• Title, Summary, Keyword: Certification of information Security Services

Search Result 59, Processing Time 0.04 seconds

The Effect of Information Security Certification Announcement on the Market Value of Firms (기업의 정보보호 인증이 기업가치에 미치는 영향)

  • Park, Jaeyoung;Jung, Woo-Jin;Kim, Beomsoo
    • Journal of Information Technology Services
    • /
    • v.15 no.3
    • /
    • pp.51-69
    • /
    • 2016
  • Recently, many Korean firms have suffered financial losses and damaged firm's trust due to information security incidents. Hence, a lot of firms have realized the importance of the information security. In particular, the demand for information security certification has increased. This study examined the effect of information security certification using the event study methodology. Our research shows that the announcement of the information security certification significantly influences the market value of the corresponding firm. The certified firms rise, on average, o.4993% (-2 day), 0.5462% (+1 day) of their market value. Further, we found that the financial sector in our data showed a 1.4% higher abnormal returns than the nonfinancial sector. On the other hand, whether a firm first acquired the information security certification is not significant. Our paper presents that it is possible to analyze the effect of the information security certification using the event study. We are expected to be used in making a decision for the investment of information security. Also, our results indicate that the firm which have acquired the information security certification should actively announce that fact.

Convergence Security Provider Self-Conformity System (융합보안 공급자 자기 적합성 제도)

  • Baik, Namkyun
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.15 no.2
    • /
    • pp.53-61
    • /
    • 2019
  • In this paper, we propose 'a self - conformance system of convergence security provider' to provide basic data for security and reliability of convergence industrial technology, system and service. It is difficult to evaluate convergence security systems, limited to information and communication service providers, unable to check convergence security items, burden of submission documents, difficulty in measuring convergence security service level and we will summarize product and service-based requirements that can be integrated and systematically measure the level of convergence security and define renewed life cycle-based convergence security information and content security and assurance requirements. On the basis of this, each convergence security company declares conformity with the standard itself without the certification of the certification body, and introduces the provider conformity certification system which can manufacture and sell. This will enable the company to strengthen its competitiveness through timely launch and implementation of products and services and cost reduction.

Design and Implementation of a Secure E-Mail System for Electronic Commerce Information Exchange (전자상거래 정보 교환을 위한 안전한 전자우편 시스템의 설계 및 구현)

  • Lim, Shin-Young;Ham, Ho-Sang;Byeon, Ok-Hwan;Kim, Tai-Yun
    • IE interfaces
    • /
    • v.13 no.3
    • /
    • pp.548-555
    • /
    • 2000
  • TAn E-Mail system is one of the most important services for enterprise and electronic commerce end users on the Internet. However, security for an E-Mail service is not satisfied yet, an E-Mail system with security service is definitely required especially in electronic commerce system. In this paper, an E-Mail system with confirmation of e-mail delivery is proposed, The certification of delivery of E-Mail message is not provided in conventional E-Mail systems. The proposed E-Mail system is composed of this certification of delivery and basic security services. The certification of delivery can prove sender's E-Mail message is securely sent to legitimate receivers. The system is designed and implemented by Java Cryptography API.

  • PDF

A Linkage Analysis of ISMS-P and GDPR; Focused on Personal Information Protection (ISMS-P와 GDPR의 개인정보보호 부문 연계 분석)

  • Park, Minjung;Yu, Jieun;Chai, Sangmi
    • Journal of Information Technology Services
    • /
    • v.18 no.2
    • /
    • pp.55-73
    • /
    • 2019
  • The importance of the personal information has been increased, there have been a lot of efforts to establish a new policy, certification or law for administrating personal information more effectively and safely. Korean government has operated ISMS and PIMS certification system to assess whether an organization has established and managed appropriate information security system or not. However, it has been addressed the needs for revising and modifying of PIMS and ISMS. It is evaluated there are a few overlapped criteria to assess information management system in both ISMS and PIMS. ISMS-P certification, combining with ISMS and PIMS, is, finally, suggested, in the recent. GDPR is established having an aim of primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. This study compares GDPR and ISMS-P, focusing on "personal information". It can be expected to contribute as followings. This study can be a criterion for self-evaluation of possibility to violate of GDPR of a firm in preparation for ISMS-P. Second, this study also aims to increase the understanding of the role of ISMS-P and GDPR, among various certifications with the purpose of assessment of the information security management system, by reducing the costs required to obtain the unnecessary certification and alleviating the burden. Third, it contributes to diffusion of ISMS-P newly implemented in Korea.

An Empirical Study on the Effects of Business Performance by Information Security Management System(ISMS) (정보보호 관리체계(ISMS)가 기업성과에 미치는 영향에 관한 실증적 연구)

  • Jang, Sang Soo;Kim, Sang Choon
    • Convergence Security Journal
    • /
    • v.15 no.3_1
    • /
    • pp.107-114
    • /
    • 2015
  • Since 2002, information security management system has been implemented (ISMS) certification scheme whilst providing telecommunications services to enhance the level of enterprise information security was ongoing and Prevent accidents and avoid spread of infringement, such as rapid response and there is a lot of it came true. However, this system is the protection of the country or the investment company, as part of the actual information on how management affects the performance came from or how measures are still lacking for. In this study, the companies have their own privacy ISMS certification measures the level of activity continued to improve information security performance measures and methodology are presented. The government is also based on the validity of the certification system to ensure the overall implementation of the ISMS itself is this a step increase effective information security system is to be certified in advance to prevent security incidents and to improve business performance to help.

