• Journal of Information Technology Services
• /
• v.15 no.3
• /
• pp.51-69
• /
• 2016

Recently, many Korean firms have suffered financial losses and damaged firm's trust due to information security incidents. Hence, a lot of firms have realized the importance of the information security. In particular, the demand for information security certification has increased. This study examined the effect of information security certification using the event study methodology. Our research shows that the announcement of the information security certification significantly influences the market value of the corresponding firm. The certified firms rise, on average, o.4993% (-2 day), 0.5462% (+1 day) of their market value. Further, we found that the financial sector in our data showed a 1.4% higher abnormal returns than the nonfinancial sector. On the other hand, whether a firm first acquired the information security certification is not significant. Our paper presents that it is possible to analyze the effect of the information security certification using the event study. We are expected to be used in making a decision for the investment of information security. Also, our results indicate that the firm which have acquired the information security certification should actively announce that fact.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.15 no.2
• /
• pp.53-61
• /
• 2019

In this paper, we propose 'a self - conformance system of convergence security provider' to provide basic data for security and reliability of convergence industrial technology, system and service. It is difficult to evaluate convergence security systems, limited to information and communication service providers, unable to check convergence security items, burden of submission documents, difficulty in measuring convergence security service level and we will summarize product and service-based requirements that can be integrated and systematically measure the level of convergence security and define renewed life cycle-based convergence security information and content security and assurance requirements. On the basis of this, each convergence security company declares conformity with the standard itself without the certification of the certification body, and introduces the provider conformity certification system which can manufacture and sell. This will enable the company to strengthen its competitiveness through timely launch and implementation of products and services and cost reduction.

• Journal of Information Technology Services
• /
• v.22 no.3
• /
• pp.49-63
• /
• 2023

The inclusion of software and wireless communication devices in vehicles has raised concerns regarding automobile security. In its response, UNECE WP.29 implemented the first-ever international standard for automotive cyber security in June 2020. Yet, the existing disparity between national standards for automotive certification systems and 「UN Regulation No. 155」 has caused confusion among auto makers. This discrepancy not only jeopardizes the security of domestic vehicles but also poses challenges to the seamless import and export of automobiles. Hence, there is a need to enhance the automotive cyber security certification system; however, there is a dearth of scholarly discourse on this topic. Consequently, this study presents a proposal for enhancing the domestic automotive cyber security certification system. In view of this, existing legal frameworks such as the 「Motor Vehicle Management Act」 and the 「Self-Driving Vehicle Act」 were reviewed, along with domestic and international automotive certification systems. The recommendations for improvement, derived from the findings, encompass institutional, legal, and operational aspects. This study is highly significant as it examines both domestic and international automotive certification systems in an area where there is a lack of academic discussion.

• IE interfaces
• /
• v.13 no.3
• /
• pp.548-555
• /
• 2000

TAn E-Mail system is one of the most important services for enterprise and electronic commerce end users on the Internet. However, security for an E-Mail service is not satisfied yet, an E-Mail system with security service is definitely required especially in electronic commerce system. In this paper, an E-Mail system with confirmation of e-mail delivery is proposed, The certification of delivery of E-Mail message is not provided in conventional E-Mail systems. The proposed E-Mail system is composed of this certification of delivery and basic security services. The certification of delivery can prove sender's E-Mail message is securely sent to legitimate receivers. The system is designed and implemented by Java Cryptography API.

• Journal of Information Technology Services
• /
• v.18 no.2
• /
• pp.55-73
• /
• 2019

The importance of the personal information has been increased, there have been a lot of efforts to establish a new policy, certification or law for administrating personal information more effectively and safely. Korean government has operated ISMS and PIMS certification system to assess whether an organization has established and managed appropriate information security system or not. However, it has been addressed the needs for revising and modifying of PIMS and ISMS. It is evaluated there are a few overlapped criteria to assess information management system in both ISMS and PIMS. ISMS-P certification, combining with ISMS and PIMS, is, finally, suggested, in the recent. GDPR is established having an aim of primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. This study compares GDPR and ISMS-P, focusing on "personal information". It can be expected to contribute as followings. This study can be a criterion for self-evaluation of possibility to violate of GDPR of a firm in preparation for ISMS-P. Second, this study also aims to increase the understanding of the role of ISMS-P and GDPR, among various certifications with the purpose of assessment of the information security management system, by reducing the costs required to obtain the unnecessary certification and alleviating the burden. Third, it contributes to diffusion of ISMS-P newly implemented in Korea.

