g., IDS, TMS, etc) based on signatures. Particularly, in case of public and research institutes, about 30 security monitoring and response centers are being operated under National Cyber Security Center(NCSC) of National Intelligence Service(NIS). They are mainly using Threat Management System(TMS) for providing security monitoring and response service. Since TMS raises a large amount of security events and most of them are not related to real cyber attacks, security analyst who carries out the security monitoring and response suffers from analyzing all the TMS events and finding out real cyber attacks from them. Also, since the security monitoring and response tasks depend on security analyst's know-how, there is a fatal problem in that they tend to focus on analyzing specific security events, so that it is unable to analyze and respond unknown cyber attacks. Therefore, we propose automated verification method of security events based on their empirical analysis to improve performance of security monitoring and response.

• Korean Security Journal
• /
• no.24
• /
• pp.147-170
• /
• 2010

This study is to present a improvement directions for the protection of industrial key technology. For the purpose of the study, the survey was carried out on the administrative security activity of 68 enterprises including Large companies, small-midium companies and public corporations. survey result on the 10 items of security policy, 10 items of personal management and 7 items of the assets management are as follows; First, stable foundation for the efficient implement of security policy is needed. Carrying a security policy into practice and continuous upgrade should be fulfilled with drawing-up of the policy. Also for the vitalization of security activity, arrangement of security organization and security manager are needed with mutual assistance in the company. Periodic security inspection should be practiced for the improvement of security level and security understanding. Second, the increase of investment for security job is needed for security invigoration. Securing cooperation channel with professional security facility such as National Intelligence Service, Korea internet & security agency, Information security consulting company, security research institute is needed, also security outsourcing could be considered as the method of above investment. Especially small-midium company is very vulnerable compared with Large company and public corporation in security management, so increase of government's budget for security support system is necessary. Third, human resource management is important, because the main cause of leak of confidential information is person. Regular education rate for new employee and staff members is relatively high, but the vitalization of security oath for staff members and the third party who access to key technology is necessary. Also access right to key information should be changed whenever access right changes. Reinforcement of management of resigned person such as security oath, the elimination of access right to key information and the deletion of account. is needed. Forth, the control and management of important asset including patent and design should be tightened. Classification of importance of asset and periodic inspection are necessary with the effects evaluation of leak of asset.