Survey and Analysis on Security Control Schema in Cloud Assurance Criteria

  • Kim, Jong-Chul;Kim, Nam-Ju;Kou, Kab-Seung;Min, Young-Gi
    • Journal of Security Engineering
    • /
    • v.14 no.5
    • /
    • pp.337-344
    • /
    • 2017
  • On September 9, 2015, the South Korean Ministry of Science and ICT(the "MSIT") established and announced the "Information Protection Measures for Vitalization of Cloud Services" in anticipation that the use of cloud computing would actively increase based on the implementation of the Act on Cloud Computing Advancement and User Protection(the "Cloud Computing Act") on September 28, 2015. In addition, the K-ICT Cloud Computing Activation Plan(Nov. 15) announced the basic plan for the development of cloud computing, and decided to establish info rmation security scheme to improve the level of cloud information protection. Accordingly, The Korea Internet Security Agency(the "KISA") has implemented the "Cloud Security Assurance Program". In this paper survey and analyze the international cloud security criteria and security certification criteria of major countries, and discusses the status of Korea cloud certification system.

The Effects of Certification and Listing of Information Security Service Company on Financial Performance (정보보호 전문서비스 기업의 인증 및 상장여부가 재무적 성과에 미치는 영향)

  • Shin, Hyun Min;Kim, Injai
    • Knowledge Management Research
    • /
    • v.21 no.3
    • /
    • pp.197-213
    • /
    • 2020
  • This study analyzed the impact of information security service company certification on financial performance. The purpose of this study was to analyze the effect of the "Information Security Service Certification Company" system from a financial point of view for information security service certified & non-certified companies, and listed & unlisted companies. From a financial point of view, performance analysis was conducted using two-way ANOVA on sales, operating profit, and profit rate. This study verified whether there is a difference in management performance between an information security service certified company and an uncertified company. In the financial performance indicators of sales, operating profit, and profit rate, the information security service certification system showed an impact on financial performance because the information security service certification company showed better management performance than the uncertified company. The implications of this study are that the empirical performance analysis from the financial point of view of the information security service certified company system can be used as a basis for negative regulatory policies to revitalize the information security industry in the future, contributing to the growth of information security companies with excellent growth potential.

The Proposal of Direction for Introduction of Pin-Tech Services Based on Research of Cases (사례 연구를 통한 핀테크 도입 방향성 제안)

  • Choi, Heesik;Cho, Yanghyun
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.12 no.1
    • /
    • pp.51-61
    • /
    • 2016
  • Because the Apple Pay which created by U.S's Apple Inc. and launch of Samsung pay in last August in domestic, people have high interest in Pin-Tech industries and new method of easy payment. In this paper, it will study newly introduced Pin-Tech industries and marketability of Pin-Tech industries. Also it will propose safe use of Pin-Tech services based on cases in domestic and overseas. This paper is organized as follows. In Chapter 2, it will study concept of Pin-Tech services and status of Pin-Tech services in domestic and overseas. In Chapter 3, it will look technical trends of Pin-Tech services. In Chapter 4, it will propose direction based on analysis of cases of Pin-Tech services. This paper will finish with conclusion in Chapter 5. Given the global trends, Korea is now just took the first steps in new Pin-Tech era. The Pin-Tech services are in situations that it is not yet activated in domestic due to the various financial regulations and procedures. In this paper, it will shows cases of concerns of Pin-Tech services and domestic authentication which relates to easy payment certification. If Pin-Tech services are develop with easy payment certification and adapt to domestic environment and develop based on stability and security as mentioned in this paper, domestic Pin-Tech services and security technology will grow to the world level. Also it requires unceasing research and efforts from relevant government officials, security companies and Pin-Tech ICT companies.

A Study on Feasibility and Establishment of a Security Grade Certification Scheme for the New IT Services (신규 IT 서비스에 대한 정보보호 등급 인증 타당성 연구)

  • Chang, Hang Bae;Joe, Tae Hee;Kim, Hyo Jin
    • Journal of Advanced Navigation Technology
    • /
    • v.13 no.1
    • /
    • pp.113-119
    • /
    • 2009
  • In this study we analyzed and gauged the information security needs for the new IT service which will be proceeding. Then we designed Information Security Rank Authentication System to raise the level of information security. To achieve this study, we analyzed rank authentication system of the inside and outside of the country and developed the practical propulsive system and the evaluation model which reflects IT service's own feature differing from the general evaluation of IS information security. The result of this study can be utilized to assess the level of domestic IT service information security objectively, and it can be applied as the means of rational decisionmaking for establishing a policy to raise degree of information security of corporations providing IT service.

  • PDF

Improved u-Healthcare Service Authentication Protocol based on RFID Technology (개선된 RFID 기술을 이용한 u-헬스케어 서비스 인증 프로토콜)

  • Ahn, Hae-Soon;Yoon, Eun-Jun;Bu, Ki-Dong
    • Journal of the Institute of Electronics and Information Engineers
    • /
    • v.50 no.10
    • /
    • pp.107-115
    • /
    • 2013
  • Recently, the RFID technology is combined with a u-healthcare services is an emerging trend in the field of medical services. u-healthcare service, as covering the field of personal health information beyond the level of simple health screening and treatment of life are closely related. Considering security, invasion of privacy, as well as life may be threatened even if your personal health information to be exposed or exploited illegally u-Healthcare services certification is essential. In 2012, Jeong proposed J-L patient authentication protocol that Initialization process, and patients using RFID technology separates the certification process. Jeong, such as the claim that the proposed protocol for reuse attacks, spoofing attacks, prevent information disclosure and traceability fire safety, but raises issues of security and operations efficiency. Therefore, in this paper, Jeong, such as the security of the proposed protocol and to prove the computational efficiency issues, and to enhance the safety and efficiency of RFID technology based on practical u-Healthcare services authentication protocol is proposed.