• Convergence Security Journal
• /
• v.15 no.3_1
• /
• pp.107-114
• /
• 2015

Since 2002, information security management system has been implemented (ISMS) certification scheme whilst providing telecommunications services to enhance the level of enterprise information security was ongoing and Prevent accidents and avoid spread of infringement, such as rapid response and there is a lot of it came true. However, this system is the protection of the country or the investment company, as part of the actual information on how management affects the performance came from or how measures are still lacking for. In this study, the companies have their own privacy ISMS certification measures the level of activity continued to improve information security performance measures and methodology are presented. The government is also based on the validity of the certification system to ensure the overall implementation of the ISMS itself is this a step increase effective information security system is to be certified in advance to prevent security incidents and to improve business performance to help.

• Proceedings of the Korean Information Science Society Conference
• /
• 2001.10a
• /
• pp.700-702
• /
• 2001

As computers and networks become popular, distributing information on the Interment is common in our daily life. Also, the explosion of the Internet, of wireless digital communication and data exchange on Internet has rapidly changed the way we connect with other people. But secure mall is gamins popularity abroad and domestically because of their nature of prodding security. That is. it has been used a variety of fields such as general mail and e-mail for advertisement But, As the data transmitted on network can be easily opened or forged with simple operations. Most of existing e-mall system don't have any security on the transmitted information. Thus, security mail system need to provide security including message encryption, content integrity, message origin authentication, and non-repudiation. In this paper, we design implement secure mall system with non-repudiation service and encryption capability to provide services for certification of delivery and certification of content as well as the basic security services.

• Knowledge Management Research
• /
• v.21 no.3
• /
• pp.197-213
• /
• 2020

This study analyzed the impact of information security service company certification on financial performance. The purpose of this study was to analyze the effect of the "Information Security Service Certification Company" system from a financial point of view for information security service certified & non-certified companies, and listed & unlisted companies. From a financial point of view, performance analysis was conducted using two-way ANOVA on sales, operating profit, and profit rate. This study verified whether there is a difference in management performance between an information security service certified company and an uncertified company. In the financial performance indicators of sales, operating profit, and profit rate, the information security service certification system showed an impact on financial performance because the information security service certification company showed better management performance than the uncertified company. The implications of this study are that the empirical performance analysis from the financial point of view of the information security service certified company system can be used as a basis for negative regulatory policies to revitalize the information security industry in the future, contributing to the growth of information security companies with excellent growth potential.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.1
• /
• pp.51-61
• /
• 2016

Because the Apple Pay which created by U.S's Apple Inc. and launch of Samsung pay in last August in domestic, people have high interest in Pin-Tech industries and new method of easy payment. In this paper, it will study newly introduced Pin-Tech industries and marketability of Pin-Tech industries. Also it will propose safe use of Pin-Tech services based on cases in domestic and overseas. This paper is organized as follows. In Chapter 2, it will study concept of Pin-Tech services and status of Pin-Tech services in domestic and overseas. In Chapter 3, it will look technical trends of Pin-Tech services. In Chapter 4, it will propose direction based on analysis of cases of Pin-Tech services. This paper will finish with conclusion in Chapter 5. Given the global trends, Korea is now just took the first steps in new Pin-Tech era. The Pin-Tech services are in situations that it is not yet activated in domestic due to the various financial regulations and procedures. In this paper, it will shows cases of concerns of Pin-Tech services and domestic authentication which relates to easy payment certification. If Pin-Tech services are develop with easy payment certification and adapt to domestic environment and develop based on stability and security as mentioned in this paper, domestic Pin-Tech services and security technology will grow to the world level. Also it requires unceasing research and efforts from relevant government officials, security companies and Pin-Tech ICT companies.

• Journal of Advanced Navigation Technology
• /
• v.13 no.1
• /
• pp.113-119
• /
• 2009

In this study we analyzed and gauged the information security needs for the new IT service which will be proceeding. Then we designed Information Security Rank Authentication System to raise the level of information security. To achieve this study, we analyzed rank authentication system of the inside and outside of the country and developed the practical propulsive system and the evaluation model which reflects IT service's own feature differing from the general evaluation of IS information security. The result of this study can be utilized to assess the level of domestic IT service information security objectively, and it can be applied as the means of rational decisionmaking for establishing a policy to raise degree of information security of corporations providing IT service.